WO1989010599A1 - Token and payment system - Google Patents

Token and payment system Download PDF

Info

Publication number
WO1989010599A1
WO1989010599A1 PCT/AU1989/000175 AU8900175W WO8910599A1 WO 1989010599 A1 WO1989010599 A1 WO 1989010599A1 AU 8900175 W AU8900175 W AU 8900175W WO 8910599 A1 WO8910599 A1 WO 8910599A1
Authority
WO
WIPO (PCT)
Prior art keywords
token
storage means
value
represented
monetary value
Prior art date
Application number
PCT/AU1989/000175
Other languages
French (fr)
Inventor
David Robert Brooks
Original Assignee
Magellan Corporation (Australia) Pty. Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Magellan Corporation (Australia) Pty. Ltd. filed Critical Magellan Corporation (Australia) Pty. Ltd.
Publication of WO1989010599A1 publication Critical patent/WO1989010599A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0866Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means by active credit-cards adapted therefor

Definitions

  • Tokens may take the form of decremental cards, "smart" cards, credit cards or other suitable means, adapted to represent a sum of money, which are to be used in place of conventional paper note or coin money.
  • a portable device herein termed a "token" which includes some means of representing a number or numbers, said number(s) representing a sum of money.
  • This token is presented to a suitable Reader Means, which having validated the token, reduces (or decrements) the stored amount by a suitable value, and then authorises some sale or service.
  • a suitable Reader Means which having validated the token, reduces (or decrements) the stored amount by a suitable value, and then authorises some sale or service.
  • An example is the magnetically encoded cards used in the United Kingdom for public telephones, where the "value” is encoded on a magnetic stripe. The telephone equipment adjusts this value downwards, as a call proceeds. When the card has been exhausted (i.e. the stored value has decremented to zero), a new card must be purchased.
  • Means are provided for cancelling such cells, but not for initially setting them (this being done at the factory).
  • An example is the use of an array of microscopic "fuses" on a VLSI chip. When such fuse is blown (by the Reader Means), it cannot be restored.
  • Such a system is described in U.S. 4,256,955, wherein the value stored is represented by a count of the number of fuse-sites remaining un-blown.
  • the present invention discloses employment of a property of modular arithmetic to construct a store of value from which value can only be withdrawn, but never replaced.
  • the method used depends upon the application of certain properties of "modular" arithmetic (that is, arithmetic in which the computations are performed in a fixed number of digits, rather than, as in ordinary hand arithmetic, allowing the numbers as many digits as necessary).
  • modulear that is, arithmetic in which the computations are performed in a fixed number of digits, rather than, as in ordinary hand arithmetic, allowing the numbers as many digits as necessary.
  • binary (ba ⁇ e-2) arithmetic will be used.
  • this is to be understood as exemplary only; the invention may be executed in any number-base desired, as will be understood by those skilled in the relevant arts.
  • a portable token including a storage means adapted to store a representation of a monetary value, wherein said monetary value is represented as the difference between the highest number that can be represented in said storage means and the monetary value actually intended to be represented.
  • the storage means is re-writeable such as an Electrically Erasable Programmable Read-only Memory EEPROM or the like.
  • the "token” there is provided in the "token”, as many storage bits as the ba ⁇ e-2 logarithm of the maximum value is required to store. As in the earlier instance, 16 bits would suffice to represent $600.00 by steps of 1 cent (since 2 to the power
  • a buffer means being adapted so as to receive data read from said storage means, or to present data to said storage means, to be written back thereto.
  • an adder means arranged to accept two numbers, one from said buffer means, and the other from the reader means aforesaid.
  • the adder means is arranged to compute the binary sum (in ordinary binary arithmetic) of the two numbers presented, and to replace the sum so computed in said buffer means, replacing the number originally present.
  • said adder means may receive its input numbers directly from said reader means and from said storage means, without the need to pass through said buffer means.
  • an overflow detector means so adapted as to record the presence or otherwise of a "carry” (in the usual arithmetic meaning of that term) from the most significant bits computed by said adder means.
  • said storage means shall contain binary zero. Value is represented as its binary complement, that is, if said storage means contains the binary number M, * N represented in N bits, the value so represented is 2 -M-l, in whatever monetary units have been chosen. It may be seen that the initially manufactured state represents a value of
  • the token is utilised by having said reader means present a value, Q, to said adder means, said value Q being represented in ordinary arithmetic notation, not in the "complement” notation aforesaid.
  • Said adder means then computes the sum of the number Q, and whatever value was previously stored in said storage means. Said sum is then placed in said buffer means.
  • said overflow detector means does not detect a carry-out from the most-significant bit-position of said adder means, the new sum is written back to said storage means (replacing the number previously stored), and a signal
  • system may be regarded as representing the stored value as the difference between the highest positive number which the storage means can accept
  • any attempt to "reduce” the stored value past zero, to a value numerically less (i.e. a larger monetary value) than its previous value, will likewise generate a carry-out, as will any attempt to "increment” the stored value by supplying a 2-s complement negative quantity from the reader means.
  • the "A" signal referred to above may be understood by said reader means as confirming that the required amount of value has been issued, while signal "B indicates that the amount required exceeds the stored
