CA1118896A

CA1118896A - Security system for remote cash dispensers

Info

Publication number: CA1118896A
Application number: CA000333509A
Authority: CA
Inventors: Richard A. Gorgens
Original assignee: Honeywell Information Systems Inc
Current assignee: Bull HN Information Systems Inc
Priority date: 1978-09-05
Filing date: 1979-08-10
Publication date: 1982-02-23
Also published as: IT1120556B; JPS5537698A; ES483878A1; BE878589A; IT7950164A0; SE445591B; NL7906275A; AU5037979A; DE2935199C2; JPS6149714B2; FR2435759A1; US4234932A; AU528366B2; DE2935199A1; GB2031627A; SE7907315L; GB2031627B; FR2435759B1; CH633379A5

Abstract

ABSTRACT OF THE DISCLOSURE
A banking system is provided which is comprised of a central computer, a customer accounts main memory, and plural remote transaction terminals in communication with the central computer. Each remote terminal includes a cash dispensing apparatus, a personal identification num-ber (PIN) signal generator, a random number (RN) signal generator, a security device and a cash dispenser. The communication paths from the RN and PIN signal generators to the security device are wholly contained within the remote terminal and inaccessible to would-be thieves. The remote terminals also include data entry devices activated by a customer to provide a PIN number, a PIN OFFSET number bearing a predetermined relationship to both the PIN num-ber and a customer information file (CIF) signal stored in main memory, and other banking information. In response to a customer-initiated operation, a remote terminal sup-plies bank transaction and customer identification informa-tion to the central computer. Upon receiving information from a remote terminal, the central computer searches the customer's record in main memory for a CIF number associated with the customer's account. The central computer there-after forms a composite signal from the RN, CIF and PIN
OFFSET signals which is applied to the security device of remote terminal. The RN signal series to conceal both the CIF and PIN OFFSET signals from an attempted intercep-tion during transmission from the central computer to the remote terminal. The security device includes a comparator for generating a DISPENSE signal when the PIN and RN signals bear a predetermined relationship to the composite signal.
The cash dispenser includes a cash storage portion and a dispensing mechanism for issuing one or more cash units in response to a DISPENSE signal.

Description

FIBLD OF THE _NVENTION
The invention relates to automated banking systems, and more particularly to security systems used in com-bination w~th cash or negotiable instrument dispensers at locations remote from a central computer-controlled ban}cing facility.
PRIOR ART
With the advent of computer-contro:Lled banking facili-ties wherein a number of remote automated teller stations 10 are in communication with and controlled by a centrally located computer, certain transaction security problems have become apparent. More particularly, available tele-phone line monitoring devices and computer related equip-ment have been developed and used by computer thieves to 15 5ecure ~und~ from the bank systems. Fraudulently injected enabling signals, and the simulation of valid transactions from po;nts along the communication path ~etween the cen-tral computer and a remote terminal have been used succèssfully.
In response to this problem, prior art systems have developed remote terminals wherein a customer enters a personal identifi~cation num~er ~PIN), which is transferred to the central computer for recog~ition. The central com-puter in turn authorizes a transaction to take place. The 25 P~N num~er may be memori~zed by the user and may take the form o~ his social security number, his birth date or some other personal data known only to the customer and the bank.
The P~N number may be further used in conjunction with a m~gnet~call~ encoded card which includes data representative 30 of a cus~omer account number, bank number, and zone number.
In some cases the card includes an encrypted identification number which relates the PIN number to a customer informa-- ti~n ~ile ~CI~ nal ~t~rqd ~t ~he aentral ~omputer. ~he encryp~ed ~dent~ica~ion number i~ o~ten re~erred to as the 35 P~N ~FFSE~ 4 - ~i81~96 --2~

