CA1175941A - Automated bank transaction security system - Google Patents
Automated bank transaction security systemInfo
- Publication number
- CA1175941A CA1175941A CA000393342A CA393342A CA1175941A CA 1175941 A CA1175941 A CA 1175941A CA 000393342 A CA000393342 A CA 000393342A CA 393342 A CA393342 A CA 393342A CA 1175941 A CA1175941 A CA 1175941A
- Authority
- CA
- Canada
- Prior art keywords
- transaction
- tran
- pin
- customer
- accn
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/10—Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
- G06Q20/108—Remote banking, e.g. home banking
- G06Q20/1085—Remote banking, e.g. home banking involving automatic teller machines [ATMs]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4012—Verifying personal identification numbers [PIN]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F19/00—Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
- G07F19/20—Automatic teller machines [ATMs]
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F19/00—Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
- G07F19/20—Automatic teller machines [ATMs]
- G07F19/201—Accessories of ATMs
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F19/00—Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
- G07F19/20—Automatic teller machines [ATMs]
- G07F19/211—Software architecture within ATMs or in relation to the ATM network
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1016—Devices or methods for securing the PIN and other transaction-data, e.g. by encryption
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1025—Identification of user by a PIN code
Abstract
ABSTRACT OF THE DISCLOSURE
A banking system is disclosed which comprises a central computer system in electrical communication with remote automated teller machines, wherein the architecture of the banking system is such that the likelihood of a security penetration is substantially decreased whether the automated teller machine operates in an on-line or in an off-line mode.
A banking system is disclosed which comprises a central computer system in electrical communication with remote automated teller machines, wherein the architecture of the banking system is such that the likelihood of a security penetration is substantially decreased whether the automated teller machine operates in an on-line or in an off-line mode.
Description
~ 7 75~4 ~
FIELD OF T~E INVENTION
. . _ The invention relates to automated banking systems, and more particularly to security systems used in com-bination with cash or negotiable instrument dispensers at locations remote from a central computer-controlled banking ~acility.
PRIOR ART
With t~e advent of computer-controlled banking facili-ties wherein a number of remote automated ~eller stations 10 are in communication with and controlled by a centrally located computer, certain ~ra~saction security problems ha~e become apparent. More particularly, telephone line monitoring devices and compu~er related equipment have been de~eloped and used by computer thieves to secure funds 15 from the bank systems. Fraudulently injected enabling sig-nals, and the simulation of valid transaction messages from points along the communication path bet~een the central computer and a remote terminal have been used successfully.
In response to this problem, prior ar~ systems have 20 developed remote terminals wherein a customer enters a personal identiication number (PIN), which is transferred to the central computer ~or recognition. The cen~ral com-puter in turn authorizeR a tra~saction to take place. The PIN number may be memorized by the user and may take the 25 form o hi3 social security number, his bir~h date or some ~' ' ' ' ~
,: . ~ .
317~
other personal data known only to the customer and the bank. The PIN number may be further used in conjunction wi~h a magnetically encoded card which include~ data repre~enta~ive of a custom~r account number, b~nk identification ~umber, and zone number. In some cases the card includes an encrypted identi~ication number which relates the PIM number to a customer information file (CIF) signal stored at the central computer. The encrypted identi~ication number is often referred to as the PI~ OFFSET.
In the operation of such prior ar-t systems, the cu5-tomer typically enters his P~N number by way of a keyboard, and passe~ his magnetic card through registration with a card reader at the remote terminal. P~N and PI~ OFFS~T
signals thereby are transferred to the central computer 15 through telephone lin~s. ~t the central computer, the signals are compared with a customer CIF
number wAich i~ used to identify the cus~omer account and verify the identity of the customer. The central computer therea~ter transmits a tra~saction autho.rization signal 20 over the telephone line to the cash dispensex at the remote terminal.
Because o~ the relative ease by which any signal on a telephone line may be intercepted and simulated, practicaL
system~ in the prior art are genqrally provided with complex 25 data encrypting dQvices whenever any signal such as the PI~, I ~ ~594 ~
PIN OFFSET or transaction authorization signal is transmitt~d over a telephone line. Even though the resultant encrypted signals may be su~ject to in~erception, a suitably complex encryption algori~m may reduce the probability of a decoding by a thief. In the case of an authorizakion signal which is transmitted over the line, howevex, the mere duplication of the signal even if in encrypted form usually is sufficient to activate the cash dispenser at the remote terminals.
U.S. Patent 4,075,460 as igned to the assignee of the present invention provides an Lmproved remote terminal cash dispensing system. The security system is comprised of a PIN signal generator and a security device responsi~e to both ~he signal generator and an authorization signal com-15 prised o~ the customer's C~F number which is supplied by a central computer. The signal path between the signal gen-erator and ~he security device is wholly contained within the renote ten~ina7. ~he PIN signal thus cannot be inter-cepted, and the mere simulation o ~he authorization signal 20 alone will not penetrate the security of the remote terminal.
Although the likelihood of a withdrawal by an unauthori ed user is substantiaIly reduced, an unauthorized use still may occur i a cu~tomer i3 careless with his PIN number.
The PIN number may ba entered at the remote terminal by 25 the unaukhorized party, and the authorization ~ignal from ~7~
the central computer may be simulated to cauce the security device to command a cash release. The security system of the embodiment illustrated in Figure 2 of ~he patent is more difficult to penetr~te since a PIN OFFSET signal wholly internal to the remote terminal also is applied to the security device by way of a card reader for a compar-ison. Although the addition of the PIN OFFSET increases the necessity for obtaining both the customer PIN number and his encoded card, a theft still may occur through the 10 use of knowledge gained from the card and intercepted signals. ~or example, once the relationship between a PIN OFFSET and a customer's CI~ number is discavered, the customer's PI~ may be determined. A customer's CIF number is transerred over telephone lines from the cen~raL com-15 puter to the remote transaction terminal. The determina-tion of a P~ number i5 further acilitated from a knowledge of the number of bits aomprising the PIN number. Such a BIT signal is supplied by the remote transaction terminal to the central computer. In each case, a cash ~heft may occur 20 repeatedly once the control information peculiar to the customer is det~rmined.
. .. ~
3 ~ 7S~
The invention disclosed herein is directed to a banking system for remote automated teller machines wherein no signals from which either a PIN or a PIN OFFSET may be derived are transferred over transmission lines available to an unauthorized user. The likelihood of a security penetration without knowledge of the customer's PIN
number and possession of the customer's encoded card thereb~7 is sionificantly reduced. The system further is made less susceptible to the repeated unauthorized use of simulated authorization or other control si~nals throuah the use of switch assembly multiplexing systems frcm which plural binary codes are dyna~.ically selectable as parameters to bs used in the encryption of the signal.s.
:
~, . . , :
:
~ 1 7 ~
SUMMARY OF THE INVENTION
A banking system including a local central computer and a remote automated ~eller machine in an on-line and off-line operating environment is provided with security measures substantially decreasing the likelihood of a security penetra-tion without ~nowledge of a customer's confidential personal identification number (PIN) and Fossession of a customer's banking card.
More particularly, a teller expansion controller (TEC) receive~ customer specific data including a PIN, a PIN OFFSET l number which is representative of a predete~mined relationship with a customer's PIN, an account number (ACCN), a bank identi-fication number (BI~) and transaction limitation data encoded on a customer card from customer initiated input~output units.
Upon receipt of the information, the TEC performs an account number validation. If the account number is valid~ the TEC
~orwards a transaction request (TREQ), the ACCN, a transaction number (TRAN 1) a~d transac~ion limi~ation data to an intelligent transaction controller (ITC) which may be located at the automa~ed teller machine site or at the site of the central computer. The ITC in turn forwards the information to the central computer which compares the transaction reque~t against custom~r account in~ormation. I~ the customer account balance and other tranqaction limits are not exceeded, the central computer i~sues an authorization qigna1 to the ITC
which responds by generating a second transaction number (TRP~N 2) as a function of TRA~ 1 and first logic switch system settings.
Upon receipt of T~AN 2 from ITC, the TEC forwards the PIN, TRAN 1, BIN and ACCN information to ~ safe in~exface board (SIB). The S SI3 responds by generating a third transaction number tTRAN 2') which is a ~unction o~ TRAN 1 and second logic switch syste~
settings, and by generating a PIN OFFSET 2 signal which is a function o~ PIN, BIN, ACCN and third logic switch system se~tings.
Upon receipt of T~AN 2' and PIN OFFSET 2 from the SIB, the TEC
performs comparison tes~s between TRAN 2 and TRA~ 2'~ and between PIN OFFSET 1 and PIN OFFSET 2. If each comparison results in an equivalency, the TEC issues transaction control commands to the SIB to cause cash to be issued to the customer or cash to be received from the customer.
: 15 In one aspect of the invention, in an on-line operation, no information from which a customer's PIN number may be discerned is transmitted over communication paths accessible by customers or unauthorized users.
In another aspect of the invention, in the event an authorization signal is issued by the central computer or the ITC o~er a transmission line to the remote automated teller machine during an on-line operation, the authorization signal is enc~ypted a~ a function of logic switch settings accessible only by bank oficials. Such loglc switch settings may be changed periodically to prevent repeated simulation of , . ~
,, .
..
~759~1 intercepted authorization signals by unauthorized users. In addition, the repeated use of customer cards by unauthorized users may be controlled by changing the logic switch setting parameters of the PIN OFFSET codes. The simulation of an authorization signal or the theft of a customer card alone, however, is not sufficient to penetrate the security of the banking system.
Both knowledge of the customer's confidential PIN number and possession of a customer card is required.
In still another aspect of the invention7 all signal paths between the TEC and the SIB, and between the SIB and a cash dispenser, a cash de-pository, and logic switch systems providing parameters upon which the SIB
operates, are wholly contained within the automatic teller machine, and are inaccessible to customers and unauthorized users.
In accordance with the present invention, there is provided anautomated banking system, including a central computer system located at a central site, which comprises a) plural data entry means located at a like plurality of remote sites and responsive to customer initiated action for providing binary in-formation signals representative of a personal identification number (PIN), an account number (ACCN), a bank identification number ~BIN), a number having a predetermined relationship with said PIN (PIN OFFSET 1), transaction data descriptive of a desired banking transaction, and transaction limits;
b) plural automated teller machines each located at any one of said remote sites and receiving said PIN, ACCN, BIN, PIN OFFSET l~ trans-action data and transaction limits from an adjacent one of said plural data entry means for performing the folLowing operations by way of signal paths wholly contained within said plural automated teller machines:
i~ i 9 4 ~
(1) validating said ACCN against resident hinary customer account number codes,
FIELD OF T~E INVENTION
. . _ The invention relates to automated banking systems, and more particularly to security systems used in com-bination with cash or negotiable instrument dispensers at locations remote from a central computer-controlled banking ~acility.
PRIOR ART
With t~e advent of computer-controlled banking facili-ties wherein a number of remote automated ~eller stations 10 are in communication with and controlled by a centrally located computer, certain ~ra~saction security problems ha~e become apparent. More particularly, telephone line monitoring devices and compu~er related equipment have been de~eloped and used by computer thieves to secure funds 15 from the bank systems. Fraudulently injected enabling sig-nals, and the simulation of valid transaction messages from points along the communication path bet~een the central computer and a remote terminal have been used successfully.