  • Any of the well-known error control mechanisms may be applied to said storage means and/or to the communication channel to said reader means if desired, to reduce the risk of circuit failures falsely appearing as excessive stored "credit".
  • some form of personalisation may be added, to prevent a thief from utilising a stolen token.
  • This might comprise a further number stored in said storage means, which is initially compared to a password entered by the user, and transmitted by said reader means. Such a comparison may readily be performed by a simple modification to the said adder means, as hereinafter described.
  • said adder means may be convenient to implement said adder means as a bit (or digit) serial circuit, comprising a single-digit adder, and an auxiliary storage means capable of holding a single binary bit. Successive digits of the incoming numbers are shifted through such an adder, and said auxiliary storage means holds the carry (if any) from each digit position to the next.
  • said auxiliary storage means itself serves the function of said overflow detector means, holding the overflow bit when the addition operation is concluded.
  • Fig. 1 shows the general arrangement of the system.
  • Fig. 2 shows a detailed internal arrangement of the token of the present invention.
  • Fig. 3 shows the general arrangement of a prior art option pad.
  • the preferred embodiment includes the password protection feature described above (this may of course, be omitted if not required). Error-checking is provided on transmitted messages, using the well-known CRC-16 code. Further details of this technique are described by International Business Machines (IBM) in their publication “Synchronous Data Link Control", order no. GA27-3093-2.
  • IBM International Business Machines
  • both the monetary credit and the password are represented as 16-bit binary numbers.
  • Operation commences when the token is presented to (brought into electrical contact with) the reader.
  • Some external means e.g. a keypad
  • the reader then prepares and transmits a message, in the format shown below, to the token.
  • the storage means (SM) to read its contents (32 bits) into the buffer means (BM), and also resets the bit counter (BC), the carry bit (CY) and the CRC Register (CR) .
  • the receiver presents the received data, together with a clock signal synchronised to that data, at one input of the adder means, serial adder (SA).
  • SA serial adder
  • the receiver merely accepts data and clock I directly from electrical contacts driven by the reader.
  • the bit counter is required to divide the incoming message into 3, 16-bit fields (charge amount, password, and CRC), for a total of 48 bits.
  • a 6-bit binary counter is used, wherein the lower 4 bits count bits within a field, 0 and the high 2 bits designate the current field.
  • the required credit amount is processed.
  • the amount to be charged is shifted in from the receiver, and simultaneously the existing stored 5 amount is shifted from the buffer means.
  • the serial adder here functions as a simple adder, and the 16-bit binary sum is shifted back into the left end of the buffer means.
  • the carry bit will be clear if sufficient 0 credit exists to cover the new charge, and set if not.
  • the CRC Register commences to compute the CRC result.
  • the receiver now supplies the 16 password bits.
  • the serial adder operates differently, 5 now comparing the bits from the buffer means and the receiver. In this mode, the serial adder copies the bits from the receiver to its output, from where they are shifted into the buffer means. If the bits differ, the carry becomes set, 0 otherwise it retains its previous value.
  • the CRC Register continues operations in parallel with the above. Note that there is no means, in this second field, for the carry bit to be cleared, once set. Hence, should it be set as 5 this field commences (denoting insufficient credit available), it will remain set. It follows that a set carry at the end of this field, indicates that the transaction may not proceed. 3.
  • the receiver finally supplies the remaining 16 CRC check-bits.
  • the CRC Register continues to evaluate the CRC algorithm. At the end of this field, a correct CRC is indicated by a certain constant result (see the IBM publication referred to above) in the CRC Register.
  • the serial adder performs two functions in the first two input fields, those of addition and comparison respectively. It is idle in the third field,
  • a PLA Programmed Logic Array
  • Recvd Buffer Carry Field : Adder Output Data Means In 1 : Sum Carry
  • PC password-control
  • An effective method is to provide a "test mode", in
  • test mode 35 all-zeros to be written to the storage means. Further in test mode, zero, not one, will normally be written to the password control bit. Before the token reaches the market, this test mode must be disabled.
  • One known method is to use a microscopic fuse (similar to the data-storage elements used in the prior art cited above); however these are awkward to produce on conventional MOS fabrication lines, and can cause reliability problems.
  • the 3 large squares denote 3 contact-pad sites at the edge of a semiconductor "chip".
  • the outer two are normal ground and V+ (supply voltage) pads, while the central pad implements the option. Note the arrangement of interdigitated metallic combs in the centre pad, and also the resistor between that pad and the V+ point.
  • test mode While the chip is being tested (i.e. test mode is active), contact probes are applied to the two outer pads, to operate the chip.
  • the resistor pulls the central pad towards V+, so asserting the signal test mode, and conditioning the internal logic accordingly.
  • the chip With testing complete, the chip is placed in a suitable package, and the connecting wires are attached.
  • the present invention contemplates many applications.
  • the present invention can be utilised at a toll collection point, for example the entrance to the
  • the Bridge entrance comprises 8 entrances and each car passing therethrough must stop, pay a toll, wait for verification of payment, and then proceed. This causes immense delays and traffic congestion on approaches to the Bridge. Similar problems are evident in many other parts of the world.
  • each Bridge lane may be fitted with an antenna structure for radiating a magnetic field.
  • Information data can be imposed over the field.
  • a driver having a token in the car can drive into a Bridge

