CA1210470A - Protection system for intelligent cards - Google Patents

Protection system for intelligent cards

Info

Publication number
CA1210470A
CA1210470A CA000428482A CA428482A CA1210470A CA 1210470 A CA1210470 A CA 1210470A CA 000428482 A CA000428482 A CA 000428482A CA 428482 A CA428482 A CA 428482A CA 1210470 A CA1210470 A CA 1210470A
Authority
CA
Canada
Prior art keywords
card
password
terminal
code
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired
Application number
CA000428482A
Other languages
French (fr)
Inventor
Stephen B. Weinstein
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
American Express Co
Original Assignee
American Express Co
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by American Express Co filed Critical American Express Co
Application granted granted Critical
Publication of CA1210470A publication Critical patent/CA1210470A/en
Expired legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/347Passive cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/355Personalisation of cards for use
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3672Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes initialising or reloading thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code
    • G07F7/1058PIN is checked locally
    • G07F7/1066PIN data being compared to data on card
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce

Abstract

PROTECTION SYSTEM FOR INTELLIGENT CARDS

Abstract There is disclosed a protection system for in-telligent cards. Each card has stored in it a code which is the encryption of a concatenation of a user secret password and a common reference text. The encryption is derived by an initialization terminal which uses the pri-vate key associated with the public key of a public-key cryptosystem key pair. Each transaction terminal with which a card is used decrypts the stored code in accord-ance with the public key. A transaction is effected only if the stored code decrypts into the user password which is inputted on a keyboard and the common reference text.

Description

~Z~

Description PROTECTION SYSTEM FOR INTELLIGENT CARDS

This invention relates to the use of intelli-gent cards to effect terminal transactions, and more par-ticularly to the prevention of the fraudulent use of such cards.
Much work has been done in recent years on the furnishing of intelligent cards, of the "credit card"
- type, to consumers; such intelligent cards include a mem-ory and have a data processing capability, the latter being in hard-wired form or more preferably in the form of a microprocessor with a stored program. (Although de-velopments thus far are in the form of cards, it is to be understood that a small memory and microprocessor can be incorporated in other portable media, such as pens, keys, etc.; as used herein, the term "intelligent card" refers to any medium which can be conveniently carried by a user and which performs the functions to be described below.) Much of the work on in~elligent cards has been performed abroad, particularly in France, and a prior art patent illustrating the general concept is that of Michel Ugon, Patent No. 4,211,919, issued on July 8, 1980 and entitled "Portable Data Carrier Including A Microprocessor".
A typical intelligent card might contain a per-sonal identification number, i.e., a secret password, as well as a dollar value. (The term "password", as used herein, refers to either a memorized sequence of symbols or a set of numerical data derived from physiological attributes, such as a signature, voice sample or finger-print, of the legitimate card user.) The card issuer might initially store a value in the card representing ~500, upon payment of this amount by the user. Whenever the card is used in a purchase transaction, the value of ~; the transaction is subtracted from the value remaining on ~2~'7~

the card, the new value representing the available user credit. Before any transaction takes place, the card is placed in a terminal and the user is required to input his password. ~If the password is a derivate of physiolog-ical attributes, "input his password" should be understoodto mean supply a signature, voice sample, fingerprint or other physiological sample to an analytical device in the terminal which produces the derivate defined as the pass-word.) If the terminal verifies a match between the user-inputted password and the password stored on the card, thetransaction is allowed to proceed. (For a physiologically derived password, the term "match" should be understood to mean an acceptable resemblance rather than an exact coin-cidence.) For maximum security, the password comparison should taKe place in the card itself; the terminal trans-mits the inputted password to the card and the logic on the card compares the inputted password with tne stored password, and informs the terminal whether the correct password has been entered. The advantage of not allowing the password to "leave the card" for comparison in the terminal is that a thief cannot determine the stored password and therefore cannot use the card. Were the comparison to take place in the terminal, someone with a background in electronics could access the card password once it is stored in the terminal, and tnus learn the correct password to be used with the card.
It is to be understood, of course, that surchase transactions are only one example of the use of intelli-gent cards. As is known in the art, intelligent cards can also be used to access data banks, make airlines reservations, decrypt at a terminal incoming messages which are transmitted in encrypted form, as well as for numerous other purposes.

In general, the term "transaction" as used herein refers to any transaction effected by a terminal when a user intelligent card is inserted in it.
S A major concern in the use of intelligent cards in this manner on a widespread scale is their possible susceptibility to fraud. When it is recognized that an intelligent card may allow its user to obtain hundreds and even thousands of dollars of credit, and in an extreme case even to obtain large amounts of cash or negotiable traveler's checks if a transaction terminal is provided for issuing cash or traveler's checks, it becomes apparent that card-controlled transaction terminals will not be commonplace until there is some way to protect against the fraudulent use of cards. It is a general object of my invention to provide such a protection system.
There are several different kinds of intelli-gent-card security which must be distinguished from each other. The first relates to the fraudulent issuance of genuine cards. A genuine card is one produced by an auth-orized manufacturer for delivery to a card issuer, the card issuer then initializing the cards, e.g., with a dollar value, and furnishing them to card users. The problem here is that genuine cards may be intercepted during shipment from the card manufacturer to the card issuer, or even stolen by dishonest employees of the card issuer. Techniques have already been developed for pro-tecting against illegitimate issuance of genuine cards, and such a scheme is incorporated in the illustrative em-bodiment of the invention to be described in detail below.
The second aspect of card security relates tothe use of a stolen card by a thief, a situation which will probably be commonplace. Secret password schemes have been devised in the prior art, as described above, to protect against the fraudulent use of a card in such a case. (Unfortunately, no way has yet been found to over-~2~

come a criminal forcing a card owner to tell him thepassword. Violent crimes of this type, however, occur much less frequently than attempted use of a stolen card.
Moreover, there is just as great a risk in carrying cash as there is in carrying an intelligent card when it comes to violent crimes of this nature.) The problem which has thus far resisted solu-tion concerns the criminal with a sophisticated elec-tronics background. Such a criminal could actually manu-facture intelligent cards and construct an issuer initial-ization terminal of his own. He could then actually ini-tialize cards which could be used in transaction terminals of a legitimate card issuer. The problem is aggravated because a criminal with an electronics background need not even go to so much trouble.
It is expected that many transaction terminals will be unattended, that is, a card user will be able to effect a tranSaction in such a terminal without the ter-minal being attended by any personnel employed by the card iss~ler. There are already many such unattended terminals in place today, for example, those which allow the owner of a bank card to receive a packet of cash during non-banking hours. It must be recalled that the basic protec-tion scheme proposed in the prior art is the inputting of a password into the terminal by a card user, and the comparison of the inputted password in the card itself, with the card then informing the terminal whether the passwords match. Security can be completely broken by the simple expedient of inserting a specially-constructed card into the terminal. If the terminal is such that user cards are not completely absorbed and the ingress passage is not cut off, the card can be nothing more than a contact board (of card dimensions) being connected by a set of wires to an electronic "black box" carried on the person of the criminal. It is not necessary to even be concerned with the storage of a password in the "black box" which the 7~
, -5-criminal would, of course, know and input on the terminal keyboard. All the criminal has to do is to provide a siynal to the ~erminal at the appropriate time which informs the terminal that the inputted password matches the password stored on the card. The terminal expects to receive a "yes" or a "no" answer and the electronic forger simply has to know how to furnish a "yes" answer when the terminal expects the result of the password comparison.
~he problem is obviously most severe in the case of unat-tended terminals where there is no one present to evencheck that what "looks" like a legitimate card is being placed in the terminal. In the case of a value card, for example, it would be a trivial matter for the forger's "black box'' to inform the terminal that the card user has a considerable credit available to him.
One scheme has been proposed in the prior art for guarding against identification fraud. Thls scheme, which is marketed under the mark "Identikey"* will be described in detail below. Its basic weakness is that it relies on a secret code transformation which is stored in each transaction terminal. With the proliferation of terminals, it will not be difficult for a forger to gain access to a ter~inal and to discover the secret transform-ation algorithm. As will become apparent below, once the transformation is determined a forger can verify his iden-tity to the satisfaction of the terminal and possibly thereby gain access to privileges and services, although it is much more difficult for him to represent himself as a particular legitimate user.
In accordance with the principles of my inven-tion, I provide a protection system for intelligent cards which is based in part on the principles of a new branch of cryptography known as "publi~-key cryptographyn. One of the earliest works on the subject is that of Diffie and Hellman, "New Directions In Cryptography", IEEE Transac-~s tions On Information Theory, November, 1976. Another - * Trademark significant advance in the field was described in the 1977 paper by Rivest, Shamir and Adleman, entitled "On Digital Signatures And Public-Key Cryptosystems", MIT/LCS/TM-82, of the Massachusetts Institute of Technology. Perhaps the clearest exposition of the subject is to be found in the August, 1979 issue of Scientific American, in an article by Hellman entitled "The Mathematics of Public-Key Crypt-ography".
A brief summary of public-key cryptography will be presented below, the details not being required for an understanding of the present invention. Most of the focus of cryptography has been on the transmission of a message from one site to another. The use of a public-key crypto-system allows the message to be encrypted at site A in accocdance with a published public key, transmitted to site B, and decrypted at site B in accordance with a secret private key The key for decrypting the message is known only by the recipient at site B. There is no effec-tive way to decrypt a message without the decrypting key even though the ensrypting key is known, and the encrypted message is useless to anyone who gains unauthorized access to it~ In an interesting twist to ~he basic concept, the use of cer~ain public-key cryptosystems allows the message to be authenticated at site A, with the recipient at site B not only being guaranteed that the message is authentic but also being unable to generate fake messages purported-ly transmitted from site A which could be alleyed to be authentic.
~ accordance with the ~rinci~les of the descr~d embcdiment, the card issuer first generates a public key crypto-system key pair E and D. The secret key D is stored in an initialization terminal which is guarded at the premises of the issuer. When a card is initialized, the user selects a password and it is stored in the card, as in the prior art. But another piece of information is also stored in the card. This information consists of two . ~