In response to this problem, prior ar~ systems have 20 developed remote terminals wherein a customer enters a personal identiication number (PIN), which is transferred to the central computer ~or recognition. The cen~ral com-puter in turn authorizeR a tra~saction to take place. The PIN number may be memorized by the user and may take the 25 form o hi3 social security number, his bir~h date or some ~' ' ' ' ~
,: . ~ .
317~
other personal data known only to the customer and the bank. The PIN number may be further used in conjunction wi~h a magnetically encoded card which include~ data repre~enta~ive of a custom~r account number, b~nk identification ~umber, and zone number. In some cases the card includes an encrypted identi~ication number which relates the PIM number to a customer information file (CIF) signal stored at the central computer. The encrypted identi~ication number is often referred to as the PI~ OFFSET.
In the operation of such prior ar-t systems, the cu5-tomer typically enters his P~N number by way of a keyboard, and passe~ his magnetic card through registration with a card reader at the remote terminal. P~N and PI~ OFFS~T
signals thereby are transferred to the central computer 15 through telephone lin~s. ~t the central computer, the signals are compared with a customer CIF
number wAich i~ used to identify the cus~omer account and verify the identity of the customer. The central computer therea~ter transmits a tra~saction autho.rization signal 20 over the telephone line to the cash dispensex at the remote terminal.
Because o~ the relative ease by which any signal on a telephone line may be intercepted and simulated, practicaL
system~ in the prior art are genqrally provided with complex 25 data encrypting dQvices whenever any signal such as the PI~, I ~ ~594 ~
PIN OFFSET or transaction authorization signal is transmitt~d over a telephone line. Even though the resultant encrypted signals may be su~ject to in~erception, a suitably complex encryption algori~m may reduce the probability of a decoding by a thief. In the case of an authorizakion signal which is transmitted over the line, howevex, the mere duplication of the signal even if in encrypted form usually is sufficient to activate the cash dispenser at the remote terminals.
U.S. Patent 4,075,460 as igned to the assignee of the present invention provides an Lmproved remote terminal cash dispensing system. The security system is comprised of a PIN signal generator and a security device responsi~e to both ~he signal generator and an authorization signal com-15 prised o~ the customer's C~F number which is supplied by a central computer. The signal path between the signal gen-erator and ~he security device is wholly contained within the renote ten~ina7. ~he PIN signal thus cannot be inter-cepted, and the mere simulation o ~he authorization signal 20 alone will not penetrate the security of the remote terminal.
Although the likelihood of a withdrawal by an unauthori ed user is substantiaIly reduced, an unauthorized use still may occur i a cu~tomer i3 careless with his PIN number.
The PIN number may ba entered at the remote terminal by 25 the unaukhorized party, and the authorization ~ignal from ~7~
the central computer may be simulated to cauce the security device to command a cash release. The security system of the embodiment illustrated in Figure 2 of ~he patent is more difficult to penetr~te since a PIN OFFSET signal wholly internal to the remote terminal also is applied to the security device by way of a card reader for a compar-ison. Although the addition of the PIN OFFSET increases the necessity for obtaining both the customer PIN number and his encoded card, a theft still may occur through the 10 use of knowledge gained from the card and intercepted signals. ~or example, once the relationship between a PIN OFFSET and a customer's CI~ number is discavered, the customer's PI~ may be determined. A customer's CIF number is transerred over telephone lines from the cen~raL com-15 puter to the remote transaction terminal. The determina-tion of a P~ number i5 further acilitated from a knowledge of the number of bits aomprising the PIN number. Such a BIT signal is supplied by the remote transaction terminal to the central computer. In each case, a cash ~heft may occur 20 repeatedly once the control information peculiar to the customer is det~rmined.
. .. ~
3 ~ 7S~
The invention disclosed herein is directed to a banking system for remote automated teller machines wherein no signals from which either a PIN or a PIN OFFSET may be derived are transferred over transmission lines available to an unauthorized user. The likelihood of a security penetration without knowledge of the customer's PIN
number and possession of the customer's encoded card thereb~7 is sionificantly reduced. The system further is made less susceptible to the repeated unauthorized use of simulated authorization or other control si~nals throuah the use of switch assembly multiplexing systems frcm which plural binary codes are dyna~.ically selectable as parameters to bs used in the encryption of the signal.s.
:
~, . . , :
:
~ 1 7 ~
SUMMARY OF THE INVENTION
A banking system including a local central computer and a remote automated ~eller machine in an on-line and off-line operating environment is provided with security measures substantially decreasing the likelihood of a security penetra-tion without ~nowledge of a customer's confidential personal identification number (PIN) and Fossession of a customer's banking card.
More particularly, a teller expansion controller (TEC) receive~ customer specific data including a PIN, a PIN OFFSET l number which is representative of a predete~mined relationship with a customer's PIN, an account number (ACCN), a bank identi-fication number (BI~) and transaction limitation data encoded on a customer card from customer initiated input~output units.
Upon receipt of the information, the TEC performs an account number validation. If the account number is valid~ the TEC
~orwards a transaction request (TREQ), the ACCN, a transaction number (TRAN 1) a~d transac~ion limi~ation data to an intelligent transaction controller (ITC) which may be located at the automa~ed teller machine site or at the site of the central computer. The ITC in turn forwards the information to the central computer which compares the transaction reque~t against custom~r account in~ormation. I~ the customer account balance and other tranqaction limits are not exceeded, the central computer i~sues an authorization qigna1 to the ITC
which responds by generating a second transaction number (TRP~N 2) as a function of TRA~ 1 and first logic switch system settings.
Upon receipt of T~AN 2 from ITC, the TEC forwards the PIN, TRAN 1, BIN and ACCN information to ~ safe in~exface board (SIB). The S SI3 responds by generating a third transaction number tTRAN 2') which is a ~unction o~ TRAN 1 and second logic switch syste~
settings, and by generating a PIN OFFSET 2 signal which is a function o~ PIN, BIN, ACCN and third logic switch system se~tings.
Upon receipt of T~AN 2' and PIN OFFSET 2 from the SIB, the TEC
performs comparison tes~s between TRAN 2 and TRA~ 2'~ and between PIN OFFSET 1 and PIN OFFSET 2. If each comparison results in an equivalency, the TEC issues transaction control commands to the SIB to cause cash to be issued to the customer or cash to be received from the customer.
: 15 In one aspect of the invention, in an on-line operation, no information from which a customer's PIN number may be discerned is transmitted over communication paths accessible by customers or unauthorized users.
In another aspect of the invention, in the event an authorization signal is issued by the central computer or the ITC o~er a transmission line to the remote automated teller machine during an on-line operation, the authorization signal is enc~ypted a~ a function of logic switch settings accessible only by bank oficials. Such loglc switch settings may be changed periodically to prevent repeated simulation of , . ~
,, .
..
~759~1 intercepted authorization signals by unauthorized users. In addition, the repeated use of customer cards by unauthorized users may be controlled by changing the logic switch setting parameters of the PIN OFFSET codes. The simulation of an authorization signal or the theft of a customer card alone, however, is not sufficient to penetrate the security of the banking system.
Both knowledge of the customer's confidential PIN number and possession of a customer card is required.
In still another aspect of the invention7 all signal paths between the TEC and the SIB, and between the SIB and a cash dispenser, a cash de-pository, and logic switch systems providing parameters upon which the SIB
operates, are wholly contained within the automatic teller machine, and are inaccessible to customers and unauthorized users.
In accordance with the present invention, there is provided anautomated banking system, including a central computer system located at a central site, which comprises a) plural data entry means located at a like plurality of remote sites and responsive to customer initiated action for providing binary in-formation signals representative of a personal identification number (PIN), an account number (ACCN), a bank identification number ~BIN), a number having a predetermined relationship with said PIN (PIN OFFSET 1), transaction data descriptive of a desired banking transaction, and transaction limits;
b) plural automated teller machines each located at any one of said remote sites and receiving said PIN, ACCN, BIN, PIN OFFSET l~ trans-action data and transaction limits from an adjacent one of said plural data entry means for performing the folLowing operations by way of signal paths wholly contained within said plural automated teller machines:
i~ i 9 4 ~
(1) validating said ACCN against resident hinary customer account number codes,
(2) generating a first transaction identification number (TRAN 1), a transaction request (TREQ), a second transaction identi-fication number as a function of TRAN 1 (IRAN:2'), and a number which is a function of PIN~ ~IN and ACCN ~PIN OFFSET 2),
(3) comparing TRAN 2' and a third transaction number which is a function of TRAN 1 ~TRAN 2),
(4) if TRAN 2 and TRAN 2' are equivalent, comparing PIN OFFSET 1 and PIN OFFSET 2, and ~5) if PIN OFFSET 1 and PIN OF~SET 2 are equivalent, dispensing transaction items to said customer or receiving transaction items from said customer; and c) plural controller means located either at said ccntral site or at sites remote from both said central computer system and said plural auto-mated teller machines, wherein each of said plural controller means is in electrical communication with said central computer system during on-line operations and in electrical communication with different pluralities of said plural automated teller machines during both on-line and off-line opera-tions, and receiving TREQ, ACCN, TRAN 1 and said transaction limits from said plural automated teller machines for transfer to said central computer system during on-line operations, and for validating TREQ against said transaction limits and resident customer account information during off-line operations, and for generating TRAN 2 for transfer to a requesting one of said plural automated teller machines in the event TR~Q is valid.
In accordance with anotller aspect of the invention~ there is -8a-, . . , : ,:
- :. , ,'. : ' ; . .!
,~
' 9 ~ ~
provided an automated banking sys~em including a central computer system located at a central site which comprises:
a) data entry means located at a remote site and responsive to customer initiated action for providing binary information signals representa-tive of a personal identification number ~PIN), an account number (ACCN), a bank identification number (BIN), a number having a predetermined relationship with said PIN (PIN OFFSET 1), transaction data descriptive of the banking transaction desired, and transaction limits;
b) first controller means located at said remote site and receiving said PIN, ACCN, BIN, PIN OFFSET 1, transaction data and transaction limits from said data entry means for performing the following operations:
(1) validating said ACCN against binary customer account number codes resident in said first controller means, (2) generating a first transaction identification number (TRAN 1), and a transaction request ~TREQ), ~) comparing a second transaction number which is a function of TRAN 1 ~TRAN 2) and a third transaction number which is a function of TRAN 1 ~TRAN 2'), ~4) if TRAN 2 and TRAN 2' are equivalent, comparing PIN OFFSET 1 and a number which is a function of PIN, BIN and ACCN (PIN OFF-SET 2), and
In accordance with anotller aspect of the invention~ there is -8a-, . . , : ,:
- :. , ,'. : ' ; . .!