Abstract

A portable token, containing a storage circuit capable of being re-written, adapted to store a representation of a monetary value (a "credit"). Such representation being in a number-complement form, that is, the value being represented as the difference between the highest number which can be represented in the given storage, and the value actually intended to be represented. The said token being so adapted as to accept the input of a second number, said second number being in normal arithmetic representation, constituting the cash-value of a "charge" which it is desired to apply against the stored credit aforesaid. The application of said "charge" being made by performing a normal arithmetic addition upon the stored value, and the said "charge" number. The appearance of a "carry" at the conclusion of such addition (i.e. denoting that the resulting sum is too large to store in the available storage means) serving to denote an invalid charge, said "carry" serving both to inhibit any alteration of the said stored credit value, and to indicate to an associated reader means, that the attempted transaction may not proceed.

Description

TOKEN AND PAYMENT SYSTEM FIELD OF INVENTION
The present invention relates to a payment system utilising tokens. Tokens may take the form of decremental cards, "smart" cards, credit cards or other suitable means, adapted to represent a sum of money, which are to be used in place of conventional paper note or coin money. BACKGROUND OF THE INVENTION
Many automated payment systems have been devised, comprising a portable device (herein termed a "token") which includes some means of representing a number or numbers, said number(s) representing a sum of money. This token is presented to a suitable Reader Means, which having validated the token, reduces (or decrements) the stored amount by a suitable value, and then authorises some sale or service. An example is the magnetically encoded cards used in the United Kingdom for public telephones, where the "value" is encoded on a magnetic stripe. The telephone equipment adjusts this value downwards, as a call proceeds. When the card has been exhausted (i.e. the stored value has decremented to zero), a new card must be purchased.
Such a simple system is inherently suitable only for low-value applications, due to both the vulnerability to damage of the magnetic stripe, and the small effort required to re-write it with any other values desired (i.e. effecting fraudulent alteration).
More sophisticated implementations have incorporated a VLSI silicon "chip" in the token, together with suitable data communication means. Many systems have been proposed for communicating between such tokens and the associated reading apparatus, including direct electrical contacts [many patents to Moreno, et al ] , microwaves [e.g. U.S. 4,506,148], and magnetic induction [co-pending applications]. The first of these options has been used in a similar public-telephone card system, in France. Naturally, in designing such tokens, care must be taken to make the fraudulent alteration of the stored value as difficult as possible. In some implementations, this is done by having a series of storage "cells", each representing an equal increment of value. Means are provided for cancelling such cells, but not for initially setting them (this being done at the factory). An example is the use of an array of microscopic "fuses" on a VLSI chip. When such fuse is blown (by the Reader Means), it cannot be restored. Such a system is described in U.S. 4,256,955, wherein the value stored is represented by a count of the number of fuse-sites remaining un-blown. DISCUSSION OF THE PRIOR ART
The principal disadvantage of such prior art techniques is that if other than a very small value is required, the number of storage cells becomes very large.
It would be much more efficient if the cells could be re-written, and used in a "weighted" manner, similar to the successive digits used to represent a number in ordinary arithmetic. As an example, using binary numbers, to store a value of $600.00, by steps of 1 cent, requires 60000 steps of value. Using a fuse array (or similar once-only device) would require 60000 fuses, one for each cent. Using ordinary binary numbers, a mere 16 bits suffices.
However, the presence of a means of resetting the storage cells, implies the risk of fraudulent resetting thereof. Other prior-art designs have employed a microprocessor chip in the token, to enforce suitable security measures against fraudulent alteration. Such chips add significantly to the cost of tokens. This is a serious drawback, since many applications seek to utilise the token as a minimal-cost, disposable item. The cost of microprocessor chips precludes this.
Faced as they are with the need for a large number of storage sites to accurately represent monetary values, some prior art systems have fallen back on a system in which the storage sites represent instances of use of the token, rather than an actual cash value. In effect, the monetary unit adopted is the price of the service concerned. An example is the "Multi Rider" bus tickets used in Perth, Western Australia, which are good for a fixed number of journeys, rather than a given sum.
The disadvantage of this system is the cash loss which occurs to the system operator following a price increase, since all tokens then in circulation continue to provide service at the old rate. With cash, not services, as the unit of measure, it is merely necessary for the system operator to reprogram the readers to the new price. SUMMARY OF THE PRESENT INVENTION
The present invention discloses employment of a property of modular arithmetic to construct a store of value from which value can only be withdrawn, but never replaced.
