USH1794H - Secure money transfer techniques using hierarchical arrangement of smart cards - Google Patents

Secure money transfer techniques using hierarchical arrangement of smart cards Download PDF

Info

Publication number
USH1794H
USH1794H US08/959,290 US95929097A USH1794H US H1794 H USH1794 H US H1794H US 95929097 A US95929097 A US 95929097A US H1794 H USH1794 H US H1794H
Authority
US
United States
Prior art keywords
smart card
security
smart
card reader
pin
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US08/959,290
Inventor
David Michael Claus
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
AT&T Corp
Nokia of America Corp
Original Assignee
AT&T Corp
Lucent Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US08/194,186 external-priority patent/US5461217A/en
Application filed by AT&T Corp, Lucent Technologies Inc filed Critical AT&T Corp
Priority to US08/959,290 priority Critical patent/USH1794H/en
Application granted granted Critical
Publication of USH1794H publication Critical patent/USH1794H/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F9/00Details other than those peculiar to special kinds or types of apparatus
    • G07F9/002Vending machines being part of a centrally controlled network of vending machines

Definitions

  • This invention relates generally to smart cards, and more particularly to systems and methods for providing secure money transfers between smart cards and financial institutions.
  • Smart cards are arranged in a smart card hierarchy, the hierarchy including a first smart card at a first hierarchical level and a second smart card at a second hierarchical level higher than the first hierarchical level.
  • a smart card reader is equipped to read smart cards and to accept personal identification (PIN) number inputs.
  • PIN personal identification
  • a first PIN number is stored on the first smart card, the first PIN number corresponding to the first hierarchical level.
  • a first security key is also stored on the first smart card.
  • a second PIN number is stored on the second smart card, the second PIN number corresponding to the second hierarchical level.
  • a second security key is stored on the second smart card.
  • the PIN numbers and security keys are used to selectively lock and/or unlock a smart card.
  • FIG. 1 is a block diagram showing a secure smart card money transfer system
  • FIG. 2 is a chart which describes a secure financial transaction between two smart cards
  • FIG. 3 is a flowchart which sets forth the operational sequence for implementing a secure smart card financial transaction
  • FIGS. 4A and 4B together comprise a flowchart which describes the steps of a cardholder-to-cardholder transaction
  • FIGS. 5A and 5B together comprise a flowchart which sets forth the procedure for updating/changing security keys, and for adding interest to money stored on smart cards;
  • FIG. 6 is a block diagram showing the data structures which are transferred from a first smart card to a second smart card during a financial transaction
  • FIG. 7 is a block diagram describing the data structures used by user smart cards.
  • an electronic money vault including a processing device coupled to a data storage drive.
  • an electronic money vault may be implemented by a conventional personal computer, by a mainframe computing device, by a smart card, or by any other hardware configuration that includes a microprocessor and memory.
  • FIG. 1 is a block diagram setting forth hardware components and data structures for a smart card secure money transfer system.
  • smart card 102 may represent the electronic money vault, it being understood that another type of electronic money vault could be used in place of smart card 102.
  • this computer would be coupled to smart card reader network 106 (described in greater detail hereinafter) using techniques well-known to those skilled in the art.
  • the system of FIG. 1 provides for adding interest payments to money stored on a smart card, and for checking the amount of money (account balance) stored on a smart card. Activities such as the transfer of money between smart cards, adding interest payments to a smart card, and checking account balances are referred to as financial transactions.
  • Smart cards 102, 104 are provided to a plurality of cardholders, including a first smart card 102 provided to a first cardholder and a second smart card 104 provided to a second cardholder, each smart card 102, 104 being capable of participating in one or more financial transactions involving electronic money stored on the smart card.
  • the first cardholder may be, for example, a bank, a merchant, or a consumer.
  • the second cardholder may be blank, a merchant, or a consumer. If a cardholder is a merchant or a consumer, the smart card held by this cardholder is referred to as a user smart card.
  • bank smart card the smart card provided to the bank is termed a bank smart card.
  • Banks may be organized into a plurality of regions, each region consisting of one or more branch banks. In this situation, three subtypes of bank smart cards may be utilized, such as bank center smart cards, bank region smart cards, and bank branch smart cards.
  • Bank center smart cards are used to provide one or more electronic security keys to other smart cards, such as other bank smart cards, smart cards held by merchants, and/or smart cards held by consumers. These security keys may be updated (i.e., periodically changed) to allow and/or to disallow the transfer of money to/from a smart card.
  • banks at some or all of the aforementioned hierarchical levels may use types of electronic money vaults other than smart cards, such as, for example, personal computers or mainframe computers, in place of the bank smart card. Therefore, the following discussion of interest payments between banks is applicable irrespective of whether the electronic money vaults are implemented using smart cards or, for example, mainframe computers.
  • Bank center smart cards are used to provide interest payments to other smart cards, such as to other bank smart cards and to user smart cards (cards held by merchants or consumers). Interest payments can be implemented in a hierarchical manner with respect to a predefined smart card hierarchy. For example, a bank center smart card may be employed to provide interest payments to bank region smart cards. Similarly, the bank region smart cards may be used to provide interest payments to bank branch smart cards, which, in turn, provide interest payments to smart cards held by consumers and merchants. Thus, the smart card hierarchy in this example is structured such that a bank center smart card is at the top of the hierarchy, followed by bank region smart cards and bank branch smart cards. User smart cards are at the bottom of the hierarchy. The mechanics of interest payments will be described in greater detail hereinafter with reference to FIG. 1.
  • Each smart card 102, 104 contains the data structures and hardware blocks described below in conjunction with FIG. 1, irrespective of whether the smart card is a user smart card or a bank smart card.
  • smart card 102 may actually represent any hardware configuration having a processing device coupled to a data storage device. Irrespective of whether a smart card or some other type of hardware configuration is employed for the electronic money vault, the security keys and security key storage registers described below are implemented, stored, and processed using a data storage device coupled to a processor. Therefore, even though the discussion below assumes that the electronic money vault is smart card 102, this discussion is also applicable to the case where a personal computer or a mainframe computer is used in place of smart card 102 to implement electronic money vault.
  • Each smart card 102, 104 contains a security key storage register 112, 128, respectively, for the storage of an electronic security key.
  • the security key storage register 112, 128 may be provided in the form of random-access memory (RAM).
  • the security key register 112, 128 is coupled to a security key register input device 118, 124, respectively, which is adapted to accept input from a smart card reader network 106. In this manner, an electronic security key may be transferred from the smart card reader network 106 into the smart card security key storage register 112.
  • the security key register input device 118, 124 is equipped to accept input data in accordance with presently-existing smart card data input/output (I/O) techniques well-known to those skilled in the art.
  • I/O smart card data input/output
  • a security key register output device 114, 130 is coupled to the security key storage register 112, 128, respectively. This output device 114, 130 is equipped to copy the contents of the security key storage register 112, 128, respectively, into the smart card reader network 106.
  • the security key storage register 112, 128 is coupled to a first input of a security key comparison device 110, 126, respectively.
  • a second input of the security key comparison device 110, 126 is connected to a security key comparison input device 116, 122, respectively.
  • the security key comparison device 110, 126 is equipped to compare the first input with the second input, and to generate a signal at a comparison device output, such that the generated signal is based upon the results of the comparison. If the first and second inputs are identical, the security key comparison device 110, 126 generates a match signal at the comparison device output. If the first and second inputs are not identical, the security key comparison device 110, 126 generates a no-match signal at the comparison device output.
  • the comparison device 110, 126 output is coupled to an electronic security lock 108, 120, respectively.
  • the security lock 108, 120 may be placed into any one of two mutually-exclusive states. In a first, locked state, the security lock 108, 120 disables the smart card 102, 104 from transferring money to another smart card. In a second, unlocked state, the security lock 108, 120 permits money to be transferred to another smart card.
  • the security lock 108, 120 is coupled to the output of comparison device 110, 126, respectively. When the comparison device 110, 126 produces the match signal, the security lock 108, 120 is placed into the second, unlocked state. The security lock 108, 120 is placed into the first, locked state upon receipt of a no-match signal from the comparison device 110, 126.
  • the functions of the electronic security lock 108, 120 and security key comparison device 110, 126 may be implemented using a microprocessor device of the type well-known to those skilled in the art and utilized in various existing smart card designs.
  • the functions of the security key storage register 112, 128 may be implemented using the microprocessor described above, and/or such a register may be provided in the form of random-access memory (RAM).
  • RAM random-access memory
  • the security key register input device 118, 124, the security key comparison input device 116, 122, and the security key register output device 114, 130 operate under the control of the above-described microprocessor, and may be implemented using conventional smart card data I/O devices which provide for the exchange of data between a smart card 102, 104 and a smart card reader network 106.
  • Conventional smart card data I/O devices and smart cards 102, 104 are well-known to those skilled in the art.
  • Smart card reader network 106 comprises a configuration of two or more conventional smart card reader ports, such as a first smart card reader port 141 and a second smart card reader port 143.
  • First and second smart card reader ports 141, 143 are of the type well-known to those skilled in the art, to permit substantially concurrent exchange of data between two smart cards 102, 104.
  • First smart card reader port 141 may be situated at a remote location with respect to second smart card reader port 143. Accordingly, first and second smart card reader ports 141, 143 are linked together over a communications link 150. In the case where smart card reader ports 141, 143 are widely-separated, this communications link 150 may comprise modems communicating over a conventional telephone connection.
  • smart card reader ports 141, 143 may be integrated into a single structure and connected using a communications link 150 comprising, for example, simple wire pairs.
  • First and second smart card reader ports 141, 143 may also include smart card holder input means, such as a keypad, to permit the entry of data such as PINs (personal identification numbers) by smart card holders.
  • These smart card reader ports 141, 143 include data input means 149, 151 and data output means 145, 147, for, respectively, accepting data from, and providing data to, a smart card.
  • the data output means 145 of smart card reader port 141 is linked to the data input means 151 of smart card reader port 143.
  • the data input means 149 of smart card reader port 141 is linked to the data output means 147 of smart card reader port 143.
  • the flow of data between smart card reader port 141 and smart card reader port 143 may be controlled by an optional smart card reader microprocessor internal to the smart card reader network 106.
  • the smart card reader microprocessor is of a type well-known to those skilled in the art. If a smart card reader microprocessor is not used, the microprocessors within the smart cards 102, 104 are employed to control the flow of data across smart card reader network 106.
  • the system of FIG. 1 operates as follows. Assume that money is to be transferred from smart card 102 to smart card 104. Smart card 102 is inserted into smart card reader port 141, and smart card 104 is inserted into smart card reader port 143. The microprocessor within smart card 102 exchanges initial handshaking information with the microprocessor of smart card 104 to ascertain that both smart cards are communicating across the smart card reader network 106. Next, the security key register output device 114 of smart card 102 sends a signal representing an electronic security key to data input means 149 of smart card reader network 106. The security key is transferred to the data output means 147, and conveyed to security key comparison input device 122 of smart card 104.
  • the security key comparison device 126 retrieves the security key stored in security key storage register 128 on smart card 104. If the comparison device 126 ascertains that the security key received from smart card 102 matches the security key stored in the security key storage register 128, the electronic security lock 120 within smart card 104 is unlocked to enable smart card 104 to participate in one or more financial transactions with smart card 102. If, however, the security key retrieved from security key storage register 128 does not match the security key received from smart card 102, smart card 104 is disabled from participating in all financial transactions.
  • the security key comparison process implemented by smart card 104 is also performed by smart card 102.
  • Smart card 104 retrieves the security key stored in security key storage register 128 and conveys the security key to security key register output device 130.
  • the security key is received by data input means 151 of smart card reader network 106, and sent to data output means 145.
  • the security key is forwarded by data output means 145 to security key comparison input device 116 of smart card 102.
  • Security key comparison input device 116 sends the security key to security key comparison device 110.
  • the security key stored in security key storage register 112 is sent to security key comparison device 110, where the security key from storage register 112 is compared with the security key received from smart card 104.
  • the security key comparison device 110 provides an "unlock" signal to electronic security lock 108 which unlocks the security lock, permitting smart card 102 to participate in one or more financial transactions with smart card 104. If, however, the security keys do not match, comparison device 110 provides a "lock" signal to electronic security lock 108. Electronic security lock 108 responds to the lock signal by disabling smart card 102 from participating in any financial transactions.
  • the electronic security locks 108, 120 of both smart cards 102, 104 must be unlocked in order to permit a financial transaction to take place between these smart cards. If the above-described exchange of security keys results in the locking of one or both of the electronic security locks 108, 120, no financial transactions can take place between smart cards 102 and 104.
  • each smart card 102, 104 contains one security key in security key storage register 112, 128, respectively.
  • security key was described for ease of illustration. Any desired number of security keys may be employed to meet the requirements of specific design applications.
  • each smart card 102, 104 employs four security keys which are stored in security key storage register 112, 128, respectively.
  • Security key comparison device 110 compares all four security keys stored in smart card 102 with all four security keys received from smart card 104.
  • security key comparison device 126 compares all four security keys stored in smart card 104 with all four security keys received from smart card 102. If at least two of the security keys match, the respective electronic security lock 108, 120 is unblocked. If less than two of the four security keys match, the respective security lock 108, 120 is locked.
  • the security keys can be updated and/or changed to provide improved system security.
  • Bank smart cards are used to update/change the security keys stored in user smart cards. More particularly, assume for purposes of this illustration that smart card 102 is a bank smart card. Bank smart cards are equipped to retrieve a security key from the bank smart card security key storage register 112 and convey the key to the bank smart card security key register output device 114 (user smart cards are also so equipped). The output device 114 sends the security key to data input means 149 of smart card reader network 106, along with a bank smart card signal which serves to identify bank smart cards from all other types of smart cards, such as user smart cards.
  • the security key and the bank smart card signal are conveyed to data output means 147.
  • the microprocessor of smart card 104 recognizes the bank smart card signal at data output means 147 and, in response to this signal, places the security key at data output means 147 into security key storage register.
  • security key storage register 1208 When the newly-received security key is placed into security key storage register 128, it replaces one of the previously-existing security keys stored in register 128, it replaces one of the previously-existing smart cards and bank smart cards are used to update/change one or more security keys in user smart cards.
  • the security keys are changed from time to time to provide an enhanced measure of security.
  • the keys can be changed periodically, i.e, at regular time intervals, or, alternatively, the keys may be changed at random time intervals, if desired.
  • the smart card money transfer system of FIG. 1 utilizes three types of software. These are exchange software, interest/key update software, and administration software. Exchange software enables money to be transferred from one smart card to another. Interest/key software enables interest payments to be made to a smart card, and administration software enables the performance of various administrative functions. These administrative functions may include, for example, updating a file which lists and identifies all "bad" smart cards, and/or updating a file containing the current interest rate to be paid to specific smart cards. "Bad" smart cards may include defective, failed, stolen, "foreign” (non-system) and/or counterfeit smart cards. A specially-designated administrative smart card may be used to perform the aforementioned administrative function, in conjunction with a card reader and a computer. This administrative card contains the hardware and data structures of FIG. 1. All software is executable on conventional personal computers, and/or on smart card reader software platforms which contain processing devices.
  • Some of the software used by the smart card money transfer system can reside on the smart cards 102, 104. If desired, this software can be placed into a ROM device on the smart card. For example, three programs may advantageously be placed onto the smart cards 102, 104. The first such program is a routine entitled exch.ini and provides the data structures and functions necessary to implement financial transactions. This program also enables the smart cards to receive electronic security keys and interest payments. This executable program preferably resides on all user smart cards, including bank center smart cards.
  • the second program which may reside on the smart cards 102, 104 is entitled int.exe, and provides the data structures and functions necessary to update electronic security keys.
  • the program also implements the process of giving interest to another bank smart card or to a user smart card such as a card held by a merchant or a consumer.
  • the third routine which may be placed on a smart card is entitled issue.exe, and permits an administrative smart card to issue a bank or user smart card.
  • the smart card money transfer system (FIG. 1) performs financial transactions which involve, for example, the transferring of money from one card to another. However, money is only “created” using a specially-designated bank center smart card having hardware and data structures as shown in FIG. 1.
  • the "creation” of money refers to the fact that, in this case, money is put onto a smart card without taking money from another smart card.
  • electronic security keys These keys are loaded into bank center smart cards by a system administrator, and are then electronically transferred to other smart cards via card reader network 106.
  • the smart cards may be organized into a hierarchical structure.
  • the top level includes one or more bank center smart cards
  • the second level includes one or more bank region smart cards
  • at the third level are bank branch smart cards
  • at the fourth level are the user smart cards which include merchant smart cards and consumer smart cards.
  • Security keys and interest payments flow down the hierarchical ladder from the top levels to the lower levels.
  • Security functions for the smart card financial transaction system are performed by one or more electronic security keys.
  • proprietary information may also be incorporated into the system to provide an enhanced level of security.
  • security is a relative concept. Practically speaking, irrespective of the level of technical sophistication employed, there is no such thing as an invulnerable security system. By way of example, it is certainly possible for people to make their own dollar bills. However, the cost is high, and the penalty is great for getting caught.
  • the security keys 112, 114, 116 provide a measure of security analogous to that provided by the dollar bill, in terms of the aforementioned costs and penalties.
  • security keys are such that all individuals involved in the implementation of security functions for the smart card financial transaction system could leave the system, but none of these individuals would be able to break the system without detection and immediate correction. To provide this level of security, it is not possible to rely solely on proprietary information. However, proprietary information is valuable in preventing attacks from outside individuals who were never affiliated with the security system. For this reason, proprietary information is combined with other forms of security to provide an enhanced level of security not otherwise possible.