,~
' 9 ~ ~
provided an automated banking sys~em including a central computer system located at a central site which comprises:
a) data entry means located at a remote site and responsive to customer initiated action for providing binary information signals representa-tive of a personal identification number ~PIN), an account number (ACCN), a bank identification number (BIN), a number having a predetermined relationship with said PIN (PIN OFFSET 1), transaction data descriptive of the banking transaction desired, and transaction limits;
b) first controller means located at said remote site and receiving said PIN, ACCN, BIN, PIN OFFSET 1, transaction data and transaction limits from said data entry means for performing the following operations:
(1) validating said ACCN against binary customer account number codes resident in said first controller means, (2) generating a first transaction identification number (TRAN 1), and a transaction request ~TREQ), ~) comparing a second transaction number which is a function of TRAN 1 ~TRAN 2) and a third transaction number which is a function of TRAN 1 ~TRAN 2'), ~4) if TRAN 2 and TRAN 2' are equivalent, comparing PIN OFFSET 1 and a number which is a function of PIN, BIN and ACCN (PIN OFF-SET 2), and
(5) if PIN OFFSET 1 and PIN OFFSET 2 are equivalent, issuing trans-action contro.l signals for exchanging transaction items with a customer;
c) second contro.LLer means located at said remote site and receiv-ng PIN, BIN, ACCN, and TRAN 1 :Erom said first controller means, and generat--8b-.
3 ~ 75~
ing therefrom PIN OFFSET 2 and TRAN 2' for transfer to said first controller means, and responsive to said transaction control signals for dlspensing transaction items to said customer or receiving transaction items from said customer; and d) third controller means located at said central site and receiv-ing TREQ, ACCN, TRAN 1 and transaction limits from said first controller means for transfer to said central computer system; and receiving an auth-orization signal from said central computer system in the event TREQ does not exceed either said transaction limits or an account balance of said customer for generating TRAN 2 for transfer to said first controller means.
In accordance with a further aspect of the invention, there is provided an automated banking system including a central computer system located at a central site which comprises:
a~ data entry means located at a first remote site and responsive to customer initiated action for providing binary information signals repre-sentative of a personal identification number (PIN), an account number (ACCN); a bank identification number (BIN), a number having a predetermined relationship with said PIN (PIN OFFSET 1), transaction data descriptive of the desired banking transaction, and transaction limits;
b) first controller means located at said first remote site and receiving said PIN, ACCN, BIN, PIN OFFSET 1, transaction data and transaction limits from said data entry means for performing the following operations:
(1) validatlng said ACCN against binary customer account number codes resiclent in said first controller means, (2) generating a first transaction identification number (TRAN 1), and a transaction request (TREQ), -8c-;:~
~' ~ 1 759~ 1 (3~ comparing a second transaction number which is a function of TRAN 1 ~TRAN 2) and a third transaction number which is a function of TRAN 1 (TR~N 2'), (~) if TRAN 2 and TRAN 2' are equivalentJ comparing PIN OFFSET 1 and a number which is a function of PIN, BIN and ACCN (PlN OFF-SET 2), and (5) if PIN OFFSET 1 and PIN OFFSET 2 are equivalent, issuing trans-action control signals for exchanging transaction items with a customer;
c} second controller means located at said first remote site and receiving PINI BIN, ACCN, and TRAN 1 from said first controller means, and generating therefrom PIN OFFSET 2 and TRAN 2' ~or transfer to said first controller means, and responsive to said transaction control signals for ; dispensing transaction items to said customer or receiving transaction items from said customer; and d~ third controller means located at a second remote site and receiving TREQ, ACCN, TRAN 1 and said transaction limits from said first controller means for transfer to said central computer system, and receiving : an authoriza~ion signal from said central computer system in the event TREQ
does not exceed either said transaction limits or an account balance of said customer for generating TRAN 2 for transfer to said first controller means.
-8d--9- ~7~
DESCRIPTION OF THE DRAWINGS
For a more complete under~tanding of the present invention and for urther objec~s and advantages thereof, refer2nce may now be had to the following description taken in conjunction with the accompanying drawings in which:
Figure 1 is a functional block diagram of a ~anking system embodying the invention;
Figure 2 is a functionaL block diagram of the automated teller machine of Figure l; and Figures 3 and 4 collectively provide a f~nctional block diagram of an alternate em~odiment of the invention for both the off-line and on-line operation o~ a remote automated teller machine.
DESCRIPTION OF PREFERRED EMBODIMENTS
..
Figure 1 illustrates in functional block dla~ram form a computer controlled banking system embodying t~e invention.
A central computer 10 with main memory 11 is in electrical communication with an intelligent trans-action controller (ITC) 12. The ITC is located at a : .
.
, , : , .
,: , ~ ~ 7~
central site adjacent to the central computer 10~ It is to be understood that the ITC may in the alternati~e be located at a remote site and that the computer 10 may communica~e with a plurality of ITCs by way of communication cables lOa. Each ITC in turn may communicate with a plurality of automated teLler machines by way of cornmunication paths such as telephone trans-mission lines 14.
Continuing with the description of Figure 1, the ITC
12 i5 in electxical communication with logic switch system 13, and with a remo~e automated teller machine 15 by way of the telephone transmission lines 14. Each transmission line incLudes modem devices such as modems 16 and 17 respect-ively at the local and rernote electrical interfaces.
In the preerred embodiment disclosed herein, the..
ITC 12 may be of the type manufactured and sold by Honeywell Information Systems Inc. at Wellesley ~ills, Massachusetts, and represented to the public as a model 7430 intelligent transaction controller.
The automated teller machine 15 is comprised o~
a teller expansion controller (TEC) 18, which in turr is in electrical communication with a keyboard 19, a video terminal 20, a printer 21, a card read/write unit .... .
.' .
"
~5943 22, a remote memory unit 23, and a safe interface board ~SIB) 29. The SIB 24 is in elec~rical communication with a cash dispenser 25, a cash depository 26, and logic switch systems 27.
The TEC 18 may be of the type manu~actured and sold by Honeywell In~o.rmation Systems Inc~ as a component part of its Model 7712 financial transaction facility. A more complete description of the T~C 18 is provided in Canadian Application Serial No. 364,345 filed November 10, 1980 entitled "Data Processing System With Self Testing and Configuration Mapping Capability", assigned to the assignee of the present inventionO
The keyboard 19 and card read/write unit 22 enter in~ormation into the TEC 18 in response to customer-initiated operations~ ~he keyboard 19 comprises a conventional transaction data generator for convertin~
customer-activated key operations to data representa~ive of a desired banking transaction. The card read~write unit 22 may ba any of many well-known magnetic read/write devices for reading and writing data encoded on magnetic stripes in accordance with ABA, IATA, ~INTS or Thrift : Standard Track formats. The unit 22 further may lnclude other types of read/write deYices including card per~oration, optical character recognition ~OCR), _~ f7' : ' ~ il 7~9~ 1 and magnetic ink character recognition (MICR) devices.
The card unit 22 also may be a device for communi-cating with semiconductor microprocessor systems fabricated on a customer card. It is to be understood, however, that any suitable data entry means may be employ-ed.
The data field imprinted upon a customer card or ~tored in a memory chip fabricated on the card may in-clude encoded data words representative of a customer's account number (ACCN), bank identification number (BIN), a PIN OFFSET, and transaction limitation data which may be converted by the unit 22 to electrical signals which are provided to the TEC 18. The PIN OFFSET data word is representative of a predetermined relationship be-tween a customer's (PIN) and customer-related informa-tion stored in the memory 11 of the central computer 10. The PIN number for a customer may be representative of the customer's birthdate, social security number or other personal ~ata easily memorized. The BIN is a number that is unique to the remote station o the banking institution.
~, .. ..
, " ' "~
, ~ ~ 7594 ~1 The SIB ~4 is comprised of a microprocessor in electrical communication with a plurality of input/outp~t (I/O) controllers for controlling data trans~ers between the SIB and the TEC 18, the cash dispenser 25, the cash depository 26, and the logic switch systems 27. The cash dispenser 25 includes a means ~or storing a pl~rality of cash units, such as bills, and for delivering one or more of the stored cash units to a cuskomer in response to control signals recei~ed ~rom the SIB. The cash deposi~
tory 26 includes means ~or rcceiving cash units from a customer and for storiny such cash ~nits ~or later access by banking personnel.
The logic switch systems 13 and 27 provide a means by which authorized banking personnel may dynamically select any one o~ plural parameters which may be used by the ITC 12 and the SIB 24 in validating transaction requests.
In addition, the parameters which are selectable may be changed p~riodically by the bank officials. The logic switch systems are more particularly described in a copending Canadian patent application Serial No. 393,344 filed December 29, 1981 by Richard G. Harris entitled "Switch Multiplexing Apparat~ For Switch ~ssemblies Having Pl~ral Switch Arrays" ass~gned to the assignee of the present invention.
.
.~
~ ~7Sg~
-13a-In operation, a customer inserts a bank or credit card into the card read/write unit 22. ACCN, BIN, a first PIN OFFSET referred to as PIN OFFSET 1, and transac~ion limitation data is read from the card and transferred to the 5 TEC 18. The transaction lLmitation data may include ,, ~' ~'`'` ~ ' ' ' ~''' . ' .
: .
~ Jl 7594 1 transaction amount, time and other transaction limits.
In response to the information read from the customer card, the TEC 18 uses customer information s~ored in the m~mory unit 23 to verify the customer's account S number as represented by the ACCN. If the account number is invalid, the TEC issues a transaction cancellation message on the video terminal 20 to the customer. If the account number is valid, however, the TEC issues a mesqage on the video terminal 2Q to instruct the cus-10 tomer to en~er a PI~ number and transaction data on thekeyboard 19. At the conclusion of the keyboard entries, the TEC logically generates a transaction reques~ (TREQ), and a transaction number (TRAN 1). The TEC thereafter forwards the TREQ, ACC~, TRAN 1 and transactio~ limitation lS data to the central compu~er 10 by way o~ the ITC 12. The central compu~er uses the ACC~ number and transaction lLmitation da~a in compari~g customer's account balance against the transac~ion request.
If the customer's acco~nt balance or other transaction 2u limitation data is exceeded, the central computer issues a transaction cancellation message by way of the ITC 12 to the TEC 18. In any event, if a predetermined time period elapses during which no messages are received from the ITC
12, the TEC 18 issues a transaction cancellation message 25 on the vldeo terminal 20 to the customer. If the transaction request does not equal or exceed the account ' . .. .'' ~ ' j : : ' .
.
759k 11 --1'--balance or o~her transaction limitations, however, ~he centraL computer issues an authorization signal to the ITC 12. The I~C 12 in response there~o generates a `~ second transaction number (T~AN 2) which is a function of TRAN 1 and logic switch system 13 settings known only to bank of~icials.
Upon receipt o~ the TRAN 2 signal from the ITC 12, the TEC 18 ~orwards the ACCN, PI~, B~N, and TRAM 1 signals to the SI8 24. In response to the infoLmation received from 10 the TEC 18, the SIB 24 generates a third transaction n~m~ber re~erred to as TRAN 2l. ~RAN 2' is a function of T~N 1, and the switch settinqs o logic switch system 27 which are known only to bank oLiciaLs. The SIB fur~her ~enerates a second PIN O~FSET signal referred to as PIN OFFSET
15 which is a funciton of PIN, ACC~, and BIN, and forwards ;- both TRAN 2' and PI~ OF~SET 2 to TEC 18.
The TEC 18 compares TRAN 2 with T~AN 2'. If an equivalence occurs, the TEC 18 compares PIN OF~SET 1 with PI~ OFFSET 2. If the PIN OFFSET signals are 20 equivalen~ the TEC issues transaction control signals to : the SIB 24 to deposit cash received from the customer or to dispense cash units to the customer. If either of the comparative tests Eails, however, the TEC issues a trans-action cancellation message to the video tqrminal 20 Eor : 25 display to the customer.