It is an objective of the present invention, to provide a decremental token having re-writeable storage means, so gaining the above-described advantages of small size, which nevertheless is not susceptible to fraudulent alteration. The method used depends upon the application of certain properties of "modular" arithmetic (that is, arithmetic in which the computations are performed in a fixed number of digits, rather than, as in ordinary hand arithmetic, allowing the numbers as many digits as necessary). In the following description, binary (baεe-2) arithmetic will be used. However, this is to be understood as exemplary only; the invention may be executed in any number-base desired, as will be understood by those skilled in the relevant arts.
According to the present invention, there is provided a portable token including a storage means adapted to store a representation of a monetary value, wherein said monetary value is represented as the difference between the highest number that can be represented in said storage means and the monetary value actually intended to be represented. Conveniently, the storage means is re-writeable such as an Electrically Erasable Programmable Read-only Memory EEPROM or the like.
According to a specific aspect of the invention, there is provided in the "token", as many storage bits as the baεe-2 logarithm of the maximum value is required to store. As in the earlier instance, 16 bits would suffice to represent $600.00 by steps of 1 cent (since 2 to the power
16 - 65536, or $655.36 by steps of $0.01).
There is further provided according to the invention, a buffer means, being adapted so as to receive data read from said storage means, or to present data to said storage means, to be written back thereto.
There is further provided an adder means, arranged to accept two numbers, one from said buffer means, and the other from the reader means aforesaid. The adder means is arranged to compute the binary sum (in ordinary binary arithmetic) of the two numbers presented, and to replace the sum so computed in said buffer means, replacing the number originally present. Alternatively, said adder means may receive its input numbers directly from said reader means and from said storage means, without the need to pass through said buffer means.
There is further provided an overflow detector means, so adapted as to record the presence or otherwise of a "carry" (in the usual arithmetic meaning of that term) from the most significant bits computed by said adder means.
As manufactured, said storage means shall contain binary zero. Value is represented as its binary complement, that is, if said storage means contains the binary number M, * N represented in N bits, the value so represented is 2 -M-l, in whatever monetary units have been chosen. It may be seen that the initially manufactured state represents a value of
2N-1 units.
The token is utilised by having said reader means present a value, Q, to said adder means, said value Q being represented in ordinary arithmetic notation, not in the "complement" notation aforesaid. Said adder means then computes the sum of the number Q, and whatever value was previously stored in said storage means. Said sum is then placed in said buffer means.
If said overflow detector means does not detect a carry-out from the most-significant bit-position of said adder means, the new sum is written back to said storage means (replacing the number previously stored), and a signal
10 (A) is sent to said reader means, confirming this. If however, a carry-out was detected, the sum is not written to said storage means, but is discarded. A different signal, (B), is then sent to said reader means, informing it of this action.
15 Given the above action in regard to carry-out, it will be found that the ordinary operation of binary addition will ensure that the value represented in said storage means, can only be reduced, never increased. When the storage means holds its maximum binary value (i.e. all
20 ones), no further additions are possible, and the token is exhausted, i.e. its stored quantity represents zero value.
Equivalently, the system may be regarded as representing the stored value as the difference between the highest positive number which the storage means can accept
25 (in the binary case, all ones), and the value it is actually intended to represent. As an example, in 16-bit binary arithmetic, reckoning in cents, consider the following case: Highest value possible « $655.36
Binary: 1111,1111,1111,1111
30 Available credit «= $ 35.27
Binary: 0000,1101,1100,0111 Representation in store Binary: 1111,0010,0011,1000 Transaction charges = $ 17.05
Binary: 0000,0110,1010,1001 -t- Amount remaining after addition
Binary: 1111,1000,1110,0001 Difference from max. = $ 18.22
Binary: 0000,0111,0001,1110 Consider now an invalid transaction, where we attempt to withdraw more credit than is available. Value represented « $ 18.22
Binary: 1111,1000,1110,0001 Attempted charge « $ 22.34
Binary: 0000,1000,1011,1010 Result of addition Binary: 1,0000,0001,1001,1011
Observe how, in this illegal case, the result is too large to represent in 16 bits. When such a computation is performed on a practical 16-bit adder, the 17th bit appears in the carry circuit and serves, as described above, to invalidate the transaction.
Further, any attempt to "reduce" the stored value past zero, to a value numerically less (i.e. a larger monetary value) than its previous value, will likewise generate a carry-out, as will any attempt to "increment" the stored value by supplying a 2-s complement negative quantity from the reader means.
When the token is first issued, it is merely necessary to add to it a value such as to leave in the * storage means (which was manufactured as all-zero) whatever value it is desired to issue. This may either be done at the factory, or at the point-of-issue, as convenient.
In use, the "A" signal referred to above, may be understood by said reader means as confirming that the required amount of value has been issued, while signal "B indicates that the amount required exceeds the stored
"credit", or is otherwise invalid, and cannot be issued
VARIATIONS AND EXTENSIONS
Any of the well-known error control mechanisms (parity, cyclic-redundancy coding, etc.) may be applied to said storage means and/or to the communication channel to said reader means if desired, to reduce the risk of circuit failures falsely appearing as excessive stored "credit".