In the operation of such prior art systems, the cus-tomer typically enters his PIN number by way of a keyboard, and passes hi~ magnetic card thr~ugh registration with a card reader at the remote terminal. PIN and PIN OFFSET
signals thereby are transferred to the central computer through telephone lines. At the central computer, the signals are compared with a customer information file (CIF) number which is used to identify the customer account and verify the identity of the customer. The central computer 10 thereaftex transmits a transaction authorization signal over the telephone line to the cash dispenser at the remote terminal.
Because of the relative ease by which any signal on a telephone line may ~e intercepted and simulated, practical 15 systems ;n the prior art are generally provided with complex data encrypting devices whenever any signal such as the PIN, PIN OFFSET or transaction authorization signal is transmitted over a telephone line. Even though the resultant encrypted signals may be subject to interception, a suitably complex 20 encryption algorit~m may reduce the probability of a decoding by a thief. In the case of an authorization signal which is transmitted over the line, howe~er, the mere duplication of the signal even if in encrypted form usually is sufficient to'activate the cash dispenser at the remote'terminals.
U.S. Patent ~,075,460 assigned to the assignee of the pwesent invention prov~des an impro~ed remote terminal cash di~spensing system. Tne security system i3 comprised of a PIN
signal generato~ and a security device responsive to both the signal generator and an authorization signal comprised 30 o~ the customer's CI~P number which is supplied by a central computer. The signal path between the signal generator and the securi~ty device is wholly contained wLthin the remote , ter~l~nal~ The PIN ~igna1 thus cannot De in~ercepted, and t~e mere ~mulati~n o~ t~ au~hor~æation si~nal alone will 35 n~t penetrate thq ~eaur~ty ~ the ram~ke ~erminal. Although ~ t3~

the likelihood of theft is substantially reduced, a theft still may occur if a customer is careless with his PIN
number. The PIN number may be entered at the remote terminal by the thief, and the au~horization signal from the central computer may be simulated to cause the security device to command a cash release. The security system of the embodiment illustrated in Figure 2 of the patent is more dif~icult to penetrate since a PIN OFFSET signal wholly internal to the remote terminal also is applied to 10 the ~ecurity device ~y way of a card reader for a comparison.
Although the addition o~ the PIN OFFSET increases the neces-sity ~or obtaining both the customer PIN number and his encoded card, a theft qtill may occur through the use of knowledge qained from the card alone and intercepted 15 signals. For eXample, once the relationship between a PIN
OFFSET and a customer's CIF numker is discovered, the cus-tomer's PIN may ~e determined. A customer's CIF number is trans~erred over telephone lines from the central computer to the remote transaction terminal. The determination of 20 a PIN number is further facilitated from a knowledge of the nu~ber o~ ~its compr~sing the PIN num~er. Such a BIT sig-nal is supplied by the remote transaction terminal to the central computer. In each case, a cash theft may occur repeatedly once the control information peculiar to the 25 customer i9 determined.
The invention disclosed herein is directed to a ~ecuri~ty syqtem ~or a remote cash dispenser wherein the likelihood o~ securi`ty penetration without knowledge of the customer's PI~N num~er and possession of the customer's 30 encoded card ts substantially decreased, and the suscep-tibility of the system to repeated thefts through the use o~ tRe s~me control in~ormation w~thout such knowledge and p~e~ n ~ si~n~Piaantly reduced.

3~

S~mary o:r the Invention The present invention is d;rected to a remote terminal. security system :for a computer-controlled banking system ha~ing plural remote transaction termi-nals each with a cash dispenser. More particularly, the remo-te terminal security system is compris.ed of a pers:onal identi~ication number (~IN~ signal generatorresponsive to a customer initiated operation, a random number (hN) signal gener-ator, and a security device. The security device includes a comparator respon-sive to the PI~ and RN signal generators, and to a composite signal formed by a central computer rrOm customer-related inrormation and an R~ signal supplied by the remote terminal. ~he comparator generates a cash DISPENSE signal when the R~and PIN signals supplied by the remote transaction -terminal bear a predetermined relationship with the composite signal supplied by the central computer.
In accordance with the present invention, there is provided a security system ~or a remote transaction terminal o~ an automated banking system including a central computer with a main memory, said remote transaction terminal having customer operated data entry means and a cash dispenser, which comprises: .
: (a) first generator means responsive to said data entry means ror providing an identirication signal representative o:~ a customer personal identi~ication number;
(b) second generator means responsive to said central computer rOr supplying a pseudo random number signal to said central computer; and (.c~ comparator means in electrical communication wi:th said ~irst generator means and said second gener-ator means by way o~ signal paths wholly contained within said remote transaction terminal, and in e:Lectrical communication with said central computer ~or issuing & cas~ dispensq signal to said ca~;h d:Lspensqr when a composite s~ignal bearing a predq-tqrminqd rel&-tionship wi-t~ said identirication signa:L and said random numbqx-signal ls recei~ed :rrOm said central computq:r, s&:Ld composi-te signal ~qing :~ormed ~ro~ a cus.-tomer record s~i~nal sto~ed in said m&in memory, f'rom an o.~'s:q-t s:lgnal s~ppliqd by saia data entry means and bearing a prede-termined relationship 9~

