WO2000074007A1 - Network authentication with smart chip and magnetic stripe - Google Patents

Network authentication with smart chip and magnetic stripe Download PDF

Info

Publication number
WO2000074007A1
WO2000074007A1 PCT/US2000/014592 US0014592W WO0074007A1 WO 2000074007 A1 WO2000074007 A1 WO 2000074007A1 US 0014592 W US0014592 W US 0014592W WO 0074007 A1 WO0074007 A1 WO 0074007A1
Authority
WO
WIPO (PCT)
Prior art keywords
server
smart chip
card
magnetic stripe
user device
Prior art date
Application number
PCT/US2000/014592
Other languages
French (fr)
Inventor
Robert Lee
Thomas E. Honey
Original Assignee
Utm Systems Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Utm Systems Corporation filed Critical Utm Systems Corporation
Priority to AU52962/00A priority Critical patent/AU5296200A/en
Publication of WO2000074007A1 publication Critical patent/WO2000074007A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/347Passive cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code
    • G07F7/1075PIN is checked remotely
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal

Definitions

  • the invention relates to methods in networked computer systems for authenticating a user to a server using a magnetic stripe card and a card reader with a smart chip connected to or embedded in a user device such as a computer or cellular telephone.
  • plastic cards have magnetic stripes that contain the cardholder's personal information, e.g., name and card account number.
  • readers for reading the magnetic stripes at many retail point-of-sale locations.
  • Debit cards can be used at these locations by swiping the card through the reader and entering a personal identification number (PIN) into the reader's keypad.
  • PIN personal identification number
  • Adequate authentication of the user is achieved by a secure communications connection between the reader and a remote computer/server and by the cardholder possessing a debit card that can be read by the reader and knowing the PIN associated with the card.
  • Various companies including IBM, Hewlett-Packard, Intel, and Wave have proposed solving this problem by including a "smart chip" in each personal computer for secure authentication.
  • the smart chip stores or creates on command a unique, encrypted identification code that cannot be read but can be used to prove the identification of the chip to a remote computer/server across a communications line.
  • proper decryption of this code by the server provides a secure identification of the computer.
  • the owner of the host computer with the smart chip can be held responsible for its use. Entry of a PIN at a keyboard connected to the host computer may also be required. With the ability to prove which host computer placed a communication for a transaction and that a particular PIN was used, adequate secure authentication will be achieved for many network transactions.
  • Each smart card includes a smart chip as described above.
  • the smart card is guarded by its owner like a key.
  • the person who possesses the smart card is presumed to be its proper owner. Entry of a PIN at a keyboard connected to the host computer to which the smart card reader is connected can also be required.
  • adequate secure authentication will be achieved for many network transactions.
  • the invention is a method for using a device that incorporates a mag-stripe card reader head with a smart chip and can be connected to a computer network such as the internet.
  • the device includes a slot for swiping a mag-stripe card, a read head within the slot, and a secure identity circuit for authentication (smart chip).
  • a smart chip authentication circuit
  • a smart chip is a circuit that can perform authentication to a remote server across a network by confirming a unique identification to the remote server without revealing to the local computer or any intervening device in the communications link enough information that, if captured, can be used to imitate the smart chip.
  • Such chips are well known. They generally work by using a secret key to encrypt a piece of information. If the appropriate decryption key successfully decrypts the information, the identity is authenticated.
  • the authentication circuit (smart chip) provides a unique identity of the device and the person to whom the smart chip was issued is kept in a database.
  • mag-stripe card can be duplicated or imitated, unlike the smart chip, and is therefore less secure than the smart chip, requiring the use of a mag-stripe card with certain information which matches information contained within a database as well as the smart chip increases the confidence of authentication. Therefore, such a device provides additional security to a transaction on an unsecure network such as the internet because the user was required to possess both the magnetic stripe card with appropriate information and a smart chip that authenticates to the server, thereby increasing the security of authentication.
  • a personal identification number is also required.
  • the PIN may be associated either with the mag-stripe card or with the smart chip or be a single PIN which is associated with both of them.
  • the PIN may be verified by the smart chip or it may be transmitted to the server for verification, preferably using encryption by the smart chip before it is transmitted.
  • the PIN may be entered on a keyboard of a personal computer to which the device is connected or, for better security, on a keypad on the device with the smart chip.
  • the reader device with the smart chip may be used by a merchant to authenticate himself to a financial institution using the smart chip and a PIN.
  • the merchant may then swipe a payment card, such as a credit card or debit card, from a customer to perform a card present financial transaction. If the entry of a PIN is required of the customer, the customer can enter a second PIN on the keypad. When used for this purpose, the merchant will have entered a PIN to authenticate the identity of the merchant and the customer will also have entered a PIN to authenticate the identity of the customer.
  • a payment card such as a credit card or debit card
  • mag-stripe cards each can require a different PIN.
  • Information from the mag-stripe card is passed to the smart chip which then determines which PIN is required based on that information and based on information securely stored in the smart chip's memory.
  • the information read from the magnetic stripe card can be used to verify that an appropriate card has been swiped. If the information read from the card does not match processing requirements securely stored in the smart chip, the required authentication will fail.
  • Figure 1 shows the invented method in a preferred embodiment.
  • Figure 2 shows a variation of the invented method where data from the mag- stripe is verified on a server.
  • Figure 3 shows an elaboration of the method for use in payment card transactions.
  • Figure 4 is a side plan view of a card reader with smart chip.
  • FIG. 5 is a block diagram of the circuitry for the card reader of Figure 4.
  • Figure 6 is a top plan view of a cellular telephone that includes a smart chip and card reader.
  • Figure 7 is a front perspective view of a computer system to which is connected the card reader of Figure 4.
  • Each card reader is uniquely identified by a smart chip, which may be on a removable card, and each smart chip is associated with a respective owner through the unique identification.
  • the unique identification code of the smart chip is registered on a remote central computer/server in association with accurate identification of the owner to whom the smart chip was issued. Using a secure PIN, the smart chip owner can access the functions of the smart chip.
  • the name or other identification is read from the card and is compared with an identification on the central computer/server associated with the unique identification code stored in or generated by the smart chip. If the name and code do not match, then the transaction may be disallowed for inadequate authentication.
  • mag-stripe card containing certain information
  • a smart chip with a secure authentication feature proving a certain identification. Requiring both together provides a more secure authentication than requiring either alone. For further security, a PIN may also be required.
  • the card reader is preferably portable and easily connected to or disconnected from the cardholder's computer or any other host computer. This allows the cardholder to easily guard his/her possession of the reader and to permit others to use his/her computer without a security risk.