If desired, some form of personalisation may be added, to prevent a thief from utilising a stolen token. This might comprise a further number stored in said storage means, which is initially compared to a password entered by the user, and transmitted by said reader means. Such a comparison may readily be performed by a simple modification to the said adder means, as hereinafter described.
The foregoing description has assumed binary (radix-2) arithmetic. However the invention may be implemented in any radix desired, provided the difference representation of the stored value is faithfully maintained. That is, if said storage means be adapted to hold N digits, each taking values between 0 and M-l (i.e. a radix-M system), the value represented in said storage means is understood as MN - X - 1, where X is the 'apparent' value in said storage means. The terms overflow and carry-out have their conventional, mathematical meanings in such a case.
In practical systems, it may be convenient to implement said adder means as a bit (or digit) serial circuit, comprising a single-digit adder, and an auxiliary storage means capable of holding a single binary bit. Successive digits of the incoming numbers are shifted through such an adder, and said auxiliary storage means holds the carry (if any) from each digit position to the next. In this case, when the addition is complete, said auxiliary storage means itself serves the function of said overflow detector means, holding the overflow bit when the addition operation is concluded.
If said storage, buffer, and addition means, together with suitable control means, be integrated together on a single VLSI "chip", fraudulent increase of the stored value will be almost impossible, as it would require access to the internal circuitry of the chip. BRIEF DESCRIPTION OF THE DRAWINGS
A preferred embodiment will be described, with reference to the accompanying Figures, wherein :
Fig. 1 shows the general arrangement of the system. Fig. 2 shows a detailed internal arrangement of the token of the present invention.
Fig. 3 shows the general arrangement of a prior art option pad. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
The preferred embodiment includes the password protection feature described above (this may of course, be omitted if not required). Error-checking is provided on transmitted messages, using the well-known CRC-16 code. Further details of this technique are described by International Business Machines (IBM) in their publication "Synchronous Data Link Control", order no. GA27-3093-2.
For simplicity, it will be assumed that communication between the reader and token is by direct electrical contact. Any other known system (e.g. those referred to above) may be used instead.
In this embodiment, both the monetary credit and the password, are represented as 16-bit binary numbers.
Operation commences when the token is presented to (brought into electrical contact with) the reader. Some external means (e.g. a keypad) informs the reader of the amount of monetary value (credit) to be withdrawn from the token, and also provides the password. The reader then prepares and transmits a message, in the format shown below, to the token.
Message Format from Reader
1. Charge Amount 16 bits
2. Password 16 bits
3. CRC-16 Check sum 16 bits. The initial application of electrical power to the token, causes its internal circuits to be placed in a reset
(initialised) condition. This causes the storage means (SM) to read its contents (32 bits) into the buffer means (BM), and also resets the bit counter (BC), the carry bit (CY) and the CRC Register (CR) . The receiver presents the received data, together with a clock signal synchronised to that data, at one input of the adder means, serial adder (SA). In its simplest embodiment, the receiver merely accepts data and clock I directly from electrical contacts driven by the reader.
The bit counter is required to divide the incoming message into 3, 16-bit fields (charge amount, password, and CRC), for a total of 48 bits. A 6-bit binary counter is used, wherein the lower 4 bits count bits within a field, 0 and the high 2 bits designate the current field. These fields are as follows :
1. First, the required credit amount is processed. The amount to be charged is shifted in from the receiver, and simultaneously the existing stored 5 amount is shifted from the buffer means. The serial adder here functions as a simple adder, and the 16-bit binary sum is shifted back into the left end of the buffer means. When this field is complete, the carry bit will be clear if sufficient 0 credit exists to cover the new charge, and set if not. Simultaneously with the above operations, the CRC Register commences to compute the CRC result.
2. The receiver now supplies the 16 password bits. In this field, the serial adder operates differently, 5 now comparing the bits from the buffer means and the receiver. In this mode, the serial adder copies the bits from the receiver to its output, from where they are shifted into the buffer means. If the bits differ, the carry becomes set, 0 otherwise it retains its previous value. As before, the CRC Register continues operations in parallel with the above. Note that there is no means, in this second field, for the carry bit to be cleared, once set. Hence, should it be set as 5 this field commences (denoting insufficient credit available), it will remain set. It follows that a set carry at the end of this field, indicates that the transaction may not proceed. 3. The receiver finally supplies the remaining 16 CRC check-bits. During this field, the buffer means does not shift, and the serial adder and carry bit are inoperative. The CRC Register continues to evaluate the CRC algorithm. At the end of this field, a correct CRC is indicated by a certain constant result (see the IBM publication referred to above) in the CRC Register.