between said iden-tification signal and said c-ustomer record signal, and from said random number signal.
In one aspect of -the invention, an RN signal generator in electrical communication with the security device and the central computer is located at the remote transac-tion -terminal. The signal paths from the PIN and RN signal generators to the security device are wholly contained within the remote trans-action terminal. In response to a central computer control signal, the P~N signal generator supplies a pseudo random number signal -to both the securit~ device, and to the central compu-ter to form a composite signal concealing customer-related information. The difficulty in deciphering the composite signal to isolate customer-related information thereby is significantl~ increased, and theft by the mere interception and simulation of information exchanged ~etween the central computer and the remote transaction terminal is eliminated. Further~ susceptib-ility to repeated thefts through the use of the same control information obtained by such deciphering and simulation is substantially decreased.

- s -In another aspect of the invention, the signal paths from the PIN and RN generators to the security device, and a signal path from a customer-operated data entry device to the security device are wholly contained within the remote transaction terminal. The security de~ice comparator issues a DISPENSE signal w~en the RN and PIN signals, and the customer information entered by the customer at the remote transaction terminal bear a predetermined relationship to a composite signal formed ~y the central computer from the 10 RN signal and customer related in~ormation.
DESCRIPTION OF THE DRAWI~GS

For a more complete understanding of the present in~ention and for further objects and.advantages thereof, reference may now be had to the following description taken 15 in conjunction with the accompanying drawings in which:
Figure 1 is a functional block diagram of a remote cash dispensing system em~odying the present invention; and Figure 2 ls a functional block diagram of an alterna-ti:ve remote cash dispensing system em~odying the invention.
DESCRrPTION OF THE PRF.FERRED EMBODI~5ENTS

.
Fiyure 1 illustrates in block d.iagram form a computer controlled ~anking.sy~tem embodying the invention.
A central computer 10 with main memory 12 is in electrical 25 communicati`on with a remote terminal 14 by way of communication pat~s a~ indi~cated ~y signal ~low arrows. The computer 10 and memor~ 12 are located at a central bank off~ce where they may ~e con~igured to provide on-line or o$f-line hanking func-t~ns~ The ~emote terminal 14 ~s located at a rernote o$~ice 30 or at a rqmote loca~n wi~hin the.central o~ice. A plur-al~y Q~ Q~nqr ~erm~nal~ ~imilar to terminal 14 also may be ~n a~mmuniaat~on wi~h computer 10 ~y way o$ communicati~n pa~hs ~uch a~ telephone kransmi~sion lines having modem equi~-m~nk at ~he local and remote in~ex~aca~.

The remote terminal 14 in the preferred embodiment as described herein includes a magnetic stripe card reader 20 and a keyboard 22 for entering information in response to customer-initiated operations~ It is to be understood, however, that any suitaDle data entry means may be employed.
Card reader 20 may be any of many well-known magnetic readers for reading data encoded on magnetic stripes in accordance with ABA, IATA, MINTS or Thrift Standard Track ~ormats. Card reader 20 may also be of other types in-1~ cluding card per~oration or optical readers. The data~ield imprinted on the card may include a data word identi-fying the customer's ~ank, zone, and account numbers. The data field further rnay include a PIN OFFSET data word which is converted by card reader 20 to a PIN OFFSET signal re-15 ferred to as 0 in the drawings. The ~ signal is represen-tati~e o~ a predetermined dif~erence relationship between a personal identification number (PIN) and a customer infor-mation file (CIFl num~er stored in the memory 12 of the central computer 1~. The PIN number for a customer may be 20 representati~e of the customer's birth date, social security nu~er or other personal data easily memorized. The CIF
nu~e~ is ~epresentative of a record num~er associated with t~e customer~s account in main memory 12.
Terminal 14 further comprises a conventional trans-25 action data generator 24 responsive to keyboard 22 for con-verting customer-activated key operations to data repre~en-tative o~ a desired banking transaction.
The remote termi`nal 14 in addition includes PIN signal ~e~er^ato~ 3Q, a random number (RN~ s~ignal generator 31, a 3~ BIT ~ignal generator 32, a display de~ice 33, a security de~i`ce 3~ and a aash d~spenser unit 36. The PIN signal ~enerator 3Q responds to key~oard 22 by generating a PIN
sig~al re~r~ed to i`n tRe drawin~s as Y, which is represen-ta~ Q o~ a ~e~i`es o~ num~er~ entered by the customer. The 35 9i`~nal Y ~ appl~ed t~ th~ s~na} generator 32 and to the ~ecur~ de~ice 3~ ~enerator 32 thereupon generates a ~ ignal whiah i~ repxe~entati~e Oe the number o~ bits in PlN si~nal Y, and whiah is supplied to ~he central aomputer lQ b~ way o~ teleph~ne tran~mis~ion lines as be~ore de~crlbe~.