  • Security keys are provided in the form of four application keys stored on each smart card 102, 104. These application keys are stored as numerical values in smart card 102, 104 memory. During each financial transaction with a bank center smart card, the numerical value stored in one application key is updated. Two valid application keys are required to successfully implement a financial transaction. The application keys stored in a bank center smart card are updated from time to time, for example, such that each application key is valid for one month. In this manner, the maximum amount of time that a cardholder can go without a bank transaction is three months. However, this number can be changed to meet the needs of specific system requirements by adding more application keys to each smart card, and/or by changing the amount of time for which each application key numerical value is valid. The bank could use eight keys and change one key per day. In this case, every smart card holder would have to hold a financial transaction with the bank at least once per week. Although the application keys may be periodically updated at regular time intervals, periodicity is not required. The application keys could be updated dynamically at irregular time intervals.
  • each smart card 102, 104 may be equipped with a file called KEY -- NUMBER.
  • This file specifies numerical values corresponding to specific application keys.
  • KEY -- NUMBER also stores the most recent date for which a key was updated. For example, the application key numerical values may be changed once per month, with numerical values 51, 52, 53, and 54 corresponding to months 51 through 54, respectively.
  • smart cards 102, 104 For two smart cards 102, 104 to implement a successful transfer of money, these smart cards must have at least two identical application keys. If smart card 102 contains application keys of 49, 50, 51, and 52, whereas smart card 104 contains application keys of 51, 52, 53, and 54, the money transfer can be successfully implemented, due to the presence of two identical keys--namely, 51 and 52. However, if the application keys of smart card 102 are 51, 52, 53, and 54 whereas the application keys of smart card 104 are 54, 55, 56, and 57, it would not be possible to implement a successful money transfer between these two smart cards 102, 104.
  • Each user smart card 102, 104 is assigned an account number of 16 digits (8 bytes). One or more of the smart cards 102, 104 may become lost or stolen. Such cards are known as "bad" cards, and are not allowed to receive application key updates.
  • Bank smart cards corresponding to each level in the smart card bank hierarchy mentioned above may be 8K smart cards equipped to store account numbers for up to 600 bad cards. Assuming that up to 10% of the user smart cards 102, 104 in a given system become lost or stolen (this figure conforms to the credit card industry norm), then one bank center smart card can manage a pool of 6000 user smart cards.
  • Managing a pool of 6000 user smart cards 102, 104 can be performed at the bank region hierarchical level.
  • one or more specific application key updates are limited to a predetermined section of account numbers, e.g., 40000 to 46000, such that these account numbers correspond to smart cards serviced by a given bank region, and/or a given branch bank.
  • account numbers e.g. 40000 to 46000
  • each bank branch only handles smart cards with account numbers in a certain range. If this assumption holds true, then only four bytes (the last four digits) of the account numbers need to be stored at the bank branch level.
  • a bank branch card can store 1200 bad card numbers and manage a pool of 24,000 user cards, assuming that only 5% of the user smart cards are on the bad card list any one time.
  • the next hierarchical level (say the "bank region") would be able to handle 6,000 bank branch smart cards.
  • the total number of customers in this scenario can thus be 144 MILLION.
  • another hierarchical level may be used, termed "bank center”.
  • the bank center smart card 103 can handle up to 6,000 bank region cards, and thus provide plenty of total system capacity.
  • smart card update time With respect to smart card update time, assume that it takes 10 seconds (maximum) to update a smart card. Further assume that 24,000 people want to update their keys in that one hour. The system must have the equivalent of 24 bank branch smart cards working full time. If the bank branch smart cards are duplicated, each of these cards is issued a different account number so that the generation process can be performed and managed by a smart card. A given smart card account number should never be issued more than once. Therefore, taking this reduction into account, the maximum number of user smart cards 102, 104 in a region is 6 million. Because the bank branch cards can be assigned update times, bank region cards need not be duplicated.
  • All security keys are generated by a bank center smart card which has the structure of smart card 102 and further includes a random number generator.
  • the security key storage register of the bank center smart card is loaded with the security keys necessary to generate and update all other smart cards. After the original card issuing process, this is how security key updates proceed.
  • a command is sent to the bank center card to update its date and security keys.
  • the bank center card generates a new security key using its random number generator and updates a first application key corresponding to this new security key and increments the KEY -- NUMBER file.
  • the KEY -- NUMBER file is updated with a new date.
  • a new interest rate can also be loaded into the bank center smart card at this time.
  • the bank center smart card updates its security keys, it has scheduled transactions with all of the bank region smart cards in order to update their security keys.
  • the bank region smart cards then update the bank branch smart cards.
  • the bank smart branch cards update the user smart cards.
  • money can only be added to one smart card when it is taken away from another smart card.
  • the exception to this is the bank center smart card.
  • a bank center card key exists which contains key values matching the application key values stored in the bank center smart card. Whoever holds this key can create money by updating this card's balance file. This person cannot read the application keys on the bank center card.
  • a bank region cardholder would request a transfer of say $1 million card dollars in exchange for a like transfer of money in another form. Approval is given by the bank center cardholder typing in the correct key (most likely a different key than that used to create money). This money goes down the pyramid of cards until it reaches the cardholders themselves.
  • the cards smart card 102 and smart card 104 may be any of the cards specified in FIG. 2.
  • FIG. 2 describes the nature of the financial transaction which may take place.
  • Smart card readers and PC software serve merely to connect the cards and provide user input.
  • a conventional smart card reader is used at both ends of the link, each sender having a keypad for PIN or key input (similar to an ATM or Telephone Adapter with small keypad). These readers are well-known to those skilled in the art.
  • smart card 102 (a first smart card) is inserted into first smart card reader port 141 (a first smart card reader).
  • the cardholder corresponding to the first smart card smart card 102 dials the telephone number (if the reader includes a Telephone Adapter) or chooses the correct menu item (if using an ATM or PC-based card reader) to dial up a host computer and/or another Telephone Adapter (block 302).
  • a second smart card is inserted into second smart card reader port 143 (a second smart card reader). Then smart card 102's cardholder enters "EXCH” or equivalent code into the reader first smart card reader port 141 keypad (block 304).
  • first smart card reader port 141 prompts for information needed to complete the financial transaction. This information may include:
  • first smart card reader port 141 lends a data packet to second smart card reader port 143 detailing the financial transaction (block 306).
  • second smart card reader port 143 prompts the cardholder corresponding to smart card 104 for information needed to complete the financial transaction.
  • This information may include:
  • second smart card reader port 143 sends a data packet detailing the financial transaction to first smart card reader port 141. If the data packets sent in blocks 306 and 308 are identical, then the card reader specified by the following table begins the transaction by sending a security key numerical value. Therefore it does not matter which cardholder begins the transaction; from this point on it follows a standard flow based on the transaction type.
  • FIGS. 4A and 4B describe the steps of a cardholder-to-cardholder transaction.
  • Smart card 102 stands for card 1 and is the card of the person "spending the money”.
  • smart card 102 is inserted and a card PIN is verified (this verification substep is optional for transactions less than an amount stored in a MIN -- TRANS file).
  • smart card 104 is inserted and PIN verified (this verification substep is optional for all cases) (block 402).
  • second smart card reader port 143 executes smart card 104's C -- EXCH.EXE program described previously, with input variables specifying a credit and an amount A1.
  • smart card 104 responds with the security key number of its first key.
  • second smart card reader port 143 sends this security key number to first smart card reader port 141 (block 404).
  • First smart card reader port 141 executes smart card 102's C -- EXCH.EXE program with input variables specifying debit, amount (A1) and smart card 104's key number. Smart card 102 responds with a key number equal to smart card 104's first, second, or third security keys. If none of the key numbers in smart card 102 and smart card 104 match, then smart card 102 cannot work with the proposed key set of smart card 104, and smart card 102 aborts the transaction and updates the BAD -- KEY file (block 405). At block 406, first smart card reader port 141 sends a response to second smart card reader port 143. Second smart card reader port 143 sends the key number response to smart card 104.
  • This key becomes the first security key (APPKEY0, or AK0 for short) for the rest of the transaction (block 407).
  • Smart card 102 continues response with packet 1 (P1) encrypted in APPKEY0 (AK0). This acts as a challenge to smart card 104.
  • Smart card 102 also updates it PASSBOOK file (block 408).
  • First smart card reader port 141 sends this packet to second smart card reader port 143 (block 409).
  • Smart card 104 responds with packet 2 (P2) encrypted in AK0. This is the response to the challenge and smart card 102 checks to make sure that the third field (public name) his been changed from P1 and is a valid name (contains only ASCII characters in a certain range).
  • Smart card 104 also updates its PASSBOOK file (block 410).
  • Second smart card reader port 143 sends this packet to first smart card reader port 141 (block 411). Smart card 104 continues response with packet 3 (P3) encrypted in APPKEY1 (AK1). This acts as a challenge to smart card 102 (block 412). Second smart card reader port 143 sends this packet to first smart card reader port 141 (block 413). Smart card 102 debits the amount from the card balance and updates the PASSBOOK file (block 414). Smart card 102 responds with packet 4 (P4) encrypted in AK1. This is the response to the challenge and smart card 104 checks to make sure that the third field (credit amount) has been changed from P3 to P4 and is a valid field (contains the correct credit code which is different from the debit code and contains the same amount as in P3).
  • P3 packet 3
  • AK1 APPKEY1
  • the BAD -- KEY file gets updated (block 415).
  • First smart card reader port 141 sends this packet second smart card reader port 143 (block 416).
  • Smart card 104 credits the amount to its card balance and updates the PASSBOOK file (block 417).
  • FIGS. 5A and 5B These are transactions between a user card and a bank branch card (or equivalently the branch and region card or the region and center card).
  • the following describes the steps of a cardholder-to-bank-branch transaction.
  • Smart card 102 stands for card 1 and is the card of the person "spending the money", in this case the bank branch.
  • Smart card 104 stands for card 2 and is the card of the person “receiving the money", in this case the cardholder.
  • Block 501 smart card 102 inserted and Verify PIN. This step is the equivalent of someone at the bank "loading" the bank branch card into a card reader.
  • Block 502 smart card 104 inserted and Verify PIN. This step assures that the proper cardholder still has the card and is similar to using your current card at an ATM (you can be photographed to later prove that it was you).
  • Block 503 second smart card reader port 143 executes smart card 104's C -- EXCH.EXE with argument 2 (receive interest). Smart card 104 responds with the key number of its APPKEY0 (0 to 255).
  • Block 504 second smart card reader port 143 sends the key number to first smart card reader port 141.
  • Block 505 first smart card reader port 141 executes smart card 102's C -- INT.EXE with argument 3 (give interest) and smart card 104's key number. Smart card 102 responds with a key number equal to smart card 104's APPKEY0, APPKEY1 or APPKEY2. If smart card 102 cannot work with the proposed key set, then it aborts the transaction and sets up an expired key file transaction.
  • Block 506 first smart card reader port 141 sends response to second smart card reader port 143.
  • Block 508 smart card 102 continues response with packet 1 (P1) encrypted in APPKEY0 (AK0). This acts as a challenge to smart card 104. Smart card 102 also updates its PASSBOOK file.
  • Block 509 first smart card reader port 141 sends this packet to second smart card reader port 143.
  • Block 511 second smart card reader port 143 sends this packet to first smart card reader port 141.
  • Block 512 smart card 104 continues response with packet 5 (P5) encrypted in APPKEY1 (AK1). This acts as a challenge to smart card reader port 141.
  • Smart card 102 also looks to see if smart card 104 needs a new key and, if so, supplies one in P6.
  • Block 515 smart card 102 responds with packet 6 (P6) encrypted in AK1. This is the response to the challenge and smart card 104 checks to make sure that the third through fifth fields have been changed from P5 and are valid.
  • Block 516 first smart card reader port 141 sends this packet to second smart card reader port 143.
  • the data packets shown in FIG. 6 may be transferred from a first smart card to a second smart card during a financial transaction.
  • Packet 1 contains the following fields and information: Field 601: Random Number.
  • the first field is an eight byte random number generated by smart card 102.
  • Field 602 Application Number.
  • the second field is the eight byte application ID number that is the same for all cardholder cards.
  • Field 603 Public Name.
  • the third field is an eight byte ASCII name of cardholder smart card 102.
  • Field 604 Account Number or Signature.
  • the fourth field is either an eight byte signature of the first three fields generated by smart card 102 using the card's APPKEY0 or just smart card 102's account number if privacy is not desired. These four fields are mixed (two bytes at a time from each field) and encrypted in an APPKEY0 and sent from smart card 102 to smart card 104.
  • Packet 2 contains the following fields and information: Field 611: Random Number.
  • the first field is the eight byte random number that was generated by smart card 102 and received in packet 1.
  • Field 612 Application Number.
  • the second field is the eight byte application ID number that is the same for all cardholder cards.
  • Field 613 Public Name.
  • the third field is an eight byte ASCII name of cardholder smart card 104.
  • Field 614 Account Number or Signature.
  • the fourth field is either an eight byte signature of the first three fields generated by smart card 104 using the card's key 0 or just smart card 104's account number if privacy is not desired. These four fields are mixed (two bytes at a time from each field) and encrypted in an APPKEY0 and sent from smart card 104 to smart card 102.
  • Packet 3 contains the following fields and information: Field 621: Random Number.
  • the first field is an eight byte random number that is generated by smart card 104.
  • Field 622 Application Number.
  • the second field is the eight byte application ID number that is the same for all cardholder cards.
  • Field 623 Debit Amount.
  • the third field is the amount to be debited from smart card 102's balance file.
  • Field 624 Account Number or Signature.
  • the fourth field is either an eight byte signature of the first three fields generated by smart card 104 using the card's key 0 or just smart card 104's account number if privacy is not desired. These four fields are mixed (two bytes at a time from each field) and encrypted in an APPKEY1 and sent from smart card 104 to smart card 102.
  • Packet 4 contains the following fields and information: Field 631: Random Number.
  • the first field is the eight byte random number that was generated by smart card 104 and received in packet 3.
  • Field 632 Application Number.
  • the second field is the eight byte application ID number that is the same for all cardholder cards.
  • Field 633 Credit Amount.
  • the third field is the amount to be credited to smart card 104's balance file.
  • Field 634 Account Number or Signature.
  • the fourth field is either an eight byte signature of the first three fields generated by smart card 102 using the card's key 0 or just smart card 102's account number if privacy is not desired. These four fields are mixed (two bytes at a time from each field) and encrypted in an APPKEY1 and sent from smart card 102 to smart card 104.
  • Packet 5 contains the following fields and information: Field 641: Random Number.
  • the first field is the eight byte random number that was generated by smart card 102 and received in packet 1.
  • Field 642 Application Number.
  • the second field is the eight byte application ID number that is the same for all cardholder cards.
  • Field 643 Balance.
  • the third field contains smart card 104's balance file and is 24 bytes long.
  • Field 644 Account Number or Signature.
  • the fourth field is either an eight byte signature of the first three fields generated by smart card 104 using the card's key 0 (AK0) or just smart card 104's account number if privacy is not desired. These four fields are mixed into 6 groups of 8 bytes and encrypted in an APPKEY0 and sent from smart card 104 to smart card 102.
  • Packet 6 contains the following fields and information: Field 651: Random Number. The first field is the eight byte random number that was generated by smart card 104 and received in packet 5. Field 652: Application Number. The second field is the eight byte application ID number that is the same for all cardholder cards. Field 653: Credit Amount. The third field is the amount to be credited to smart card 104's BALANCE file. Field 654: Date. The fourth field is the new date and interest rate for smart card 104's BALANCE file. Field 655: New Application Key. The fifth field is 8 bytes long and contains a new application key if smart card 104 does not have the latest key. Field 656. Account Number or Signature. The sixth field is smart card 102's account number because privacy and interest are mutually exclusive. These six fields are mixed into 6 groups of 8 bytes and encrypted in an APPKEY1 and sent from smart card 102 to smart card 104.
  • This file contains the balance amount of the card, the currency of the balance, the last date interest was logged, the serial number of the currency and the balance checksum.
  • the balance amount is 4 bytes long with 6 bits of each byte used to store value and 2 bits used as checksums.
  • the currency of the balance is 1 byte long with a different code for each currency.
  • the date of last interest is 4 bytes long with 2 digits for month, 2 digits for day and 4 digits for year.
  • the interest rate is 3 bytes long.
  • the serial number of the currency is 4 bytes long and represents a number unique to the card (possibly the account number encrypted with a master key).
  • the balance checksum is 8 bytes long and represents the first 8 bytes of the file encrypted by the second 8 bytes of the file and then encrypted by a master key.
  • the balance file is 24 bytes long.
  • KEY 13 INFO 709 This file stores the current APPKEY number and the last date that the keys were updated by the bank. It is 5 bytes (1 for the number and 4 for the date) long.
  • BAD -- KEY 710. This file stores the number of bad key attempts and is 2 bytes long. It gets reset after a valid bank transaction. When this number reaches a set limit, the card is locked.
  • MIN -- TRANS 711 This file stores the transaction amount above which a PIN is required. This file is 3 bytes long.
  • MAX -- TRANS 712. This file stores the transaction amount above which a key is required. This file is 4 bytes long.
  • RANDOM -- NUMBER 713 This file contains the random number seed to ensure that the numbers are not repeated in any predictable pattern. If the executable file is 700 bytes long (the same as TCAs), the total space needed on the card would be about 2,700 bytes.
  • each bank smart card contains the following additional files: BAD -- CARD 714.
  • This file stores a list of 4-byte account numbers that are bad cards. It can store a total of 1,200 numbers for a total tile size of 4,800 bytes.
  • VALID ACCOUNT 715 This file stores the highest and lowest valid account numbers for cards that can receive key updates. It is 32 bytes long.
  • C -- INT.EXE 716 This executable file enables the card to give interest and update keys. INTEREST 717. This file stores the daily interest rate and is 4 bytes long.
  • ATTACK #2 Stealing a valid card. All cards are protected by PINs for small transactions and can be key protected for larger transactions. The thief could use the card for transactions under the MIN -- TRANS file limit, but the next time interest/key update occurred, the card would be invalidated. The invalidation process could also happen at point of sale terminals for large purchases if there was fear about PINs or keys being stolen from the cardholder. If the thief attempts to convert the card money into cash (buying cash rather than goods) perhaps by trading with another cardholder), then the thief must have the PIN or key or be limited by the number of transactions stored in the PASSBOOK file (50).
  • the maximum expected loss is $250 (if the MIN -- TRANS file is set at $5 and no transactions are stored in the PASSBOOK file). This loss can be sent to zero by reducing the number in the MIN -- TRANS file to zero. If the PIN is lost, then the amount at risk is potentially 50 times the MAX -- TRANS file or the amount stored on the card. IF MAX -- TRANS is set at $100, then potentially $5K is at risk. Thus this card is more like cash than a normal credit card and needs to be treated more carefully than a normal credit card.