At the conclusion of Field-3, the combination of a clear carry bit, and a valid CRC, indicate that the transaction is valid. The buffer means contents are re-written to the storage means, and the "A" signal is sent to the reader, to authorise the transaction. Should either of the above tests fail, no write operation occurs, and the "B" signal is sent to the reader, so invalidating the transaction. SERIAL ADDER DESIGN
As has been seen, the serial adder performs two functions in the first two input fields, those of addition and comparison respectively. It is idle in the third field,
Especially in a VLSI "chip" implementation, a PLA (Programmed Logic Array) is a very suitable implementation for this element. Suitable PLA coding is given below : Recvd, Buffer Carry Field : Adder Output Data Means In 1 : Sum Carry
L L L X : L L
L X H H : L H
L L H L : H L
L X L L : H L
L H X H L H
L H H X L H
H H X H H H
H H H L L H
H L L L L H
H L L H : H L
H L H X : H H PASSWORD CONTROL
In addition to the 32 storage means bits described (16 each credit and password), there is provided a 33rd password-control (PC) bit in the storage means. Like all c other bits, this bit is set to zero as initially manufactured. This bit has the following effects : 1. When zero, it inhibits the password comparison, in effect causing any password entered, to appear valid. 10 2. When one, it inhibits any write operations to the password field of the storage means. It does not affect writes to the credit field.
Whenever a write is made to the password field, the PC bit is also written with a one. This ensures that the ις first write made to the token, will set the initial credit value (by adding to the zero initially stored), and will load the password supplied, whatever it may be. Once this is done, no further alterations to the stored password are possible, neither can the stored credit be increased. 2 Further operations serve only to reduce the stored value. FACTORY INITIALISATION
As has been seen, it is necessary to ensure that tokens are despatched from the factory, with all storage cells reset to zero. Further, it will be necessary to _,. provide for factory testing of tokens, and of semiconductor "chips" used therein. Clearly, it is necessary to prevent unauthorised access to such test circuits, since they could provide an avenue for re-use of a token.
An effective method is to provide a "test mode", in
30 which write operations are performed to the storage means, whether or not the transaction is valid. For testing, the "B" output is still asserted on an invalid transaction, so permitting the validation circuitry to be proved out. This "test mode" permits, at the conclusion of tests, for
35 all-zeros to be written to the storage means. Further in test mode, zero, not one, will normally be written to the password control bit. Before the token reaches the market, this test mode must be disabled. One known method is to use a microscopic fuse (similar to the data-storage elements used in the prior art cited above); however these are awkward to produce on conventional MOS fabrication lines, and can cause reliability problems.
An alternative irreversible method, also well known, is the so-called "option pad", illustrated in Fig. 3.
The 3 large squares denote 3 contact-pad sites at the edge of a semiconductor "chip". The outer two are normal ground and V+ (supply voltage) pads, while the central pad implements the option. Note the arrangement of interdigitated metallic combs in the centre pad, and also the resistor between that pad and the V+ point.
While the chip is being tested (i.e. test mode is active), contact probes are applied to the two outer pads, to operate the chip. The resistor pulls the central pad towards V+, so asserting the signal test mode, and conditioning the internal logic accordingly.
With testing complete, the chip is placed in a suitable package, and the connecting wires are attached.
This latter process is commonly performed by some form of cold welding. The ground wire is now connected not to the left, but to the centre pad (the left pad being left vacant). The cold weld now spans several of the interdigitated fingers, so shorting the test mode signal to ground, and placing the internal logic in its normal operation mode. It is impractical to reverse this operation, without access to the micro-structure of the chip, to remove the welded connection.
The present invention contemplates many applications.
For example, the present invention can be utilised at a toll collection point, for example the entrance to the
Sydney Harbor Bridge. As is known, the Bridge entrance comprises 8 entrances and each car passing therethrough must stop, pay a toll, wait for verification of payment, and then proceed. This causes immense delays and traffic congestion on approaches to the Bridge. Similar problems are evident in many other parts of the world.
_ Utilising the present invention, and other inventions herein referred to, each Bridge lane may be fitted with an antenna structure for radiating a magnetic field. Information data can be imposed over the field. A driver having a token in the car can drive into a Bridge
-0 lane, and at a desirable speed. As the token passes through the magnetic field, it can be interrogated, have a value or
Bridge toll deducted from the representative value of the token, and upon verification, the driver can receive a response that the toll has been paid. If the token is not 1 . b_ valuable enough for the toll, various means can be used to inform or prosecute the driver. This type of system can also be used at the entrance to vehicle parking stations and stadiums by incorporating the verification step into a boom gate or turnstile activator. Other examples include _n activation of vending machines, hire of a video or game, payment of rail and bus fares or for any purpose where a fee must be paid for services.
The token of the present invention, and the payment system of the present invention can be modified or adapted _ in many ways, all of which are intended to be incorporated within the scope of this disclosure, as would be known to a skilled addressee.
0
5