~2~3~

concatenated strings which are encrypted with the secret key D. One part of the string consists of the user's password, and the other part consists of a reference text which is used throughout the system. In the case of a card issuer such as the American Express ComRany, the reference text might simply be A~ERICAN EXPRESS.~ Suppose, for example, that the user selects a password BIGSHOT3.
Using the secret key D, the initialization terminal stores in the card an encryption of the concatenated string BIGSHOT3 AMERICAN EXPRESS~
Whenever the card is accessed by a transaction terminal, the user is asked for his password and, as in the prior art~ the transaction is allowed to proceed only if the card informs the terminal that the inputted pass-word matches the password stored in the card. As des-cribed above, this low level of security is not effective against a sophisticated forger. Much higher security is obtained, however, by requiring an additional two-part test to be executed by the terminal and card without any further action on the part of the user. The terminal retrieves from the card the data string whi_h is the encryption of the concatenated password and ceference text, e.gO, the encryption of BI~SHOT3 AMERICAN EXPRESS.
The terminal decrypts the string under control of the public key E which i5 stored in the terminal. For a legitimate card, there should result the concat nated string 3IGSHOT3 AMERICA~ EXPRESS. The terminal now ?er-forms two comparisons. The irs~ part of the decrypted concatenated string is compared with the password which the user inputs on the terminal, and the reference text part of the decrypted string is com?ared with ~he refer-ence text AMERICAN EXPRESS which is stored in the ter-minal. Only if both comparisons are successful is the transaction allo~ed to proceed to completion.
The protection against forgery depends on the inability of the forger to create both a password and an * Trad~E~k ~3 encrypted string which will pass this added test. It is assumed that a sophisticated forger will soon learn the reference text which is stored in every transaction ter-minal. He will also soon learn the public key E, perhaps by taking apart a transaction terminal. But without know-ledge of the secret key D, there is no way in which a forger could devise a code which when inputted to the terminal from his forged card would, upon decryption with the publi- ~ey stored in the terminal, result in a concat-1~ enated string consisting of both any password he mightselect and enter, and the predetermined text AMERICAN
EXPRESS.
It is crucial to understand why the string stored in a card must be the encryption of both a user password unique to each user, and a reference text which is common to all of them. Suppose that it were required only to store in a card the encryption (using the issuer's secret private key) of a user-selected password. In such a case, the forger, knowing the public key used by each terminal for decryption, would create some arbitrary code for his card's encrypted string and use the public key to transform it into what he then defines as his password.
He then simply need use the initial arbitrary code as the encryp~ed string furnished by his forged card to the ter-minal, an~ the previously determined decryption as thepassword which he inputs on the keyboardO There is no security at all in such a scheme.
On the other hand, suppose that it were required to store on each card only the string resulting from encryption of the reference text AMERICA~ EXPRESS under control of the private key of the issuer. Since the sa~e encrypted reference text is retrieved by the transaction terminal for every card used in the system, it is a tri-vial ~atter for the forger to learn what code his forged card should furnish to any terminal so that it will de-crypt into the string AMERICAN EXPRESS.

lz~g~j~

.J _9_ ~ nR se~ity of the ~=xd~t of the pres~t invention is pre-cisely in its storage in the card of the encryption, using the issuer's private key, of a combination of a password unique to the user and a common reference text. It will no longer do the forger any good to start out with an arbitrary code. That arbitrary code (which the forger's unauthorized card would furnish to the terminal) must de-crypt into two strings, one of which is the predetermined reference text AMERICA~ EXPRESS. In accordance with the principles of public-key encryption, and assuming judi-ciously selected string lengths, the probability is in-finitesimal of a forger selecting a random code which, when decrypted with the public ~ey, has a predetermined substring in it. Were this to happen, the forger could look at the decrypted password/reference text combination, and see which password he would thereafter have to input to a terminal in order to effect both matches when his forged card inputs the random code which was tried in the first place. But the probability of an arbitrarily selected code being decrypted into a string, part of which is a predetermined reference text, is so negligible that the system is highly secure (certainly secure enough for commercial transactions.) The system is viable so long as the forger cannot determine the private key D which is the complement of the public key E stored in every ~ransaction terminal. Without the private key, there is no technique of acceptable computational complexity which will specify a code which, when decrypted with the public key, will result in a string having a predetermined reference text as a substring. Even were some arbitrarily selected code decrypted into a string which would include as a part thereof the predetermined reference text AMERICAN EXPRESS, the predetermined reference text would have to occur in the right position in the overall decrypted password/re-ference text combina~ion, and the probability of thishappening is even more remote than that of guessing a~code which will decrypt into an overall string which has the reference text AMERICAN EXPRESS in some arbitrary posi-tion L
It should be noted that this authe~tication system can serve a multiplicity of issuers. If each issuer has its own public-secret key pair and reference text, each card will carry the reference text or other identification of the issuer, and each transaction termi-nal will store the full set of acceptable issuer reference texts ana public keys. For convenience, the card can also carry the appropriate public key, although this key, like the reference text, must be configured as a member of an acceptable set stored in the terminal. It is even pos-sible for a single card to be shared by several issuers, containing several encrypted codewords, each corresponding to a particular issuer and controlling access to a value or eligibility stored in a particular section of the card's memory. Some identification of each issuer is necessary, and, just as with the single-issuer card, the issuer's reference text can serve this function. For convenience, each issuer's public key can also be carried in the card.
One embodi~nt of the present invention will now be described by way of example, with reference to the accompanying drawings in which:

FI~. 1 depicts the components utilized in a complete system of the embodiment;
FIG. 2 depicts the form of a terminal ~hich may be used in the system of the embodiment;
~ IGS. 3A and 3B depict respectively a prior art, unsatisfactory solution to the forgery problem and the higher security solution ofthe embodiment;
~ IG. 4 symbolically depicts the details of both an intelligent card and an initialization tecminal, as the ~ latter is used to initiali~e the former;

~Z~) f-9~7~3 FIG. 5 symbolically depicts the details of an intelligent card and a transaction terminal, as the latter is used to effect a transaction under control of the former;
FIG~ 6 is a flow chart which depicts the card initialization process; and FIG. 7 is a flow chart which depicts the process of effecting a transaction with an intelligent card.
Before proceeding to the detailed description of 1~ the ~xd~Ynt, a brief summary of the principles of public-key cryptography will be presented. In its simplest form, and as originally contemplated for the transmission of messages over communicatioQs channels, each user computes or is issued a complementary pair of keys. The two keys are generally given the symbols E and D, and both are used to control operations on alphanumeric strings repcesented as numbers. In the well known Rivest-Shamir-Adleman (RSA) scheme, the two keys are co.~mutative in the sense that if an original text is encrypted under control of key E, encryption of the encrypted text under control of key D
will result in the original text, while encryptions first with key D and then with key E simiiarly result in the original text. The security of public-key systems resides in the extreme computational difficulty of deriving one key from the other.
In the usual case, a party to whom messages are to be sent publishes his key E in a central directory.
Anyone who wishes to transmit a message to him transforms or encrypts the message with key E. Key D is known only to the party who can decryp~ any incoming message for him with the use of this key. However, anyone else who gains access to the transmitted encryp~ed message will find it totally unintelligible because wlthout key D, the trans-mitted message cannot be decrypted. The symbols E and D
are generally used because one key is used foc encryption -~ and the other or decryption, although their roles can be ,;~
..

lZ~ 7~

exchanged, as has been noted above. Key E is referred to as the "public key" because it is published so that the whole world will know how to encrypt messages for secret transmittal to the owner of the key pair. Key D is the "private key" because it is known only to the individual owning the key pair.
If privacy is of no concern but instead authen-tication is the goal, the party who originates the message uses his private key to transform it. Thus it is his key D, which is ordinarily used for decryption, which is used to authenticate (encrypt) a message. The party receiving the encrypted message uses the public key E of the trans-mitter to decrypt the incoming message in order to trans-form it to the original text. As long as the incoming encrypted message is saved, the receiving party can "prove" that the received message is authentic. Using the public key of the transmitter to decrypt the incoming message results in an intelligible text only if the ori---~inal message was encrypted with the private key of the transmitter. Since the transmitter is the only person who has knowledge of his private key, the receipt and storage of any incoming encrypted message which can be transformed to an intelligible text using the public key of the trans-mitter serves as proof that he indeed sent the message.
2S While encrypting a message with the public key of the receiver assures privacy, and encrypting a message with the private key of the transmitter assures authenti-cation, in the former case there is no way to prove that an incoming message is authentic and in the latter case there is no way to control privacy. In the former case, there is no way for the receiver to know that the party from whom the message is supposed to have come really originated it because the whole world has access to the receiver's public key. In the latter case, since the whole world knows the public key of the transmitter, anyone can decrypt the transmitted message if access is lZ~

gained to it. The way to insure both privacy and authen-tication is for the transmitter to doubly encrypt the message with his private key and the receiver's public key, and for the receiver to doubly decrypt the message with his private key and the transmitter's public key.
Because of the commutative property of each key pair, the doubly-decrypted message will be the same as the original text prior to the double encryption. Privacy is assured because only the receiver has his private key which is necessary for partial decryption. Authentication is as-sured because, while the whole world has the public key of the transmitter, a transmitted message which can be de-crypted into text which has meaning could only have been encrypted by the possessor of the transmitter's private key.
~ ecause the transmitter can actually use his private key D for encryption purposes, with his public key E being used by a receiver for decryption, the symbols D
and E do not necessarily always refer to decryption and encryption keys. Either can be used for encryption and either can be used for decryption. However, this is the symbology which has developed. What is common to any key pair in a "public-key cryptosystem" is that one key is public (or at least the key-pair owner does not really care if it becomes public) and one is private; the public key is referred to herein as the E key, and the private key is referred to herein as the D key. What is also common to all such cryptosystems is that neither key can be determined from the other.
In a public-key cryptosystem utilizing the RSA
scheme, a message to be transmitted is first raised to the power S. The final encrypted message is the original message raised to the power S, modulo R. That is, only the remainder after the original message is raised to the 3S power S and repeatedly divided by R is actually transmit-ted. The number R may be typically 300 bits in length, ~ ' .

~Z~L~3'~

and the power S to which the original message is raised is typically 50 bits in length. The length of each message must, of course, be less than the length of R because the encrypted message must have at least as many bits as the S original. The numbers S and R together comprise the published public key of a user~ The private key comprises numbers T and R. The incoming message is raised to the power T, then repeatedly divided by the number R until the remainder is less than R. This remainder is the decrypted message.
The user keeps his private key secret, the num-ber T being the important part of the secret since the number R is known. As described above, the reason that public-key cryptography works is that given the key S, it is virtually impossible to determine the key T. The literature referred to above describes not only the basis for public-key cryptography, but also the manner in which paired private and public keys can be generated.
FIG. 1 illustrates the basic components of a system constructed in accordance with the principles of my invention. The numeral 12 represents an intelligent card, one such card being issued to each user of the system.
The contacts for allowing a terminal to access the card are depicted symbolically at the upper left corner of the card housing, the contacts extending through the housing to the memory and logic and/or microprocessor contained within the housing. Terminal lOa is the initialization terminal utilized by the card issuer; each user card must be initialized with, among other things, a user password.
The numeral lOb represents a transaction ter-minal which can be used, upon insertion of a user card, for effecting a transaction. The numeral 13 simply re-lates to how the transaction is recorded. The record can be stored on site, or it can be transmitted elsewhere.
Similarly, it can be printed or even stored in the user card.