'';
, ' : ' ' :, ' , ' , ~
. .
, , ~ ~759~1 Security of the banking system of Figure l is achieved by containing all signal paths between computer 10, memory 11, ITC 12 and logic switch syctem 13 wholly within the central bank station and accessible only to authorized bank personnel. In addition, all signal paths between TEC 18, SIB 24, cash dispenser 25, cash depository 26 and loyic switch systems 27 are wholly contained within the remote au~omated teller machlne, and are accessible only to authorized bank personnel.
From the above, it is apparent tha~ any attemp~ to intercept and simulate the TRA~ 2 signal issued by the ITC 12 to the TEC 18 shall not be sufficient to penetrate the banking system security without knowledge of the customer's PI~ number and possession of the customer's 15 banking card. Further, any attempt to simulate a TR~N 2 signal repeatedly is thwar~ed by the periodic change o~
the setting~ of switch systems 13 and 27 by ba~k officials.
Still further, customer speci~ic information such as PIN
and ~IN OFFSET 1 are wholly contained within ~he automated 20 teller machine 15, ana are not transmitted over transmission lines susceptible to interception and capture by unauthor-ized users. In addik.ion, the customer's PIN i9 not encoded on a cu~tomer card which may be lost, but rather remains wholly in the control of the cu~omer. Lastly, the logic ' . .
~ ~75~1 switch sy~tem 27 settings may be changed periodically to aLter the PIN OFFSET code on customer cards, thereby preventing repeated use of stolen or counterfeit customer . cards.
";, , - :.
: . . ,;
-18- 1~ 7~9~ 1 Figure 2 illustrates in functional block diagram form those devices comprising ~he automated teller machine 15 of Figure 1 which contribu-te to the security of banking transactions while the automated teller machine is on-line, i.e., in communication wi~h the cen~ral computer 10.
As before described~ a customer desiring to transact business with a banking institu~ion may insert a customer 10 card into the card read/write unit 22. PIN OFFSET 1, ACCN, BIN, and transaction limitation data is read from the card, and tra~sferred to the TEC 18. In response to the infor mation read from the customer caxd, the TEC 18 first verifies ; the c~stomex account n~mber, ACCN, If ~he account number 15 is valid, the TEC issues a message on the video terminal 20 to instruc~ ~he cus~omer to enter a P~N number and trans-action data on the keyboard 19. The TEC thereafter logi-cally generates TREQ and TRAN 1 in response to the custom-er's keyboard entrie~, and rorwards TREQ, ACCN, TRAN 1 and 20 transaction limitation data to the central computer 10 by way of the ITC 12. The central computer uses the ACCN
and transaction limitation data to compare the customer's account balance against the transaction reques~. If the transaction re~ueYt does not exceed the account balance 25 or other transactlon limits the central computer issues , ' -19- 1 3 ~5~4 ~
an authorization signal to ITC 12. The ITC 12 thereupon generates TRAN 2 which is a function of TR~N 1 and switch system 13 settings.
The TEC 18 waits a predetermined time period to receive either a TRAN 2 signal or a transaction cancellation messaae frcm the ITC 12. If a signal is not recei~ed ~ithin the time period, the TEC 18 terminates the transaction. If the TRAN 2 signal is received from the ITC 12 within the pre-determined time period, however, the TEC forwards ACCM, BIM, TRAN 1 and PIN to the SIB 24~ In res~onse to the information received from the TEC, the SI3 generates TRAN 2' as a function of TRAN 1 and the switch settings of logic switch system 27a. The SIB further generates PIN OFFSET 2 as a function of PIN, ACCN, and BIN. In the alternative, either one of the independen~ variables comprising PIN OFFSET 2 may be superseded by a switch setting in logic switch system 27b, ox the switch setting may be added as an additional independent variable to place further control in the bankina institution and increase the flexibility of the system. Any such change in the encoding of PIN OFFSET 2, however, must be mirrored in PI~T OFFSET 1 by a rewriting of such codes on customer cards. Such a flexibility provides protection a~ainst the counterfeiting or theft of customer cards without reauiring hardware or so~tware changes in the automated teller machine.
~he SIB 24 forwar~s the T~N 2' and PIN OF~SET 2 ' ., , .
.
-20- ~ 75~ ~
i ., signals to the T~C 18 which compares TRAN 2 with TRAN 2' as before described. I~ an equivalency occurs, the TEC compares PIN OFFSET l with PIN OFFSET 2. Upon the occurrence of an equivalence, ~he TEC issues transaction con~rol commands to the SIB 24 to deposit cash received from the customer or to dispense cash units to the customer. In the event that cash is to be dispensed ~o ~he customer, the logic switch system 27c may be usad to lLmit the number of cash units which may be dispensed to a customer in respons~ to any single reques~.
The logic switch systems 27a - 27c which comprise the logic switch sys~ems 27 of Figure l pro~ide a further security measure in that each o ~he switch systems are wholly contained withi~ the r~mote terminal and inaccessible to customers and unauthorized users. The switch systems may be comprised of a plurality of switch arrays, each array addressabLe by a binary code. The parameters used by the ITC 12 and S~B 24 as represented - by the logic switch systems, therefore, may be changed by merely changing the address code applied to the switch systems.
By periodically addressing di~ferent switch arrays in the switch systems, a~d by p~riodically changing the switch settings, the repeated use o~ simulated Qignals and stolen or coun~er~eit customer cards may be prevented.
~ ~1 7~9~ ~
FIGURES 3 and 4 Figures 3 and 4 illustrate in block diaqram form an alternative embodiment of the banking system of Fiaure 1 for on-line operations, and for of-line operations where no communication with a central compu~er occurs.
Referrina to Fi~ure 3, the ITC 12 may be located at a site remote to both the central computer 10 and the automated teller machine 15. The ITC 12 is in electrical com~unication with a disc unit 28, a logic switch system 29, and the central computer 10 by way of a modem 30 and a transmission line 31.
The ITC 12 further is in electrical communication with the automated teller machine 15 by way of a transmission line 32 ha~in~ modems 33 and 34. It is to be understood that the ITC 12 may he in communication with a plurality of other remote automated teller machines by way o~ communication lines 35.
Durina o~f-line operations, the ITC 12 assu~e~ the functions normally performed by the central computer durin~
on-line operations. More particularly, the ITC 12 receives T~EQ, ACCN, TRAN 1 and transaction limitation data ~rom the TEC 18 as before described. The ITC uses the ACCN number to Zo access customer account information stored on the disc unit 28. The transaction request as represented by TREO then i5 compared aoains~ the account balance and the ~ransaction limits. If the transaction request~does not eaual or exceed . . . . . . . . . .
. . , , . :
- :: , . .,:
: - - : , ,. , . ~ . .
.. ~
~ ~59~:l -2la-the account ~alance, or e~ceed transaction limits, the ITC updates the account information on disc 28, and generates TRAN 2 as a function of TRAN 1 and the settings of logic switch system 29 known only to bank officials.
5 The logic switch system 29 is of the type previously described as logic switch systems 13 r and 27a~27c. The operation of the automated teller machine 15 procedes as before described in connection with the descri~tion of Figure 2.
.,.~ ' .
~ 3 7~9~ 1 When the automated teller machine enters an on-line i operation mcde, the ITC 12 transfers account and transaction information stored on disc 28 to the central computer 10 by way of a modem 30 and ~ransmission line 31. The ITC further S forwards TREQ, ACCN, TRAN 1 and transaction limita~ion data received from TEC 18 to the central computer 10 o Figure 1 by way of transmission line 31 for a ~ransaction validation.
In such an on-lin~ operatlon, the central computer uses the ACCN number to access the customer account stored in memory unit 11, and compares the transac~ion request against the account balance and limitation data~ If tha transaction request does not equal or exceed the account balance or other tran~action limi~s, the ce~tral computer shall issue an authori-zation signal tc transmission line 31.
Referring to Figure 4, the computer 10 is in electrical communication with transmission line 31 by way of a modem 36 and one of ~he communication cables lOa. When an authorization signal is issued to the ITC 12 by way of transmission line 31, the signal may be intercepted and later simulated by an unauthorized user. In the preferred embodiment discl~sed herein, howe~er, ~he authorization signal is a function of TRAN 1 and a logic code supplied to the computer 10 by a logic switch system 37. The logic switch system 37 is of the same type as the logic switch system 29 o~ Figure 3, and is under the sole control of bank officials. By periodically changing 1 ~ ~5~4 ~
the switch settings of the logic switch system 37, the repeated use of an authoriza~ion signal by an unauthorized user monitoring the transmission line 31 may be prevented.
As before ~tated, the mere simulation o an authorization signal alone does not penetrate the security of the ~ank-ing system.
It is to be understood that the swi-tch settings of the logic switch system 37 must be duplicated in the logic switch system 29 of Figure 3 for the ITC 1~ to recognize an authoriza-tion signal. Upon receiving an authorization signal from the computer lO, the ITC generates TRAN 2 as a function o TRAN 1 and the settings of logic switch system 29. ~he operation of the au~omated teller machine 15 then continues as before d~scribed in connection with the de~cription of Figure 2.
The invention may be embodied in other specific ~orm5 wi~hout departing from the spirit or essentiaL characteristics thereof. The present embodiments are therefore to be con-sidered in all respects as illustrative and not restrictive,with the scope of the invention being indicated by the appended claims rather than by the foregoing description.
All changes which come within the meaning and range of equivalency of the claims are therefore inkended to be embraced therein.
What is claimed is:
,.~ ~ ...
.
c) second contro.LLer means located at said remote site and receiv-ng PIN, BIN, ACCN, and TRAN 1 :Erom said first controller means, and generat--8b-.
3 ~ 75~
ing therefrom PIN OFFSET 2 and TRAN 2' for transfer to said first controller means, and responsive to said transaction control signals for dlspensing transaction items to said customer or receiving transaction items from said customer; and d) third controller means located at said central site and receiv-ing TREQ, ACCN, TRAN 1 and transaction limits from said first controller means for transfer to said central computer system; and receiving an auth-orization signal from said central computer system in the event TREQ does not exceed either said transaction limits or an account balance of said customer for generating TRAN 2 for transfer to said first controller means.
In accordance with a further aspect of the invention, there is provided an automated banking system including a central computer system located at a central site which comprises:
a~ data entry means located at a first remote site and responsive to customer initiated action for providing binary information signals repre-sentative of a personal identification number (PIN), an account number (ACCN); a bank identification number (BIN), a number having a predetermined relationship with said PIN (PIN OFFSET 1), transaction data descriptive of the desired banking transaction, and transaction limits;
b) first controller means located at said first remote site and receiving said PIN, ACCN, BIN, PIN OFFSET 1, transaction data and transaction limits from said data entry means for performing the following operations:
(1) validatlng said ACCN against binary customer account number codes resiclent in said first controller means, (2) generating a first transaction identification number (TRAN 1), and a transaction request (TREQ), -8c-;:~
~' ~ 1 759~ 1 (3~ comparing a second transaction number which is a function of TRAN 1 ~TRAN 2) and a third transaction number which is a function of TRAN 1 (TR~N 2'), (~) if TRAN 2 and TRAN 2' are equivalentJ comparing PIN OFFSET 1 and a number which is a function of PIN, BIN and ACCN (PlN OFF-SET 2), and (5) if PIN OFFSET 1 and PIN OFFSET 2 are equivalent, issuing trans-action control signals for exchanging transaction items with a customer;
c} second controller means located at said first remote site and receiving PINI BIN, ACCN, and TRAN 1 from said first controller means, and generating therefrom PIN OFFSET 2 and TRAN 2' ~or transfer to said first controller means, and responsive to said transaction control signals for ; dispensing transaction items to said customer or receiving transaction items from said customer; and d~ third controller means located at a second remote site and receiving TREQ, ACCN, TRAN 1 and said transaction limits from said first controller means for transfer to said central computer system, and receiving : an authoriza~ion signal from said central computer system in the event TREQ
does not exceed either said transaction limits or an account balance of said customer for generating TRAN 2 for transfer to said first controller means.