Abstract

Systems and methods for providing secure smart card transactions are disclosed. Smart cards are arranged in a smart card hierarchy, the hierarchy including a first smart card at a first hierarchical level and a second smart card at a second hierarchical level higher than the first hierarchical level. A smart card reader is equipped to read smart cards and to accept personal identification (PIN) number inputs. According to one embodiment, a first PIN number is stored on the first smart card, the first PIN number corresponding to the first hierarchical level. A first security key is also stored on the first smart card. A second PIN number is stored on the second smart card, the second PIN number corresponding to the second hierarchical level. A second security key is stored on the second smart card. The PIN numbers and security keys are used to selectively lock and/or unlock a smart card.

Description

This application is a continuation of application Ser. No. 08/546,056, filed on Oct. 20, 1995, now abandoned, which is a continuation-in-part of application, Ser. No. 08/194,186 filed Feb. 8, 1994, now issued U.S. Pat. No. 5,461,217 issued Oct. 24, 1995.
1. Technical Field
This invention relates generally to smart cards, and more particularly to systems and methods for providing secure money transfers between smart cards and financial institutions.
2. Background of the Invention
Recent developmental efforts have been directed towards using smart cards as vehicles for the storage and transfer of money. Using electronic money in place of conventional bills and coins is advantageous for several reasons. It is often cumbersome and inconvenient to carry around large amounts of money, notwithstanding the ever-present risk of theft or loss. Bills and coins are expensive to produce, and are subject to forgeries. Although some merchants may accept personal checks, the processing of these transactions often proves to be very time-consuming. In practice, existing check verification procedures often involve a time delay sufficient to annoy, irritate, and/or frustrate customers who are waiting in line at the merchant's point-of-sale terminals.
With existing state-of-the-art technology, it is possible to use smart cards as devices on which to electronically store and transfer money. However, a system which does nothing more than electronically store and transfer money is not practical for use in many real-world applications. As with any electronic data storage and a transfer system, security breaches are possible. If the concept of electronic money is ever to be generally accepted, electronic money cannot be lost by the application providers or by other participants such as merchants or customers. Although a certain amount of electronic money loss is acceptable and inevitable, these losses must be less than the current losses experienced with credit cards, cash, or checks. Prior-art electronic security measures do not provide an electronic money system having the requisite level of security.
Existing smart card devices are not completely invulnerable to failure. For example, the smart card holder could forget to remove the smart card from his or her pocket, and run the card through an entire washer/dryer cycle, exposing the card to heat, mechanical vibrations, water, and chemically corrosive agents such as bleach and detergent, which could result in a smart card failure. Upon device failure, the hapless smart card holder ends up losing the amount of money stored on the now-defunct card. What is needed is a recovery technique applicable to smart cards that have become inoperable, so that the smart card holder does not suffer a financial loss due to card failure.
Many state-of-the-art electronic financial transaction systems offer little or no customer privacy. This lack of privacy stems from the fact that current system architectures offer paid interest and/or protection for lost/stolen cards. As a result, those customers who desire privacy must pay in cash in order to attain transactional anonymity. Since conventional paper money offers virtual anonymity, the concept of electronic money should provide a similar degree of anonymity. At the very least, an electronic system should provide anonymity upon request.
SUMMARY OF THE INVENTION
Systems and methods for providing secure smart card transactions are disclosed. Smart cards are arranged in a smart card hierarchy, the hierarchy including a first smart card at a first hierarchical level and a second smart card at a second hierarchical level higher than the first hierarchical level. A smart card reader is equipped to read smart cards and to accept personal identification (PIN) number inputs. According to one embodiment, a first PIN number is stored on the first smart card, the first PIN number corresponding to the first hierarchical level. A first security key is also stored on the first smart card. A second PIN number is stored on the second smart card, the second PIN number corresponding to the second hierarchical level. A second security key is stored on the second smart card. The PIN numbers and security keys are used to selectively lock and/or unlock a smart card.
BRIEF DESCRIPTION OF THE DRAWING
FIG. 1 is a block diagram showing a secure smart card money transfer system;
FIG. 2 is a chart which describes a secure financial transaction between two smart cards;
FIG. 3 is a flowchart which sets forth the operational sequence for implementing a secure smart card financial transaction;
FIGS. 4A and 4B together comprise a flowchart which describes the steps of a cardholder-to-cardholder transaction;
FIGS. 5A and 5B together comprise a flowchart which sets forth the procedure for updating/changing security keys, and for adding interest to money stored on smart cards;
FIG. 6 is a block diagram showing the data structures which are transferred from a first smart card to a second smart card during a financial transaction;
FIG. 7 is a block diagram describing the data structures used by user smart cards.
DETAILED DESCRIPTION
Techniques are disclosed for the secure transfer of a monetary value (herein after "money") between smart cards. These techniques also provide for the secure transfer of a monetary value between an electronic money vault and a smart card. This electronic money vault including a processing device coupled to a data storage drive. For example, an electronic money vault may be implemented by a conventional personal computer, by a mainframe computing device, by a smart card, or by any other hardware configuration that includes a microprocessor and memory.
FIG. 1 is a block diagram setting forth hardware components and data structures for a smart card secure money transfer system. In the example of FIG. 1, smart card 102 may represent the electronic money vault, it being understood that another type of electronic money vault could be used in place of smart card 102. For purposes of illustration, if a mainframe computer was used to implement the electronic money vault instead of using smart card 102, this computer would be coupled to smart card reader network 106 (described in greater detail hereinafter) using techniques well-known to those skilled in the art. The system of FIG. 1 provides for adding interest payments to money stored on a smart card, and for checking the amount of money (account balance) stored on a smart card. Activities such as the transfer of money between smart cards, adding interest payments to a smart card, and checking account balances are referred to as financial transactions.
Smart cards 102, 104 are provided to a plurality of cardholders, including a first smart card 102 provided to a first cardholder and a second smart card 104 provided to a second cardholder, each smart card 102, 104 being capable of participating in one or more financial transactions involving electronic money stored on the smart card. If smart card 102 is used to implement the electronic money vault, then the first cardholder may be, for example, a bank, a merchant, or a consumer. Independent of the identity of the first cardholder, the second cardholder may be blank, a merchant, or a consumer. If a cardholder is a merchant or a consumer, the smart card held by this cardholder is referred to as a user smart card.
If a cardholder is a bank, the smart card provided to the bank is termed a bank smart card. Banks may be organized into a plurality of regions, each region consisting of one or more branch banks. In this situation, three subtypes of bank smart cards may be utilized, such as bank center smart cards, bank region smart cards, and bank branch smart cards. Bank center smart cards are used to provide one or more electronic security keys to other smart cards, such as other bank smart cards, smart cards held by merchants, and/or smart cards held by consumers. These security keys may be updated (i.e., periodically changed) to allow and/or to disallow the transfer of money to/from a smart card. Note that banks at some or all of the aforementioned hierarchical levels may use types of electronic money vaults other than smart cards, such as, for example, personal computers or mainframe computers, in place of the bank smart card. Therefore, the following discussion of interest payments between banks is applicable irrespective of whether the electronic money vaults are implemented using smart cards or, for example, mainframe computers.
Bank center smart cards are used to provide interest payments to other smart cards, such as to other bank smart cards and to user smart cards (cards held by merchants or consumers). Interest payments can be implemented in a hierarchical manner with respect to a predefined smart card hierarchy. For example, a bank center smart card may be employed to provide interest payments to bank region smart cards. Similarly, the bank region smart cards may be used to provide interest payments to bank branch smart cards, which, in turn, provide interest payments to smart cards held by consumers and merchants. Thus, the smart card hierarchy in this example is structured such that a bank center smart card is at the top of the hierarchy, followed by bank region smart cards and bank branch smart cards. User smart cards are at the bottom of the hierarchy. The mechanics of interest payments will be described in greater detail hereinafter with reference to FIG. 1.
Each smart card 102, 104 contains the data structures and hardware blocks described below in conjunction with FIG. 1, irrespective of whether the smart card is a user smart card or a bank smart card. In the case where smart card 102 represents an electronic money vault, then smart card 102 may actually represent any hardware configuration having a processing device coupled to a data storage device. Irrespective of whether a smart card or some other type of hardware configuration is employed for the electronic money vault, the security keys and security key storage registers described below are implemented, stored, and processed using a data storage device coupled to a processor. Therefore, even though the discussion below assumes that the electronic money vault is smart card 102, this discussion is also applicable to the case where a personal computer or a mainframe computer is used in place of smart card 102 to implement electronic money vault.
Each smart card 102, 104 contains a security key storage register 112, 128, respectively, for the storage of an electronic security key. The security key storage register 112, 128 may be provided in the form of random-access memory (RAM). The security key register 112, 128 is coupled to a security key register input device 118, 124, respectively, which is adapted to accept input from a smart card reader network 106. In this manner, an electronic security key may be transferred from the smart card reader network 106 into the smart card security key storage register 112. The security key register input device 118, 124 is equipped to accept input data in accordance with presently-existing smart card data input/output (I/O) techniques well-known to those skilled in the art.
A security key register output device 114, 130 is coupled to the security key storage register 112, 128, respectively. This output device 114, 130 is equipped to copy the contents of the security key storage register 112, 128, respectively, into the smart card reader network 106. The security key storage register 112, 128 is coupled to a first input of a security key comparison device 110, 126, respectively. A second input of the security key comparison device 110, 126 is connected to a security key comparison input device 116, 122, respectively.
The security key comparison device 110, 126 is equipped to compare the first input with the second input, and to generate a signal at a comparison device output, such that the generated signal is based upon the results of the comparison. If the first and second inputs are identical, the security key comparison device 110, 126 generates a match signal at the comparison device output. If the first and second inputs are not identical, the security key comparison device 110, 126 generates a no-match signal at the comparison device output.
The comparison device 110, 126 output is coupled to an electronic security lock 108, 120, respectively. The security lock 108, 120 may be placed into any one of two mutually-exclusive states. In a first, locked state, the security lock 108, 120 disables the smart card 102, 104 from transferring money to another smart card. In a second, unlocked state, the security lock 108, 120 permits money to be transferred to another smart card. The security lock 108, 120 is coupled to the output of comparison device 110, 126, respectively. When the comparison device 110, 126 produces the match signal, the security lock 108, 120 is placed into the second, unlocked state. The security lock 108, 120 is placed into the first, locked state upon receipt of a no-match signal from the comparison device 110, 126.
The functions of the electronic security lock 108, 120 and security key comparison device 110, 126 may be implemented using a microprocessor device of the type well-known to those skilled in the art and utilized in various existing smart card designs. The functions of the security key storage register 112, 128 may be implemented using the microprocessor described above, and/or such a register may be provided in the form of random-access memory (RAM). The security key register input device 118, 124, the security key comparison input device 116, 122, and the security key register output device 114, 130 operate under the control of the above-described microprocessor, and may be implemented using conventional smart card data I/O devices which provide for the exchange of data between a smart card 102, 104 and a smart card reader network 106. Conventional smart card data I/O devices and smart cards 102, 104 are well-known to those skilled in the art.
Smart card reader network 106 comprises a configuration of two or more conventional smart card reader ports, such as a first smart card reader port 141 and a second smart card reader port 143. First and second smart card reader ports 141, 143 are of the type well-known to those skilled in the art, to permit substantially concurrent exchange of data between two smart cards 102, 104. First smart card reader port 141 may be situated at a remote location with respect to second smart card reader port 143. Accordingly, first and second smart card reader ports 141, 143 are linked together over a communications link 150. In the case where smart card reader ports 141, 143 are widely-separated, this communications link 150 may comprise modems communicating over a conventional telephone connection. Alternatively, smart card reader ports 141, 143 may be integrated into a single structure and connected using a communications link 150 comprising, for example, simple wire pairs. First and second smart card reader ports 141, 143 may also include smart card holder input means, such as a keypad, to permit the entry of data such as PINs (personal identification numbers) by smart card holders. These smart card reader ports 141, 143 include data input means 149, 151 and data output means 145, 147, for, respectively, accepting data from, and providing data to, a smart card. The data output means 145 of smart card reader port 141 is linked to the data input means 151 of smart card reader port 143. Likewise, the data input means 149 of smart card reader port 141 is linked to the data output means 147 of smart card reader port 143.
The flow of data between smart card reader port 141 and smart card reader port 143 may be controlled by an optional smart card reader microprocessor internal to the smart card reader network 106. The smart card reader microprocessor is of a type well-known to those skilled in the art. If a smart card reader microprocessor is not used, the microprocessors within the smart cards 102, 104 are employed to control the flow of data across smart card reader network 106.
To implement an exchange of money between two smart cards 102, 104, the system of FIG. 1 operates as follows. Assume that money is to be transferred from smart card 102 to smart card 104. Smart card 102 is inserted into smart card reader port 141, and smart card 104 is inserted into smart card reader port 143. The microprocessor within smart card 102 exchanges initial handshaking information with the microprocessor of smart card 104 to ascertain that both smart cards are communicating across the smart card reader network 106. Next, the security key register output device 114 of smart card 102 sends a signal representing an electronic security key to data input means 149 of smart card reader network 106. The security key is transferred to the data output means 147, and conveyed to security key comparison input device 122 of smart card 104.
The security key comparison device 126 retrieves the security key stored in security key storage register 128 on smart card 104. If the comparison device 126 ascertains that the security key received from smart card 102 matches the security key stored in the security key storage register 128, the electronic security lock 120 within smart card 104 is unlocked to enable smart card 104 to participate in one or more financial transactions with smart card 102. If, however, the security key retrieved from security key storage register 128 does not match the security key received from smart card 102, smart card 104 is disabled from participating in all financial transactions.
The security key comparison process implemented by smart card 104 is also performed by smart card 102. Smart card 104 retrieves the security key stored in security key storage register 128 and conveys the security key to security key register output device 130. The security key is received by data input means 151 of smart card reader network 106, and sent to data output means 145. The security key is forwarded by data output means 145 to security key comparison input device 116 of smart card 102. Security key comparison input device 116 sends the security key to security key comparison device 110. Meanwhile, the security key stored in security key storage register 112 is sent to security key comparison device 110, where the security key from storage register 112 is compared with the security key received from smart card 104. If these security keys match, the security key comparison device 110 provides an "unlock" signal to electronic security lock 108 which unlocks the security lock, permitting smart card 102 to participate in one or more financial transactions with smart card 104. If, however, the security keys do not match, comparison device 110 provides a "lock" signal to electronic security lock 108. Electronic security lock 108 responds to the lock signal by disabling smart card 102 from participating in any financial transactions.