  • the smart chip may be removable to achieve the same security. Unlike prior art smart card systems, however, possession of only the smart-card reader and knowledge of a PIN is not enough to establish authentication. A mag-stripe card encoded with either a name that matches the name of the cardholder to which the reader was issued or a number that is on the authorized list is also required. Therefore, because the mag- stripe card reader with smart chip is like a key, it is aptly described as a card reader with an electronic key.
  • the smart chip encrypts the identification code and magnetic-stripe information according to conventional encryption techniques.
  • the identification code may be stored in encrypted form on the smart chip or the information may be stored in encrypted form on the magnetic stripe for processing by the smart chip before being sent to the server.
  • the microcontroller does not alter the code or the magnetic-stripe information before sending it to the remote computer/server.
  • the remote computer/server determines whether the cardholder identified by the magnetic-stripe information is authorized to use the card reader having a smart chip with the unique identification code.
  • the remote computer/server stores the information for the cardholder who is authorized to use the particular card reader.
  • the remote computer/server allows the transaction to proceed. If, however, the magnetic-stripe information does not correspond to the cardholder information stored for the unique identification code, then the remote computer/server cancels the transaction.
  • FIG. 1 shows the preferred method for using a card with a magnetic stripe and a smart chip to authenticate a user.
  • step 101 data is read from the magnetic stripe on the card by the magnetic stripe reader head.
  • the data is processed in the local device, step 102.
  • the functions of the local device may be performed in the smart chip or, for those functions which do not require the security of a smart chip, in an auxiliary processor.
  • the data read from a card is verified, either by merely confirming that it appears to be complete and in the correct format or by using a secure storage feature of the smart chip to determine that the data read from the magnetic stripe, such as a user name or account number, matches data securely stored in the smart chip.
  • step 102 information which is a function of the data read from the magnetic stripe, f(data), is stored in the smart chip or in an auxiliary memory. What is stored can be a portion of the original data or a hash of part of the original data or a signature generated from part of the original data or an encryption of the data or any other information which is derived from the data and varies as a function of the data contents.
  • step 103 the user enters a personal identification number (PIN) at a keyboard.
  • PIN personal identification number
  • the keyboard is preferably not connected to a personal computer because they are unsecure and can be monitored by unauthorized software to capture the user's personal identification number.
  • the keyboard is preferably located on a device containing the smart chip which is, in turn, connected to the personal computer such that the PIN is never transmitted to the personal computer.
  • step 104 the PIN is verified.
  • the preferred method is to use the well known PIN function of a smart chip.
  • the PIN can be encrypted by an encryption function of the smart chip or a separate encryption circuit and transmitted to a remote server for verification.
  • the PIN can be a PIN which is associated with the card or a PIN which is associated with the smart chip or a single PIN which is associated with both of them. If the information in the smart chip is configured to work with several mag-stripe cards, the PIN verification can be done in the smart chip even though any of several different PINs are verifiable.
  • step 105 information to be processed is received by the local device.
  • the information to be processed will be the details of the payment transaction specifying a dollar amount or a party to be paid or any other appropriate information.
  • the purpose of the authentication is to establish a digital signature which can not be repudiated, the information to be processed will consist of the document to be signed with the digital signature.
  • the purpose of the authentication is to allow an authorized person to make use of a secure network, the information to be processed will typically be a user name or a password for the network.
  • the information derived from the mag-stripe, f(data) is combined with information to be processed and the smart chip is used to encrypt or sign the combined information with a key that a recipient can decrypt or verify.
  • the signed or encrypted combined information is transmitted on an unsecure network or placed in a storage device for physical transmission to a recipient.
  • the recipient identifies the appropriate key to use for decrypting the signature or the entire combined information based on an identification of the sender.
  • the identification of the sender can be determined from an identification of the smart chip or data from the mag-stripe card.
  • the recipient then uses the key to decrypt the signature or combined information. If the decryption is successful, this authenticates the identification of the smart chip that was used and reveals f(data) derived from magnetic stripe information on the card which can then be compared to records in a database to verify that the correct card (or a counterfeit thereof) was present.
  • the user was authenticated based on (1) possession of a magnetic stripe card with appropriate data and (2) possession of a smart chip with an appropriate encryption key and (3) knowledge of an appropriate personal identification number (PIN).
  • PIN personal identification number
  • Figure 2 illustrates some variations on the method shown in Figure 1.
  • One of the variations is that a personal identification number is not required.
  • Another variation is that the verification of data read from the mag-stripe on the card is done on a remote server before the smart chip is used to encrypt or sign information such that when the information is decrypted authentication of the smart chip is established.
  • the server that verifies the mag-stripe data before the process is allowed to proceed may be a different server from the server that receives the information to be processed.
  • step 111 data is read from the mag-stripe on the card.
  • this data is encrypted and forwarded to a server via an unsecure network.
  • step 113 the mag-stripe information is decrypted to verify that the correct mag-stripe card has been read.
  • the mag- stripe data need not be encrypted before being forwarded to the server for verification. However, to minimize security risk, it is preferable to encrypt the information before transmission on the unsecure network. If the information on the card is verified, the process, on both the local device and on the server, then proceeds to the next step.
  • step 114 information to be processed is received at the local device with a smart chip.
  • step 115 the information or a part of the information or a hash of the information is encrypted or signed and transmitted on the network.
  • the server is ready to receive the encrypted or signed information because it has already verified the data from the mag-stripe or has received a message from another server that this step was accomplished successfully. It then decrypts the information to verify that it was encrypted with a key contained within the appropriate smart chip. The user has now been authenticated based on both the smart chip and the data from the mag-stripe. In step 117, the information which has been authenticated is forwarded to recipients who rely on the authentication.
  • Figure 3 shows how the authentication based on a smart chip and a mag- stripe card is performed in the context of payment card transactions.
  • a variation illustrated in Figure 3 is a step of mutual authentication between the user device and an authentication server.
  • a personal account number (PAN) is read from the magnetic stripe on a payment card, which may be a credit card or debit card or ATM card.
  • the PAN is verified by the smart chip.
  • the smart chip contains a copy of the PAN or data which is derived from the PAN, f(PAN), in its secure memory where it cannot be extracted from the smart chip.
  • the PAN read from the mag-stripe card is loaded into the smart chip which performs a routine to compare it to the PAN or f(PAN) within its secure memory.
  • the smart chip then returns a verification that the PAN is correct or a denial that it is not correct.