-8d--9- ~7~
DESCRIPTION OF THE DRAWINGS
For a more complete under~tanding of the present invention and for urther objec~s and advantages thereof, refer2nce may now be had to the following description taken in conjunction with the accompanying drawings in which:
Figure 1 is a functional block diagram of a ~anking system embodying the invention;
Figure 2 is a functionaL block diagram of the automated teller machine of Figure l; and Figures 3 and 4 collectively provide a f~nctional block diagram of an alternate em~odiment of the invention for both the off-line and on-line operation o~ a remote automated teller machine.
DESCRIPTION OF PREFERRED EMBODIMENTS
..
Figure 1 illustrates in functional block dla~ram form a computer controlled banking system embodying t~e invention.
A central computer 10 with main memory 11 is in electrical communication with an intelligent trans-action controller (ITC) 12. The ITC is located at a : .
.
, , : , .
,: , ~ ~ 7~
central site adjacent to the central computer 10~ It is to be understood that the ITC may in the alternati~e be located at a remote site and that the computer 10 may communica~e with a plurality of ITCs by way of communication cables lOa. Each ITC in turn may communicate with a plurality of automated teLler machines by way of cornmunication paths such as telephone trans-mission lines 14.
Continuing with the description of Figure 1, the ITC
12 i5 in electxical communication with logic switch system 13, and with a remo~e automated teller machine 15 by way of the telephone transmission lines 14. Each transmission line incLudes modem devices such as modems 16 and 17 respect-ively at the local and rernote electrical interfaces.
In the preerred embodiment disclosed herein, the..
ITC 12 may be of the type manufactured and sold by Honeywell Information Systems Inc. at Wellesley ~ills, Massachusetts, and represented to the public as a model 7430 intelligent transaction controller.
The automated teller machine 15 is comprised o~
a teller expansion controller (TEC) 18, which in turr is in electrical communication with a keyboard 19, a video terminal 20, a printer 21, a card read/write unit .... .
.' .
"
~5943 22, a remote memory unit 23, and a safe interface board ~SIB) 29. The SIB 24 is in elec~rical communication with a cash dispenser 25, a cash depository 26, and logic switch systems 27.
The TEC 18 may be of the type manu~actured and sold by Honeywell In~o.rmation Systems Inc~ as a component part of its Model 7712 financial transaction facility. A more complete description of the T~C 18 is provided in Canadian Application Serial No. 364,345 filed November 10, 1980 entitled "Data Processing System With Self Testing and Configuration Mapping Capability", assigned to the assignee of the present inventionO
The keyboard 19 and card read/write unit 22 enter in~ormation into the TEC 18 in response to customer-initiated operations~ ~he keyboard 19 comprises a conventional transaction data generator for convertin~
customer-activated key operations to data representa~ive of a desired banking transaction. The card read~write unit 22 may ba any of many well-known magnetic read/write devices for reading and writing data encoded on magnetic stripes in accordance with ABA, IATA, ~INTS or Thrift : Standard Track formats. The unit 22 further may lnclude other types of read/write deYices including card per~oration, optical character recognition ~OCR), _~ f7' : ' ~ il 7~9~ 1 and magnetic ink character recognition (MICR) devices.
The card unit 22 also may be a device for communi-cating with semiconductor microprocessor systems fabricated on a customer card. It is to be understood, however, that any suitable data entry means may be employ-ed.
The data field imprinted upon a customer card or ~tored in a memory chip fabricated on the card may in-clude encoded data words representative of a customer's account number (ACCN), bank identification number (BIN), a PIN OFFSET, and transaction limitation data which may be converted by the unit 22 to electrical signals which are provided to the TEC 18. The PIN OFFSET data word is representative of a predetermined relationship be-tween a customer's (PIN) and customer-related informa-tion stored in the memory 11 of the central computer 10. The PIN number for a customer may be representative of the customer's birthdate, social security number or other personal ~ata easily memorized. The BIN is a number that is unique to the remote station o the banking institution.
~, .. ..
, " ' "~
, ~ ~ 7594 ~1 The SIB ~4 is comprised of a microprocessor in electrical communication with a plurality of input/outp~t (I/O) controllers for controlling data trans~ers between the SIB and the TEC 18, the cash dispenser 25, the cash depository 26, and the logic switch systems 27. The cash dispenser 25 includes a means ~or storing a pl~rality of cash units, such as bills, and for delivering one or more of the stored cash units to a cuskomer in response to control signals recei~ed ~rom the SIB. The cash deposi~
tory 26 includes means ~or rcceiving cash units from a customer and for storiny such cash ~nits ~or later access by banking personnel.
The logic switch systems 13 and 27 provide a means by which authorized banking personnel may dynamically select any one o~ plural parameters which may be used by the ITC 12 and the SIB 24 in validating transaction requests.
In addition, the parameters which are selectable may be changed p~riodically by the bank officials. The logic switch systems are more particularly described in a copending Canadian patent application Serial No. 393,344 filed December 29, 1981 by Richard G. Harris entitled "Switch Multiplexing Apparat~ For Switch ~ssemblies Having Pl~ral Switch Arrays" ass~gned to the assignee of the present invention.
.
.~
~ ~7Sg~
-13a-In operation, a customer inserts a bank or credit card into the card read/write unit 22. ACCN, BIN, a first PIN OFFSET referred to as PIN OFFSET 1, and transac~ion limitation data is read from the card and transferred to the 5 TEC 18. The transaction lLmitation data may include ,, ~' ~'`'` ~ ' ' ' ~''' . ' .
: .
~ Jl 7594 1 transaction amount, time and other transaction limits.
In response to the information read from the customer card, the TEC 18 uses customer information s~ored in the m~mory unit 23 to verify the customer's account S number as represented by the ACCN. If the account number is invalid, the TEC issues a transaction cancellation message on the video terminal 20 to the customer. If the account number is valid, however, the TEC issues a mesqage on the video terminal 2Q to instruct the cus-10 tomer to en~er a PI~ number and transaction data on thekeyboard 19. At the conclusion of the keyboard entries, the TEC logically generates a transaction reques~ (TREQ), and a transaction number (TRAN 1). The TEC thereafter forwards the TREQ, ACC~, TRAN 1 and transactio~ limitation lS data to the central compu~er 10 by way o~ the ITC 12. The central compu~er uses the ACC~ number and transaction lLmitation da~a in compari~g customer's account balance against the transac~ion request.
If the customer's acco~nt balance or other transaction 2u limitation data is exceeded, the central computer issues a transaction cancellation message by way of the ITC 12 to the TEC 18. In any event, if a predetermined time period elapses during which no messages are received from the ITC
12, the TEC 18 issues a transaction cancellation message 25 on the vldeo terminal 20 to the customer. If the transaction request does not equal or exceed the account ' . .. .'' ~ ' j : : ' .
.
759k 11 --1'--balance or o~her transaction limitations, however, ~he centraL computer issues an authorization signal to the ITC 12. The I~C 12 in response there~o generates a `~ second transaction number (T~AN 2) which is a function of TRAN 1 and logic switch system 13 settings known only to bank of~icials.
Upon receipt o~ the TRAN 2 signal from the ITC 12, the TEC 18 ~orwards the ACCN, PI~, B~N, and TRAM 1 signals to the SI8 24. In response to the infoLmation received from 10 the TEC 18, the SIB 24 generates a third transaction n~m~ber re~erred to as TRAN 2l. ~RAN 2' is a function of T~N 1, and the switch settinqs o logic switch system 27 which are known only to bank oLiciaLs. The SIB fur~her ~enerates a second PIN O~FSET signal referred to as PIN OFFSET
15 which is a funciton of PIN, ACC~, and BIN, and forwards ;- both TRAN 2' and PI~ OF~SET 2 to TEC 18.
The TEC 18 compares TRAN 2 with T~AN 2'. If an equivalence occurs, the TEC 18 compares PIN OF~SET 1 with PI~ OFFSET 2. If the PIN OFFSET signals are 20 equivalen~ the TEC issues transaction control signals to : the SIB 24 to deposit cash received from the customer or to dispense cash units to the customer. If either of the comparative tests Eails, however, the TEC issues a trans-action cancellation message to the video tqrminal 20 Eor : 25 display to the customer.
'';
, ' : ' ' :, ' , ' , ~
. .
, , ~ ~759~1 Security of the banking system of Figure l is achieved by containing all signal paths between computer 10, memory 11, ITC 12 and logic switch syctem 13 wholly within the central bank station and accessible only to authorized bank personnel. In addition, all signal paths between TEC 18, SIB 24, cash dispenser 25, cash depository 26 and loyic switch systems 27 are wholly contained within the remote au~omated teller machlne, and are accessible only to authorized bank personnel.
From the above, it is apparent tha~ any attemp~ to intercept and simulate the TRA~ 2 signal issued by the ITC 12 to the TEC 18 shall not be sufficient to penetrate the banking system security without knowledge of the customer's PI~ number and possession of the customer's 15 banking card. Further, any attempt to simulate a TR~N 2 signal repeatedly is thwar~ed by the periodic change o~
the setting~ of switch systems 13 and 27 by ba~k officials.
Still further, customer speci~ic information such as PIN
and ~IN OFFSET 1 are wholly contained within ~he automated 20 teller machine 15, ana are not transmitted over transmission lines susceptible to interception and capture by unauthor-ized users. In addik.ion, the customer's PIN i9 not encoded on a cu~tomer card which may be lost, but rather remains wholly in the control of the cu~omer. Lastly, the logic ' . .
~ ~75~1 switch sy~tem 27 settings may be changed periodically to aLter the PIN OFFSET code on customer cards, thereby preventing repeated use of stolen or counterfeit customer . cards.
";, , - :.
: . . ,;
-18- 1~ 7~9~ 1 Figure 2 illustrates in functional block diagram form those devices comprising ~he automated teller machine 15 of Figure 1 which contribu-te to the security of banking transactions while the automated teller machine is on-line, i.e., in communication wi~h the cen~ral computer 10.