3a~

FIG. 2 depicts the general form of a terminal.
The terminal can be either the initialization terminal lOa of FIG. 1, or the transaction terminal lOb of FIG. l; the only difference would relate to the details of the proces-sing which takes place, as will become apparent below. Asshown in FIG. 2, the .erminal includes a display 14 for displaying messages and instructions to the card user, a slot 16 in which a card 12 is inserted, and a keyboard 18.
The keyboard is used both to input information necessary foe the transaction, as well as for the inputting of a user password.
FIG. 3B depicts symbolically the manner in which the forgery of cards, or the "fooling" of a terminal (especially an unattended terminal), are prevented in accordance with the principles of my invention. My scheme is to be contrasted with a representative prior art scheme depicted in a similar fashion in FIG. 3A, this prior art scheme being marketed under the trademark "Identikey" and being familiar to those skilled in the art.
The "Identikey" system presently enjoys use in the banking industry. A user defines his own secret pass-word and com~its it to memoryO The user is also provided with two additional numbers, both of which can be recorded on an identification card -- his account number and his identiication number. The latter two numbers are non-secret, not in the sense that a public record is made of them although one or both may actually be printed on the user's card, but rather in that it is generally not possi-ble to prevent at least a bank teller from l~arning the two numbers. It must therefore be assumed that the two numbers are not secret.
When user identity is to be established so that a transaction can be effected, the user's account number is inputted from his card (or manually), and the user inputs his password into the terminal~ by use of a key-board. (As a first-level measure of security, the ter-~ . .

~2~

minal may transmit the password to the card and only after the card informs the terminal that there is a password match does the terminal access the account number from the card.) The terminal then performs a nonlinear and effect-ively irreversible transformation on the combination ofthe password and the account number, and produces a test identification number. The user's identification number is also entered into the terminal, either by transfer from his card or by manual entry. Only if the identification number stored on the card matches the test identification number generated in the terminal does the terminal allow the transaction to be effected. The dxawing shows the comparison of the two identification numbers as control-ling either acceptance of the card and completion of the transaction, or rejection of the card (and possibly its destruction and/or confiscation).
It is assumed that the transformation F is irre-versible in the sense that if the identification number of a user is known and his account number is also known, knowledge of the transformation F will not be sufficient to enable even the mathematically inclined to determine the password which is associated with the card. Thus a thief, for example, even if he knows the identification number and the accoun~ number of a user, will not be able to determine his password.
However, the system lacks security, assuming that the use of the transaction terminals are widespread, because there is no way to prevent general knowledge of the transformation F. All that a forger has to do is to select an arbitrary password and an arbitrary account number, and to use the transformation ~ on them to derive an identification number. He then can enter the arbitrary account number and derived identification number into any terminal to establish his identity. This does not, of course, allow the forger to misrepresent himself as a specific individual who has already been assigned account ~2~S~

and identification numbers. In order to impersonate this individual, the forger must generate a password consistent with the known account and identification numbers. Cer-tain limitations of the system make this easier than inverting the function F, but it is still a computational-ly expensive task. For these reasons, the "Identikey"
system offers acceptable security in on-line applications in which the set of valid identifiction numb~rs is avail-able for reference, but not in off-line applications where there is no such reference set.
In the system of the ~xd~nt depicted in FIG~
3B, the user is provided with a secret password as well as a non-secret identification number. The identification number is the code on the card stored by the initializa-tion terminal, i.e., the combination of the user-selected secret passward and the reference text AMERICAN EXPRESS, encrypted together under control of the issuer's private key. Using the associated public key E stored in the terminal, the user's identification number is decrypted into two strings consisting of his password and the text AMERICAN EXPRESS. The terminal requests the user to input his secret password. (Once ayain, the terminal may access the card only after the correct password is inputted, as in the prior art.) The terminal then compares the input-ted password and the universally-used reference text AMERICAN EXPRESS with the two parts of the decrypted identification number. Only if the two parts match does the terminal proceed to effect a transaction.
Just as a sophisticated forger is assumed to know the transformation F of FIG. 3A, he is assumed to know the public key E of FIG. 3a since there will be many transaction terminals in the field and it is a celatively simple matter to learn the public key. Suppose that the forger tries to do with the system of FIG. 3B something comparable to what he can do with tne system of FIG. 3A, namely, to select an arbitrary identification number, to .

decrypt it using the known public key E, and to then use the decrypted results in creating a "black box or forged card which can fool a transaction terminal. A terminal can be "fooled" only if the decryption results in a pass-word and the message text AMERICAN EXPRESS. Should anarbitrarily selected identification number, after decryp-tion with the public key E, indeed result in the message text AMERICAN EXPRESS in the proper place (e.g., at the end) and some additional arbitrary combination of letters and numerals, this latter combination would be the pass-word which the forger could then use in his "black box" or to input on the keyboard. But the arbitrary selection of an identification number would have an infinitesimal prob-ability of its decryption consisting of the predetermined message text in the right place, together with some arbi-trary combination of characters. Thus knowing the public key E is not sufficient to allow a forger to select an identification number (the combination of a password and the message text AMERICAN EXPRESS, as encrypted by the secret key of the issuer) which will effect a transaction.
The only way that an identi~ication number can be selected which will decrypt with the public key into a password part and a predetermined message text part is if the private key is used in the encryption process, and the forger has no way of knowing the private key.
It is essential that the result of the decryp-tion consist of both a password part and a predetermined reference text part. Were the encryption stored on the card to consist of a password only, the forger could select an arbitrary identification number, decrypt it with the public key E, and use the result as his password;
storage of the arbitrarily selected identification number in the "black box" to be used with a terminal as the encrypted code on a card would always result in a success-ful comparison were the forger to input the passwordderived by using the public key E. Similarly, were the ;' code on the card to consist of nothing more ~han the message text AMERICAN EXPRESS encrypted with the private key D, all the forger would have to do is to determine the same encryption which is stored on every card and to use it in his "black box". Decryption in any terminal with the pu~lic key E would necessarily result in the reference text AMERICAN EXPRESS. What is necessary for security is to store in a card the code which is an encryption, created with the private key D, of a combination of a password and a predetermined reference text. There is no way -- even with knowledge of the public key E -- that a forger can select an arbitrary identification number, or encryption to be stored on a card, which will decrypt into some arbitrary password together with the predetermined reference text in the correct position in the concatenated strings.
FIG. 4 depicts on the left side the components included in the intelligent card 12 itself. These compo-nents are shown in block-diagram form only since the constructions of intelligent cards are well known in the art. Memory 28 is divided into six segments. One segment of the memory includes the user password. This password is selected by the user (so that he can remember it), is stored in the card by the issuer's initialization ter-minal, and is subsequently used under control of anytransaction terminal to verify that the individual using the card is the authorized user by requiring that the password which he inputs matches that stored in the card.
The memory also includes an issuer password.
This is a password which the card manufacturer stores in the card, the password being known only to the manufac-turer and the issuer. As will become apparent below, a card stolen from the manufacturer cannot be initialized by a thief because he will usually not know the issuer pass-word ~hich an initialization terminal requires in order toinitialize any user card.

47~

The next segment of the memory contains a code which is an encryption of a concatenation of two strings, one being the user password and the other being a refer-- ence text such as AMERICAN EXPRESS. The issuer's private key D is used to encrypt the concatenated strings in the issuer's initialization terminal.
The "stored program" is simply the object code which governs operation of microprocessor 30. That seg-ment of the memory which contains "general information" is optional, but can include information to be appended as part of the header of any transaction message which is generated. For example, it might contain the name and address of the user.
The five segments of memory 28 described thus far can be read-only~memory in that after the card is ini-tialized, the information contained in these segments of the memory need never be changed. (Certain portions of the read-only-memory, such as the stored program, may be written by the card manufacturer, while other portions of the memory may be written into only once by the initiali-zation terminal; typically, the password, code encryption and general information segments may comprise the contents of PROM memory.) The only part of the memory which need be random-access is the ~Iworking memory", that part of the memory which is used by the microprocessor during pro-cessing. Although not shown in the drawing, it is to be understood that the slot into which the card is inserted in either type of terminal includes pins for furnishing power to mating pins on the card. Typically, the card requires two ssurces of power -- five volts for powering on-board TTL logic or the microprocessor, and 24 volts for writing into the PROM segments of memory 28, as is known in the art. (The transac~ion terminal, to be described below, need not furnish 24-volt power.) The card also includes an I/O section 32 for interfacing with a terminal 10~ A principal function of ~z~3~

the I/O section is parallel to serial conversion. A
single pin on the card is used for transmitting and re-ceiving serial data. A set of control lines is provided for allowing timing and control information to be trans-mitted back and forth between the card and the terminal.
The card also includes conventional data, ad-dress and control busses for interconnecting the micropro-cessor, the memory and the I/O sub-systems.
The initialization terminal lOa of FIG. 4 simi-larly includes an I/O section 34, a microprocessor 36 anda memory 40, all interconnected by conventional data, address and control busses. Keyboard 18 is connected to the three busses so that a user password can be entered, as well as for entering any other general information which may be desired. The display 14 of the terminal is interfaced to the three busses by a conventional display controller 38, as is known in the art.
Memory 40 contains five ~ypes of information.
The working memory is random-access and is the memory required by the microprocessor during processing. The other four segments of the memory can be read-only memory.
The main stored program controls most of the processing to be described below. The portion of the memory labelled "reference text" contains the phrase AMERICA~ EXPRESS as used in the example above, the reference text which is used as one part of the concatenation which is encrypted with the private key D. There is an additional stored program for encrypting the combination of the user-select-ed password and the fixed message text with the issuer's private key D~ (Strictly speaking, this part of the memory simply contains one of many subroutines and can be considered to be part of the main stored program.) The memory ~0 also contains the issuer password whose function will be described shortly.
The manner in which a user card is initialized is depicted in the flow chart of FIG. 6. (The actual q3~