  • information which is a function of the PAN, f(PAN) is stored. If the PAN is verified, the process proceeds to the next step. If not, the process is aborted.
  • the step of verifying the PAN can be omitted to allow any card to be used with the user device as discussed below.
  • step 123 a PIN entered by a user is received from the keyboard.
  • the keyboard is preferably connected to the user device but not to a local personal computer.
  • step 124 the PIN is verified by the smart chip. If the PIN is verified, the process proceeds to the next step. If it is not, the process is aborted.
  • step 125 the smart chip in the user device initiates a communication to an authentication server across a network. At this point, the PAN has been verified and the PIN has been verified. Now the authentication server verifies the identification of the smart chip using any of several well established smart chip authentication procedures, step 126.
  • the authentication may be one sided, as just described, from the user device to the server.
  • the server also authenticates itself to the user device by sending to the user device an encrypted nonce which only the user device with a key contained within secure memory in the smart chip can decrypt. If the user device properly authenticates itself to the server and the server properly authenticates itself to the user device, the user device will then proceed to the next step.
  • the user has been authenticated by possession of a positively identified smart chip, possession of a card with a magnetic stripe (or a counterfeit thereof) and knowledge of a personal identification number.
  • the requirement of the PIN can be omitted. If any one of these three required elements has failed, the process is aborted.
  • step 127 transaction data is received by the user device. This will typically be a dollar amount and an identification of a merchant to be paid. Because the personal account number will be required for subsequent processing of the transaction, f(PAN) is combined with the transaction data and the two are encrypted or signed using the smart chip, step 128. The encrypted or signed data is transmitted across an unsecure network to a recipient.
  • the recipient computer decrypts the encrypted or signed data. If decryption is successful, this verifies that a particular key was used which key is contained only in a certain smart chip, thereby authenticating that the particular smart chip was used. To determine which key to use for decryption, the owner of the smart chip is verified based upon the personal account number which was transmitted in one form or another as f(PAN).
  • mag-stripe card that is used in step 121 can be a card that does not belong to the person who owns the smart chip used for encryption in step 128.
  • the reader with smart chip can be a merchant who wishes to accept a credit card or a debit card for payment.
  • the card holder in addition to the smart chip owner entering a PIN in step 123, the card holder can be required to enter a PIN for the cardholder for verification by a server. If the card was a credit card, the fact that f(PAN) was derived from data read from the card provides a verification that the card was present. If the card is a debit card, the card owner has entered the appropriate PIN which is then encrypted along with f(PAN) in step 128 and forwarded to the recipient for verification of the PIN entered by the cardholder.
  • the server can transmit to the user device a challenge seeking a response that only an authentic user would know, such as date of birth, mother's maiden name, social security number, PIN, etc.
  • the challenge can be presented on a screen display at the user's location, typically a personal computer or cell phone.
  • the response entered by the user can be sent, with or without encryption, to the server as an additional authentication step.
  • the invented method can be used for additional security for digital signatures.
  • the party making the signature By requiring the party making the signature to possess both the proper smart chip and the proper card with a magnetic stripe, it becomes more difficult for the owner of these two devices to later repudiate his signature and claim that he was impersonated. This can have particular value for parties who wish to guarantee signatures of others in transactions such as stock transfer transactions.
  • the company responsible for making stock transfers relies on a trusted party to guarantee the signature of the transferor who is someone that the guarantor knows or has meet in person to satisfy himself on identification. The guarantor then needs to apply his own digital signature so that the transaction information can be immediately transferred by a network for execution.
  • the stock transfer company can be confident that they are dealing with the guarantor and not an impersonator.
  • mag-stripe card reader with smart chip may be embodied in a PCMCIA card for insertion into a PCMCIA slot, in an external card reader that plugs into a serial or parallel port or keyboard port such as the Innovonics device ( Figure 11 of US Patent 5,815,577), or in a device which is mounted in the case of a personal host computer much like a disk drive or CD-ROM drive. Because the reader includes a smart chip, which may be removable, the smart chip may be used for other familiar smart chip functions such as digital signatures or storing electronic cash for micro- payments.
  • the mag-stripe reader with smart chip may be coupled to a computer system or to a web TV system by any of the familiar methods: serial port, parallel port, keyboard port, USB port, infrared link, PCMCIA slot, or simulation of a floppy disk in a disk drive as disclosed in US patent application serial number 09/322,669 by one of the same inventors.
  • the mag-stripe card reader with smart chip may be incorporated into another portable device such as a cellular telephone ( Figure 6) or personal digital assistant (PDA).
  • a cellular telephone Figure 6
  • PDA personal digital assistant
  • a credit card or debit card may be used to charge a telephone call or remotely authorize a charge to the account for any other reason, or the owner can download cash (telephone usage credits) into the smart chip and then give the telephone to another to use with the stored credits as a limit on the amount of telephone charges that can be incurred.
  • PDA personal digital assistant
  • FIG 4 is a side plan view of a card reader 10 according to an embodiment of the invention.
  • the reader 10 includes a housing 12 having a slot 14 for receiving a card 16 having a magnetic stripe 18.
  • the slot 14 provides adequate clearance for receiving the card but a tight enough fit to ensure that the magnetic stripe 18 is properly aligned for reading.
  • a conventional magnetic read head 20 reads the information stored on the magnetic stripe 18 as the card 16 is inserted into the slot 14.
  • An optional and conventional sensor 22 senses whether the card is present within the slot 14.
  • a cable 26 allows communication to a host computer such as a personal computer, or the card reader 10 may be wireless, and thus include a radio or infrared transmitter instead of the cable 26.
  • a light-emitting-diode (LED) array 28 or other display indicates the status of the card-reader 10.
  • An optional keyboard shown as component 60 in Figure 7, allows the user to enter a personal identification number (PIN). With the keyboard and a removable smart chip on a card placed in smart card slot 62 in Figure 7, this device is essentially the same as shown in Figure 11 of US Patent 5,815,577 to Innovonics.
  • the smart chip 24 may be programmed for authentication via dual key
  • the smart chip 24 may include electronic-key circuitry that is capable of authentication by securely encrypting a unique identifier and transmitting it to a remote computer/server such as with DES encryption or another encryption protocol.
  • FIG 5 is a schematic block diagram of a circuit 30 for the card reader 10 of Figure 4.
  • the circuit 30 includes the smart chip 24 and the LED 28.
  • the circuit 30 includes optional card detection/retention circuitry 32.
  • the circuitry 32 includes the card sensor 22 ( Figure 4) and monitors whether the card 16 ( Figure 4) is inserted within the slot 14 or not.