In the above-described example, the electronic security locks 108, 120 of both smart cards 102, 104 must be unlocked in order to permit a financial transaction to take place between these smart cards. If the above-described exchange of security keys results in the locking of one or both of the electronic security locks 108, 120, no financial transactions can take place between smart cards 102 and 104.
The example set forth above assumes that each smart card 102, 104 contains one security key in security key storage register 112, 128, respectively. However, the example of one security key was described for ease of illustration. Any desired number of security keys may be employed to meet the requirements of specific design applications. According to one embodiment set forth herein, each smart card 102, 104 employs four security keys which are stored in security key storage register 112, 128, respectively. Security key comparison device 110 compares all four security keys stored in smart card 102 with all four security keys received from smart card 104. Similarly, security key comparison device 126 compares all four security keys stored in smart card 104 with all four security keys received from smart card 102. If at least two of the security keys match, the respective electronic security lock 108, 120 is unblocked. If less than two of the four security keys match, the respective security lock 108, 120 is locked.
In the embodiment which utilizes four security keys per smart card, the security keys can be updated and/or changed to provide improved system security. Bank smart cards are used to update/change the security keys stored in user smart cards. More particularly, assume for purposes of this illustration that smart card 102 is a bank smart card. Bank smart cards are equipped to retrieve a security key from the bank smart card security key storage register 112 and convey the key to the bank smart card security key register output device 114 (user smart cards are also so equipped). The output device 114 sends the security key to data input means 149 of smart card reader network 106, along with a bank smart card signal which serves to identify bank smart cards from all other types of smart cards, such as user smart cards.
The security key and the bank smart card signal are conveyed to data output means 147. The microprocessor of smart card 104 recognizes the bank smart card signal at data output means 147 and, in response to this signal, places the security key at data output means 147 into security key storage register. When the newly-received security key is placed into security key storage register 128, it replaces one of the previously-existing security keys stored in register 128, it replaces one of the previously-existing smart cards and bank smart cards are used to update/change one or more security keys in user smart cards. The security keys are changed from time to time to provide an enhanced measure of security. The keys can be changed periodically, i.e, at regular time intervals, or, alternatively, the keys may be changed at random time intervals, if desired.
The smart card money transfer system of FIG. 1 utilizes three types of software. These are exchange software, interest/key update software, and administration software. Exchange software enables money to be transferred from one smart card to another. Interest/key software enables interest payments to be made to a smart card, and administration software enables the performance of various administrative functions. These administrative functions may include, for example, updating a file which lists and identifies all "bad" smart cards, and/or updating a file containing the current interest rate to be paid to specific smart cards. "Bad" smart cards may include defective, failed, stolen, "foreign" (non-system) and/or counterfeit smart cards. A specially-designated administrative smart card may be used to perform the aforementioned administrative function, in conjunction with a card reader and a computer. This administrative card contains the hardware and data structures of FIG. 1. All software is executable on conventional personal computers, and/or on smart card reader software platforms which contain processing devices.
Some of the software used by the smart card money transfer system can reside on the smart cards 102, 104. If desired, this software can be placed into a ROM device on the smart card. For example, three programs may advantageously be placed onto the smart cards 102, 104. The first such program is a routine entitled exch.ini and provides the data structures and functions necessary to implement financial transactions. This program also enables the smart cards to receive electronic security keys and interest payments. This executable program preferably resides on all user smart cards, including bank center smart cards.
The second program which may reside on the smart cards 102, 104 is entitled int.exe, and provides the data structures and functions necessary to update electronic security keys. The program also implements the process of giving interest to another bank smart card or to a user smart card such as a card held by a merchant or a consumer. The third routine which may be placed on a smart card is entitled issue.exe, and permits an administrative smart card to issue a bank or user smart card.
The smart card money transfer system (FIG. 1) performs financial transactions which involve, for example, the transferring of money from one card to another. However, money is only "created" using a specially-designated bank center smart card having hardware and data structures as shown in FIG. 1. The "creation" of money refers to the fact that, in this case, money is put onto a smart card without taking money from another smart card. The same general concept holds true for electronic security keys. These keys are loaded into bank center smart cards by a system administrator, and are then electronically transferred to other smart cards via card reader network 106.
The smart cards may be organized into a hierarchical structure. For example, the top level includes one or more bank center smart cards, the second level includes one or more bank region smart cards, at the third level are bank branch smart cards, and at the fourth level are the user smart cards which include merchant smart cards and consumer smart cards. Security keys and interest payments flow down the hierarchical ladder from the top levels to the lower levels.
Security functions for the smart card financial transaction system are performed by one or more electronic security keys. In addition to the security keys, proprietary information may also be incorporated into the system to provide an enhanced level of security. However, security is a relative concept. Practically speaking, irrespective of the level of technical sophistication employed, there is no such thing as an invulnerable security system. By way of example, it is certainly possible for people to make their own dollar bills. However, the cost is high, and the penalty is great for getting caught. The security keys 112, 114, 116 provide a measure of security analogous to that provided by the dollar bill, in terms of the aforementioned costs and penalties.
The security provided by security keys is such that all individuals involved in the implementation of security functions for the smart card financial transaction system could leave the system, but none of these individuals would be able to break the system without detection and immediate correction. To provide this level of security, it is not possible to rely solely on proprietary information. However, proprietary information is valuable in preventing attacks from outside individuals who were never affiliated with the security system. For this reason, proprietary information is combined with other forms of security to provide an enhanced level of security not otherwise possible.
Security keys are provided in the form of four application keys stored on each smart card 102, 104. These application keys are stored as numerical values in smart card 102, 104 memory. During each financial transaction with a bank center smart card, the numerical value stored in one application key is updated. Two valid application keys are required to successfully implement a financial transaction. The application keys stored in a bank center smart card are updated from time to time, for example, such that each application key is valid for one month. In this manner, the maximum amount of time that a cardholder can go without a bank transaction is three months. However, this number can be changed to meet the needs of specific system requirements by adding more application keys to each smart card, and/or by changing the amount of time for which each application key numerical value is valid. The bank could use eight keys and change one key per day. In this case, every smart card holder would have to hold a financial transaction with the bank at least once per week. Although the application keys may be periodically updated at regular time intervals, periodicity is not required. The application keys could be updated dynamically at irregular time intervals.
To implement the application keys, each smart card 102, 104 may be equipped with a file called KEY-- NUMBER. This file specifies numerical values corresponding to specific application keys. KEY-- NUMBER also stores the most recent date for which a key was updated. For example, the application key numerical values may be changed once per month, with numerical values 51, 52, 53, and 54 corresponding to months 51 through 54, respectively.
For two smart cards 102, 104 to implement a successful transfer of money, these smart cards must have at least two identical application keys. If smart card 102 contains application keys of 49, 50, 51, and 52, whereas smart card 104 contains application keys of 51, 52, 53, and 54, the money transfer can be successfully implemented, due to the presence of two identical keys--namely, 51 and 52. However, if the application keys of smart card 102 are 51, 52, 53, and 54 whereas the application keys of smart card 104 are 54, 55, 56, and 57, it would not be possible to implement a successful money transfer between these two smart cards 102, 104.
Each user smart card 102, 104 is assigned an account number of 16 digits (8 bytes). One or more of the smart cards 102, 104 may become lost or stolen. Such cards are known as "bad" cards, and are not allowed to receive application key updates. Bank smart cards corresponding to each level in the smart card bank hierarchy mentioned above may be 8K smart cards equipped to store account numbers for up to 600 bad cards. Assuming that up to 10% of the user smart cards 102, 104 in a given system become lost or stolen (this figure conforms to the credit card industry norm), then one bank center smart card can manage a pool of 6000 user smart cards.
Managing a pool of 6000 user smart cards 102, 104 can be performed at the bank region hierarchical level. In this manner, one or more specific application key updates are limited to a predetermined section of account numbers, e.g., 40000 to 46000, such that these account numbers correspond to smart cards serviced by a given bank region, and/or a given branch bank. To improve upon this branch bank scenario, it may be assumed that each bank branch only handles smart cards with account numbers in a certain range. If this assumption holds true, then only four bytes (the last four digits) of the account numbers need to be stored at the bank branch level.
Techniques for managing bad smart cards are important, because the effectiveness of these techniques can determine the overall profitability or loss of a given smart card system. If smart card system operators are careless, and if inadequate bad card management techniques are employed, the operator may end up losing more money per customer than it is possible to recover.
After the keys on a bad card expire, the card can be removed from the bad card list. Therefore, a bank branch card can store 1200 bad card numbers and manage a pool of 24,000 user cards, assuming that only 5% of the user smart cards are on the bad card list any one time.
If no more than 10% of the user smart cards corresponding to a particular bank branch will ever be stolen, then the next hierarchical level (say the "bank region") would be able to handle 6,000 bank branch smart cards. The total number of customers in this scenario can thus be 144 MILLION. Because it may be desirable to provide larger total system capacity, another hierarchical level may be used, termed "bank center". The bank center smart card 103 can handle up to 6,000 bank region cards, and thus provide plenty of total system capacity.
With respect to smart card update time, assume that it takes 10 seconds (maximum) to update a smart card. Further assume that 24,000 people want to update their keys in that one hour. The system must have the equivalent of 24 bank branch smart cards working full time. If the bank branch smart cards are duplicated, each of these cards is issued a different account number so that the generation process can be performed and managed by a smart card. A given smart card account number should never be issued more than once. Therefore, taking this reduction into account, the maximum number of user smart cards 102, 104 in a region is 6 million. Because the bank branch cards can be assigned update times, bank region cards need not be duplicated.
All security keys are generated by a bank center smart card which has the structure of smart card 102 and further includes a random number generator. The security key storage register of the bank center smart card is loaded with the security keys necessary to generate and update all other smart cards. After the original card issuing process, this is how security key updates proceed. A command is sent to the bank center card to update its date and security keys. The bank center card generates a new security key using its random number generator and updates a first application key corresponding to this new security key and increments the KEY-- NUMBER file. The KEY-- NUMBER file is updated with a new date. A new interest rate can also be loaded into the bank center smart card at this time.
After the bank center smart card updates its security keys, it has scheduled transactions with all of the bank region smart cards in order to update their security keys. The bank region smart cards then update the bank branch smart cards. And finally the bank smart branch cards update the user smart cards.
In general, money can only be added to one smart card when it is taken away from another smart card. The exception to this is the bank center smart card. A bank center card key exists which contains key values matching the application key values stored in the bank center smart card. Whoever holds this key can create money by updating this card's balance file. This person cannot read the application keys on the bank center card. To get this money down the pyramid of cards from the bank center smart card to the user smart cards 102, 104, a bank region cardholder would request a transfer of say $1 million card dollars in exchange for a like transfer of money in another form. Approval is given by the bank center cardholder typing in the correct key (most likely a different key than that used to create money). This money goes down the pyramid of cards until it reaches the cardholders themselves. If the application is growing, then the flow of card money should be down and the flow of other money should be up. For example, in a card money exchange involving two smart cards, smart card 102 and smart card 104, the cards smart card 102 and smart card 104 may be any of the cards specified in FIG. 2. For a given pair of cards smart card 102 and smart card 104, FIG. 2 describes the nature of the financial transaction which may take place.
Financial transaction flow will now be described. These transactions are capable of being performed over a remove link. The transactions always take place between two cards. Smart card readers and PC software serve merely to connect the cards and provide user input. A conventional smart card reader is used at both ends of the link, each sender having a keypad for PIN or key input (similar to an ATM or Telephone Adapter with small keypad). These readers are well-known to those skilled in the art.
The financial transaction proceeds as indicated in FIG. 3. First, in block 301, smart card 102 (a first smart card) is inserted into first smart card reader port 141 (a first smart card reader). Next, the cardholder corresponding to the first smart card smart card 102 dials the telephone number (if the reader includes a Telephone Adapter) or chooses the correct menu item (if using an ATM or PC-based card reader) to dial up a host computer and/or another Telephone Adapter (block 302).
At block 303, a second smart card, smart card 104, is inserted into second smart card reader port 143 (a second smart card reader). Then smart card 102's cardholder enters "EXCH" or equivalent code into the reader first smart card reader port 141 keypad (block 304).
At block 305, first smart card reader port 141 prompts for information needed to complete the financial transaction. This information may include:
a. Credit/Debit/Interest
b. Amount of Money to be Transferred
c. Card PIN or Security Key Numerical Value
Then, first smart card reader port 141 lends a data packet to second smart card reader port 143 detailing the financial transaction (block 306).
At block 307, second smart card reader port 143 prompts the cardholder corresponding to smart card 104 for information needed to complete the financial transaction. This information may include:
a. Credit/Debit/Interest
b. Amount of Money to be Transferred
c. Card PIN or Security Key Numerical Value
At block 308, second smart card reader port 143 sends a data packet detailing the financial transaction to first smart card reader port 141. If the data packets sent in blocks 306 and 308 are identical, then the card reader specified by the following table begins the transaction by sending a security key numerical value. Therefore it does not matter which cardholder begins the transaction; from this point on it follows a standard flow based on the transaction type.
______________________________________
Financial Transaction
                  First Reader
______________________________________
Smart card 102 sends card
                  second smart card reader port 143