Claims

THE CLAIMS DEFINING THE INVENTION ARE AS FOLLOWS:
1. A portable token including storage means adapted to store a representation of a monetary value whereby the token may have a cash value, wherein said monetary value is represented as the difference between the highest number that can be represented in said storage means and the monetary value actually intended to be represented.
2. A token as claimed in Claim 1, wherein said storage means is re-writeable.
3. A token as claimed in Claim 2, wherein said storage means is an Electrically Erasable Programmable Read-Only Memory (EEPROM).
4. A token as claimed in Claims 1, 2 or 3, wherein said monetary value is represented in number-complement form i.e. the value represented is the difference between the highest number that can be represented in said storage means and the monetary value actually represented.
5. A token as claimed in Claim 4, comprising buffer means adapted to receive data read from said storage means and to present data to said storage means to be written back thereto, adder means adapted to accept two numbers one from said buffer means and the other from said reader means, said adder means being adapted to compute a binary sum of the two numbers presented and to place the sum so computed in said buffer means and replace the number originally present.
6. A token as claimed in Claim 4, comprising buffer means adapted to receive data read from said storage means and to present data to said storage means to be written back thereto, adder means adapted to accept two numbers directly from said reader means and said storage means, said adder means adapted to compute a binary sum of the two numbers presented and to place the sum so computed in said buffer means and replace the number originally present.
7. A token as claimed in Claims 5 or 6, further including overflow detector means adapted to record the presence of an arithmetic carry from the most significant bits computed by said adder means, thereby denoting an invalid charge on the token.
8. A token as claimed in Claim 4, wherein the numbers are represented in binary notation.
9. A token as claimed in Claim 5, including further storage means adapted to store a password such that a transaction cannot be completed unless the correct password is received from said reader means.
10. A token as claimed in Claim 9, wherein said credit and password numbers are stored in contiguous areas of a single storage means.
11. A token as claimed in Claims 9 or 10, wherein a credit computation is performed first followed by a password test, the carry for said credit computation serving as an initial input to said password test, said input being adapted to set said carry bit to one if the password test fails, otherwise to leave it unchanged.
12. A token as claimed in Claim 11, including a single storage bit so arranged to permit the writing of the password storage area once only.
13. A token according to any preceding Claim, being further provided with circuitry to compute a check sum over any and all messages received from an associated reader means and/or from said storage means, and to regard as invalid any messages whose check sum does not compute correctly.
14. A token according to Claim 13, wherein said check sum is computed according to the CRC-16 algorithm.
15. A token according to any preceding Claim, wherein the several said computations are performed digit by digit, in a serial fashion.
16. A token according to any preceding Claim, wherein the said circuit functions are substantially entirely embodied in a single VLSI semiconductor "chip".
17. A token according to any preceding Claim, said token being substantially of similar dimensions to a standard credit card.
18. A token according to Claim 16 or 17, wherein the internal logic circuits provide a test mode for initial verification of the circuitry, and for initial zero-loading of the storage means, said test made being disabled before use of the chip, by an option pad as herein defined.
19. A toll collection system, comprising : a token adapted to represent a first monetary value in a number complement form, said value being stored in said token, and interrogation means adapted to provide a toll input to said token, wherein said token is adapted to validate said toll input when said first monetary value and said toll input are added to provide a second monetary value, said toll input being not more than said first monetary value and wherein : said token is adapted to invalidate or ignore said toll input when said toll input is greater than said first monetary value, the token thereby retaining the first monetary value.
20. A toll system as claimed in Claim 19, wherein a validated toll input allows a user access or entry and wherein a non-validated toll input does not allow the user access or entry.
PCT/AU1989/000175 1988-04-22 1989-04-21 Token and payment system WO1989010599A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AUPI788088 1988-04-22
AUPI7880 1988-04-22

Publications (1)

Publication Number Publication Date
WO1989010599A1 true WO1989010599A1 (en) 1989-11-02

Family

ID=3773041

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU1989/000175 WO1989010599A1 (en) 1988-04-22 1989-04-21 Token and payment system

Country Status (4)

Country Link
EP (1) EP0413733A4 (en)
JP (1) JPH04501026A (en)
WO (1) WO1989010599A1 (en)
ZA (1) ZA892976B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1991015832A1 (en) * 1990-04-02 1991-10-17 Security Telesis Limited Card security system
EP0607950A2 (en) * 1993-01-19 1994-07-27 Siemens Aktiengesellschaft Method and data carrier for checking the authenticity of chip memories

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3906460A (en) * 1973-01-11 1975-09-16 Halpern John Wolfgang Proximity data transfer system with tamper proof portable data token
US4001550A (en) * 1975-12-04 1977-01-04 Schatz Vernon L Universal funds transfer and identification card
AU3271578A (en) * 1977-01-25 1979-08-02 Bell-Fruit Manufacturing Company Limited Gaming machines
US4256955A (en) * 1977-03-31 1981-03-17 Compagnie Internationale Pour L'informatique System for keeping account of predetermined homogeneous units
US4341951A (en) * 1980-07-02 1982-07-27 Benton William M Electronic funds transfer and voucher issue system
AU8623282A (en) * 1981-01-30 1984-01-26 Paperless Accounting Inc. Adaptable value-token
AU8623382A (en) * 1982-07-20 1984-01-26 Paperless Accounting Inc. Portable data carrier incorporating manually presentable processing modes
US4511970A (en) * 1981-04-08 1985-04-16 Hitachi, Ltd. Portable terminal device
WO1986003040A1 (en) * 1984-11-15 1986-05-22 Intellicard International, Inc. A unitary, self-contained card verification and validation system and method
GB2178207A (en) * 1985-05-20 1987-02-04 Dainippon Printing Co Ltd Recording data in a card memory
GB2206431A (en) * 1987-06-30 1989-01-05 Motorola Inc Debit card circuits