  • the circuitry 32 includes conventional hardware for retaining the card 16 within the slot 14 until a transaction is complete. Additionally, if the user enters a wrong PIN number for more than a predetermined number of times or performs some other incorrect act, the circuitry 32 may permanently retain the inserted card on the basis that the user is not authorized to possess it.
  • Magnetic-stripe read circuitry 34 includes the read head 20 ( Figure 4) and reads the magnetically encoded data from the magnetic stripe 18 and converts it into a digital read signal.
  • a microcontroller 36 is coupled to the smart chip 24, the LED circuit 28, the detection circuit 32, and the read circuitry 34.
  • the microcontroller 36 includes a processor, buffers, memory, and other peripheral circuits.
  • the microcontroller functions may be preformed by a microcontroller in the smart chip or by a programmable logic array or other logic circuit.
  • a cardholder inserts the card 16 into the slot 14 of the card reader 10 after the LED array 28 indicates that the reader 10 is ready to accept the card 16.
  • the head 20 senses the magnetically encoded information on the stripe 18 and converts this information into electrical signals.
  • the read circuitry 34 then converts these electrical signals into a digital signal that represents the stored information and provides this digital signal to the microcontroller 36.
  • the microcontroller 36 After the microcontroller 36 receives this stored information, it causes the LED to indicate successful reading. Additionally, the sensor 22 generates a signal indicating that the card 16 has been inserted into the slot 14, and the circuitry 32 provides this signal to the microcontroller 36.
  • the microcontroller 36 obtains the unique identification code from the smart chip 24, which is preferably generated by encryption of data received from an external source, and provides this unique code and the information read from the magnetic stripe 18 to a remote computer/server via the host computer to which the card reader 10 is connected.
  • the microcontroller may also send confirmation to the remote computer/server that the card 16 is inserted within the slot 14, i.e., that the card 16 has not been removed from the slot 14 since the magnetic-stripe information has been read.
  • the remote computer/server may cancel the requested transaction if the card 16 is removed from the slot 14 before the transaction is complete.
  • the circuitry 32 provides information to the microcontroller 36 as to the relative position of the card 16 with respect to the slot 14. In one embodiment, the card sensor 22 detects when the cardholder removes the card 16 from the slot 14, and the circuitry 32 notifies the microcontroller 36. If the transaction is not completed, then the microcontroller 36 notifies the remote computer/server of the premature card removal, and the remote computer/server may cancel the transaction in response to this notification.
  • the remote computer/server may periodically poll the microcontroller 36, which notifies the remote computer/server of the card position (inserted or removed) with respect to the slot 14.
  • the card sensor 22 and the card detection circuitry 32 are omitted from the card reader 10 in another embodiment of the invention.
  • the microcontroller 36 determines that the card 16 is inserted into the slot 14 in response to receiving the magnetic-stripe information from the read circuitry 34 as the cardholder inserts the card 16 into the slot 14.
  • the microcontroller 36 determines that the card 16 is removed from the slot 14 in response to receiving the magnetic-stripe information as the cardholder removes the card 16 from the slot 14.
  • the microcontroller 36 receives the magnetic-stripe information as the cardholder inserts the card 16 into the slot 14 and sets a corresponding flag. As long as the microcontroller 36 does not re-receive this information, it determines that the card 16 is present within the slot 14 and does not reset the flag. But once the microcontroller 36 receives the magnetic- strip information again, it determines that the cardholder is removing or has removed the card 16 from the slot 14 and thus resets the flag. The microcontroller 36 may then notify the remote computer/server of the card's removal as discussed above.
  • Figure 6 is front plan view of a cellular telephone 40, which includes a card reader according to an embodiment of the invention.
  • the telephone 40 includes a case 42 and a card slot 44 formed therein.
  • the telephone 40 also includes the smart chip 24, which might be removable by mounting on a SIM chip such as is commonly used in cellular telephones, and the read head 20, and may include the card sensor 22, of Figure 4 and the circuitry 30 of Figure 5. Alternatively, the telephone 40 may omit the sensor 22 and use the microcontroller 36 to determine the card position with respect to the slot 44 as described above.
  • the slot 44 has a stop 46 to hold the card in place while the transaction is taking place.
  • the telephone 40 transmits the unique identification code from the smart chip, information read from the magnetic stripe 18 of the card 16 ( Figure 4), and other transaction information via an antenna 48 and cellular network (not shown) to the remote computer/server.
  • FIG 7 is a front view of a computer system 50, which includes the card reader 10 according to an embodiment of the invention with a slot 14 for the mag- stripe card.
  • the system 50 includes a computer 52 and a monitor 54, keyboard 56, and mouse 58 connected to the computer 52.
  • the keypad 60 on the card reader is shown, as well as the slot 62 for removing the smart chip which is mounted on a smart card.
  • This embodiment is essentially the same as shown in Figure 11 of US Patent 5,815,577 to Innovonics.
  • the card reader with smart chip may be incorporated into the personal computer.

Abstract

A method for using a device that incorporates a magnetic stripe card reader head with a smart chip and can be connected to a computer network such as the Internet to authenticate a user to a remote server on the network. The method involves reading data from the magnetic stripe (101), verifying data from the magnetic stripe (102), receiving a personal identification number entered on a keyboard on the device (103), verifying the personal identification number (104), encrypting with a key contained in the smart chip a piece of data for sending to the remote server along with information identifying the source (106), and, on the remote server, looking up an appropriate key for decryption based on the identification of the source and verifying the authentication if the decryption is successful (108). Variations on the method include verifying the mag-stripe data on a remote server instead of within the smart chip, verifying the PIN on a remote server instead of within the smart chip, and adding various kinds of information to be sent to the server along with the essential elements required for authentication. The method may be used to authenticate digital signatures or signature guarantees, or for transactions using debit cards or credit cards. If the reader device with a smart chip is owned by a merchant, the merchant can further authenticate himself with a personal identification number, and the card holder will swipe his card into the device and identify himself with a second personal identification number.

Description

NETWORK AUTHENTICATION WITH SMART CHIP AND MAGNETIC STRIPE
Relation to Previous Application
This application is a continuation-in-part of application U.S. Patent Application, Serial No. 09/322,670 filed on May 28, 1999.
Technical Field:
The invention relates to methods in networked computer systems for authenticating a user to a server using a magnetic stripe card and a card reader with a smart chip connected to or embedded in a user device such as a computer or cellular telephone.