money to smart card 104
Smart card 102 receives card
                  first smart card reader port 141
money from smart card 104
Smart card 102 receives interest
                  first smart card reader port 141
& security keys from smart card 104
Smart card 102 sends interest &
                  second smart card reader port 143
security keys to smart card 104
______________________________________
The following sections detail the first and last financial transaction listed in the above table. The remaining two financial transactions are the same if smart card 102 and smart card 104 are switched.
FIGS. 4A and 4B describe the steps of a cardholder-to-cardholder transaction. Smart card 102 stands for card 1 and is the card of the person "spending the money". At block 401, smart card 102 is inserted and a card PIN is verified (this verification substep is optional for transactions less than an amount stored in a MIN-- TRANS file). Next, smart card 104 is inserted and PIN verified (this verification substep is optional for all cases) (block 402). At block 403, second smart card reader port 143 executes smart card 104's C-- EXCH.EXE program described previously, with input variables specifying a credit and an amount A1. smart card 104 responds with the security key number of its first key. Then, second smart card reader port 143 sends this security key number to first smart card reader port 141 (block 404).
First smart card reader port 141 executes smart card 102's C-- EXCH.EXE program with input variables specifying debit, amount (A1) and smart card 104's key number. Smart card 102 responds with a key number equal to smart card 104's first, second, or third security keys. If none of the key numbers in smart card 102 and smart card 104 match, then smart card 102 cannot work with the proposed key set of smart card 104, and smart card 102 aborts the transaction and updates the BAD-- KEY file (block 405). At block 406, first smart card reader port 141 sends a response to second smart card reader port 143. Second smart card reader port 143 sends the key number response to smart card 104. This key becomes the first security key (APPKEY0, or AK0 for short) for the rest of the transaction (block 407). Smart card 102 continues response with packet 1 (P1) encrypted in APPKEY0 (AK0). This acts as a challenge to smart card 104. Smart card 102 also updates it PASSBOOK file (block 408). First smart card reader port 141 sends this packet to second smart card reader port 143 (block 409). Smart card 104 responds with packet 2 (P2) encrypted in AK0. This is the response to the challenge and smart card 102 checks to make sure that the third field (public name) his been changed from P1 and is a valid name (contains only ASCII characters in a certain range). Smart card 104 also updates its PASSBOOK file (block 410). Second smart card reader port 143 sends this packet to first smart card reader port 141 (block 411). Smart card 104 continues response with packet 3 (P3) encrypted in APPKEY1 (AK1). This acts as a challenge to smart card 102 (block 412). Second smart card reader port 143 sends this packet to first smart card reader port 141 (block 413). Smart card 102 debits the amount from the card balance and updates the PASSBOOK file (block 414). Smart card 102 responds with packet 4 (P4) encrypted in AK1. This is the response to the challenge and smart card 104 checks to make sure that the third field (credit amount) has been changed from P3 to P4 and is a valid field (contains the correct credit code which is different from the debit code and contains the same amount as in P3). If these fields are not correct, the BAD-- KEY file gets updated (block 415). First smart card reader port 141 sends this packet second smart card reader port 143 (block 416). Smart card 104 credits the amount to its card balance and updates the PASSBOOK file (block 417).
Security key update and interest transactions will be described with reference to FIGS. 5A and 5B. These are transactions between a user card and a bank branch card (or equivalently the branch and region card or the region and center card). The following describes the steps of a cardholder-to-bank-branch transaction. Smart card 102 stands for card 1 and is the card of the person "spending the money", in this case the bank branch. Smart card 104 stands for card 2 and is the card of the person "receiving the money", in this case the cardholder. Somewhere during this transaction the PASSBOOK file of smart card 104 needs to be read, stored and cleared.
Block 501: smart card 102 inserted and Verify PIN. This step is the equivalent of someone at the bank "loading" the bank branch card into a card reader. Block 502: smart card 104 inserted and Verify PIN. This step assures that the proper cardholder still has the card and is similar to using your current card at an ATM (you can be photographed to later prove that it was you). Block 503: second smart card reader port 143 executes smart card 104's C-- EXCH.EXE with argument 2 (receive interest). Smart card 104 responds with the key number of its APPKEY0 (0 to 255). Block 504: second smart card reader port 143 sends the key number to first smart card reader port 141. Block 505: first smart card reader port 141 executes smart card 102's C-- INT.EXE with argument 3 (give interest) and smart card 104's key number. Smart card 102 responds with a key number equal to smart card 104's APPKEY0, APPKEY1 or APPKEY2. If smart card 102 cannot work with the proposed key set, then it aborts the transaction and sets up an expired key file transaction. Block 506: first smart card reader port 141 sends response to second smart card reader port 143. Block 507: second smart card reader port 143 sends the key number response to smart card 104. This key becomes APPKEY0 for the rest of the transaction. Block 508: smart card 102 continues response with packet 1 (P1) encrypted in APPKEY0 (AK0). This acts as a challenge to smart card 104. Smart card 102 also updates its PASSBOOK file. Block 509: first smart card reader port 141 sends this packet to second smart card reader port 143. Block 510: smart card 104 responds with packet 2 (P2) encrypted in AK0. This is the response to the challenge and smart card 102 checks to make sure that the third field (public name) has been changed from P1 and is a valid name (contains only ASCII characters in a certain range). Smart card 104 also updates its PASSBOOK file. Block 511: second smart card reader port 143 sends this packet to first smart card reader port 141. Block 512: smart card 104 continues response with packet 5 (P5) encrypted in APPKEY1 (AK1). This acts as a challenge to smart card reader port 141. Block 514: smart card 102 checks to make sure that the third field (balance) has a valid checksum and a logical date and interest rate. It also checks the fourth field (account number) versus its BAD-- CARD file. (If it finds the number in the BAD-- CARD file it initiates an invalidate card transaction.) Using its date file, it calculates the amount of interest to credit to smart card 104, debits the amount from smart card 102's card balance and updates its PASSBOOK file. Smart card 102 also looks to see if smart card 104 needs a new key and, if so, supplies one in P6. Block 515: smart card 102 responds with packet 6 (P6) encrypted in AK1. This is the response to the challenge and smart card 104 checks to make sure that the third through fifth fields have been changed from P5 and are valid. Block 516: first smart card reader port 141 sends this packet to second smart card reader port 143. Block 517: smart card 104 credits the amount to its card balance, changes the date and updates the interest rate if necessary. If a new key is included in the fifth field, it updates its application keys by replacing the oldest (APPKEY0) with the new one and incrementing the number in the KEY-- NUMBER file. It also updates the PASSBOOK file.
The data packets shown in FIG. 6 may be transferred from a first smart card to a second smart card during a financial transaction. Packet 1 contains the following fields and information: Field 601: Random Number. The first field is an eight byte random number generated by smart card 102. Field 602: Application Number. The second field is the eight byte application ID number that is the same for all cardholder cards. Field 603: Public Name. The third field is an eight byte ASCII name of cardholder smart card 102. Field 604: Account Number or Signature. The fourth field is either an eight byte signature of the first three fields generated by smart card 102 using the card's APPKEY0 or just smart card 102's account number if privacy is not desired. These four fields are mixed (two bytes at a time from each field) and encrypted in an APPKEY0 and sent from smart card 102 to smart card 104.
Packet 2 contains the following fields and information: Field 611: Random Number. The first field is the eight byte random number that was generated by smart card 102 and received in packet 1. Field 612: Application Number. The second field is the eight byte application ID number that is the same for all cardholder cards. Field 613: Public Name. The third field is an eight byte ASCII name of cardholder smart card 104. Field 614: Account Number or Signature. The fourth field is either an eight byte signature of the first three fields generated by smart card 104 using the card's key 0 or just smart card 104's account number if privacy is not desired. These four fields are mixed (two bytes at a time from each field) and encrypted in an APPKEY0 and sent from smart card 104 to smart card 102.
Packet 3 contains the following fields and information: Field 621: Random Number. The first field is an eight byte random number that is generated by smart card 104. Field 622: Application Number. The second field is the eight byte application ID number that is the same for all cardholder cards. Field 623: Debit Amount. The third field is the amount to be debited from smart card 102's balance file. Field 624: Account Number or Signature. The fourth field is either an eight byte signature of the first three fields generated by smart card 104 using the card's key 0 or just smart card 104's account number if privacy is not desired. These four fields are mixed (two bytes at a time from each field) and encrypted in an APPKEY1 and sent from smart card 104 to smart card 102.
Packet 4 contains the following fields and information: Field 631: Random Number. The first field is the eight byte random number that was generated by smart card 104 and received in packet 3. Field 632: Application Number. The second field is the eight byte application ID number that is the same for all cardholder cards. Field 633: Credit Amount. The third field is the amount to be credited to smart card 104's balance file. Field 634: Account Number or Signature. The fourth field is either an eight byte signature of the first three fields generated by smart card 102 using the card's key 0 or just smart card 102's account number if privacy is not desired. These four fields are mixed (two bytes at a time from each field) and encrypted in an APPKEY1 and sent from smart card 102 to smart card 104.
Packet 5 contains the following fields and information: Field 641: Random Number. The first field is the eight byte random number that was generated by smart card 102 and received in packet 1. Field 642: Application Number. The second field is the eight byte application ID number that is the same for all cardholder cards. Field 643: Balance. The third field contains smart card 104's balance file and is 24 bytes long. Field 644: Account Number or Signature. The fourth field is either an eight byte signature of the first three fields generated by smart card 104 using the card's key 0 (AK0) or just smart card 104's account number if privacy is not desired. These four fields are mixed into 6 groups of 8 bytes and encrypted in an APPKEY0 and sent from smart card 104 to smart card 102.
Packet 6 contains the following fields and information: Field 651: Random Number. The first field is the eight byte random number that was generated by smart card 104 and received in packet 5. Field 652: Application Number. The second field is the eight byte application ID number that is the same for all cardholder cards. Field 653: Credit Amount. The third field is the amount to be credited to smart card 104's BALANCE file. Field 654: Date. The fourth field is the new date and interest rate for smart card 104's BALANCE file. Field 655: New Application Key. The fifth field is 8 bytes long and contains a new application key if smart card 104 does not have the latest key. Field 656. Account Number or Signature. The sixth field is smart card 102's account number because privacy and interest are mutually exclusive. These six fields are mixed into 6 groups of 8 bytes and encrypted in an APPKEY1 and sent from smart card 102 to smart card 104.
BALANCE 703. This file contains the balance amount of the card, the currency of the balance, the last date interest was logged, the serial number of the currency and the balance checksum. The balance amount is 4 bytes long with 6 bits of each byte used to store value and 2 bits used as checksums. The currency of the balance is 1 byte long with a different code for each currency. The date of last interest is 4 bytes long with 2 digits for month, 2 digits for day and 4 digits for year. The interest rate is 3 bytes long. The serial number of the currency is 4 bytes long and represents a number unique to the card (possibly the account number encrypted with a master key). The balance checksum is 8 bytes long and represents the first 8 bytes of the file encrypted by the second 8 bytes of the file and then encrypted by a master key. Thus the balance file is 24 bytes long.
APPKEY0 704 through APPKEY3 707. These files contain the four application keys, each 8 bytes long. PASSBOOK 708. This file contains the audit trail similar to a passbook savings account. Each entry is 36 bytes long and a total of 50 entries can be stored. Each entry includes the account number of the other party (or the signature if privacy is desired) (8 bytes), the public name of the other party (8 bytes), the random number generated by the other card (8 bytes), the date if known (4 bytes), credit or debit or interest (1 byte), the transaction amount (3 bytes) and the new account balance (4 bytes). The total size of this file is 1800 bytes. This file is downloaded to the bank on valid bank transactions unless privacy is desired. If larger files are needed for merchant user cards, 8K cards can be provided and the PASSBOOK file can be greatly expanded.
KEY13 INFO 709. This file stores the current APPKEY number and the last date that the keys were updated by the bank. It is 5 bytes (1 for the number and 4 for the date) long. BAD-- KEY 710. This file stores the number of bad key attempts and is 2 bytes long. It gets reset after a valid bank transaction. When this number reaches a set limit, the card is locked. MIN-- TRANS 711. This file stores the transaction amount above which a PIN is required. This file is 3 bytes long. MAX-- TRANS 712. This file stores the transaction amount above which a key is required. This file is 4 bytes long. RANDOM-- NUMBER 713. This file contains the random number seed to ensure that the numbers are not repeated in any predictable pattern. If the executable file is 700 bytes long (the same as TCAs), the total space needed on the card would be about 2,700 bytes.
In addition to the files discussed above, each bank smart card contains the following additional files: BAD-- CARD 714. This file stores a list of 4-byte account numbers that are bad cards. It can store a total of 1,200 numbers for a total tile size of 4,800 bytes. VALID ACCOUNT 715. This file stores the highest and lowest valid account numbers for cards that can receive key updates. It is 32 bytes long. C-- INT.EXE 716. This executable file enables the card to give interest and update keys. INTEREST 717. This file stores the daily interest rate and is 4 bytes long.
With respect to system fraud and fraud prevention, if the smart card system operator has money, defrauders will exist. Defrauders are people who would like to take some of the system operator's money away. Possible methods of attack and countermeasures will now be described. ATTACK #1. Trying to put money on one card without taking money from another card. To do this, a packet of data must be sent to the card, containing the correct information for a credit. There are three possible means of attack: A. Replay attacks, which will not work because each packet contains a unique random number. The system operator must make sure that each card starts with a different random number seed and cannot be reset to its original seed in any way. Since none of the random numbers are ever sent in clear text, this offers some protection. B. Random attempts at sending packets to the card, which will not work because, after so many guesses, the BAD-- KEY file will cause the card to lock. This is really the equivalent of trying to guess the key. C. Direct key attack. Under the implementation described above, the defrauder would get a good packet and try to decrypt it with random keys until getting a valid application number. This takes an average of two decryptions per packet and 263 different keys for expected success or 584 years at 1 billion encryptions per second. This is directly related to the security of DES and is what security is based on. Double encryption may be used in risk-prone environments at the expense of slowing the transaction and attack times down.
ATTACK #2. Stealing a valid card. All cards are protected by PINs for small transactions and can be key protected for larger transactions. The thief could use the card for transactions under the MIN-- TRANS file limit, but the next time interest/key update occurred, the card would be invalidated. The invalidation process could also happen at point of sale terminals for large purchases if there was fear about PINs or keys being stolen from the cardholder. If the thief attempts to convert the card money into cash (buying cash rather than goods) perhaps by trading with another cardholder), then the thief must have the PIN or key or be limited by the number of transactions stored in the PASSBOOK file (50). Therefore, if the user does not lose their PIN, the maximum expected loss is $250 (if the MIN-- TRANS file is set at $5 and no transactions are stored in the PASSBOOK file). This loss can be sent to zero by reducing the number in the MIN-- TRANS file to zero. If the PIN is lost, then the amount at risk is potentially 50 times the MAX-- TRANS file or the amount stored on the card. IF MAX-- TRANS is set at $100, then potentially $5K is at risk. Thus this card is more like cash than a normal credit card and needs to be treated more carefully than a normal credit card.
It is to be understood that the above-described embodiments are merely illustrative principles of the invention and that many variations may be devised by those skilled in the art without departing from the scope of the invention. It is therefore intended that such variations be included within the scope of the following claims.