object code for carrying out the initialization process is not shown in the drawing since, given the flow chart, anyone skilled in the art could write a source pr~gram which, after assembly, would provide object code for con-trolling the microprocessor.) At the start of the ini-tialization process, after the user card is inserted in the card slot of the initialization terminal, the terminal reads the issuer password from its memory and transmits it to the card. The issuer password which is thus transmit-ted to the card is compared by microprocessor 30 with theissuer password stored in the card memory. The result of the comparison is transmitted to the terminal. If the two passwords do not agree, the initialization process is aborted; otherwise, it continues as shown in the flow chart.
This comparison of passwords is standard in the art of intelligent cards. The card manufacturer stores a different issuer password on each serially-numbered card which it manufactures. Without this security step, were a truckload of cards to be highjacked, a thief could ini-tialize and use them~ What the manufacturer does is to send the list of issuer passwords corresponding to the serially-numbered cards to the card issuer via some alter-native and highly secure channel. In this way, the high-jacker of a truckload of cards cannot make use of thembecause he does not know the issuer passwords which are required to initialize the cards.
Referring back to FIG. 6, the terminal then requests, via display 14 on the initialization terminal, that the user enter a password. The user is allowed to select his own password so that he will choose one which he is not likely to forget. The password is then trans-mitted to the card, and stored in memory 28 as the user password.
Tne terminal then uses the private key D to encrypt a message which has two parts: the previously 7~

inputted user pass~ord and the predetermined reference text, the same reference text being used in the encryption of each card to be initialized. The private key D which is used is the private key which is associated with the public key of a public-key cryptosystem key pair. (Tech-niques for generating paired public and private keys are well known in the art, all that is required for an under-standing of the present invention being the appreciation of how such a key pair is used.) The encrypted string concatenation is then sent from the terminal to the card and stored in the card, together with any other general information which may be entered via the keyboard such as the user's name and address.
The intelligent card 12 is also shown in FIG. 5, lS this time interfacing with transaction terminal lOb. The card itself is the same as the card shown in FIG. 4 and it interfaces with the terminal in the same way. The trans-action terminal lOb contains the same basic components as does initialization terminal lOa in FIG. 4. The major difference is that the transaction terminal includes an additional storage or transmission mechanism 14, together with an I/O circuit 54 which connects it to the three system busses. As described above in connection with FIG.
1, a record representative of a transaction is stored, transmitted, printed, etc. Memory 40 of the transaction terminal is, of course, different from the comparable memory in the initialization terminal since different functions must be performed. The transaction terminal includes a working memory and a main stored program. As part of the program there is a subroutine for controlling a public-key decryption of the encrypted code stored on any user card accessed by the terminal. This is the subroutine which decrypts the encrypted concatenated string on the user card to derive password and reference text parts. Memory 40 also includes a segment which stores the universal reference text, e.g., AMERICAN EX-.;

- ~.2~L5~

PRESS, so that the terminal can verify that the decryption has two parts which match respectively the keyboard-input-ted user password and the universal message text. Memory 40 also includes, of course, a stored program for actually effecting a transaction of interest after it is determined that a card has been inserted in the machine by the legit-imate bearer of an authorized card.
FIG. 7 depicts the flow chart which character-izes operation of a transaction terminal. The first step involves inputting of the password by the card owner.
Because card owners often input their respective passwords incorrectly, a card owner is given four attempts to key in his password in the correct manner~ A count j is set equal to one and the terminal then requests, via the display, that the user input his password. The terminal then transmits the inputted password to the card where it is compared with the stored user password. The comparison is best performed on the card, rather than in the ter-minal, for security purposes so that there is no way for someone who has tampered with the terminal to gain access to the user password. If the inputted password does not agree with that on the card, count j is incremented, and it is then compared with a maximum count of five. If j equals five, it is an indication that a user has attempted to input a correct password four times and has failed. It is therefore assumed that he is not the card owner, and the whole process is aborted as shown in the flow chart of FIG. 7. On the other hand, if he has inadvertently en-tered the wrong password, he is given another three chances to get it right. As long as the correct password of the card user is entered correctly within four at-tempts, the processing continues.
The terminal then controls the card to transmit to it the encryption of the combined user password and predetermined ref-erence text which is stored on the card.
The public key E is then used in the terminal to decrypt .(347~

the encrypted code stored in the card, and the result should be a concatenation of the user password and the reference text AMERICAN EXPRESS, as described above. The first part of the decryption, the user password part, is compared with the inputted password to see if they agree.
If they do not, the processing is aborted. If they do a~ree, the terminal then compares the decrypted message-text part ~ith the predetermined reference text which is stored in the terminal, AMERICAN EXPRESS. Once again, if there is disagreement the transaction is aborted. The transaction is completed only if both parts of the de-crypted encrypted code agree respectively with the secret user password inputted by the user and the predetermined reference textO
Although the invention has been described with reference to a particular embodiment, it is to be under-stood that this embodiment is merely illustrative of the application of the principles of the invention. Numerous modifications may be made therein and other arrangements may be devised without departing from the spirit and scope of the invention.

Claims (19)

Claims
1. A system for allowing authorized users of portable intelligent cards to effect transactions via at least one transaction terminal comprising a plurality of user intelligent cards each having stored therein a code which is the encryption of a combination of a password associated with the respective user and a reference text which is common to all users, the codes stored in all of said cards having been encrypted with the same private key which is associated with the public key of a public-key cryptosystem pair; and at least one transaction terminal having means for allowing a card user to input a password, and means for controlling (1) the retrieval of the code stored in an inserted card, (2) the decryption of the retrieved code with the use of said public key to derive a password part and a text part, (3) the comparisons of the derived password part with the inputted password, and the text part with said common reference text, and (4) the effecting of a transaction only if both of said compari-sons are successful.
2. A system in accordance with claim 1 wherein each of said cards further includes means for storing the respective password by itself; and means for accepting a password furnished by said at least one terminal, and for comparing the furnished password with the stored password;
said terminal controlling means controlling the retrieval of the code stored in an inserted card only in the event the password comparison is successful.
3. A system in accordance with claim 2 having a plurality of transaction terminals, at least one of which is unattended.
4. A system in accordance with claim 3 further including at least one terminal for initializing a user intelligent card, said initializing terminal having means for assigning a password to a user whose card is to be initialized, means for deriving a code by encrypting with said private key the combination of the assigned password and said common reference text, and means for controlling the storage in said card of said derived code.
5. A system in accordance with claim 2 further including at least one terminal for initializing a user intelligent card, said initializing terminal having means for assigning a password to a user whose card is to be initialized, means for deriving a code by encrypting with said private key the combination of the assigned password and said common reference text, and means for controlling the storage in said card of said derived code.
6. A system in accordance with claim 1 having a plurality of transaction terminals, at least one of which is unattended.
7. A system in accordance with claim 6 further including at least one terminal for initializing a user intelligent card, said initializing terminal having means for assigning a password to a user whose card is to be initialized, means for deriving a code by encrypting with said private key the combination of the assigned password and said common reference text, and means for controlling the storage in said card of said derived code.
8. A system in accordance with claim 1 further including at least one terminal for initializing a user intelligent card, said initializing terminal having means for assigning a password to a user whose card is to be initialized, means for deriving a code by encrypting with said private key the combination of the assigned password and said common reference text, and means for controlling the storage in said card of said derived code.
9. A system in accordance with claim 8 wherein said initializing terminal further controls the separate storage in said card of the assigned password.
10. A terminal for initializing portable intel-ligent cards to be used with at least one transaction terminal, each intelligent card having a memory therein, comprising means for assigning a password to a user whose card is to be initialized, means for deriving a code which is the encryption of a combination of the assigned pass-word and a reference text which is common to all users, the code for each user being derived with use of the same private key which is associated with the public key of a public-key cryptosystem pair, and means for controlling the storage in a user card of the respective derived code.
11. An initializing terminal in accordance with claim 10 further including means for controlling the sep-arate storage in a user card of the respective assigned password.
12. A portable intelligent card for use in effecting transactions via at least one transaction ter-minal comprising a housing, a memory within said housing for storing a code, said code being the encryption of a combination of a password associated with the respective card user and a reference text which is common to all other users of like cards, said code having been encrypted with the private key which is associated with the public key of a public key cryptosystem pair, and means for allowing said stored code to be accessed externally of the card.
13. A portable intelligent card in accordance with claim 12 wherein said memory further separately stores said password.
14. A portable intelligent card in accordance with claim 13 further including means for accepting a password to be compared with the stored password and for comparing them.
15. A portable intelligent card in accordance with claim 14 further including means for controlling the outputting of said stored code.
16. A portable intelligent card in accordance with claim 15 wherein said stored code is outputted only if said comparison is successful.
17. A portable intelligent card in accordance with claim 12 further including means for controlling the outputting of said stored code.
18. A portable intelligent card in accordance with claim 12 wherein said memory stores a plurality of codes each associated with a different service provider.
19. A portable intelligent card in accordance with claim 18 wherein said memory stores associated with each of said plurality of codes an identification of the respective service provider.
CA000428482A 1981-10-19 1983-05-19 Protection system for intelligent cards Expired CA1210470A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US06/312,705 US4453074A (en) 1981-10-19 1981-10-19 Protection system for intelligent cards

Publications (1)

Publication Number Publication Date
CA1210470A true CA1210470A (en) 1986-08-26

Family

ID=23212643

Family Applications (1)

Application Number Title Priority Date Filing Date
CA000428482A Expired CA1210470A (en) 1981-10-19 1983-05-19 Protection system for intelligent cards

Country Status (6)

Country Link
US (1) US4453074A (en)
AU (1) AU565463B2 (en)
CA (1) CA1210470A (en)
DE (1) DE3319919A1 (en)
FR (1) FR2546646B1 (en)
GB (1) GB2140179B (en)