Background of the Invention:
Many forms of plastic cards have magnetic stripes that contain the cardholder's personal information, e.g., name and card account number. There are readers for reading the magnetic stripes at many retail point-of-sale locations. Debit cards can be used at these locations by swiping the card through the reader and entering a personal identification number (PIN) into the reader's keypad. Adequate authentication of the user is achieved by a secure communications connection between the reader and a remote computer/server and by the cardholder possessing a debit card that can be read by the reader and knowing the PIN associated with the card.
For transactions on unsecure networks such as the internet, the above- described secure authentication features are not available. There is no adequately secure communications connection between a card reader that is connected to the user's host computer and the remote computer/server.
Various companies, including IBM, Hewlett-Packard, Intel, and Wave have proposed solving this problem by including a "smart chip" in each personal computer for secure authentication. The smart chip stores or creates on command a unique, encrypted identification code that cannot be read but can be used to prove the identification of the chip to a remote computer/server across a communications line. Thus, proper decryption of this code by the server provides a secure identification of the computer. Presumably, the owner of the host computer with the smart chip can be held responsible for its use. Entry of a PIN at a keyboard connected to the host computer may also be required. With the ability to prove which host computer placed a communication for a transaction and that a particular PIN was used, adequate secure authentication will be achieved for many network transactions. Other companies have proposed the use of smart cards placed in a smart- card reader at each host computer for secure authentication. Each smart card includes a smart chip as described above. The smart card is guarded by its owner like a key. The person who possesses the smart card is presumed to be its proper owner. Entry of a PIN at a keyboard connected to the host computer to which the smart card reader is connected can also be required. With the ability to prove which smart card was used for a transaction and that the PIN associated with the smart card was also used, adequate secure authentication will be achieved for many network transactions.
SUMMARY OF THE INVENTION
The invention is a method for using a device that incorporates a mag-stripe card reader head with a smart chip and can be connected to a computer network such as the internet. The device includes a slot for swiping a mag-stripe card, a read head within the slot, and a secure identity circuit for authentication (smart chip). For purposes of this discussion, a smart chip (authentication circuit) is a circuit that can perform authentication to a remote server across a network by confirming a unique identification to the remote server without revealing to the local computer or any intervening device in the communications link enough information that, if captured, can be used to imitate the smart chip. Such chips are well known. They generally work by using a secret key to encrypt a piece of information. If the appropriate decryption key successfully decrypts the information, the identity is authenticated.
The authentication circuit (smart chip) provides a unique identity of the device and the person to whom the smart chip was issued is kept in a database. Although the mag-stripe card can be duplicated or imitated, unlike the smart chip, and is therefore less secure than the smart chip, requiring the use of a mag-stripe card with certain information which matches information contained within a database as well as the smart chip increases the confidence of authentication. Therefore, such a device provides additional security to a transaction on an unsecure network such as the internet because the user was required to possess both the magnetic stripe card with appropriate information and a smart chip that authenticates to the server, thereby increasing the security of authentication.
For still greater security of authentication, a personal identification number (PIN) is also required. The PIN may be associated either with the mag-stripe card or with the smart chip or be a single PIN which is associated with both of them. The PIN may be verified by the smart chip or it may be transmitted to the server for verification, preferably using encryption by the smart chip before it is transmitted. The PIN may be entered on a keyboard of a personal computer to which the device is connected or, for better security, on a keypad on the device with the smart chip. The reader device with the smart chip may be used by a merchant to authenticate himself to a financial institution using the smart chip and a PIN. The merchant may then swipe a payment card, such as a credit card or debit card, from a customer to perform a card present financial transaction. If the entry of a PIN is required of the customer, the customer can enter a second PIN on the keypad. When used for this purpose, the merchant will have entered a PIN to authenticate the identity of the merchant and the customer will also have entered a PIN to authenticate the identity of the customer.
If the user device is configured to work with several different mag-stripe cards, each can require a different PIN. Information from the mag-stripe card is passed to the smart chip which then determines which PIN is required based on that information and based on information securely stored in the smart chip's memory. Also, the information read from the magnetic stripe card can be used to verify that an appropriate card has been swiped. If the information read from the card does not match processing requirements securely stored in the smart chip, the required authentication will fail.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 shows the invented method in a preferred embodiment. Figure 2 shows a variation of the invented method where data from the mag- stripe is verified on a server.
Figure 3 shows an elaboration of the method for use in payment card transactions. Figure 4 is a side plan view of a card reader with smart chip.
Figure 5 is a block diagram of the circuitry for the card reader of Figure 4.
Figure 6 is a top plan view of a cellular telephone that includes a smart chip and card reader. Figure 7 is a front perspective view of a computer system to which is connected the card reader of Figure 4.
DETAILED DESCRIPTION OF THE INVENTION
Each card reader is uniquely identified by a smart chip, which may be on a removable card, and each smart chip is associated with a respective owner through the unique identification. The unique identification code of the smart chip is registered on a remote central computer/server in association with accurate identification of the owner to whom the smart chip was issued. Using a secure PIN, the smart chip owner can access the functions of the smart chip. When a cardholder places a mag-stripe card in the reader, the name or other identification is read from the card and is compared with an identification on the central computer/server associated with the unique identification code stored in or generated by the smart chip. If the name and code do not match, then the transaction may be disallowed for inadequate authentication. By this process, two hardware items are required to authenticate the user: a mag-stripe card containing certain information and a smart chip with a secure authentication feature proving a certain identification. Requiring both together provides a more secure authentication than requiring either alone. For further security, a PIN may also be required.
The card reader is preferably portable and easily connected to or disconnected from the cardholder's computer or any other host computer. This allows the cardholder to easily guard his/her possession of the reader and to permit others to use his/her computer without a security risk. Alternatively, the smart chip may be removable to achieve the same security. Unlike prior art smart card systems, however, possession of only the smart-card reader and knowledge of a PIN is not enough to establish authentication. A mag-stripe card encoded with either a name that matches the name of the cardholder to which the reader was issued or a number that is on the authorized list is also required. Therefore, because the mag- stripe card reader with smart chip is like a key, it is aptly described as a card reader with an electronic key.
To perform the authentication, the smart chip encrypts the identification code and magnetic-stripe information according to conventional encryption techniques. Alternatively, the identification code may be stored in encrypted form on the smart chip or the information may be stored in encrypted form on the magnetic stripe for processing by the smart chip before being sent to the server. In such a case, the microcontroller does not alter the code or the magnetic-stripe information before sending it to the remote computer/server. Then, the remote computer/server determines whether the cardholder identified by the magnetic-stripe information is authorized to use the card reader having a smart chip with the unique identification code. Typically, the remote computer/server stores the information for the cardholder who is authorized to use the particular card reader. Therefore, if the magnetic-stripe information corresponds to cardholder information stored for the unique code, then the remote computer/server allows the transaction to proceed. If, however, the magnetic-stripe information does not correspond to the cardholder information stored for the unique identification code, then the remote computer/server cancels the transaction.