As before described~ a customer desiring to transact business with a banking institu~ion may insert a customer 10 card into the card read/write unit 22. PIN OFFSET 1, ACCN, BIN, and transaction limitation data is read from the card, and tra~sferred to the TEC 18. In response to the infor mation read from the customer caxd, the TEC 18 first verifies ; the c~stomex account n~mber, ACCN, If ~he account number 15 is valid, the TEC issues a message on the video terminal 20 to instruc~ ~he cus~omer to enter a P~N number and trans-action data on the keyboard 19. The TEC thereafter logi-cally generates TREQ and TRAN 1 in response to the custom-er's keyboard entrie~, and rorwards TREQ, ACCN, TRAN 1 and 20 transaction limitation data to the central computer 10 by way of the ITC 12. The central computer uses the ACCN
and transaction limitation data to compare the customer's account balance against the transaction reques~. If the transaction re~ueYt does not exceed the account balance 25 or other transactlon limits the central computer issues , ' -19- 1 3 ~5~4 ~
an authorization signal to ITC 12. The ITC 12 thereupon generates TRAN 2 which is a function of TR~N 1 and switch system 13 settings.
The TEC 18 waits a predetermined time period to receive either a TRAN 2 signal or a transaction cancellation messaae frcm the ITC 12. If a signal is not recei~ed ~ithin the time period, the TEC 18 terminates the transaction. If the TRAN 2 signal is received from the ITC 12 within the pre-determined time period, however, the TEC forwards ACCM, BIM, TRAN 1 and PIN to the SIB 24~ In res~onse to the information received from the TEC, the SI3 generates TRAN 2' as a function of TRAN 1 and the switch settings of logic switch system 27a. The SIB further generates PIN OFFSET 2 as a function of PIN, ACCN, and BIN. In the alternative, either one of the independen~ variables comprising PIN OFFSET 2 may be superseded by a switch setting in logic switch system 27b, ox the switch setting may be added as an additional independent variable to place further control in the bankina institution and increase the flexibility of the system. Any such change in the encoding of PIN OFFSET 2, however, must be mirrored in PI~T OFFSET 1 by a rewriting of such codes on customer cards. Such a flexibility provides protection a~ainst the counterfeiting or theft of customer cards without reauiring hardware or so~tware changes in the automated teller machine.
~he SIB 24 forwar~s the T~N 2' and PIN OF~SET 2 ' ., , .
.
-20- ~ 75~ ~
i ., signals to the T~C 18 which compares TRAN 2 with TRAN 2' as before described. I~ an equivalency occurs, the TEC compares PIN OFFSET l with PIN OFFSET 2. Upon the occurrence of an equivalence, ~he TEC issues transaction con~rol commands to the SIB 24 to deposit cash received from the customer or to dispense cash units to the customer. In the event that cash is to be dispensed ~o ~he customer, the logic switch system 27c may be usad to lLmit the number of cash units which may be dispensed to a customer in respons~ to any single reques~.
The logic switch systems 27a - 27c which comprise the logic switch sys~ems 27 of Figure l pro~ide a further security measure in that each o ~he switch systems are wholly contained withi~ the r~mote terminal and inaccessible to customers and unauthorized users. The switch systems may be comprised of a plurality of switch arrays, each array addressabLe by a binary code. The parameters used by the ITC 12 and S~B 24 as represented - by the logic switch systems, therefore, may be changed by merely changing the address code applied to the switch systems.
By periodically addressing di~ferent switch arrays in the switch systems, a~d by p~riodically changing the switch settings, the repeated use o~ simulated Qignals and stolen or coun~er~eit customer cards may be prevented.
~ ~1 7~9~ ~
FIGURES 3 and 4 Figures 3 and 4 illustrate in block diaqram form an alternative embodiment of the banking system of Fiaure 1 for on-line operations, and for of-line operations where no communication with a central compu~er occurs.
Referrina to Fi~ure 3, the ITC 12 may be located at a site remote to both the central computer 10 and the automated teller machine 15. The ITC 12 is in electrical com~unication with a disc unit 28, a logic switch system 29, and the central computer 10 by way of a modem 30 and a transmission line 31.
The ITC 12 further is in electrical communication with the automated teller machine 15 by way of a transmission line 32 ha~in~ modems 33 and 34. It is to be understood that the ITC 12 may he in communication with a plurality of other remote automated teller machines by way o~ communication lines 35.
Durina o~f-line operations, the ITC 12 assu~e~ the functions normally performed by the central computer durin~
on-line operations. More particularly, the ITC 12 receives T~EQ, ACCN, TRAN 1 and transaction limitation data ~rom the TEC 18 as before described. The ITC uses the ACCN number to Zo access customer account information stored on the disc unit 28. The transaction request as represented by TREO then i5 compared aoains~ the account balance and the ~ransaction limits. If the transaction request~does not eaual or exceed . . . . . . . . . .
. . , , . :
- :: , . .,:
: - - : , ,. , . ~ . .
.. ~
~ ~59~:l -2la-the account ~alance, or e~ceed transaction limits, the ITC updates the account information on disc 28, and generates TRAN 2 as a function of TRAN 1 and the settings of logic switch system 29 known only to bank officials.
5 The logic switch system 29 is of the type previously described as logic switch systems 13 r and 27a~27c. The operation of the automated teller machine 15 procedes as before described in connection with the descri~tion of Figure 2.
.,.~ ' .
~ 3 7~9~ 1 When the automated teller machine enters an on-line i operation mcde, the ITC 12 transfers account and transaction information stored on disc 28 to the central computer 10 by way of a modem 30 and ~ransmission line 31. The ITC further S forwards TREQ, ACCN, TRAN 1 and transaction limita~ion data received from TEC 18 to the central computer 10 o Figure 1 by way of transmission line 31 for a ~ransaction validation.
In such an on-lin~ operatlon, the central computer uses the ACCN number to access the customer account stored in memory unit 11, and compares the transac~ion request against the account balance and limitation data~ If tha transaction request does not equal or exceed the account balance or other tran~action limi~s, the ce~tral computer shall issue an authori-zation signal tc transmission line 31.
Referring to Figure 4, the computer 10 is in electrical communication with transmission line 31 by way of a modem 36 and one of ~he communication cables lOa. When an authorization signal is issued to the ITC 12 by way of transmission line 31, the signal may be intercepted and later simulated by an unauthorized user. In the preferred embodiment discl~sed herein, howe~er, ~he authorization signal is a function of TRAN 1 and a logic code supplied to the computer 10 by a logic switch system 37. The logic switch system 37 is of the same type as the logic switch system 29 o~ Figure 3, and is under the sole control of bank officials. By periodically changing 1 ~ ~5~4 ~
the switch settings of the logic switch system 37, the repeated use of an authoriza~ion signal by an unauthorized user monitoring the transmission line 31 may be prevented.
As before ~tated, the mere simulation o an authorization signal alone does not penetrate the security of the ~ank-ing system.
It is to be understood that the swi-tch settings of the logic switch system 37 must be duplicated in the logic switch system 29 of Figure 3 for the ITC 1~ to recognize an authoriza-tion signal. Upon receiving an authorization signal from the computer lO, the ITC generates TRAN 2 as a function o TRAN 1 and the settings of logic switch system 29. ~he operation of the au~omated teller machine 15 then continues as before d~scribed in connection with the de~cription of Figure 2.
The invention may be embodied in other specific ~orm5 wi~hout departing from the spirit or essentiaL characteristics thereof. The present embodiments are therefore to be con-sidered in all respects as illustrative and not restrictive,with the scope of the invention being indicated by the appended claims rather than by the foregoing description.
All changes which come within the meaning and range of equivalency of the claims are therefore inkended to be embraced therein.
What is claimed is:
,.~ ~ ...
.
Claims (5)
1. An automated banking system, including a central computer system located at a central site, which comprises a) plural data entry means located at a like plurality of remote sites and responsive to customer initiated action for providing binary information signals representative of a personal identification number (PIN), an account number (ACCN), a bank identification number (BIN), a number having a predetermined relationship with said PIN (PIN OFFSET 1), transaction data descriptive of a desired banking transaction, and transaction limits;
b) plural automated teller machines each located at any one of said remote sites and receiving said PIN, ACCN, BIN, PIN OFFSET 1, transaction data and transaction limits from an adjacent one of said plural data entry means for performing the following operations by way of signal paths wholly contained within said plural automated teller machines:
(1) validating said ACCN against resident binary customer account number codes, (2) generating a first transaction identi-fication number (TRAN 1), a transaction request (TREQ), a second transaction identi-fication number as a function of TRAN 1 (TRAN 2'), and a number which is a function of PIN, BIN and ACCN ( PIN OFFSET 2 ), (3) comparing TRAN 2' and a third transaction number which is a function of TRAN 1 (TRAN 2), (4) if TRAN 2 and TRAN 2' are equivalent, comparing PIN OFFSET 1 and PIN OFFSET
2, and (5) if PIN OFFSET 1 and PIN OFFSET 2 are equivalent, dispensing transaction items to said customer or receiving transaction items from said customer;
and c) plural controller means located either at said central site or at sites remote from both said central computer system and said plural automated teller machines, wherein each of said plural controller means is in electrical communication with said central computer system during on-line operations and in electrical communication with different pluralities of said plural automated teller machines during both on-line and off-line operations, and receiving TREQ, ACCN, TRAN 1 and said transaction limits from said plural automated teller machines for transfer to said central computer system during on-line operations, and for validating TREQ against said transaction limits and resident customer account information during off-line operations, and for generating TRAN 2 for transfer to a requesting one of said plural automated teller machines in the event TREQ is valid.
b) plural automated teller machines each located at any one of said remote sites and receiving said PIN, ACCN, BIN, PIN OFFSET 1, transaction data and transaction limits from an adjacent one of said plural data entry means for performing the following operations by way of signal paths wholly contained within said plural automated teller machines:
(1) validating said ACCN against resident binary customer account number codes, (2) generating a first transaction identi-fication number (TRAN 1), a transaction request (TREQ), a second transaction identi-fication number as a function of TRAN 1 (TRAN 2'), and a number which is a function of PIN, BIN and ACCN ( PIN OFFSET 2 ), (3) comparing TRAN 2' and a third transaction number which is a function of TRAN 1 (TRAN 2), (4) if TRAN 2 and TRAN 2' are equivalent, comparing PIN OFFSET 1 and PIN OFFSET
2, and (5) if PIN OFFSET 1 and PIN OFFSET 2 are equivalent, dispensing transaction items to said customer or receiving transaction items from said customer;
and c) plural controller means located either at said central site or at sites remote from both said central computer system and said plural automated teller machines, wherein each of said plural controller means is in electrical communication with said central computer system during on-line operations and in electrical communication with different pluralities of said plural automated teller machines during both on-line and off-line operations, and receiving TREQ, ACCN, TRAN 1 and said transaction limits from said plural automated teller machines for transfer to said central computer system during on-line operations, and for validating TREQ against said transaction limits and resident customer account information during off-line operations, and for generating TRAN 2 for transfer to a requesting one of said plural automated teller machines in the event TREQ is valid.