11~8!396 The security device 34 receives the PIN signal Y, an RN signal referred to as W in the drawings and generated by the RN signal generator 31 in response to central com-puter commands, and a composite signal * supplied by the computer 10. The composite signal ~ is formed by central computer 10 from a CIF sIgnal referred to in the drawings as X, the P~N OFFSET signal 0 and the RN siqnal W. I~t is to be under~tood that the signal path for the PIN signal Y between generator 30 and security device 34, and the signal path Eor 10 the RN signal W ~etween generator 31 and security device 34 are entirely within the remote terminal.
The security device 34 includes a means for comparing the applied W, Y and ~ signals in accordance with a pre-determined algorithm. For example, using the exemplary poly-lS nomial formula N2+Y2-Z2 ~ 0, the security device shall ef~ectively square the ~ signal and substract the resultant from the ~um of the squares of the W and Y signals. In the event the difference equals zero, a DISPENSE signal shall be generated ~y the security device 34 and applied to cash dis-20 penser unit 36. Alternative polynom~als readilY maY be used.
Cash dispenser unit 36 includes a means for storinq a plurality of cash units, such as bills, and for delivering one or more of these stored cash units to the customer in res-ponse to an applied DrSPENSE signal.
The display 33 includes means to receive a PIN RE'QUEST
s~nal ~rom computer 10. In other embodiments of this ~nVent~on, the display 33 may also di~play transaction data as well as otaer information generated by the customer or the central computer lQ.
3Q In operation, a customer inserts a bank or credit card into the card reader 20. The card data and PIN OFFSET sig-nals tnere~y a~e li~ted ~rom the card, and trans~erred to th~ a~n~ral computex lQ ~y way o~ ~elephone tran~mission line~. ~n ~e~pon~ to ~e card da-ta, the centxal compu~ex ~5 lQ i`dentl~i`a~ the cu~tomer acaount, ~he customer then may key ~n tr~n~ac~on data rapre~entati~e o~ a de~ired banklng tr~n~c~n on k~oard 22. By way of example~ the cus-tomer , may activate a series of keys which indicate that a cash withdrawal is desired in the amount of a number of cash units. Transaction data generator 24 responds to the customer actic)n by forwarding representative transaction data to the central computer 10. Computer 10 identifies the transaction data, and verifies whether the customer's balance indicated in memory 12 has sufficient funds to accommodake the indicated transaction.
In the event the transaction data indicates a valid 10 transaction, the central computer 10 issues a PIN REQUEST
signal to illuminate a PIN request on display 33 of terminal 14. ~n an alternative embodiment, the PIN REQUEST signal may control a switching network to provide a direct signal path between PIN signal generator 30 and the security device 34.
When the customer enters his PIN number at keyboard 22, generator 30 is enabled to supply the PIN signal Y. In response thereto, the BIT signal generator transfers a BIT
signal representative of the number of hits in the PIN
signal Y to central computer 10. Central computer 10 then may 20 compare the BIT signal to the number of ~its in the cus-tomerls CIF num~er stored in memory 12. In the event there is a match, the computer issues an RN REQUEST signal to the RN generator 31. The generator 31 is activated thereby to gen erate a pseudo random number which is supplied to the security 25 device 34 and to the central computer 10. Upon receiving an signal W ~rom the RN generator 31, the central computer 10 ~o~s the composite si~gnal ~ in accordance with a polynomial equation. For purposes o~ illustration, the polynomial indi-cated in F~gure 1 is ~ ~ X~0~W. The composite signal ~ is 3Q issued ~y the central computer ~y way of telephone trans-mlssion lines to the security device 34. Upon receiving the signal ff, the device 34 compares the W and Y signals with the signal as ~a~ore descri~ed, and generates a DISPENSE signal in tHe ev~nt the control polyn4mial i3 satisPied. In re~pon~e 3S ko t~e D~SPENS~' s~cJnal, the aash dlspen~er unit 36 makes A
aa~h uni~ ~vaila~l~ to th~ c~s-t4me~.