Methods Performed by the User Device and Servers Figure 1 shows the preferred method for using a card with a magnetic stripe and a smart chip to authenticate a user. In step 101 , data is read from the magnetic stripe on the card by the magnetic stripe reader head. The data is processed in the local device, step 102. The functions of the local device may be performed in the smart chip or, for those functions which do not require the security of a smart chip, in an auxiliary processor. The data read from a card is verified, either by merely confirming that it appears to be complete and in the correct format or by using a secure storage feature of the smart chip to determine that the data read from the magnetic stripe, such as a user name or account number, matches data securely stored in the smart chip. In step 102, information which is a function of the data read from the magnetic stripe, f(data), is stored in the smart chip or in an auxiliary memory. What is stored can be a portion of the original data or a hash of part of the original data or a signature generated from part of the original data or an encryption of the data or any other information which is derived from the data and varies as a function of the data contents.
Once f(data) has been stored, the process proceeds to step 103. In step 103, the user enters a personal identification number (PIN) at a keyboard. The keyboard is preferably not connected to a personal computer because they are unsecure and can be monitored by unauthorized software to capture the user's personal identification number. The keyboard is preferably located on a device containing the smart chip which is, in turn, connected to the personal computer such that the PIN is never transmitted to the personal computer.
In step 104, the PIN is verified. This can be accomplished in many ways. The preferred method is to use the well known PIN function of a smart chip. Alternatively, the PIN can be encrypted by an encryption function of the smart chip or a separate encryption circuit and transmitted to a remote server for verification. The PIN can be a PIN which is associated with the card or a PIN which is associated with the smart chip or a single PIN which is associated with both of them. If the information in the smart chip is configured to work with several mag-stripe cards, the PIN verification can be done in the smart chip even though any of several different PINs are verifiable. Once the PIN is verified, the process proceeds to step 105. In step 105, information to be processed is received by the local device. If the authentication system is being used for a payment transaction, the information to be processed will be the details of the payment transaction specifying a dollar amount or a party to be paid or any other appropriate information. If the purpose of the authentication is to establish a digital signature which can not be repudiated, the information to be processed will consist of the document to be signed with the digital signature. If the purpose of the authentication is to allow an authorized person to make use of a secure network, the information to be processed will typically be a user name or a password for the network. In step 106, the information derived from the mag-stripe, f(data), is combined with information to be processed and the smart chip is used to encrypt or sign the combined information with a key that a recipient can decrypt or verify. In step 107, the signed or encrypted combined information is transmitted on an unsecure network or placed in a storage device for physical transmission to a recipient.
In step 108, the recipient identifies the appropriate key to use for decrypting the signature or the entire combined information based on an identification of the sender. The identification of the sender can be determined from an identification of the smart chip or data from the mag-stripe card. The recipient then uses the key to decrypt the signature or combined information. If the decryption is successful, this authenticates the identification of the smart chip that was used and reveals f(data) derived from magnetic stripe information on the card which can then be compared to records in a database to verify that the correct card (or a counterfeit thereof) was present.
In the process just described, the user was authenticated based on (1) possession of a magnetic stripe card with appropriate data and (2) possession of a smart chip with an appropriate encryption key and (3) knowledge of an appropriate personal identification number (PIN).
Figure 2 illustrates some variations on the method shown in Figure 1. One of the variations is that a personal identification number is not required. Another variation is that the verification of data read from the mag-stripe on the card is done on a remote server before the smart chip is used to encrypt or sign information such that when the information is decrypted authentication of the smart chip is established. The server that verifies the mag-stripe data before the process is allowed to proceed may be a different server from the server that receives the information to be processed. In step 111 , data is read from the mag-stripe on the card. In step 112, this data is encrypted and forwarded to a server via an unsecure network. In step 113, the mag-stripe information is decrypted to verify that the correct mag-stripe card has been read. Of course, for the essential purposes of the invented method, the mag- stripe data need not be encrypted before being forwarded to the server for verification. However, to minimize security risk, it is preferable to encrypt the information before transmission on the unsecure network. If the information on the card is verified, the process, on both the local device and on the server, then proceeds to the next step. In step 114, information to be processed is received at the local device with a smart chip. At step 115, the information or a part of the information or a hash of the information is encrypted or signed and transmitted on the network. At step 116, the server is ready to receive the encrypted or signed information because it has already verified the data from the mag-stripe or has received a message from another server that this step was accomplished successfully. It then decrypts the information to verify that it was encrypted with a key contained within the appropriate smart chip. The user has now been authenticated based on both the smart chip and the data from the mag-stripe. In step 117, the information which has been authenticated is forwarded to recipients who rely on the authentication.
Figure 3 shows how the authentication based on a smart chip and a mag- stripe card is performed in the context of payment card transactions. A variation illustrated in Figure 3 is a step of mutual authentication between the user device and an authentication server. In step 121 , a personal account number (PAN) is read from the magnetic stripe on a payment card, which may be a credit card or debit card or ATM card. In step 122, the PAN is verified by the smart chip. The smart chip contains a copy of the PAN or data which is derived from the PAN, f(PAN), in its secure memory where it cannot be extracted from the smart chip. For the verification process, the PAN read from the mag-stripe card is loaded into the smart chip which performs a routine to compare it to the PAN or f(PAN) within its secure memory. The smart chip then returns a verification that the PAN is correct or a denial that it is not correct. Then, somewhere in the user device, in the smart chip or in other memory, information which is a function of the PAN, f(PAN), is stored. If the PAN is verified, the process proceeds to the next step. If not, the process is aborted. The step of verifying the PAN can be omitted to allow any card to be used with the user device as discussed below.
In step 123, a PIN entered by a user is received from the keyboard. As discussed above, the keyboard is preferably connected to the user device but not to a local personal computer. In step 124, the PIN is verified by the smart chip. If the PIN is verified, the process proceeds to the next step. If it is not, the process is aborted. In step 125, the smart chip in the user device initiates a communication to an authentication server across a network. At this point, the PAN has been verified and the PIN has been verified. Now the authentication server verifies the identification of the smart chip using any of several well established smart chip authentication procedures, step 126. The authentication may be one sided, as just described, from the user device to the server. Preferably, the server also authenticates itself to the user device by sending to the user device an encrypted nonce which only the user device with a key contained within secure memory in the smart chip can decrypt. If the user device properly authenticates itself to the server and the server properly authenticates itself to the user device, the user device will then proceed to the next step.