Claims (8)

What is claimed:
1. A method of providing secure smart card transactions in a system having a smart card hierarchy, the hierarchy including at least a first smart card at a first hierarchical level and a second smart card at a second hierarchical level higher than the first hierarchical level, and a smart card reader for reading smart cards and for accepting personal identification (PIN) number inputs, the method including the steps of:
storing a first PIN number on the first smart card, the first PIN number corresponding to the first hierarchical level;
storing a first security key on the first smart card;
storing a second PIN number on the second smart card, the second PIN number corresponding to the second hierarchical level; and
storing a second security key on the second smart card.
2. The method of claim 1 further including the steps of:
(a) comparing the PIN number stored on the first smart card with a PIN number entered into the smart card reader;
(b) comparing the first security key with the second security key; and
(c) enabling the first smart card if the PIN numbers compared in step (a) are an identical match and if the first and second security keys compared in step (b) are an identical match; otherwise, disabling the first smart card.
3. The method of claim 1 for use with a smart card reader equipped with a personal identification number input device, wherein the method further includes the following steps:
(a) storing electronic representations of monetary values on a plurality of smart cards organized into the smart card hierarchy,
(b) equipping each of the first smart card and the second smart card with an electronic security lock for providing system security, the security lock having a locked state such that the smart card is disabled from participating in at least one financial transaction, and an unlocked state such that the smart card may participate in at least one financial transaction;
(c) equipping the first smart card with a first plurality of security keys and a personal identification (PIN) number, and equipping the second smart card with a second plurality of security keys;
(d) comparing the first plurality of security keys to the second plurality of security keys, and also comparing the PIN number to a number entered into the smart card reader, to generate a match signal only if both (i) at least one of the first plurality of security keys matches at least one of the second plurality of security keys and (ii) the PIN number matches the number entered into the smart card reader; and to generate a no-match signal otherwise; the electronic security lock being responsive to the match signal to enter the unlocked state, and the electronic security lock being responsive to the no-match signal to enter the locked state.
4. The method of claim 1 for use with a smart card reader equipped with a personal identification number input device, the method further including the following steps:
(a) equipping each of the first smart card and the second smart card with an electronic security lock for providing system security, the security lock having a locked state such that the smart card is disabled from participating in at least one financial transaction, and an unlocked state such that the smart card may participate in at least one financial transaction;
(b) equipping the first smart card with a first plurality of security keys and a first personal identification (PIN) number, and equipping the second smart card with a second plurality of security keys and a second PIN number;
(c) comparing the first plurality of security keys to the second plurality of security keys, comparing the first PIN number to a number entered into the smart card reader and comparing the second PIN number to a number entered into the smart card reader, to generate a match signal if and only if (i) at least one of the first plurality of security keys matches at least one of the second plurality of security keys, (ii) the first PIN number matches a number entered into the smart card reader; and (iii) the second PIN number matches a number entered into the smart card reader; and to generate a no-match signal otherwise; the electronic security lock being responsive to the match signal to enter the unlocked state, and the electronic security lock being responsive to the no-match signal to enter the locked state.
5. A system for providing secure smart card transactions comprising a first smart card, a second smart card, and a smart card reader for reading smart cards and for accepting personal identification (PIN) number inputs; the system CHARACTERIZED BY:
a smart card hierarchy, the hierarchy including at least a first smart card at a first hierarchical level and a second smart card at a second hierarchical level higher than the first hierarchical level;
a first PIN number stored on the first smart card; the first PIN number corresponding to the first hierarchical level;
a second PIN number stored on the second smart card; the second PIN number corresponding to the second hierarchical level;
a first security key stored on the first smart card; and
a second security key stored on the second smart card.
6. The system of claim 5 further CHARACTERIZED BY:
(a) a comparison device for comparing the PIN number stored on the first smart card with a PIN number entered into the smart card reader; and also for comparing the first security key with the second security key; and
(b) an enabling device, coupled to the comparison device, for enabling the first smart card if and only if the comparison device determines (i) that the PIN number stored on the first smart card matches the PIN number entered into the smart card reader; and (ii) that the first and second security keys are an identical match.
7. The system of claim 5 for use with a smart card reader equipped with a personal identification number input device;
wherein the first and second smart cards each include an electronic security lock for providing system security, the security lock having a locked state such that the smart card is disabled from participating in at least one financial transaction, and an unlocked state such that the smart card may participate in at least one financial transaction;
the first smart card memory means equipped to store a first plurality of security keys and a personal identification (PIN) number, and the second smart card memory means equipped to store a second plurality of security keys;
the smart card reader including comparison means for comparing the first plurality of security keys to the second plurality of security keys, and also for comparing the PIN number to a number entered into the smart card reader, to generate a match signal only if both (i) at least one of the first plurality of security keys matches at least one of the second plurality of security keys and (ii) the PIN number matches the number entered into the smart card reader; and to generate a no-match signal otherwise;
the electronic security lock of the first smart card being responsive to the match signal to enter the unlocked state, and the electronic security lock being responsive to the no-match signal to enter the locked state.
8. The system of claim 5 for use with a smart card reader equipped with a personal identification number input device, the system further including a plurality of smart cards each equipped to store electronic representations of monetary values,
the first smart card and the second smart card each including an electronic security lock for providing system security, the security lock having a locked state such that the smart card is disabled from participating in at least one financial transaction, and an unlocked state such that the smart card may participate in at least one financial transaction;
the first smart card being equipped with a first plurality of security keys and a first personal identification (PIN) number, and the second smart card being equipped with a second plurality of security keys and a second PIN number;
the smart card reader including a comparison device for comparing the first plurality of security keys to the second plurality of security keys, for comparing the first PIN number to a number entered into the smart card reader, and for comparing the second PIN number to a number entered into the smart card reader, the comparison device being equipped to generate a match signal if and only if (i) at least one of the first plurality of security keys matches at least one of the second plurality of security keys, (ii) the first PIN number matches a number entered into the smart card reader; and (iii) the second PIN number matches a number entered into the smart card reader; and to generate a no-match signal otherwise; the electronic security lock being responsive to the match signal to enter the unlocked state, and the electronic security lock being responsive to the no-match signal to enter the locked state.
US08/959,290 1994-02-08 1997-10-24 Secure money transfer techniques using hierarchical arrangement of smart cards Abandoned USH1794H (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US08/959,290 USH1794H (en) 1994-02-08 1997-10-24 Secure money transfer techniques using hierarchical arrangement of smart cards

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US08/194,186 US5461217A (en) 1994-02-08 1994-02-08 Secure money transfer techniques using smart cards
US54605695A 1995-10-20 1995-10-20
US08/959,290 USH1794H (en) 1994-02-08 1997-10-24 Secure money transfer techniques using hierarchical arrangement of smart cards

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US54605695A Continuation 1994-02-08 1995-10-20

Publications (1)

Publication Number Publication Date
USH1794H true USH1794H (en) 1999-04-06

Family

ID=26889777

Family Applications (1)

Application Number Title Priority Date Filing Date
US08/959,290 Abandoned USH1794H (en) 1994-02-08 1997-10-24 Secure money transfer techniques using hierarchical arrangement of smart cards

Country Status (1)

Country Link
US (1) USH1794H (en)