Families Citing this family (290)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2483713A1 (en) * 1980-05-30 1981-12-04 Cii Honeywell Bull DEVICE FOR TRANSMITTING SIGNALS BETWEEN TWO INFORMATION PROCESSING STATIONS
FR2483657B1 (en) * 1980-05-30 1986-11-21 Bull Sa PORTABLE MACHINE FOR CALCULATING OR PROCESSING INFORMATION
FR2523745B1 (en) * 1982-03-18 1987-06-26 Bull Sa METHOD AND DEVICE FOR PROTECTING SOFTWARE DELIVERED BY A SUPPLIER TO A USER
FR2526977B1 (en) * 1982-05-14 1988-06-10 Cii Honeywell Bull METHOD AND DEVICE FOR AUTHENTICATING OR CERTIFYING AT LEAST INFORMATION CONTAINED IN A MEMORY OF AN ELECTRONIC MEDIUM IN PARTICULAR REMOVABLE AND PORTABLE SUCH AS A CARD
US4558175A (en) * 1982-08-02 1985-12-10 Leonard J. Genest Security system and method for securely communicating therein
FR2536880B1 (en) * 1982-11-30 1987-05-07 Bull Sa MICROPROCESSOR DESIGNED IN PARTICULAR FOR EXECUTING THE CALCULATION ALGORITHMS OF A PUBLIC KEY ENCRYPTION SYSTEM
US4525805A (en) * 1982-12-20 1985-06-25 Richard Prosan Secure locking system employing radiant energy and electrical data transmission
FR2539897B1 (en) * 1983-01-20 1988-12-30 Cii Honeywell Bull METHOD AND DEVICE FOR ENABLING THE HOLDER OF A PORTABLE OBJECT SUCH AS A CARD, TO BE ACCESSED BY THIS CARD TO AT LEAST ONE SERVICE PROVIDED BY AT LEAST ONE AUTHORIZING ORGANIZATION
US4723284A (en) * 1983-02-14 1988-02-02 Prime Computer, Inc. Authentication system
US4906828A (en) * 1983-02-28 1990-03-06 Paperless Accounting, Inc. Electronic money purse and fund transfer system
FR2549989B1 (en) * 1983-07-29 1985-09-13 Philips Ind Commerciale AUTHENTICATION SYSTEM BETWEEN A CARD READER AND A PAYMENT CARD EXCHANGING INFORMATION
US5103392A (en) * 1983-10-05 1992-04-07 Fujitsu Limited System for storing history of use of programs including user credit data and having access by the proprietor
DK152239C (en) * 1983-12-30 1988-07-04 Sp Radio As PROCEDURE FOR CRYPTOGRAPHIC TRANSFER OF SPEECH SIGNALS AND COMMUNICATION STATION FOR EXERCISING THE PROCEDURE
FR2559193B1 (en) * 1984-02-07 1986-06-20 Talleres Escoriaza Sa PROGRAMMABLE ELECTRONIC LOCK
US4799258A (en) * 1984-02-13 1989-01-17 National Research Development Corporation Apparatus and methods for granting access to computers
JPS60207957A (en) * 1984-03-31 1985-10-19 Toshiba Corp Data protecting system
EP0167044B1 (en) * 1984-06-19 1992-03-04 Casio Computer Company Limited Intelligent card
JPS619052A (en) * 1984-06-25 1986-01-16 Toshiba Corp Communication network system
US4650975A (en) * 1984-08-30 1987-03-17 Casio Computer Co., Ltd. IC card and an identification system thereof
US4918631A (en) * 1984-09-07 1990-04-17 Casio Computer Co., Ltd. Compact type electronic information card
US4780806A (en) * 1984-09-26 1988-10-25 Minolta Camera Kabushiki Kaisha Control device for an apparatus
US4614861A (en) * 1984-11-15 1986-09-30 Intellicard International, Inc. Unitary, self-contained card verification and validation system and method
CA1238427A (en) * 1984-12-18 1988-06-21 Jonathan Oseas Code protection using cryptography
US4679236A (en) * 1984-12-21 1987-07-07 Davies Richard E Identification verification method and system
FR2575566B1 (en) * 1984-12-28 1990-06-22 Bull Sa METHOD FOR CUSTOMIZING PORTABLE MEDIA SUCH AS CARDS
JPS61177585A (en) * 1985-02-04 1986-08-09 Toshiba Corp Sealing body of portable electronic device
US5136648A (en) * 1985-02-19 1992-08-04 Octel Communications Corporation Message storage security system
JPH0762854B2 (en) * 1985-03-05 1995-07-05 カシオ計算機株式会社 IC card system
GB2173738B (en) * 1985-04-19 1989-07-12 Roneo Alcatel Ltd Secure transport of information between electronic stations
US4736423A (en) * 1985-04-30 1988-04-05 International Business Machines Corporation Technique for reducing RSA Crypto variable storage
US4683968A (en) * 1985-09-03 1987-08-04 Burroughs Corporation System for preventing software piracy employing multi-encrypted keys and single decryption circuit modules
JPH0762862B2 (en) * 1985-09-17 1995-07-05 カシオ計算機株式会社 Authentication method in IC card system
EP0218176B1 (en) * 1985-10-07 1991-11-13 Kabushiki Kaisha Toshiba Portable electronic device
FR2589268B1 (en) * 1985-10-28 1991-04-19 Toshiba Kk PORTABLE ELECTRONIC DEVICE IN THE FORM OF A CARD
US4799061A (en) * 1985-11-18 1989-01-17 International Business Machines Corporation Secure component authentication system
DE3640238A1 (en) * 1985-11-30 1987-06-25 Toshiba Kawasaki Kk PORTABLE ELECTRONIC DEVICE
LU86203A1 (en) * 1985-12-11 1987-07-24 Cen Centre Energie Nucleaire METHOD AND APPARATUS FOR VERIFYING THE AUTHENTICITY OF DOCUMENTS LINKED TO A PERSON AND THE IDENTITY OF THEIR CARRIERS
FR2592502B1 (en) * 1985-12-26 1990-03-30 Lefevre Jean Pierre SEQUENTIAL STORAGE CERTIFIER
JPH0754536B2 (en) * 1986-02-17 1995-06-07 株式会社日立製作所 IC card utilization system
FR2596177B1 (en) * 1986-03-19 1992-01-17 Infoscript METHOD AND DEVICE FOR QUALITATIVE BACKUP OF DIGITAL DATA
FR2596173B1 (en) * 1986-03-20 1990-02-02 Bull Sa OPTIONAL COMPUTER ACCESS PROTECTION SYSTEM, THE INITIALIZATION AND IMPLEMENTATION PROCESS OF PROTECTION AND THE USE OF THE PROTECTION SYSTEM IN A MACHINE ACCESS PROCESS
US4837822A (en) * 1986-04-08 1989-06-06 Schlage Lock Company Cryptographic based electronic lock system and method of operation
US4742215A (en) * 1986-05-07 1988-05-03 Personal Computer Card Corporation IC card system
EP0246823A3 (en) * 1986-05-22 1989-10-04 Racal-Guardata Limited Data communication systems and methods
FR2599176A1 (en) * 1986-05-23 1987-11-27 Eurotechnique Sa MEMORY DEADLY PROGRAMMABLE ELECTRICALLY
US5020105A (en) * 1986-06-16 1991-05-28 Applied Information Technologies Corporation Field initialized authentication system for protective security of electronic information networks
US4731841A (en) * 1986-06-16 1988-03-15 Applied Information Technologies Research Center Field initialized authentication system for protective security of electronic information networks
US4771461A (en) * 1986-06-27 1988-09-13 International Business Machines Corporation Initialization of cryptographic variables in an EFT/POS network with a large number of terminals
FR2601476B1 (en) * 1986-07-11 1988-10-21 Bull Cp8 METHOD FOR AUTHENTICATING EXTERNAL AUTHORIZATION DATA BY A PORTABLE OBJECT SUCH AS A MEMORY CARD
JPH07104891B2 (en) * 1986-08-05 1995-11-13 沖電気工業株式会社 Transaction processor
US5014234A (en) * 1986-08-25 1991-05-07 Ncr Corporation System with software usage timer and counter for allowing limited use but preventing continued unauthorized use of protected software
US4678896A (en) * 1986-10-06 1987-07-07 Carlson Steven R Point-of sale mechanism
US5053607A (en) * 1986-10-06 1991-10-01 Carlson Steven R Point-of-sale device particularly adapted for processing checks
FR2612315A1 (en) * 1987-03-13 1988-09-16 Trt Telecom Radio Electr METHOD FOR SIMULTANEOUSLY READING AND CERTIFYING INFORMATION PRESENT IN A MEMORY OF AN ELECTRONIC MEDIUM
JPS63231692A (en) * 1987-03-20 1988-09-27 Mitsubishi Electric Corp Secret code writer
US4859837A (en) * 1987-03-23 1989-08-22 Halpern John Wolfgang Portable data carrier incorporating manually presettable processing modes
AU1341688A (en) * 1987-04-14 1988-11-04 Ido A.G. Arrangement for preventing unauthorized access
US4866769A (en) * 1987-08-05 1989-09-12 Ibm Corporation Hardware assist for protecting PC software
JPS6444887A (en) * 1987-08-12 1989-02-17 Minolta Camera Kk Clocking device
US4853961A (en) * 1987-12-18 1989-08-01 Pitney Bowes Inc. Reliable document authentication system
US4893338A (en) * 1987-12-31 1990-01-09 Pitney Bowes Inc. System for conveying information for the reliable authentification of a plurality of documents
GB2211643B (en) * 1987-12-18 1992-04-29 Pitney Bowes Inc System and method for authentication of documents
FR2626095B1 (en) * 1988-01-20 1991-08-30 Sgs Thomson Microelectronics SECURITY SYSTEM FOR PROTECTING PROGRAMMING AREAS OF A CHIP CARD
US4879747A (en) * 1988-03-21 1989-11-07 Leighton Frank T Method and system for personal identification
US4995081A (en) * 1988-03-21 1991-02-19 Leighton Frank T Method and system for personal identification using proofs of legitimacy
CH694306A5 (en) * 1988-04-11 2004-11-15 Syspatronic Ag Spa Chip card.
JPH0622030B2 (en) * 1988-10-03 1994-03-23 富士通株式会社 Transaction validity confirmation method
US5016274A (en) * 1988-11-08 1991-05-14 Silvio Micali On-line/off-line digital signing
JPH02170272A (en) * 1988-12-23 1990-07-02 Hitachi Maxell Ltd Collation system for secret information
US5201010A (en) * 1989-05-01 1993-04-06 Credit Verification Corporation Method and system for building a database and performing marketing based upon prior shopping history
US8700458B2 (en) 1989-05-01 2014-04-15 Catalina Marketing Corporation System, method, and database for processing transactions
US5621812A (en) * 1989-05-01 1997-04-15 Credit Verification Corporation Method and system for building a database for use with selective incentive marketing in response to customer shopping histories
US5305196A (en) 1989-05-01 1994-04-19 Credit Verification Corporation Check transaction processing, database building and marketing method and system utilizing automatic check reading
US5644723A (en) * 1989-05-01 1997-07-01 Credit Verification Corporation Method and system for selective incentive point-of-sale marketing in response to customer shopping histories
US5687322A (en) 1989-05-01 1997-11-11 Credit Verification Corporation Method and system for selective incentive point-of-sale marketing in response to customer shopping histories
US5237620A (en) * 1989-05-01 1993-08-17 Credit Verification Corporation Check reader method and system for reading check MICR code
JPH03144823A (en) * 1989-10-31 1991-06-20 N T T Data Tsushin Kk Controller for communication between ic card and host device
US5120939A (en) * 1989-11-09 1992-06-09 At&T Bell Laboratories Databaseless security system
US5163091A (en) * 1990-01-29 1992-11-10 Graziano James M Knowledge based system for document authentication (apparatus)
US4981370A (en) * 1990-01-29 1991-01-01 Dziewit Halina S Document authentication apparatus
US5623547A (en) * 1990-04-12 1997-04-22 Jonhig Limited Value transfer system
DE69127881T2 (en) * 1990-12-10 1998-02-05 Thomson Multimedia Sa Method and device for forming an interface between chip cards and terminals
DE4101444C2 (en) * 1991-01-17 1995-11-30 Francotyp Postalia Gmbh Method and arrangement for sending electronically stored information
SE470001B (en) * 1991-09-12 1993-10-18 Televerket Procedure for identification and crypto exchange between two communicating devices for encrypted traffic
AU656245B2 (en) * 1991-11-12 1995-01-27 Security Domain Pty. Ltd. Method and system for secure, decentralised personalisation of smart cards
US5534857A (en) * 1991-11-12 1996-07-09 Security Domain Pty. Ltd. Method and system for secure, decentralized personalization of smart cards
US7028187B1 (en) 1991-11-15 2006-04-11 Citibank, N.A. Electronic transaction apparatus for electronic commerce
US5557518A (en) 1994-04-28 1996-09-17 Citibank, N.A. Trusted agents for open electronic commerce
US5453601A (en) * 1991-11-15 1995-09-26 Citibank, N.A. Electronic-monetary system
US10361802B1 (en) 1999-02-01 2019-07-23 Blanding Hovenweep, Llc Adaptive pattern recognition based control system and method
DE4205615A1 (en) * 1992-02-24 1993-08-26 Provera Ges Fuer Projektierung Secret PIN number input into electronic system - has card inserted into input carrier that provides storage of number for un-observed reading
US5448045A (en) * 1992-02-26 1995-09-05 Clark; Paul C. System for protecting computers via intelligent tokens or smart cards
US5442706A (en) * 1992-02-27 1995-08-15 Hughes Aircraft Company Secure mobile storage
US6292786B1 (en) 1992-05-19 2001-09-18 Incentech, Inc. Method and system for generating incentives based on substantially real-time product purchase information
GB9211648D0 (en) * 1992-06-02 1992-07-15 Racal Datacom Ltd Data communication system
US5776278A (en) * 1992-06-17 1998-07-07 Micron Communications, Inc. Method of manufacturing an enclosed transceiver
USRE42773E1 (en) 1992-06-17 2011-10-04 Round Rock Research, Llc Method of manufacturing an enclosed transceiver
US7158031B2 (en) 1992-08-12 2007-01-02 Micron Technology, Inc. Thin, flexible, RFID label and system for use