At this point, the user has been authenticated by possession of a positively identified smart chip, possession of a card with a magnetic stripe (or a counterfeit thereof) and knowledge of a personal identification number. As mentioned above, the requirement of the PIN can be omitted. If any one of these three required elements has failed, the process is aborted.
In step 127, transaction data is received by the user device. This will typically be a dollar amount and an identification of a merchant to be paid. Because the personal account number will be required for subsequent processing of the transaction, f(PAN) is combined with the transaction data and the two are encrypted or signed using the smart chip, step 128. The encrypted or signed data is transmitted across an unsecure network to a recipient.
At step 129, the recipient computer decrypts the encrypted or signed data. If decryption is successful, this verifies that a particular key was used which key is contained only in a certain smart chip, thereby authenticating that the particular smart chip was used. To determine which key to use for decryption, the owner of the smart chip is verified based upon the personal account number which was transmitted in one form or another as f(PAN).
As an alternative embodiment, instead of using f(PAN) to look up the key to use for decryption, other unencrypted information identifying the smart chip can be sent along with the transaction data and f(PAN). This other information can then be used to find the key for decrypting a message encrypted with that smart chip. In this embodiment, the mag-stripe card that is used in step 121 can be a card that does not belong to the person who owns the smart chip used for encryption in step 128. For example, the reader with smart chip can be a merchant who wishes to accept a credit card or a debit card for payment. In this case, in addition to the smart chip owner entering a PIN in step 123, the card holder can be required to enter a PIN for the cardholder for verification by a server. If the card was a credit card, the fact that f(PAN) was derived from data read from the card provides a verification that the card was present. If the card is a debit card, the card owner has entered the appropriate PIN which is then encrypted along with f(PAN) in step 128 and forwarded to the recipient for verification of the PIN entered by the cardholder. If additional security is desired in any of the above described methods or variations, the server can transmit to the user device a challenge seeking a response that only an authentic user would know, such as date of birth, mother's maiden name, social security number, PIN, etc. The challenge can be presented on a screen display at the user's location, typically a personal computer or cell phone. The response entered by the user can be sent, with or without encryption, to the server as an additional authentication step.
In addition to the suggested uses for payment card transactions, the invented method can be used for additional security for digital signatures. By requiring the party making the signature to possess both the proper smart chip and the proper card with a magnetic stripe, it becomes more difficult for the owner of these two devices to later repudiate his signature and claim that he was impersonated. This can have particular value for parties who wish to guarantee signatures of others in transactions such as stock transfer transactions. In these situations, the company responsible for making stock transfers relies on a trusted party to guarantee the signature of the transferor who is someone that the guarantor knows or has meet in person to satisfy himself on identification. The guarantor then needs to apply his own digital signature so that the transaction information can be immediately transferred by a network for execution. By requiring the guarantor to possess both the magnetic stripe card with appropriate data and a smart chip with an appropriate securely stored encryption key, the stock transfer company can be confident that they are dealing with the guarantor and not an impersonator.
User Device Hardware Description The mag-stripe card reader with smart chip may be embodied in a PCMCIA card for insertion into a PCMCIA slot, in an external card reader that plugs into a serial or parallel port or keyboard port such as the Innovonics device (Figure 11 of US Patent 5,815,577), or in a device which is mounted in the case of a personal host computer much like a disk drive or CD-ROM drive. Because the reader includes a smart chip, which may be removable, the smart chip may be used for other familiar smart chip functions such as digital signatures or storing electronic cash for micro- payments. The mag-stripe reader with smart chip may be coupled to a computer system or to a web TV system by any of the familiar methods: serial port, parallel port, keyboard port, USB port, infrared link, PCMCIA slot, or simulation of a floppy disk in a disk drive as disclosed in US patent application serial number 09/322,669 by one of the same inventors.
The mag-stripe card reader with smart chip may be incorporated into another portable device such as a cellular telephone (Figure 6) or personal digital assistant (PDA). When incorporated into a cellular telephone, a credit card or debit card may be used to charge a telephone call or remotely authorize a charge to the account for any other reason, or the owner can download cash (telephone usage credits) into the smart chip and then give the telephone to another to use with the stored credits as a limit on the amount of telephone charges that can be incurred. Similarly, when incorporated into a PDA, it may be used with the PDA's communication features.
Figure 4 is a side plan view of a card reader 10 according to an embodiment of the invention. The reader 10 includes a housing 12 having a slot 14 for receiving a card 16 having a magnetic stripe 18. The slot 14 provides adequate clearance for receiving the card but a tight enough fit to ensure that the magnetic stripe 18 is properly aligned for reading. A conventional magnetic read head 20 reads the information stored on the magnetic stripe 18 as the card 16 is inserted into the slot 14. An optional and conventional sensor 22 senses whether the card is present within the slot 14. A smart chip 24, which may be removable such as by mounting on a smart card or on a SIM, contains a unique code that identifies the card reader 10. A cable 26 allows communication to a host computer such as a personal computer, or the card reader 10 may be wireless, and thus include a radio or infrared transmitter instead of the cable 26. A light-emitting-diode (LED) array 28 or other display indicates the status of the card-reader 10. An optional keyboard, shown as component 60 in Figure 7, allows the user to enter a personal identification number (PIN). With the keyboard and a removable smart chip on a card placed in smart card slot 62 in Figure 7, this device is essentially the same as shown in Figure 11 of US Patent 5,815,577 to Innovonics. The smart chip 24 may be programmed for authentication via dual key
(public/private) encryption such as for use with the secure electronic transactions (SET) protocol. Alternatively, the smart chip 24 may include electronic-key circuitry that is capable of authentication by securely encrypting a unique identifier and transmitting it to a remote computer/server such as with DES encryption or another encryption protocol.