Cited By (57)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6304248B1 (en) * 1997-12-12 2001-10-16 Fujitsu Limited Coordinate input device
US6418422B1 (en) * 1997-12-15 2002-07-09 Francotype-Postalia Ag & Co. Postage meter machine with a chip card write/read unit and method for operating same
US20030200180A1 (en) * 2000-05-08 2003-10-23 Frank Phelan Money card system, method and apparatus
US20030233317A1 (en) * 2001-01-30 2003-12-18 Nyce Corporation Methods and systems for transferring funds
US20040193539A1 (en) * 2000-02-23 2004-09-30 Bank One Corporation Mutual fund card method and system
US20050005140A1 (en) * 2001-12-27 2005-01-06 Infineon Technologies Ag Data processing device
US20050098624A1 (en) * 2003-10-14 2005-05-12 Foss Sheldon H.Jr. Family stored value card program
US7159243B1 (en) * 1999-07-22 2007-01-02 Koninklijke Philips Electronics N.V. Data carrier for the storage of data and circuit arrangement for such a data carrier
US7165049B2 (en) * 2000-02-09 2007-01-16 Jpmorgan Chase Bank, N.A. Sponsor funded stored value card
US7203657B1 (en) * 2000-09-05 2007-04-10 Noam Eli M General packet-based payment and transaction method and system
US20080011826A1 (en) * 2006-07-14 2008-01-17 Canon U.S.A., Inc. system for registering and using administrative cards to enable configuration of an application and device
US20080260156A1 (en) * 2004-08-19 2008-10-23 Akihiro Baba Management Service Device, Backup Service Device, Communication Terminal Device, and Storage Medium
US7472092B2 (en) 2000-05-08 2008-12-30 Patricia Phelan Money order device with identity verification and method
US20090234771A1 (en) * 2008-03-13 2009-09-17 Patrick Ledbetter Method for transferring funds
US20090299872A1 (en) * 1999-08-26 2009-12-03 Moneycat Ltd. Electronic currency, electronic wallet therefor and electronic payment systems employing them
US20100023341A1 (en) * 2008-05-29 2010-01-28 Reel Drinks Llc Method for rule-based gift giving
US7660763B1 (en) 1998-11-17 2010-02-09 Jpmorgan Chase Bank, N.A. Customer activated multi-value (CAM) card
US7676429B2 (en) 1999-06-04 2010-03-09 Jpmorgan Chase Bank, N.A. Credit instrument and system providing multiple services including access to credit services and access to a service provider club
US7676425B1 (en) 2002-07-29 2010-03-09 Jpmorgan Chase Bank, N.A. Method and system for providing flexible financing
US7707111B2 (en) 1998-11-17 2010-04-27 Jpmorgan Chase Bank, N.A. Customer activated multi-value (CAM) card
US7747463B1 (en) 1998-06-22 2010-06-29 Jpmorgan Chase Bank, N.A. Debit purchasing of stored value card for use by and/or delivery to others
US7753259B1 (en) 2006-04-13 2010-07-13 Jpmorgan Chase Bank, N.A. System and method for granting promotional rewards to both customers and non-customers
US7756896B1 (en) 2002-03-11 2010-07-13 Jp Morgan Chase Bank System and method for multi-dimensional risk analysis
US7784682B2 (en) 2006-02-08 2010-08-31 Jpmorgan Chase Bank, N.A. System and method for granting promotional rewards to both customers and non-customers
US7801816B2 (en) 2001-05-23 2010-09-21 Jp Morgan Chase Bank, N.A. System and method for currency selectable stored value instrument
US7805368B2 (en) 1998-06-22 2010-09-28 Jpmorgan Chase Bank, N.A. Debit purchasing of stored value card for use by and/or delivery to others
US7809641B2 (en) 2001-07-26 2010-10-05 Jpmorgan Chase Bank, National Association System and method for funding a collective account
US7809595B2 (en) 2002-09-17 2010-10-05 Jpmorgan Chase Bank, Na System and method for managing risks associated with outside service providers
US7860789B2 (en) 2001-07-24 2010-12-28 Jpmorgan Chase Bank, N.A. Multiple account advanced payment card and method of routing card transactions
US7941355B1 (en) 2005-05-27 2011-05-10 Jpmorgan Chase Bank, N.A. Universal payment protection
US20110115756A1 (en) * 2007-11-14 2011-05-19 Nxp B.V. Electronic system and method of operating an electronic system
US7953663B1 (en) 2003-09-04 2011-05-31 Jpmorgan Chase Bank, N.A. System and method for financial instrument pre-qualification and offering
US8020754B2 (en) 2001-08-13 2011-09-20 Jpmorgan Chase Bank, N.A. System and method for funding a collective account by use of an electronic tag
US8033451B2 (en) 2001-08-13 2011-10-11 Jpmorgan Chase Bank, National Association System and method for funding a collective account by use of an electronic tag
US20120005091A1 (en) * 2001-01-19 2012-01-05 C-Sam, Inc. Transactional services
US8145549B2 (en) 2003-05-30 2012-03-27 Jpmorgan Chase Bank, N.A. System and method for offering risk-based interest rates in a credit instutment
US8239323B2 (en) 2003-09-23 2012-08-07 Jpmorgan Chase Bank, N.A. Method and system for distribution of unactivated bank account cards
US8285643B2 (en) 2008-06-12 2012-10-09 Monncello Enterprises, LLC System and method for processing gift cards
US8408455B1 (en) 2006-02-08 2013-04-02 Jpmorgan Chase Bank, N.A. System and method for granting promotional rewards to both customers and non-customers
US8417601B1 (en) 2007-10-18 2013-04-09 Jpmorgan Chase Bank, N.A. Variable rate payment card
US8533111B1 (en) 2004-08-03 2013-09-10 Jpmorgan Chase Bank, N.A. System and method for providing promotional pricing
US8630898B1 (en) 2005-02-22 2014-01-14 Jpmorgan Chase Bank, N.A. Stored value card provided with merchandise as rebate
US8676642B1 (en) 2007-07-05 2014-03-18 Jpmorgan Chase Bank, N.A. System and method for granting promotional rewards to financial account holders
US8719085B2 (en) 2001-01-18 2014-05-06 Jpmorgan Chase Bank, N.A. System and method for administering a brokerage rebate card program
US8751391B2 (en) 2002-03-29 2014-06-10 Jpmorgan Chase Bank, N.A. System and process for performing purchase transactions using tokens
US8781905B2 (en) 2000-08-01 2014-07-15 Jpmorgan Chase Bank, N.A. System and method for transponder-enabled account transactions
US8793160B2 (en) 1999-12-07 2014-07-29 Steve Sorem System and method for processing transactions
US8800857B1 (en) 2001-08-13 2014-08-12 Jpmorgan Chase Bank, N.A. System and method for crediting loyalty program points and providing loyalty rewards by use of an electronic tag
US9881299B2 (en) 2008-03-13 2018-01-30 Giftya Llc System and method for processing financial transactions
US9990642B2 (en) 2002-10-11 2018-06-05 Jpmorgan Chase Bank, N.A. System and method for granting promotional rewards to credit account holders
US10121127B1 (en) 2008-03-13 2018-11-06 Giftya Llc System and method for processing group gift cards
US10176476B2 (en) 2005-10-06 2019-01-08 Mastercard Mobile Transactions Solutions, Inc. Secure ecosystem infrastructure enabling multiple types of electronic wallets in an ecosystem of issuers, service providers, and acquires of instruments
US10282536B1 (en) 2002-03-29 2019-05-07 Jpmorgan Chase Bank, N.A. Method and system for performing purchase and other transactions using tokens with multiple chips
US10489776B2 (en) 2008-03-13 2019-11-26 Giftya Llc System and method for managing gift credits
US10726417B1 (en) 2002-03-25 2020-07-28 Jpmorgan Chase Bank, N.A. Systems and methods for multifactor authentication
US10846725B2 (en) 2008-03-13 2020-11-24 Giftya Llc Method for rule-based gift giving
US10949833B2 (en) 2008-03-13 2021-03-16 Giftya Llc Technologies for generating and displaying virtual and interactive egifts

Citations (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4016405A (en) * 1975-06-09 1977-04-05 Diebold, Incorporated Card validation, method and system
US4305059A (en) * 1980-01-03 1981-12-08 Benton William M Modular funds transfer system
US4454414A (en) * 1982-06-16 1984-06-12 Vericard Corporation Funds transfer system using optically coupled, portable modules
US4630201A (en) * 1984-02-14 1986-12-16 International Security Note & Computer Corporation On-line and off-line transaction security system using a code generated from a transaction parameter and a random number
US4650975A (en) * 1984-08-30 1987-03-17 Casio Computer Co., Ltd. IC card and an identification system thereof
US4709136A (en) * 1985-06-04 1987-11-24 Toppan Moore Company, Ltd. IC card reader/writer apparatus
US4874935A (en) * 1986-03-10 1989-10-17 Data Card Coprporation Smart card apparatus and method of programming same
US4980542A (en) * 1988-02-08 1990-12-25 Pitney Bowes Inc. Postal charge accounting system
US5012074A (en) * 1987-03-24 1991-04-30 Mitsubishi Denki Kabushiki Kaisha Apparatus for securing an IC-card issuing station
US5016274A (en) * 1988-11-08 1991-05-14 Silvio Micali On-line/off-line digital signing
US5025373A (en) * 1988-06-30 1991-06-18 Jml Communications, Inc. Portable personal-banking system
US5093862A (en) * 1988-07-20 1992-03-03 Spa Syspatronic Ag Data carrier-controlled terminal in a data exchange system
US5175416A (en) * 1989-10-06 1992-12-29 Mansvelt Andre Peter Funds transfer system
US5193114A (en) * 1991-08-08 1993-03-09 Moseley Donald R Consumer oriented smart card system and authentication techniques
US5224162A (en) * 1991-06-14 1993-06-29 Nippon Telegraph And Telephone Corporation Electronic cash system
US5237609A (en) * 1989-03-31 1993-08-17 Mitsubishi Denki Kabushiki Kaisha Portable secure semiconductor memory device
US5461217A (en) * 1994-02-08 1995-10-24 At&T Ipm Corp. Secure money transfer techniques using smart cards
US5473690A (en) * 1991-01-18 1995-12-05 Gemplus Card International Secured method for loading a plurality of applications into a microprocessor memory card
US5578808A (en) * 1993-12-22 1996-11-26 Datamark Services, Inc. Data card that can be used for transactions involving separate card issuers
US5629508A (en) * 1994-12-02 1997-05-13 American Card Technology, Inc. Dual smart card access control electronic data storage and retrieval system and methods

Patent Citations (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4016405A (en) * 1975-06-09 1977-04-05 Diebold, Incorporated Card validation, method and system
US4305059A (en) * 1980-01-03 1981-12-08 Benton William M Modular funds transfer system
US4454414A (en) * 1982-06-16 1984-06-12 Vericard Corporation Funds transfer system using optically coupled, portable modules
US4630201A (en) * 1984-02-14 1986-12-16 International Security Note & Computer Corporation On-line and off-line transaction security system using a code generated from a transaction parameter and a random number
US4650975A (en) * 1984-08-30 1987-03-17 Casio Computer Co., Ltd. IC card and an identification system thereof
US4709136A (en) * 1985-06-04 1987-11-24 Toppan Moore Company, Ltd. IC card reader/writer apparatus
US4874935A (en) * 1986-03-10 1989-10-17 Data Card Coprporation Smart card apparatus and method of programming same
US5012074A (en) * 1987-03-24 1991-04-30 Mitsubishi Denki Kabushiki Kaisha Apparatus for securing an IC-card issuing station
US4980542A (en) * 1988-02-08 1990-12-25 Pitney Bowes Inc. Postal charge accounting system
US5025373A (en) * 1988-06-30 1991-06-18 Jml Communications, Inc. Portable personal-banking system
US5093862A (en) * 1988-07-20 1992-03-03 Spa Syspatronic Ag Data carrier-controlled terminal in a data exchange system
US5016274A (en) * 1988-11-08 1991-05-14 Silvio Micali On-line/off-line digital signing
US5237609A (en) * 1989-03-31 1993-08-17 Mitsubishi Denki Kabushiki Kaisha Portable secure semiconductor memory device
US5175416A (en) * 1989-10-06 1992-12-29 Mansvelt Andre Peter Funds transfer system
US5473690A (en) * 1991-01-18 1995-12-05 Gemplus Card International Secured method for loading a plurality of applications into a microprocessor memory card
US5224162A (en) * 1991-06-14 1993-06-29 Nippon Telegraph And Telephone Corporation Electronic cash system
US5193114A (en) * 1991-08-08 1993-03-09 Moseley Donald R Consumer oriented smart card system and authentication techniques
US5578808A (en) * 1993-12-22 1996-11-26 Datamark Services, Inc. Data card that can be used for transactions involving separate card issuers
US5461217A (en) * 1994-02-08 1995-10-24 At&T Ipm Corp. Secure money transfer techniques using smart cards
US5629508A (en) * 1994-12-02 1997-05-13 American Card Technology, Inc. Dual smart card access control electronic data storage and retrieval system and methods