EP0706692B1 (en) * 1992-10-26 2003-04-16 Intellect Australia Pty. Ltd. Host and user transaction system
US5371797A (en) * 1993-01-19 1994-12-06 Bellsouth Corporation Secure electronic funds transfer from telephone or unsecured terminal
US5299263A (en) * 1993-03-04 1994-03-29 Bell Communications Research, Inc. Two-way public key authentication and key agreement for low-cost terminals
US6145739A (en) * 1993-10-26 2000-11-14 Intellect Australia Pty Ltd. System and method for performing transactions and an intelligent device therefor
US5499294A (en) * 1993-11-24 1996-03-12 The United States Of America As Represented By The Administrator Of The National Aeronautics And Space Administration Digital camera with apparatus for authentication of images produced from an image file
US5434918A (en) * 1993-12-14 1995-07-18 Hughes Aircraft Company Method for providing mutual authentication of a user and a server on a network
FR2716280B1 (en) * 1994-02-11 1996-04-12 Solaic Sa Method for protecting memory card components against fraudulent use.
FR2717286B1 (en) * 1994-03-09 1996-04-05 Bull Cp8 Method and device for authenticating a data medium intended to allow a transaction or access to a service or a place, and corresponding medium.
US6088797A (en) * 1994-04-28 2000-07-11 Rosen; Sholom S. Tamper-proof electronic processing device
US6868408B1 (en) 1994-04-28 2005-03-15 Citibank, N.A. Security systems and methods applicable to an electronic monetary system
US5799087A (en) * 1994-04-28 1998-08-25 Citibank, N.A. Electronic-monetary system
FR2719680B1 (en) * 1994-05-05 1996-07-12 Gemplus Card Int Method for securing access to removable cards for computer.
EP0690399A3 (en) * 1994-06-30 1997-05-02 Tandem Computers Inc Remote financial transaction system
FR2722596A1 (en) * 1994-07-13 1996-01-19 France Telecom SYSTEM FOR CONTROLLING ACCESS LIMITED TO AUTHORIZED AND RENEWABLE TIME PLACES USING A PORTABLE MEMORY MEDIUM
US5694471A (en) * 1994-08-03 1997-12-02 V-One Corporation Counterfeit-proof identification card
US5778068A (en) * 1995-02-13 1998-07-07 Eta Technologies Corporation Personal access management system
US5619574A (en) * 1995-02-13 1997-04-08 Eta Technologies Corporation Personal access management system
US5689564A (en) * 1995-02-13 1997-11-18 Eta Technologies Corporation Personal access management system
US5694472A (en) * 1995-02-13 1997-12-02 Eta Technologies Corporation Personal access management system
US5692049A (en) * 1995-02-13 1997-11-25 Eta Technologies Corporation Personal access management system
US5610980A (en) * 1995-02-13 1997-03-11 Eta Technologies Corporation Method and apparatus for re-initializing a processing device and a storage device
US5682428A (en) * 1995-02-13 1997-10-28 Eta Technologies Corporation Personal access management system
DE19507043B4 (en) * 1995-03-01 2006-11-23 Deutsche Telekom Ag Process for generating and distributing unpersonalized confidential electronic keys
US5594227A (en) * 1995-03-28 1997-01-14 Microsoft Corporation System and method for protecting unauthorized access to data contents
SG73580A1 (en) * 1995-05-12 2000-06-20 Macrovision Corp Video media security and tracking system
US5616900A (en) * 1995-07-14 1997-04-01 Seewoster; O. Ben ATM keypad operating device
DE19528297A1 (en) 1995-08-02 1997-02-06 Bayer Ag Unit of data storage card and read / write device
US5832090A (en) * 1995-08-10 1998-11-03 Hid Corporation Radio frequency transponder stored value system employing a secure encryption protocol
NL1000988C2 (en) * 1995-08-16 1997-02-18 Nederland Ptt Method for being able to perform different authentication processes, as well as system, with the same data carrier.
US8171524B2 (en) * 1995-10-02 2012-05-01 Corestreet, Ltd. Physical access control
US5870475A (en) * 1996-01-19 1999-02-09 Northern Telecom Limited Facilitating secure communications in a distribution network
US5761306A (en) 1996-02-22 1998-06-02 Visa International Service Association Key replacement in a public key cryptosystem
US6094643A (en) * 1996-06-14 2000-07-25 Card Alert Services, Inc. System for detecting counterfeit financial card fraud
US6463416B1 (en) 1996-07-15 2002-10-08 Intelli-Check, Inc. Authentication system for identification documents
US6005943A (en) * 1996-10-29 1999-12-21 Lucent Technologies Inc. Electronic identifiers for network terminal devices
US8225089B2 (en) 1996-12-04 2012-07-17 Otomaku Properties Ltd., L.L.C. Electronic transaction systems utilizing a PEAD and a private key
US5988510A (en) * 1997-02-13 1999-11-23 Micron Communications, Inc. Tamper resistant smart card and method of protecting data in a smart card
US6317832B1 (en) * 1997-02-21 2001-11-13 Mondex International Limited Secure multiple application card system and process
US6575372B1 (en) 1997-02-21 2003-06-10 Mondex International Limited Secure multi-application IC card system having selective loading and deleting capability
US6060773A (en) * 1997-05-15 2000-05-09 Nippon Telegraph And Telephone Corporation Semiconductor chip and method of manufacturing the same
US6328217B1 (en) 1997-05-15 2001-12-11 Mondex International Limited Integrated circuit card with application history list
US6385723B1 (en) 1997-05-15 2002-05-07 Mondex International Limited Key transformation unit for an IC card
US6164549A (en) * 1997-05-15 2000-12-26 Mondex International Limited IC card with shell feature
US6488211B1 (en) * 1997-05-15 2002-12-03 Mondex International Limited System and method for flexibly loading in IC card
US6220510B1 (en) 1997-05-15 2001-04-24 Mondex International Limited Multi-application IC card with delegation feature
US6339385B1 (en) 1997-08-20 2002-01-15 Micron Technology, Inc. Electronic communication devices, methods of forming electrical communication devices, and communication methods
US6161180A (en) * 1997-08-29 2000-12-12 International Business Machines Corporation Authentication for secure devices with limited cryptography
US6023682A (en) * 1997-10-21 2000-02-08 At&T Corporation Method and apparatus for credit card purchase authorization utilizing a comparison of a purchase token with test information
JP3793629B2 (en) * 1997-10-30 2006-07-05 沖電気工業株式会社 Memory card and memory card device
US6736325B1 (en) 1998-01-22 2004-05-18 Mondex International Limited Codelets
US6357665B1 (en) 1998-01-22 2002-03-19 Mondex International Limited Configuration of IC card
US6742120B1 (en) 1998-02-03 2004-05-25 Mondex International Limited System and method for controlling access to computer code in an IC card
US7096358B2 (en) * 1998-05-07 2006-08-22 Maz Technologies, Inc. Encrypting file system
US6185684B1 (en) * 1998-08-28 2001-02-06 Adobe Systems, Inc. Secured document access control using recipient lists
US7660763B1 (en) 1998-11-17 2010-02-09 Jpmorgan Chase Bank, N.A. Customer activated multi-value (CAM) card
CN1439142A (en) 1998-12-23 2003-08-27 大通银行 System and method for integrating trading operations including the generation, processing and tracking of and trade documents
US6665800B1 (en) * 1999-01-26 2003-12-16 Dell Usa, L.P. System and method for securing a computer system
GB2347248A (en) * 1999-02-25 2000-08-30 Ibm Super passwords
US6292692B1 (en) 1999-04-30 2001-09-18 Medical Research Laboratories, Inc. Medical treatment device with functions, operated under passcode control
US6609104B1 (en) 1999-05-26 2003-08-19 Incentech, Inc. Method and system for accumulating marginal discounts and applying an associated incentive
US6938163B1 (en) * 1999-06-17 2005-08-30 Telefonaktiebolaget Lm Ericsson (Publ) Technique for securely storing data within a memory
US7058817B1 (en) 1999-07-02 2006-06-06 The Chase Manhattan Bank System and method for single sign on process for websites with multiple applications and services
US6993498B1 (en) 1999-07-15 2006-01-31 Midnight Blue Remote Access, Llc Point-of-sale server and method
US6273339B1 (en) 1999-08-30 2001-08-14 Micron Technology, Inc. Tamper resistant smart card and method of protecting data in a smart card
US7505941B2 (en) * 1999-08-31 2009-03-17 American Express Travel Related Services Company, Inc. Methods and apparatus for conducting electronic transactions using biometrics
US7343351B1 (en) 1999-08-31 2008-03-11 American Express Travel Related Services Company, Inc. Methods and apparatus for conducting electronic transactions
US7953671B2 (en) * 1999-08-31 2011-05-31 American Express Travel Related Services Company, Inc. Methods and apparatus for conducting electronic transactions
US7889052B2 (en) 2001-07-10 2011-02-15 Xatra Fund Mx, Llc Authorizing payment subsequent to RF transactions
US7260724B1 (en) * 1999-09-20 2007-08-21 Security First Corporation Context sensitive dynamic authentication in a cryptographic system
US7391865B2 (en) * 1999-09-20 2008-06-24 Security First Corporation Secure data parser method and system
US6853988B1 (en) 1999-09-20 2005-02-08 Security First Corporation Cryptographic server with provisions for interoperability between cryptographic systems
EP1218813A1 (en) 1999-09-20 2002-07-03 Ethentica, Inc. Context sensitive dynamic authentication in a cryptographic system
US20020095389A1 (en) * 1999-10-05 2002-07-18 Gaines Robert Vallee Method, apparatus and system for identity authentication
CA2392037A1 (en) * 1999-11-22 2001-05-31 Ascom Hasler Mailing Systems, Inc. Generation and management of customer pin's
US8793160B2 (en) 1999-12-07 2014-07-29 Steve Sorem System and method for processing transactions
US6847948B1 (en) * 1999-12-20 2005-01-25 International Business Machines Corporation Method and apparatus for secure distribution of software/data
JP3250557B2 (en) * 1999-12-20 2002-01-28 いわき電子株式会社 Encryption display card
US7039812B2 (en) * 2000-01-26 2006-05-02 Citicorp Development Center, Inc. System and method for user authentication
US8706627B2 (en) * 2000-02-10 2014-04-22 Jon Shore Apparatus, systems and methods for wirelessly transacting financial transfers , electronically recordable authorization transfers, and other information transfers
US7822656B2 (en) 2000-02-15 2010-10-26 Jpmorgan Chase Bank, N.A. International banking system and method
AUPQ564400A0 (en) * 2000-02-16 2000-03-09 Ong, Yong Kin (Michael) Electronic credit card-ecc
US8322606B2 (en) * 2000-02-16 2012-12-04 Ong Yong Kin Michael Electronic credit card—ECC
WO2001061657A1 (en) * 2000-02-18 2001-08-23 Cypak Ab Method and device for identification and authentication
US6941279B1 (en) * 2000-02-23 2005-09-06 Banke One Corporation Mutual fund card method and system
US6834270B1 (en) * 2000-02-28 2004-12-21 Carlo Pagani Secured financial transaction system using single use codes
US7587368B2 (en) 2000-07-06 2009-09-08 David Paul Felsher Information record infrastructure, system and method
EP1172775A1 (en) * 2000-07-10 2002-01-16 Proton World International (Pwi) Method for protecting an access to a secured domain
AU2001282935A1 (en) 2000-08-01 2002-02-13 First Usa Bank, N.A. System and method for transponder-enabled account transactions
WO2002037386A1 (en) 2000-11-06 2002-05-10 First Usa Bank, N.A. System and method for selectable funding of electronic transactions
EP1344212B1 (en) * 2000-12-14 2008-08-13 ECD Systems, Inc. Method for determining authenticity of an optical recording medium and optical recording medium
US20020091929A1 (en) * 2000-12-19 2002-07-11 Jakob Ehrensvard Secure digital signing of data
US8805739B2 (en) 2001-01-30 2014-08-12 Jpmorgan Chase Bank, National Association System and method for electronic bill pay and presentment
WO2002073877A2 (en) * 2001-03-09 2002-09-19 Pascal Brandys System and method of user and data verification
US7181017B1 (en) 2001-03-23 2007-02-20 David Felsher System and method for secure three-party communications
US8849716B1 (en) 2001-04-20 2014-09-30 Jpmorgan Chase Bank, N.A. System and method for preventing identity theft or misuse by restricting access
US7313546B2 (en) 2001-05-23 2007-12-25 Jp Morgan Chase Bank, N.A. System and method for currency selectable stored value instrument
US7725427B2 (en) * 2001-05-25 2010-05-25 Fred Bishop Recurrent billing maintenance with radio frequency payment devices
US7689506B2 (en) 2001-06-07 2010-03-30 Jpmorgan Chase Bank, N.A. System and method for rapid updating of credit information
FR2825877B1 (en) * 2001-06-12 2003-09-19 Canal Plus Technologies METHOD FOR CONTROLLING ACCESS TO AN ENCRYPTED PROGRAM