2. An automated banking system including a central computer system located at a central site which comprises:
a) data entry means located at a remote site and responsive to customer initiated action for providing binary information signals representative of a personal identification number (PIN), an account number (ACCN), a bank identification number (BIN), a number having a predetermined relationship with said PIN (PIN OFFSET 1), transaction data descriptive of the banking transaction desired, and transaction limits;
b) first controller means located at said remote site and receiving said PIN, ACCN, BIN, PIN OFFSET 1, transaction data and transaction limits from said data entry means for performing the following operations:
(1) validating said ACCN against binary customer account number codes resident in said first controller means, (2) generating a first transaction identification number (TRAN 1), and a transaction request (TREQ), (3) comparing a second transaction number which is a function of TRAN 1 (TRAN 2) and a third transaction number which is a function of TRAN 1 (TRAN 2'), (4) if TRAN 2 and TRAN 2' are equivalent, comparing PIN OFFSET 1 and a number which is a function of PIN, BIN and ACCN (PIN OFFSET 2), and (5) if PIN OFFSET 1 and PIN OFFSET 2 are equivalent, issuing transaction control signals for exchanging transaction items with a customer;
c) second controller means located at said remote site and receiving PIN, BIN, ACCN, and TRAN 1 from said first controller means, and generating therefrom PIN
OFFSET 2 and TRAN 2' for transfer to said first controller means, and responsive to said transaction control signals for dispensing transaction items to said customer or receiving transaction items from said customer; and d) third controller means located at said central site and receiving TREQ, ACCN, TRAN1 and transaction limits from said first controller means for transfer to said central computer system, and receiving an auth-orization signal from said central computer system in the event TREQ does not exceed either said transaction limits or an account balance of said customer for generating TRAM 2 for transfer to said first controller means.
a) data entry means located at a remote site and responsive to customer initiated action for providing binary information signals representative of a personal identification number (PIN), an account number (ACCN), a bank identification number (BIN), a number having a predetermined relationship with said PIN (PIN OFFSET 1), transaction data descriptive of the banking transaction desired, and transaction limits;
b) first controller means located at said remote site and receiving said PIN, ACCN, BIN, PIN OFFSET 1, transaction data and transaction limits from said data entry means for performing the following operations:
(1) validating said ACCN against binary customer account number codes resident in said first controller means, (2) generating a first transaction identification number (TRAN 1), and a transaction request (TREQ), (3) comparing a second transaction number which is a function of TRAN 1 (TRAN 2) and a third transaction number which is a function of TRAN 1 (TRAN 2'), (4) if TRAN 2 and TRAN 2' are equivalent, comparing PIN OFFSET 1 and a number which is a function of PIN, BIN and ACCN (PIN OFFSET 2), and (5) if PIN OFFSET 1 and PIN OFFSET 2 are equivalent, issuing transaction control signals for exchanging transaction items with a customer;
c) second controller means located at said remote site and receiving PIN, BIN, ACCN, and TRAN 1 from said first controller means, and generating therefrom PIN
OFFSET 2 and TRAN 2' for transfer to said first controller means, and responsive to said transaction control signals for dispensing transaction items to said customer or receiving transaction items from said customer; and d) third controller means located at said central site and receiving TREQ, ACCN, TRAN1 and transaction limits from said first controller means for transfer to said central computer system, and receiving an auth-orization signal from said central computer system in the event TREQ does not exceed either said transaction limits or an account balance of said customer for generating TRAM 2 for transfer to said first controller means.
3. An automated banking system as set forth in Claim 2, further comprising:
a) first logic switch means located at said central site and in electrical communication with said third controller means for providing dynamically selectable parameters used in the generation of TRAN 2; and b) second logic switch means located at said remote site and in electrical communication with said second controller means for providing dynamically selectable parameters used in the generation or TRAN 2' and PIN OFFSET 2, and in the setting of limits on the cash flow to customers.
a) first logic switch means located at said central site and in electrical communication with said third controller means for providing dynamically selectable parameters used in the generation of TRAN 2; and b) second logic switch means located at said remote site and in electrical communication with said second controller means for providing dynamically selectable parameters used in the generation or TRAN 2' and PIN OFFSET 2, and in the setting of limits on the cash flow to customers.
4. An automated banking system including a central computer system located at a central site which comprises:
a) data entry means located at a first remote site and resposive to customer initiated action for providing binary information signals representative of a personal identification number (PIN), an account number (ACCN), a bank identification number (BIN), a number having a predetermined relationship with said PIN (PIN OFFSET 1), transaction data descriptive of the desired banking transaction, and transaction limits;
b) first controller means located at said first remote site and receiving said PIN, ACCN, BIN, PIN OFFSET 1, transaction data and transaction limits from said data entry means for performing the following operations:
(1) validating said ACCN against binary customer account number codes resident in said first controller means, (2) generating a first transaction identification number (TRAN 1), and a transaction request (TREQ), (3) comparing a second transaction number which is a function of TRAN 1 (TRAN 2) and a third transaction number which is a function of TRAN 1 (TRAN 2'), (4) if TRAN 2 and TRAN 2' are equivalent, comparing PIN OFFSET 1 and a number which is a function of PIN, BIN and ACCN (PIN OFFSET 2), and (5) if PIN OFFSET 1 and PIN OFFSET 2 are equivalent, issuing transaction control signals for exchanging transaction items with a customer;
c) second controller means located at said first remote site and receiving PIN, BIN, ACCN, and TRAN 1 from said first controller means, and generating therefrom PIN OFFSET 2 and TRAN 2' for transfer to said first controller means, and responsive to said transaction control signals for dispensing transaction items to said customer or receiving transaction items from said customer; and d) third controller means located at a second remote site and receiving TREQ, ACCN, TRAN 1 and said transaction limits from said first controller means for transfer to said central computer system, and receiving an authorization signal from said central computer system in the event TREQ does not exceed either said transaction limits or an account balance of said customer for generating TRAN 2 for transfer to said first controller means.
a) data entry means located at a first remote site and resposive to customer initiated action for providing binary information signals representative of a personal identification number (PIN), an account number (ACCN), a bank identification number (BIN), a number having a predetermined relationship with said PIN (PIN OFFSET 1), transaction data descriptive of the desired banking transaction, and transaction limits;
b) first controller means located at said first remote site and receiving said PIN, ACCN, BIN, PIN OFFSET 1, transaction data and transaction limits from said data entry means for performing the following operations:
(1) validating said ACCN against binary customer account number codes resident in said first controller means, (2) generating a first transaction identification number (TRAN 1), and a transaction request (TREQ), (3) comparing a second transaction number which is a function of TRAN 1 (TRAN 2) and a third transaction number which is a function of TRAN 1 (TRAN 2'), (4) if TRAN 2 and TRAN 2' are equivalent, comparing PIN OFFSET 1 and a number which is a function of PIN, BIN and ACCN (PIN OFFSET 2), and (5) if PIN OFFSET 1 and PIN OFFSET 2 are equivalent, issuing transaction control signals for exchanging transaction items with a customer;
c) second controller means located at said first remote site and receiving PIN, BIN, ACCN, and TRAN 1 from said first controller means, and generating therefrom PIN OFFSET 2 and TRAN 2' for transfer to said first controller means, and responsive to said transaction control signals for dispensing transaction items to said customer or receiving transaction items from said customer; and d) third controller means located at a second remote site and receiving TREQ, ACCN, TRAN 1 and said transaction limits from said first controller means for transfer to said central computer system, and receiving an authorization signal from said central computer system in the event TREQ does not exceed either said transaction limits or an account balance of said customer for generating TRAN 2 for transfer to said first controller means.
5. An automated banking system as set forth in Claim 4, further comprising:
a) first logic switch means located at said central site and in electrical communication with said central computer for providing dynamically selectable parameters for use by said central computer in encrypting said authorization signal;
b) second logic switch means located at said second remote site and in electrical communication with said third controller means for providing dynamically selectable parameters used in the generation of TRAN 2;
c) memory means located at said second remote site and in electrical communication with said third controller means for recording bank transactions and providing customer account information during off-line operations in which said third controller means assumes the function of said central computer system; and d) third logic switch means located at said first remote site and in electrical communication with said second controller means for providing dynamically selectable parameters used in the generation of TRAN 2' and PIN OFFSET 2, and in the setting of limits on the cash flow to customers.
a) first logic switch means located at said central site and in electrical communication with said central computer for providing dynamically selectable parameters for use by said central computer in encrypting said authorization signal;
b) second logic switch means located at said second remote site and in electrical communication with said third controller means for providing dynamically selectable parameters used in the generation of TRAN 2;
c) memory means located at said second remote site and in electrical communication with said third controller means for recording bank transactions and providing customer account information during off-line operations in which said third controller means assumes the function of said central computer system; and d) third logic switch means located at said first remote site and in electrical communication with said second controller means for providing dynamically selectable parameters used in the generation of TRAN 2' and PIN OFFSET 2, and in the setting of limits on the cash flow to customers.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US221,674 | 1980-12-30 | ||
| US06/221,674 US4390968A (en) | 1980-12-30 | 1980-12-30 | Automated bank transaction security system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA1175941A true CA1175941A (en) | 1984-10-09 |
Family
ID=22828840
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA000393342A Expired CA1175941A (en) | 1980-12-30 | 1981-12-29 | Automated bank transaction security system |
Country Status (5)
| Country | Link |
|---|---|
| US (1) | US4390968A (en) |
| EP (1) | EP0055580A3 (en) |
| JP (1) | JPS57172469A (en) |
| AU (1) | AU540452B2 (en) |
| CA (1) | CA1175941A (en) |
Families Citing this family (65)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6507823B1 (en) | 1904-05-29 | 2003-01-14 | Pierre Hercules Nel | System and method for on-line purchasing of goods and services |