g In the embodiment of Figure 1, the random number com-munication path between generator 31 and security device 34, and the PIN signal Y communication path between the P:[N
signal generator 30 and device 34 are wholly contained with in the remote terminal 14. Further, the composite signal ~ is so formed as to conceal the CIF and PIN OFFSET informa-tion through a combination with the RN signal W. A potential thief therefore must not only intercept the concept signal ~, but also decipher the signal. Only then could the thief 10 simulate a composite signal ~fter intercepting a current random number signal issued ~y the RN generator 31 to the central computer 10. Further, a particular simulation of the composite signal * may not be used repeatedly since the random number changes with each transaction~ The security 15 for a remote transaction terminal thus is tightened signi-~icantly,and a potential thief is made more dependent on actual knowledge of both the customer's personal PIN number and his encoded card data.
~n other embodiments, the BIT signal generator 32 may not 20 ~e required. In tnat event, the above operation may be carried out without a compar1son of the number of ~its in the PIN num-~er with the number of bits in the CIF number. In addition al-ternati~e comparison alqorithms may be readily programmed into the security device 34. In such algorithms, predetermined 25 bit weighting may be used in addition to or in lieu of alge-~raic trans~ormations. In still other embodiments, the com-po~ite signal ~ may include a signal representatiVe of a reque~ted numBer o~ bills so that the DISPENSE signal directs dispen~er Unit 36 to deli~er a speci~ic number o~ cash units to 3Q the customer. Furthermore, the card reader 20 may not be required or cash dispensing systems where the transaction data 1~ ent~rely provided by a customer-controlled trans-action data ~enerator. Othexwise, operation o~ these lat~er e~bQdiments may proaeed ~ desaribed ~bo~e in con~unction with 35 the ~y~t~m e~ ~gure 1~
It i9 to ~e under~tood tha~ in the preEerred embodiment as descrihed hereln, the dat~ trans~red over the telephone tran~mi~slon lines does not include the cu~tomer-memoriæcd PIN, nor does that data include a signal which in itself is sufficient to authorize the activation of the cash dispenser .

S An alternative embodiment is tllustrated in Figure 2 wherein elements identical to those in Figure 1 are identi-~ied with the same re~erence numerals. The principal difference ~etween the em~odim~nts of Figure 1 and Figure 2 is the path of the PIN OFFSET signal 0. In Figure 2, the 10 P~N O~FSET ~ignal 0 i8 transferred ~rom the card reader 20 d~rectly to the security davice 34 without passing over a telephone transm~ssion line. The computer 10 therefore tran~fers a composite signal ~ compri~ed only of the CIF
signal X and the RN num~er W. The security de~ice 34 may be 15 a ~our input system which performs a four variable polynomial computati~on, e.g. ~2~Y2~W2-~ = O. In the event the poly-nomial IS satlsf~ed for an applied set of signals (W, 0, Y-, ~L, the security device 34 generates a DISPENSB signal w~ch in turn act~vates the cash dispenser unit 36.

2~ It will be understood that the em~odiment of Figllre 2 oper~tes in substantially the same manner as the embodiment o~ Pigure 1, except that each of the PI~ O~FSET, PIN and RN
s~gna~s are reta~ned wholly within terminal 14.
~ The concepts o~ the preferred emhodiments of Figures 1 25 ~nd 2 ma~ be employed in other en~i~ronments than that of a ~anking syste~. For e~ample, in an automated security system for controlling the ingress and egress of persons at remote entry locations, the cash dispenser unit 36 may be replaced by an audio or visual indicator, or a turnstile

3~ re~pon~ive to t~e ~ecurity device 34. Although the keyboard 2~ and c~rd reader 2Q are descri~ed in th~ pre~erred em~odi~
~ent~ ~ any 9uitable ~a~a entry means may be . used whether ~po~ d ~y a ~ecur~ty ~uard or a parson ~eelcln~ admi9sion d~ a ~emote loGation.