Cited By (105)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6304248B1 (en) * 1997-12-12 2001-10-16 Fujitsu Limited Coordinate input device
US6418422B1 (en) * 1997-12-15 2002-07-09 Francotype-Postalia Ag & Co. Postage meter machine with a chip card write/read unit and method for operating same
US7747463B1 (en) 1998-06-22 2010-06-29 Jpmorgan Chase Bank, N.A. Debit purchasing of stored value card for use by and/or delivery to others
US7818253B2 (en) 1998-06-22 2010-10-19 Jpmorgan Chase Bank, N.A. Debit purchasing of stored value card for use by and/or delivery to others
US7809642B1 (en) 1998-06-22 2010-10-05 Jpmorgan Chase Bank, N.A. Debit purchasing of stored value card for use by and/or delivery to others
US7809643B2 (en) 1998-06-22 2010-10-05 Jpmorgan Chase Bank, N.A. Debit purchasing of stored value card for use by and/or delivery to others
US7805368B2 (en) 1998-06-22 2010-09-28 Jpmorgan Chase Bank, N.A. Debit purchasing of stored value card for use by and/or delivery to others
US7801799B1 (en) 1998-11-17 2010-09-21 Jpmorgan Chase Bank, N.A. Customer activated multi-value (CAM) card
US7660763B1 (en) 1998-11-17 2010-02-09 Jpmorgan Chase Bank, N.A. Customer activated multi-value (CAM) card
US7707111B2 (en) 1998-11-17 2010-04-27 Jpmorgan Chase Bank, N.A. Customer activated multi-value (CAM) card
US7676429B2 (en) 1999-06-04 2010-03-09 Jpmorgan Chase Bank, N.A. Credit instrument and system providing multiple services including access to credit services and access to a service provider club
US8645265B2 (en) 1999-06-04 2014-02-04 Jpmorgan Chase Bank, N.A. System and method for card processing with automated payment of club, merchant, and service provider fees
US7159243B1 (en) * 1999-07-22 2007-01-02 Koninklijke Philips Electronics N.V. Data carrier for the storage of data and circuit arrangement for such a data carrier
US20090299872A1 (en) * 1999-08-26 2009-12-03 Moneycat Ltd. Electronic currency, electronic wallet therefor and electronic payment systems employing them
US8195578B2 (en) * 1999-08-26 2012-06-05 Moneycat Ltd. Electronic currency, electronic wallet therefor and electronic payment systems employing them
US8793160B2 (en) 1999-12-07 2014-07-29 Steve Sorem System and method for processing transactions
US7165049B2 (en) * 2000-02-09 2007-01-16 Jpmorgan Chase Bank, N.A. Sponsor funded stored value card
US20050251470A1 (en) * 2000-02-23 2005-11-10 Bank One Corporation Mutual fund card method and system
US8700529B2 (en) 2000-02-23 2014-04-15 Jpmorgan Chase Bank, N.A. Mutual fund card method and system
US8612341B2 (en) 2000-02-23 2013-12-17 Jpmorgan Chase Bank, N.A. Computerized funding of a second financial account by a first financial card
US20040193539A1 (en) * 2000-02-23 2004-09-30 Bank One Corporation Mutual fund card method and system
US7472092B2 (en) 2000-05-08 2008-12-30 Patricia Phelan Money order device with identity verification and method
US7280984B2 (en) 2000-05-08 2007-10-09 Phelan Iii Frank Money card system, method and apparatus
US20030200180A1 (en) * 2000-05-08 2003-10-23 Frank Phelan Money card system, method and apparatus
US8781905B2 (en) 2000-08-01 2014-07-15 Jpmorgan Chase Bank, N.A. System and method for transponder-enabled account transactions
US7203657B1 (en) * 2000-09-05 2007-04-10 Noam Eli M General packet-based payment and transaction method and system
US8719085B2 (en) 2001-01-18 2014-05-06 Jpmorgan Chase Bank, N.A. System and method for administering a brokerage rebate card program
US9870559B2 (en) 2001-01-19 2018-01-16 Mastercard Mobile Transactions Solutions, Inc. Establishing direct, secure transaction channels between a device and a plurality of service providers via personalized tokens
US9697512B2 (en) 2001-01-19 2017-07-04 Mastercard Mobile Transactions Solutions, Inc. Facilitating a secure transaction over a direct secure transaction portal
US20120005091A1 (en) * 2001-01-19 2012-01-05 C-Sam, Inc. Transactional services
US10217102B2 (en) 2001-01-19 2019-02-26 Mastercard Mobile Transactions Solutions, Inc. Issuing an account to an electronic transaction device
US20030233317A1 (en) * 2001-01-30 2003-12-18 Nyce Corporation Methods and systems for transferring funds
US7801816B2 (en) 2001-05-23 2010-09-21 Jp Morgan Chase Bank, N.A. System and method for currency selectable stored value instrument
US7890422B1 (en) 2001-07-24 2011-02-15 Jpmorgan Chase Bank, N.A. Multiple account advanced payment card and method of routing card transactions
US7860789B2 (en) 2001-07-24 2010-12-28 Jpmorgan Chase Bank, N.A. Multiple account advanced payment card and method of routing card transactions
US7809641B2 (en) 2001-07-26 2010-10-05 Jpmorgan Chase Bank, National Association System and method for funding a collective account
US8033451B2 (en) 2001-08-13 2011-10-11 Jpmorgan Chase Bank, National Association System and method for funding a collective account by use of an electronic tag
US8800857B1 (en) 2001-08-13 2014-08-12 Jpmorgan Chase Bank, N.A. System and method for crediting loyalty program points and providing loyalty rewards by use of an electronic tag
US8020754B2 (en) 2001-08-13 2011-09-20 Jpmorgan Chase Bank, N.A. System and method for funding a collective account by use of an electronic tag
US20050005140A1 (en) * 2001-12-27 2005-01-06 Infineon Technologies Ag Data processing device
US7756896B1 (en) 2002-03-11 2010-07-13 Jp Morgan Chase Bank System and method for multi-dimensional risk analysis
US10726417B1 (en) 2002-03-25 2020-07-28 Jpmorgan Chase Bank, N.A. Systems and methods for multifactor authentication
US10282536B1 (en) 2002-03-29 2019-05-07 Jpmorgan Chase Bank, N.A. Method and system for performing purchase and other transactions using tokens with multiple chips
US8751391B2 (en) 2002-03-29 2014-06-10 Jpmorgan Chase Bank, N.A. System and process for performing purchase transactions using tokens
US8239304B1 (en) 2002-07-29 2012-08-07 Jpmorgan Chase Bank, N.A. Method and system for providing pre-approved targeted products
US7676425B1 (en) 2002-07-29 2010-03-09 Jpmorgan Chase Bank, N.A. Method and system for providing flexible financing
US8095459B2 (en) 2002-07-29 2012-01-10 Jpmorgan Chase Bank, N.A. Method and system for providing flexible financing
US7809595B2 (en) 2002-09-17 2010-10-05 Jpmorgan Chase Bank, Na System and method for managing risks associated with outside service providers
US9990642B2 (en) 2002-10-11 2018-06-05 Jpmorgan Chase Bank, N.A. System and method for granting promotional rewards to credit account holders
US10007923B1 (en) 2002-10-11 2018-06-26 Jpmorgan Chase Bank, N.A. System and method for granting promotional rewards to credit account holders
US8306907B2 (en) 2003-05-30 2012-11-06 Jpmorgan Chase Bank N.A. System and method for offering risk-based interest rates in a credit instrument
US8145549B2 (en) 2003-05-30 2012-03-27 Jpmorgan Chase Bank, N.A. System and method for offering risk-based interest rates in a credit instutment
US7953663B1 (en) 2003-09-04 2011-05-31 Jpmorgan Chase Bank, N.A. System and method for financial instrument pre-qualification and offering
US8239323B2 (en) 2003-09-23 2012-08-07 Jpmorgan Chase Bank, N.A. Method and system for distribution of unactivated bank account cards
US8463681B2 (en) 2003-09-23 2013-06-11 Jpmorgan Chase Bank, N.A. Method and system for distribution of unactivated bank account cards
US20080109319A1 (en) * 2003-10-14 2008-05-08 Foss Sheldon H Family stored value card program
US7204412B2 (en) 2003-10-14 2007-04-17 Compucredit Intellectual Property Holdings Corp. Iii Family stored value card program
US20050098624A1 (en) * 2003-10-14 2005-05-12 Foss Sheldon H.Jr. Family stored value card program
US8533111B1 (en) 2004-08-03 2013-09-10 Jpmorgan Chase Bank, N.A. System and method for providing promotional pricing
US20080260156A1 (en) * 2004-08-19 2008-10-23 Akihiro Baba Management Service Device, Backup Service Device, Communication Terminal Device, and Storage Medium
US8630898B1 (en) 2005-02-22 2014-01-14 Jpmorgan Chase Bank, N.A. Stored value card provided with merchandise as rebate
US8245909B2 (en) 2005-05-27 2012-08-21 Jpmorgan Chase Bank, Na Method and system for implementing a card product with multiple customized relationships
US7941355B1 (en) 2005-05-27 2011-05-10 Jpmorgan Chase Bank, N.A. Universal payment protection
US8925802B1 (en) 2005-05-27 2015-01-06 Jpmorgan Chase Bank, N.A. Method and system for implementing a card product with multiple customized relationships
US8752759B1 (en) 2005-05-27 2014-06-17 Jpmorgan Chase Bank, N.A. Method and system for implementing a card product with multiple customized relationships
US8469265B2 (en) 2005-05-27 2013-06-25 Jpmorgan Chase Bank, N.A. Method and system for implementing a card product with multiple customized relationships
US10176476B2 (en) 2005-10-06 2019-01-08 Mastercard Mobile Transactions Solutions, Inc. Secure ecosystem infrastructure enabling multiple types of electronic wallets in an ecosystem of issuers, service providers, and acquires of instruments
US9990625B2 (en) 2005-10-06 2018-06-05 Mastercard Mobile Transactions Solutions, Inc. Establishing trust for conducting direct secure electronic transactions between a user and service providers
US10121139B2 (en) 2005-10-06 2018-11-06 Mastercard Mobile Transactions Solutions, Inc. Direct user to ticketing service provider secure transaction channel
US10140606B2 (en) 2005-10-06 2018-11-27 Mastercard Mobile Transactions Solutions, Inc. Direct personal mobile device user to service provider secure transaction channel
US7926711B2 (en) 2006-02-08 2011-04-19 Jpmorgan Chase Bank, N.A. System and method for granting promotional rewards to both customers and non-customers
US8517258B2 (en) 2006-02-08 2013-08-27 Jpmorgan Chase Bank, N.A. System and method for granting promotional rewards to both customers and non-customers
US8408455B1 (en) 2006-02-08 2013-04-02 Jpmorgan Chase Bank, N.A. System and method for granting promotional rewards to both customers and non-customers
US7784682B2 (en) 2006-02-08 2010-08-31 Jpmorgan Chase Bank, N.A. System and method for granting promotional rewards to both customers and non-customers
US7753259B1 (en) 2006-04-13 2010-07-13 Jpmorgan Chase Bank, N.A. System and method for granting promotional rewards to both customers and non-customers
US7946481B2 (en) * 2006-07-14 2011-05-24 Canon Kabushiki Kaisha System for registering and using administrative cards to enable configuration of an application and device
US20080011826A1 (en) * 2006-07-14 2008-01-17 Canon U.S.A., Inc. system for registering and using administrative cards to enable configuration of an application and device
US8676642B1 (en) 2007-07-05 2014-03-18 Jpmorgan Chase Bank, N.A. System and method for granting promotional rewards to financial account holders
US8533086B1 (en) 2007-10-18 2013-09-10 Jpmorgan Chase Bank, N.A. Variable rate payment card
US8417601B1 (en) 2007-10-18 2013-04-09 Jpmorgan Chase Bank, N.A. Variable rate payment card
US8581692B2 (en) * 2007-11-14 2013-11-12 Nxp B.V. Electronic system and method of operating an electronic system
US20110115756A1 (en) * 2007-11-14 2011-05-19 Nxp B.V. Electronic system and method of operating an electronic system
US8756157B1 (en) 2008-03-13 2014-06-17 Giftya Llc Method for providing a card-linked offer
US11049157B2 (en) 2008-03-13 2021-06-29 Giftya Llc System and method for managing gift credits for corporate benefits and offers
US9881299B2 (en) 2008-03-13 2018-01-30 Giftya Llc System and method for processing financial transactions
US11676131B2 (en) 2008-03-13 2023-06-13 Giftya Llc System and method for managing gifts
US8751392B1 (en) 2008-03-13 2014-06-10 Giftya Llc Method for transferring funds
US11455619B2 (en) 2008-03-13 2022-09-27 Giftya Llc Technologies for generating and displaying virtual and interactive egifts
US20090234771A1 (en) * 2008-03-13 2009-09-17 Patrick Ledbetter Method for transferring funds
US10489776B2 (en) 2008-03-13 2019-11-26 Giftya Llc System and method for managing gift credits
US8676704B2 (en) 2008-03-13 2014-03-18 Giftya Llc Method for transferring funds
US10846725B2 (en) 2008-03-13 2020-11-24 Giftya Llc Method for rule-based gift giving
US10949833B2 (en) 2008-03-13 2021-03-16 Giftya Llc Technologies for generating and displaying virtual and interactive egifts
US10121127B1 (en) 2008-03-13 2018-11-06 Giftya Llc System and method for processing group gift cards
US11379822B2 (en) 2008-03-13 2022-07-05 Giftya, Llc System and method for splitting a transaction
US11379823B2 (en) 2008-03-13 2022-07-05 Giftya Llc System and method for processing group gift cards using a temporary, limited scope social networking entity
US11392930B2 (en) 2008-03-13 2022-07-19 Giftya Llc System and method for processing gift transfers via a social network
US11392929B2 (en) 2008-03-13 2022-07-19 Giftya Llc System and method for processing gifts between different exchange medium
US11392928B2 (en) 2008-03-13 2022-07-19 Giftya Llc System and method for processing gift cards by intercepting a purchasing transaction
US11403618B2 (en) 2008-03-13 2022-08-02 Giftya Llc System and method for managing gifts
US11416846B2 (en) 2008-03-13 2022-08-16 Giftya Llc System and method for managing gifts
US11429953B2 (en) 2008-03-13 2022-08-30 Giftya Llc System and method for processing a gift involving separate transactions
US11449859B2 (en) 2008-03-13 2022-09-20 Giftya Llc System and method for enabling a user to choose how to redeem a gift credit
US20100023341A1 (en) * 2008-05-29 2010-01-28 Reel Drinks Llc Method for rule-based gift giving
US8285643B2 (en) 2008-06-12 2012-10-09 Monncello Enterprises, LLC System and method for processing gift cards

Similar Documents

Publication Publication Date Title
USH1794H (en) Secure money transfer techniques using hierarchical arrangement of smart cards
US5461217A (en) Secure money transfer techniques using smart cards
JP3083187B2 (en) Key management method of electronic wallet system
JP3542603B2 (en) System and method for re-evaluation of token stored in IC card
US4630201A (en) On-line and off-line transaction security system using a code generated from a transaction parameter and a random number
US5521362A (en) Electronic purse card having multiple storage memories to prevent fraudulent usage and method therefor
US7280984B2 (en) Money card system, method and apparatus
AU697632B2 (en) Trusted agents for open distribution of electronic money
US7269256B2 (en) Electronic-monetary system
US6529884B1 (en) Minimalistic electronic commerce system
JPH07254035A (en) Execution system of transaction with multifunctional card with built-in electronic purse
US7006998B2 (en) Payment system
US20020046186A1 (en) Electronic purse system having a double-structured purse, ic card applicable to the electronic purse system, ic card transaction apparatus having a double-structured purse, ic card transaction system having a double-structured purse, and ic card applicable to the
US20050197945A1 (en) Optical banking card
US7472092B2 (en) Money order device with identity verification and method
EP0769767A2 (en) Secure money transfer techniques using smart cards
JP3038654B2 (en) Electronic cashing card payment system
JPH05504643A (en) money transfer system
JP2971160B2 (en) Prepaid card system using IC card
JPH04227567A (en) Data transfer device and data transfer terminal device
JPH0619945A (en) Data transfer system portable terminal equipment
JP2000507380A (en) Safety module
Read EFTPOS: electronic funds transfer at point of sale
Schmidt et al. Is electronic cash possible?

Legal Events

Date Code Title Description
STCF Information on status: patent grant

Free format text: PATENTED CASE