| DE3302628A1 (en) * | 1982-01-30 | 1983-08-18 | Sharp K.K., Osaka | CASH BILLING SYSTEM |
| EP0112944B1 (en) * | 1982-12-30 | 1987-03-04 | International Business Machines Corporation | Testing the validity of identification codes |
| JPS59151261A (en) * | 1983-02-18 | 1984-08-29 | Fujitsu Ltd | Dealing securing system |
| JPS59186081A (en) * | 1983-04-08 | 1984-10-22 | 株式会社日立製作所 | System of verifying dealer |
| GB2146815A (en) * | 1983-09-17 | 1985-04-24 | Ibm | Electronic fund transfer systems |
| US4593374A (en) * | 1983-10-18 | 1986-06-03 | Rca Corporation | Teletext magazine code detector |
| DE3417766A1 (en) * | 1984-05-12 | 1985-11-14 | Betriebswirtschaftliches Institut der Deutschen Kreditgenossenschaften BIK GmbH, 6000 Frankfurt | WORKING METHOD AND DEVICE FOR ELECTRONICALLY AUTHORIZED DETECTING A MATTER |
| US4677552A (en) * | 1984-10-05 | 1987-06-30 | Sibley Jr H C | International commodity trade exchange |
| US4648038A (en) * | 1984-11-21 | 1987-03-03 | Lazard Freres & Co. | Methods and apparatus for restructuring debt obligations |
| US4785417A (en) * | 1986-04-28 | 1988-11-15 | Pitney Bowes Inc. | Electronic postage meter having an out of sequence checking arrangement |
| US4823265A (en) * | 1987-05-11 | 1989-04-18 | Nelson George E | Renewable option accounting and marketing system |
| US5361341A (en) * | 1987-10-02 | 1994-11-01 | Sgs-Thomson Microelectronics, S.A. | Device for enabling the use of the contents of memory areas of an electronic microprocessor system |
| US5220501A (en) * | 1989-12-08 | 1993-06-15 | Online Resources, Ltd. | Method and system for remote delivery of retail banking services |
| US5870724A (en) | 1989-12-08 | 1999-02-09 | Online Resources & Communications Corporation | Targeting advertising in a home retail banking delivery service |
| US5321242A (en) * | 1991-12-09 | 1994-06-14 | Brinks, Incorporated | Apparatus and method for controlled access to a secured location |
| US5451757A (en) * | 1990-04-22 | 1995-09-19 | Brink's Incorporated | Apparatus and method for controlled access to a secured location |
| DE4126809A1 (en) * | 1991-08-09 | 1993-02-11 | Deutsche Telephonwerk Kabel | Finance transaction handling system using cheque or charge card - has card identified and read to carry out transaction with personal identification number with print=out onto form or cheque |
| US5731575A (en) * | 1994-10-26 | 1998-03-24 | Zingher; Joseph P. | Computerized system for discreet identification of duress transaction and/or duress access |
| CN1201554C (en) * | 1994-11-07 | 2005-05-11 | 应求兑现有限公司 | Method and system for remote terminal dial-up |
| US7882032B1 (en) | 1994-11-28 | 2011-02-01 | Open Invention Network, Llc | System and method for tokenless biometric authorization of electronic communications |
| US6950810B2 (en) * | 1994-11-28 | 2005-09-27 | Indivos Corporation | Tokenless biometric electronic financial transactions via a third party identicator |
| US7613659B1 (en) | 1994-11-28 | 2009-11-03 | Yt Acquisition Corporation | System and method for processing tokenless biometric electronic transmissions using an electronic rule module clearinghouse |
| US7248719B2 (en) * | 1994-11-28 | 2007-07-24 | Indivos Corporation | Tokenless electronic transaction system |
| US6397198B1 (en) | 1994-11-28 | 2002-05-28 | Indivos Corporation | Tokenless biometric electronic transactions using an audio signature to identify the transaction processor |
| US20040128249A1 (en) * | 1994-11-28 | 2004-07-01 | Indivos Corporation, A Delaware Corporation | System and method for tokenless biometric electronic scrip |
| US6230148B1 (en) | 1994-11-28 | 2001-05-08 | Veristar Corporation | Tokenless biometric electric check transaction |
| US7152045B2 (en) | 1994-11-28 | 2006-12-19 | Indivos Corporation | Tokenless identification system for authorization of electronic transactions and electronic transmissions |
| US6154879A (en) * | 1994-11-28 | 2000-11-28 | Smarttouch, Inc. | Tokenless biometric ATM access system |
| US7631193B1 (en) | 1994-11-28 | 2009-12-08 | Yt Acquisition Corporation | Tokenless identification system for authorization of electronic transactions and electronic transmissions |
| US6269348B1 (en) | 1994-11-28 | 2001-07-31 | Veristar Corporation | Tokenless biometric electronic debit and credit transactions |
| FR2728363A1 (en) * | 1994-12-20 | 1996-06-21 | Sgs Thomson Microelectronics | DEVICE FOR PROTECTING ACCESS TO MEMORY WORDS |
| US6293469B1 (en) | 1994-12-20 | 2001-09-25 | Dh Technology Inc. | Transaction printer |
| US5794230A (en) * | 1996-03-15 | 1998-08-11 | Microsoft Corporation | Method and system for creating and searching directories on a server |
| US6945457B1 (en) | 1996-05-10 | 2005-09-20 | Transaction Holdings Ltd. L.L.C. | Automated transaction machine |
| US5913203A (en) * | 1996-10-03 | 1999-06-15 | Jaesent Inc. | System and method for pseudo cash transactions |
| US6363364B1 (en) | 1997-03-26 | 2002-03-26 | Pierre H. Nel | Interactive system for and method of performing financial transactions from a user base |
| US6990458B2 (en) * | 1997-08-28 | 2006-01-24 | Csg Systems, Inc. | System and method for computer-aided technician dispatch and communication |
| US6119931A (en) * | 1997-10-02 | 2000-09-19 | Novogrod; John C. | System and method for requesting and dispensing negotiable instruments |
| US5993047A (en) * | 1997-10-02 | 1999-11-30 | John C. Novogrod | Apparatus and method for requesting and dispensing negotiable instruments |
| US6081792A (en) * | 1998-01-15 | 2000-06-27 | Usa Payment, Inc. | ATM and POS terminal and method of use thereof |
| US6980670B1 (en) * | 1998-02-09 | 2005-12-27 | Indivos Corporation | Biometric tokenless electronic rewards system and method |
| US6131811A (en) | 1998-05-29 | 2000-10-17 | E-Micro Corporation | Wallet consolidator |
| US7357312B2 (en) | 1998-05-29 | 2008-04-15 | Gangi Frank J | System for associating identification and personal data for multiple magnetic stripe cards or other sources to facilitate a transaction and related methods |
| AU2001243658B2 (en) | 2000-03-15 | 2005-12-15 | Mastercard International Incorporated | Method and system for secure payments over a computer network |
| US7379919B2 (en) | 2000-04-11 | 2008-05-27 | Mastercard International Incorporated | Method and system for conducting secure payments over a computer network |
| US20100223186A1 (en) * | 2000-04-11 | 2010-09-02 | Hogan Edward J | Method and System for Conducting Secure Payments |
| US20100228668A1 (en) * | 2000-04-11 | 2010-09-09 | Hogan Edward J | Method and System for Conducting a Transaction Using a Proximity Device and an Identifier |
| US6805288B2 (en) | 2000-05-15 | 2004-10-19 | Larry Routhenstein | Method for generating customer secure card numbers subject to use restrictions by an electronic card |
| US9165323B1 (en) | 2000-05-31 | 2015-10-20 | Open Innovation Network, LLC | Biometric transaction system and method |
| US7565329B2 (en) * | 2000-05-31 | 2009-07-21 | Yt Acquisition Corporation | Biometric financial transaction system and method |
| JP2003087238A (en) * | 2001-09-11 | 2003-03-20 | Hitachi Ltd | Security realizing system in domestic network |
| US7195154B2 (en) * | 2001-09-21 | 2007-03-27 | Privasys, Inc. | Method for generating customer secure card numbers |
| US7451917B2 (en) | 2002-01-11 | 2008-11-18 | Hand Held Products, Inc. | Transaction terminal comprising imaging module |
| US7472825B2 (en) * | 2002-01-11 | 2009-01-06 | Hand Held Products, Inc. | Transaction terminal |
| US7479946B2 (en) * | 2002-01-11 | 2009-01-20 | Hand Held Products, Inc. | Ergonomically designed multifunctional transaction terminal |
| US20030132293A1 (en) * | 2002-01-11 | 2003-07-17 | Hand Held Products, Inc. | Transaction terminal including raised surface peripheral to touch screen |
| US7748620B2 (en) | 2002-01-11 | 2010-07-06 | Hand Held Products, Inc. | Transaction terminal including imaging module |
| US7313635B1 (en) * | 2002-03-21 | 2007-12-25 | Cisco Technology | Method and apparatus for simulating a load on an application server in a network |
| US20050080677A1 (en) * | 2003-10-14 | 2005-04-14 | Foss Sheldon H. | Real-time entry and verification of PIN at point-of-sale terminal |
| US7461780B2 (en) | 2004-09-09 | 2008-12-09 | Global Cash Access, Inc. | System and method for checkless cash advance settlement |
| US8874477B2 (en) | 2005-10-04 | 2014-10-28 | Steven Mark Hoffberg | Multifactorial optimization system and method |
| US9324076B2 (en) * | 2006-06-02 | 2016-04-26 | First Data Corporation | PIN creation system and method |
| US9792463B2 (en) * | 2011-07-28 | 2017-10-17 | Kenneth L. Miller | Combination magnetic stripe and contactless chip card reader |
| US10069958B1 (en) | 2017-07-20 | 2018-09-04 | Bank Of America Corporation | Dynamic mobile authorization advancement system |
Family Cites Families (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US3956615A (en) * | 1974-06-25 | 1976-05-11 | Ibm Corporation | Transaction execution system with secure data storage and communications |
| US4025760A (en) * | 1975-08-14 | 1977-05-24 | Addressograph Multigraph Corporation | Security means for transaction terminal system |
| US4025905A (en) * | 1975-11-28 | 1977-05-24 | Incoterm Corporation | System for on-line processing of banking transactions |
| US4075460A (en) * | 1975-11-28 | 1978-02-21 | Incoterm Corporation | Cash dispensing system |
| US4214230A (en) * | 1978-01-19 | 1980-07-22 | Rolf Blom | Personal identification system |
| US4234932A (en) * | 1978-09-05 | 1980-11-18 | Honeywell Information Systems Inc. | Security system for remote cash dispensers |
| US4315101A (en) * | 1979-02-05 | 1982-02-09 | Atalla Technovations | Method and apparatus for securing data transmissions |
| US4321672A (en) * | 1979-11-26 | 1982-03-23 | Braun Edward L | Financial data processing system |
-
1980
- 1980-12-30 US US06/221,674 patent/US4390968A/en not_active Expired - Fee Related
-
1981
- 1981-12-22 EP EP81306021A patent/EP0055580A3/en not_active Withdrawn
- 1981-12-24 AU AU78874/81A patent/AU540452B2/en not_active Ceased
- 1981-12-29 CA CA000393342A patent/CA1175941A/en not_active Expired
- 1981-12-29 JP JP21607781A patent/JPS57172469A/en active Pending
Also Published As
| Publication number | Publication date |
|---|---|
| AU7887481A (en) | 1982-07-08 |
| EP0055580A2 (en) | 1982-07-07 |
| AU540452B2 (en) | 1984-11-15 |
| EP0055580A3 (en) | 1982-09-22 |
| JPS57172469A (en) | 1982-10-23 |
| US4390968A (en) | 1983-06-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA1175941A (en) | Automated bank transaction security system | |
| US4234932A (en) | Security system for remote cash dispensers | |
| US4304990A (en) | Multilevel security apparatus and method | |
| US4357529A (en) | Multilevel security apparatus and method | |
| US4075460A (en) | Cash dispensing system | |
| US4328414A (en) | Multilevel security apparatus and method | |
| US4386266A (en) | Method for operating a transaction execution system having improved verification of personal identification | |
| CA1252566A (en) | Transaction system with off-line risk assessment | |
| EP0385400B1 (en) | Multilevel security apparatus and method with personal key | |
| US4114027A (en) | On-line/off-line automated banking system | |
| US4186871A (en) | Transaction execution system with secure encryption key storage and communications | |
| US5163098A (en) | System for preventing fraudulent use of credit card | |
| KR20010025234A (en) | A certification method of credit of a financing card based on fingerprint and a certification system thereof | |
| US5162638A (en) | Process for protection against fraudulent use of smart cards, and device for use of the process | |
| JPH10154192A (en) | Electronic money system and recording medium | |
| US6805296B2 (en) | Processing method and system of data management for IC card | |
| EP1074951A1 (en) | Settlement system and card | |
| JPWO2002075676A1 (en) | Automatic transaction apparatus and transaction method therefor | |
| JPH06103441A (en) | Automatic pay-out processing system | |
| KR100468154B1 (en) | System and method for business of electronic finance bases of smart card | |
| JP3629891B2 (en) | Electronic money control apparatus and control method thereof | |
| AU2021103044A4 (en) | A system and a method for performing secure transaction in atm | |
| JP4008186B2 (en) | IC card, IC card system, IC card holder authentication method | |
| JP2002123775A (en) | Card use propriety judging method | |
| JP3125111B2 (en) | Trading system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MKEC | Expiry (correction) | ||
| MKEX | Expiry |