US9024719B1 (en) 2001-07-10 2015-05-05 Xatra Fund Mx, Llc RF transaction system and method for storing user personal data
US20040236699A1 (en) 2001-07-10 2004-11-25 American Express Travel Related Services Company, Inc. Method and system for hand geometry recognition biometrics on a fob
US7668750B2 (en) 2001-07-10 2010-02-23 David S Bonalle Securing RF transactions using a transactions counter
US8001054B1 (en) 2001-07-10 2011-08-16 American Express Travel Related Services Company, Inc. System and method for generating an unpredictable number using a seeded algorithm
US7303120B2 (en) 2001-07-10 2007-12-04 American Express Travel Related Services Company, Inc. System for biometric security using a FOB
US7249112B2 (en) 2002-07-09 2007-07-24 American Express Travel Related Services Company, Inc. System and method for assigning a funding source for a radio frequency identification device
US7360689B2 (en) 2001-07-10 2008-04-22 American Express Travel Related Services Company, Inc. Method and system for proffering multiple biometrics for use with a FOB
US20040232221A1 (en) * 2001-07-10 2004-11-25 American Express Travel Related Services Company, Inc. Method and system for voice recognition biometrics on a fob
US9031880B2 (en) 2001-07-10 2015-05-12 Iii Holdings 1, Llc Systems and methods for non-traditional payment using biometric data
US7543738B1 (en) 2001-07-10 2009-06-09 American Express Travel Related Services Company, Inc. System and method for secure transactions manageable by a transaction account provider
US8279042B2 (en) 2001-07-10 2012-10-02 Xatra Fund Mx, Llc Iris scan biometrics on a payment device
US8294552B2 (en) 2001-07-10 2012-10-23 Xatra Fund Mx, Llc Facial scan biometrics on a payment device
US7735725B1 (en) 2001-07-10 2010-06-15 Fred Bishop Processing an RF transaction using a routing number
US9454752B2 (en) 2001-07-10 2016-09-27 Chartoleaux Kg Limited Liability Company Reload protocol at a transaction processing entity
US8548927B2 (en) 2001-07-10 2013-10-01 Xatra Fund Mx, Llc Biometric registration for facilitating an RF transaction
US7266839B2 (en) 2001-07-12 2007-09-04 J P Morgan Chase Bank System and method for providing discriminated content to network users
AU2002327322A1 (en) 2001-07-24 2003-02-17 First Usa Bank, N.A. Multiple account card and transaction routing
US8020754B2 (en) 2001-08-13 2011-09-20 Jpmorgan Chase Bank, N.A. System and method for funding a collective account by use of an electronic tag
US7562396B2 (en) * 2001-08-21 2009-07-14 Ecd Systems, Inc. Systems and methods for media authentication
US6963973B2 (en) * 2001-10-17 2005-11-08 Hewlett-Packard Development Company, L.P. Chain of custody system and method
US7987501B2 (en) 2001-12-04 2011-07-26 Jpmorgan Chase Bank, N.A. System and method for single session sign-on
US7643393B2 (en) * 2001-12-12 2010-01-05 Ecd Systems, Inc. Systems and methods for optical media modification
US7716485B2 (en) * 2002-02-01 2010-05-11 Sca Ipla Holdings Inc. Systems and methods for media authentication
US20030159054A1 (en) * 2002-02-19 2003-08-21 Minebea Co. Reconfigurable secure input device
US7899753B1 (en) 2002-03-25 2011-03-01 Jpmorgan Chase Bank, N.A Systems and methods for time variable financial authentication
US20180165441A1 (en) 2002-03-25 2018-06-14 Glenn Cobourn Everhart Systems and methods for multifactor authentication
US20040210498A1 (en) 2002-03-29 2004-10-21 Bank One, National Association Method and system for performing purchase and other transactions using tokens with multiple chips
AU2003230751A1 (en) 2002-03-29 2003-10-13 Bank One, Delaware, N.A. System and process for performing purchase transaction using tokens
AU2003228468B2 (en) * 2002-04-08 2009-10-01 Assa Abloy Ab Physical access control
US7708189B1 (en) 2002-05-17 2010-05-04 Cipriano Joseph J Identification verification system and method
US7356516B2 (en) * 2002-06-13 2008-04-08 Visa U.S.A. Inc. Method and system for facilitating electronic dispute resolution
US6805287B2 (en) 2002-09-12 2004-10-19 American Express Travel Related Services Company, Inc. System and method for converting a stored value card to a credit card
US7809595B2 (en) 2002-09-17 2010-10-05 Jpmorgan Chase Bank, Na System and method for managing risks associated with outside service providers
US7058660B2 (en) * 2002-10-02 2006-06-06 Bank One Corporation System and method for network-based project management
US20040122736A1 (en) 2002-10-11 2004-06-24 Bank One, Delaware, N.A. System and method for granting promotional rewards to credit account holders
US8301493B2 (en) 2002-11-05 2012-10-30 Jpmorgan Chase Bank, N.A. System and method for providing incentives to consumers to share information
US9818136B1 (en) 2003-02-05 2017-11-14 Steven M. Hoffberg System and method for determining contingent relevance
US10311412B1 (en) 2003-03-28 2019-06-04 Jpmorgan Chase Bank, N.A. Method and system for providing bundled electronic payment and remittance advice
US8306907B2 (en) 2003-05-30 2012-11-06 Jpmorgan Chase Bank N.A. System and method for offering risk-based interest rates in a credit instrument
US7814003B2 (en) 2003-12-15 2010-10-12 Jp Morgan Chase Billing workflow system for crediting charges to entities creating derivatives exposure
US8554673B2 (en) 2004-06-17 2013-10-08 Jpmorgan Chase Bank, N.A. Methods and systems for discounts management
US8121944B2 (en) 2004-06-24 2012-02-21 Jpmorgan Chase Bank, N.A. Method and system for facilitating network transaction processing
US7325724B2 (en) * 2004-07-01 2008-02-05 American Express Travel Related Services Company, Inc. Method for registering a biometric for use with a smartcard
US20060016869A1 (en) * 2004-07-01 2006-01-26 American Express Travel Related Services Company, Inc. Method and system for auditory emissions recognition biometrics on a smartcard
US7314165B2 (en) 2004-07-01 2008-01-01 American Express Travel Related Services Company, Inc. Method and system for smellprint recognition biometrics on a smartcard
US7363504B2 (en) * 2004-07-01 2008-04-22 American Express Travel Related Services Company, Inc. Method and system for keystroke scan recognition biometrics on a smartcard
US20060000896A1 (en) * 2004-07-01 2006-01-05 American Express Travel Related Services Company, Inc. Method and system for voice recognition biometrics on a smartcard
US7314164B2 (en) * 2004-07-01 2008-01-01 American Express Travel Related Services Company, Inc. System for biometric security using a smartcard
US7341181B2 (en) 2004-07-01 2008-03-11 American Express Travel Related Services Company, Inc. Method for biometric security using a smartcard
US7318550B2 (en) * 2004-07-01 2008-01-15 American Express Travel Related Services Company, Inc. Biometric safeguard method for use with a smartcard
EP1825412A1 (en) 2004-10-25 2007-08-29 Rick L. Orsini Secure data parser method and system
US7860318B2 (en) 2004-11-09 2010-12-28 Intelli-Check, Inc System and method for comparing documents
WO2006107777A2 (en) * 2005-04-01 2006-10-12 Mastercard International Incorporated Dynamic encryption of payment card numbers in electronic payment transactions
US7758422B2 (en) * 2005-04-13 2010-07-20 Microsoft Corporation Hard drive authentication
US7401731B1 (en) 2005-05-27 2008-07-22 Jpmorgan Chase Bank, Na Method and system for implementing a card product with multiple customized relationships
WO2006129816A1 (en) * 2005-05-31 2006-12-07 Semiconductor Energy Laboratory Co., Ltd. Communication system and authentication card
US7822682B2 (en) 2005-06-08 2010-10-26 Jpmorgan Chase Bank, N.A. System and method for enhancing supply chain transactions
US8874477B2 (en) 2005-10-04 2014-10-28 Steven Mark Hoffberg Multifactorial optimization system and method
CN105978683A (en) 2005-11-18 2016-09-28 安全第公司 Secure data parser method and system
US7792522B1 (en) * 2006-01-13 2010-09-07 Positive Access Corporation Software key control for mobile devices
US8408455B1 (en) 2006-02-08 2013-04-02 Jpmorgan Chase Bank, N.A. System and method for granting promotional rewards to both customers and non-customers
US7784682B2 (en) 2006-02-08 2010-08-31 Jpmorgan Chase Bank, N.A. System and method for granting promotional rewards to both customers and non-customers
US7753259B1 (en) 2006-04-13 2010-07-13 Jpmorgan Chase Bank, N.A. System and method for granting promotional rewards to both customers and non-customers
EP2016535A4 (en) * 2006-04-19 2010-06-23 Stepnexus Holdings Methods and systems for ic card application loading
CN101569132B (en) * 2006-11-07 2013-04-17 安全第一公司 Systems and methods for distributing and securing data
US8904080B2 (en) * 2006-12-05 2014-12-02 Security First Corp. Tape backup method
FR2912841B1 (en) * 2007-02-15 2009-05-22 Soitec Silicon On Insulator METHOD OF POLISHING HETEROSTRUCTURES
CN102932136B (en) 2007-09-14 2017-05-17 安全第一公司 Systems and methods for managing cryptographic keys
US8417601B1 (en) 2007-10-18 2013-04-09 Jpmorgan Chase Bank, N.A. Variable rate payment card
US8622308B1 (en) 2007-12-31 2014-01-07 Jpmorgan Chase Bank, N.A. System and method for processing transactions using a multi-account transactions device
US7766244B1 (en) 2007-12-31 2010-08-03 Jpmorgan Chase Bank, N.A. System and method for processing transactions using a multi-account transactions device
EP2106642A4 (en) * 2008-01-07 2015-12-02 Security First Corp Systems and methods for securing data using multi-factor or keyed dispersal
CN103281190B (en) * 2008-02-22 2018-03-09 安全第一公司 Systems and methods for secure workgroup management and communication
CN102428686A (en) 2009-05-19 2012-04-25 安全第一公司 Systems and methods for securing data in the cloud
EP2504973B1 (en) 2009-11-25 2016-11-16 Security First Corp. Systems and methods for securing data in motion
US8447641B1 (en) 2010-03-29 2013-05-21 Jpmorgan Chase Bank, N.A. System and method for automatically enrolling buyers into a network
JP2013524352A (en) 2010-03-31 2013-06-17 セキュリティー ファースト コーポレイション System and method for securing data in motion
US8824492B2 (en) 2010-05-28 2014-09-02 Drc Computer Corporation Accelerator system for remote data storage
EP2619939A2 (en) 2010-09-20 2013-07-31 Rick L. Orsini Systems and methods for secure data sharing
US8589288B1 (en) 2010-10-01 2013-11-19 Jpmorgan Chase Bank, N.A. System and method for electronic remittance of funds
US8775794B2 (en) 2010-11-15 2014-07-08 Jpmorgan Chase Bank, N.A. System and method for end to end encryption
US8543503B1 (en) 2011-03-30 2013-09-24 Jpmorgan Chase Bank, N.A. Systems and methods for automated invoice entry
US8543504B1 (en) 2011-03-30 2013-09-24 Jpmorgan Chase Bank, N.A. Systems and methods for automated invoice entry
US8953786B2 (en) * 2012-08-31 2015-02-10 Tata Consultancy Services Limited User input based data encryption
EP2956887A1 (en) 2013-02-13 2015-12-23 Security First Corp. Systems and methods for a cryptographic file system layer
US9058626B1 (en) 2013-11-13 2015-06-16 Jpmorgan Chase Bank, N.A. System and method for financial services device usage
US10373409B2 (en) 2014-10-31 2019-08-06 Intellicheck, Inc. Identification scan in compliance with jurisdictional or other rules
WO2016081942A2 (en) 2014-11-21 2016-05-26 Security First Corp. Gateway for cloud-based secure storage
US10395227B2 (en) 2015-01-14 2019-08-27 Tactilis Pte. Limited System and method for reconciling electronic transaction records for enhanced security
US10037528B2 (en) 2015-01-14 2018-07-31 Tactilis Sdn Bhd Biometric device utilizing finger sequence for authentication
US9607189B2 (en) 2015-01-14 2017-03-28 Tactilis Sdn Bhd Smart card system comprising a card and a carrier
CN105355489A (en) * 2015-11-23 2016-02-24 梁锋 Password input peep-proof cover
WO2020069511A1 (en) * 2018-09-28 2020-04-02 Strike Derivatives Inc. Electronic trade processing system and method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4214230A (en) * 1978-01-19 1980-07-22 Rolf Blom Personal identification system
US4288659A (en) * 1979-05-21 1981-09-08 Atalla Technovations Method and means for securing the distribution of encoding keys
DE2949351C2 (en) * 1979-12-07 1982-04-15 The Grey Lab. Establishment, 9490 Vaduz Method and device for generating and checking documents and the document used therewith
US4304990A (en) * 1979-12-11 1981-12-08 Atalla Technovations Multilevel security apparatus and method