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3870866A (en) * 1971-11-11 1975-03-11 Halpern John Wolfgang Fee charging system
FR2503423A1 (en) * 1981-03-31 1982-10-08 Flonic Sa Electronic memory for telephone prepaid transaction card - uses encoded memory to validate alteration of credit balance in on-card non-volatile memory

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3906460A (en) * 1973-01-11 1975-09-16 Halpern John Wolfgang Proximity data transfer system with tamper proof portable data token
US4001550A (en) * 1975-12-04 1977-01-04 Schatz Vernon L Universal funds transfer and identification card
US4001550B1 (en) * 1975-12-04 1988-12-13
AU3271578A (en) * 1977-01-25 1979-08-02 Bell-Fruit Manufacturing Company Limited Gaming machines
US4256955A (en) * 1977-03-31 1981-03-17 Compagnie Internationale Pour L'informatique System for keeping account of predetermined homogeneous units
US4341951A (en) * 1980-07-02 1982-07-27 Benton William M Electronic funds transfer and voucher issue system
AU8623282A (en) * 1981-01-30 1984-01-26 Paperless Accounting Inc. Adaptable value-token
US4511970A (en) * 1981-04-08 1985-04-16 Hitachi, Ltd. Portable terminal device
AU8623382A (en) * 1982-07-20 1984-01-26 Paperless Accounting Inc. Portable data carrier incorporating manually presentable processing modes
WO1986003040A1 (en) * 1984-11-15 1986-05-22 Intellicard International, Inc. A unitary, self-contained card verification and validation system and method
GB2178207A (en) * 1985-05-20 1987-02-04 Dainippon Printing Co Ltd Recording data in a card memory
GB2206431A (en) * 1987-06-30 1989-01-05 Motorola Inc Debit card circuits

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
PATENT ABSTRACTS OF JAPAN, p-437, page 90, JP,A, 60-207964 (Toshiba K.K.) 19 October 1985 (19.10.85) *
PATENT ABSTRACTS OF JAPAN, p-591, page 134, JP,A, 62-25372 (Hitachi Ltd) 3 February 1987 (03.02.87) *
See also references of EP0413733A4 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1991015832A1 (en) * 1990-04-02 1991-10-17 Security Telesis Limited Card security system
EP0607950A2 (en) * 1993-01-19 1994-07-27 Siemens Aktiengesellschaft Method and data carrier for checking the authenticity of chip memories
EP0607950A3 (en) * 1993-01-19 1997-01-08 Siemens Ag Method and data carrier for checking the authenticity of chip memories.

Also Published As

Publication number Publication date
EP0413733A4 (en) 1991-10-16
ZA892976B (en) 1990-12-28
EP0413733A1 (en) 1991-02-27
JPH04501026A (en) 1992-02-20

Similar Documents

Publication Publication Date Title
RU2139570C1 (en) Method and device facilitating use of set of credit cards and the like
US6119945A (en) Method and system for storing tickets on smart cards
US5521362A (en) Electronic purse card having multiple storage memories to prevent fraudulent usage and method therefor
US4105156A (en) Identification system safeguarded against misuse
JPH03241463A (en) Payment or information transfer system by maney card with electronic memory
EP1190396B1 (en) Payment system
JPH0622032B2 (en) Payment system for public services by electronic card
AU3832689A (en) Bi-modular integrated circuit card payment system
US20010014885A1 (en) IC card and its controller, and a method for selection of IC card applications
EP0798671B1 (en) Off-line data terminal with virtual on-line capabilities
US6095411A (en) Electronic debit card and method for recharging an electronic debit card
US5033021A (en) Method of recording successive balances in an electronic memory, and a system for implementing said method
EP0413733A4 (en) Token and payment system
AU621890B2 (en) Token and payment system
KR100470731B1 (en) An Integrated Payment System and its Method of Toll and Parking Fee using various Contactless IC cards for Electronic Money
EP1074951B1 (en) Settlement system and card
JP2899464B2 (en) Electronic asset data transfer method
EP0635774B1 (en) Hand-held terminal for performing purchasing, debit, credit and drawing operations
HU219703B (en) Method and equipment for paying by costumer's chip cards with purse function
KR100521993B1 (en) Card terminal which has advanced/deferred payment function, method for settling advanced/deferred payment
US20070226151A1 (en) Method for Processing a Cashless Payment Transaction
JP3499423B2 (en) Parking lot management device with parking fee discount function
JPH021095A (en) Controller for card with prepaid type memory
KR20030083805A (en) Electronics coin dealings system and method for a future payment
KR100363204B1 (en) System for exchange the items of an account use for vending machine and Method for exchange the items of an account

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AT AU BB BG BR CH DE DK FI GB HU JP KP KR LK LU MC MG MW NL NO RO SD SE SU US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE BF BJ CF CG CH CM DE FR GA GB IT LU ML MR NL SE SN TD TG

WWE Wipo information: entry into national phase

Ref document number: 1989905383

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWP Wipo information: published in national office

Ref document number: 1989905383

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 1989905383

Country of ref document: EP