The invention may be embodied in other specific forms without departing from the spirit or essential characteris-tics thereof. The preqent embodiments are therefore to be considered in all respects as illustrative and not restric-S tive with the scope of the invention being indicated by theappended claims rather than by the foregoing description.
All chan~es which come within the meaning and range of equivalency oi the claims are therefore intended to be embraced therein.
1~ What is claimed is:

Claims

1. A security system for a remote transaction terminal of an automated banking system including a central computer with a main memory, said remote trans-action terminal having customer operated data en-try means and a cash dispenser, which comprises:
a) first generator means responsive to said data entry means for providing an identification signal representative of a customer personal identification number;
b) second generator means responsive to said central computer for supplying a pseudo random number signal to said central computer; and c) comparator means in electrical communication with said first generator means and said second generator means by way of signal paths wholly contained within said remote transaction terminal, and in electrical communication with said central computer for issuing a cash dispense signal to said cash dispenser when a composite signal bearing a predetermined relationship with said identification signal and said random number signal is received from said central computer said composite signal being formed from a customer record signal stored in said main memory, from an offset signal supplied by said data entry means and bearing a pre-determined relationship between said identification signal and said customer record signal, and from said random number signal.

2. The combination set forth in Claim 1 wherein said data entry means is in electrical communication with said comparator means by way of a signal path wholly contained within said remote transaction terminal for supplying to said comparator means said offset signal, thereby accommodating in accordance with a predetermined relationship a comparison of said identification signal, said random number signal and said offset signal with a composite signal formed by said central computer from said customer record signal and said random number signal.

3. The combination set forth in Claim 1 or Claim 2 wherein said banking system includes a plurality of remote transaction terminals in electrical communication with said central computer, each of said plurality of remote trans-action terminals having said security system located therein.

4. An automated security system for a remote access terminal in electrical communication with a central computer including a main memory, said remote access terminal having an access control means and a data entry means operable by a user desiring to gain access, which comprises:
a) first generator means responsive to said data entry means for providing an identification signal represen-tative of a user personal identification number;
b) second generator means responsive to said central computer for supplying a pseudo random number signal to said central computer; and c) comparator means in electrical communication with said first generator means and said second generator means by way of signal paths wholly contained within said remote access terminal, and in electrical communication with said central computer for issuing an authorization signal to said access control means when a composite signal bearing a predetermined relationship with said identification signal and said random number signal is received from said central computer, said composite signal being formed from a customer record signal stored in said main memory, from an offset signal supplied by said data entry means and bearing a pre-determined relationship between said identification signal and said customer record signal, and from said random num-ber signal.

5. The combination set forth in Claim 4 wherein said data entry means is in electrical communication with said comparator means by way of a signal path wholly contained within said remote access terminal for supplying to said comparator means said offsst signal, thereby accommodating In accordance with a predetermined relationship a comparison of said identification signal, said random number signal and said offset signal with a composite signal formed by said central computer from said customer record signal and said random number signal.

6. The combination set forth in Claim 4 or Claim 5 wherein said security system includes a plurality of remote access terminals in electrical communication with said central computer, each of said plurality of remote access terminals having said security system located therein.

7. A security system for controlling from a central station the access of a user at a remote station, which comprises:
a) a central computer system including a main memory located at said central station;
b) a user operated data entry means located at said remote station;
c) first generator means located at said remote station and responsive to said data entry means for providing an identification signal representative of a user personal identification number;
d) second generator means located at said remote station and responsive to said central computer for supplying a pseudo random number signal to said central computer;
e) control means located at said remote station for preventing said user from gaining unauthorized access; and f) comparator means in electrical communication with said first generator means and said second generator means by way of signal paths wholly contained within said remote station, and in electrical communication with said central computer for issuing an authorization signal to said control means when a composite signal bearing a predetermined relationship with said identification signal and said random number signal is received from said central computer, said composite signal being formed from a user record signal stored in said main memory, from an offset signal supplied by said data entry means and bearing a predetermined relation ship between said identification signal and said user record signal, and from said random number signal.

8. A security system for controlling from a central station the access of a user at a remote station, which comprises:
a) a central computer system including a main memory located at said central station;
b) a user operated data entry means located at said remote station;
c) first generator means located at said remote station and responsive to said data entry means for pro-viding an identification signal representative of a user personal identification number;
d) second generator means located at said remote station and responsive to said central computer for supplying a pseudo random number signal to said central computer;
e) control means located at said remote station for presenting said user from gaining unauthorized access; and f) comparator means in electrical communication with said data entry means, said first generator means and said second generator means by way of signal paths wholly con-tained within said remote station, and in electrical com-munication with said central computer for issuing an authorization signal to said control means when a composite signal received from said central computer bears a pre-determined relationship with said identification signal, with said random number signal and with an offset signal supplied by said data entry means and bearing a predetermined relation-ship between said identification signal and said user record signal, said composite signal being formed from a user record signal stored in said main memory and from said random number signal.