Also Published As

Publication number Publication date
AU1492283A (en) 1984-11-29
US4453074A (en) 1984-06-05
GB2140179A (en) 1984-11-21
AU565463B2 (en) 1987-09-17
GB8313697D0 (en) 1983-06-22
DE3319919A1 (en) 1984-12-06
FR2546646B1 (en) 1989-10-13
GB2140179B (en) 1986-08-06
FR2546646A1 (en) 1984-11-30

Similar Documents

Publication Publication Date Title
CA1210470A (en) Protection system for intelligent cards
EP0668580B1 (en) Method of authenticating a terminal in a transaction execution system
US4438824A (en) Apparatus and method for cryptographic identity verification
EP0402301B1 (en) A method of transferring data and a system for transferring data
US5757918A (en) Method and apparatus for user and security device authentication
US5721781A (en) Authentication system and method for smart card transactions
CN100495430C (en) Biometric authentication apparatus, terminal device and automatic transaction machine
US5852665A (en) Internationally regulated system for one to one cryptographic communications with national sovereignty without key escrow
AU651326B2 (en) Method and system for personal identification using proofs of legitimacy
US4825050A (en) Security transaction system for financial data
US4529870A (en) Cryptographic identification, financial transaction, and credential device
US4458109A (en) Method and apparatus providing registered mail features in an electronic communication system
US7147157B2 (en) Secure remote-control unit
NO337079B1 (en) Electronic transaction
USRE36310E (en) Method of transferring data, between computer systems using electronic cards
GB2261538A (en) Transaction authentication system
KR20010014257A (en) Payment process and system
EP2026236A2 (en) Biometric pin block
JPH11219412A (en) Ic card issuing system
WO1999046881A1 (en) Transaction card security system
EP0140388B1 (en) Pocket terminal, method and system for secured banking transactions
JPS61205041A (en) Communication network system
EP0811282B1 (en) Electronic transaction system and method
JPH0425589B2 (en)
Rihaczek TeleTrusT-OSIS and communication security

Legal Events

Date Code Title Description
MKEX Expiry