Figure 5 is a schematic block diagram of a circuit 30 for the card reader 10 of Figure 4. The circuit 30 includes the smart chip 24 and the LED 28. In addition, the circuit 30 includes optional card detection/retention circuitry 32. In one embodiment, the circuitry 32 includes the card sensor 22 (Figure 4) and monitors whether the card 16 (Figure 4) is inserted within the slot 14 or not. In another embodiment, the circuitry 32 includes conventional hardware for retaining the card 16 within the slot 14 until a transaction is complete. Additionally, if the user enters a wrong PIN number for more than a predetermined number of times or performs some other incorrect act, the circuitry 32 may permanently retain the inserted card on the basis that the user is not authorized to possess it. Magnetic-stripe read circuitry 34 includes the read head 20 (Figure 4) and reads the magnetically encoded data from the magnetic stripe 18 and converts it into a digital read signal. A microcontroller 36 is coupled to the smart chip 24, the LED circuit 28, the detection circuit 32, and the read circuitry 34. In one embodiment, the microcontroller 36 includes a processor, buffers, memory, and other peripheral circuits. Alternatively, the microcontroller functions may be preformed by a microcontroller in the smart chip or by a programmable logic array or other logic circuit.
Referring to Figures 4 and 5, in operation, a cardholder inserts the card 16 into the slot 14 of the card reader 10 after the LED array 28 indicates that the reader 10 is ready to accept the card 16. As the magnetic stripe 18 moves by the read head 20, the head 20 senses the magnetically encoded information on the stripe 18 and converts this information into electrical signals. The read circuitry 34 then converts these electrical signals into a digital signal that represents the stored information and provides this digital signal to the microcontroller 36. After the microcontroller 36 receives this stored information, it causes the LED to indicate successful reading. Additionally, the sensor 22 generates a signal indicating that the card 16 has been inserted into the slot 14, and the circuitry 32 provides this signal to the microcontroller 36.
Next, the microcontroller 36 obtains the unique identification code from the smart chip 24, which is preferably generated by encryption of data received from an external source, and provides this unique code and the information read from the magnetic stripe 18 to a remote computer/server via the host computer to which the card reader 10 is connected.
The microcontroller may also send confirmation to the remote computer/server that the card 16 is inserted within the slot 14, i.e., that the card 16 has not been removed from the slot 14 since the magnetic-stripe information has been read. The remote computer/server may cancel the requested transaction if the card 16 is removed from the slot 14 before the transaction is complete. The circuitry 32 provides information to the microcontroller 36 as to the relative position of the card 16 with respect to the slot 14. In one embodiment, the card sensor 22 detects when the cardholder removes the card 16 from the slot 14, and the circuitry 32 notifies the microcontroller 36. If the transaction is not completed, then the microcontroller 36 notifies the remote computer/server of the premature card removal, and the remote computer/server may cancel the transaction in response to this notification. Alternatively, the remote computer/server may periodically poll the microcontroller 36, which notifies the remote computer/server of the card position (inserted or removed) with respect to the slot 14. Still referring to Figures 4 and 5, the card sensor 22 and the card detection circuitry 32 are omitted from the card reader 10 in another embodiment of the invention. In this embodiment, the microcontroller 36 determines that the card 16 is inserted into the slot 14 in response to receiving the magnetic-stripe information from the read circuitry 34 as the cardholder inserts the card 16 into the slot 14. Likewise, the microcontroller 36 determines that the card 16 is removed from the slot 14 in response to receiving the magnetic-stripe information as the cardholder removes the card 16 from the slot 14. Therefore, in one embodiment, the microcontroller 36 receives the magnetic-stripe information as the cardholder inserts the card 16 into the slot 14 and sets a corresponding flag. As long as the microcontroller 36 does not re-receive this information, it determines that the card 16 is present within the slot 14 and does not reset the flag. But once the microcontroller 36 receives the magnetic- strip information again, it determines that the cardholder is removing or has removed the card 16 from the slot 14 and thus resets the flag. The microcontroller 36 may then notify the remote computer/server of the card's removal as discussed above. Figure 6 is front plan view of a cellular telephone 40, which includes a card reader according to an embodiment of the invention. The telephone 40 includes a case 42 and a card slot 44 formed therein. The telephone 40 also includes the smart chip 24, which might be removable by mounting on a SIM chip such as is commonly used in cellular telephones, and the read head 20, and may include the card sensor 22, of Figure 4 and the circuitry 30 of Figure 5. Alternatively, the telephone 40 may omit the sensor 22 and use the microcontroller 36 to determine the card position with respect to the slot 44 as described above. The slot 44 has a stop 46 to hold the card in place while the transaction is taking place. The telephone 40 transmits the unique identification code from the smart chip, information read from the magnetic stripe 18 of the card 16 (Figure 4), and other transaction information via an antenna 48 and cellular network (not shown) to the remote computer/server.
Figure 7 is a front view of a computer system 50, which includes the card reader 10 according to an embodiment of the invention with a slot 14 for the mag- stripe card. The system 50 includes a computer 52 and a monitor 54, keyboard 56, and mouse 58 connected to the computer 52. The keypad 60 on the card reader is shown, as well as the slot 62 for removing the smart chip which is mounted on a smart card. This embodiment is essentially the same as shown in Figure 11 of US Patent 5,815,577 to Innovonics. Alternatively, the card reader with smart chip may be incorporated into the personal computer.
From the foregoing it will be appreciated that, although specific embodiments of the invention have been described herein for purposes of illustration, various modifications may be made without deviating from the spirit and scope of the invention which is defined in the following claims.

Claims

What is claimed:
1. A method performed in a server on a network for securely authenticating to the server a user having a magnetic stripe card and a user device including a smart chip connected to a magnetic stripe reader, comprising the steps of: a. receiving at the server information including a user device identification in a form for identifying a smart chip connected to a magnetic stripe reader and a card identification in a form for identifying a card read by said reader from a magnetic stripe on a card; b. decrypting said user device identification and comparing the decrypted identification to records in a database to find a match; c. comparing said card identification to records in a database to find a match; and d. approving the user as authentic if a record matches the decrypted user device identification and that record is associated with a record that matches the card identification.
2. The method of claim 1 further comprising: e. receiving at the server a personal identification number; and f. comparing the received personal identification number to records in a database to find a match.
3. A method for securely authenticating to a server on a network the identity of a user having a magnetic stripe card and a user device including a smart chip, a keyboard and a magnetic stripe reader, comprising the steps of: a. on the user device, receiving at the magnetic stripe reader a card identification read from a magnetic stripe on a card and transmitting said card identification to the server; b. on the user device, transmitting from the smart chip to the server a user device identification; c. on the user device, receiving at the keyboard an entered personal identification number; d. on the server, comparing said user device identification to records in a database to find a match; e. on the server, comparing said card identification to records in a database to find a match; and f. approving the user as authentic if a record that matches the user device identification is associated with a record that matches the card identification, and the personal identification number satisfies a processing requirement.
4. The method of claim 3 wherein the user device identification is encrypted for decryption by the server.
5. The method of claim 3 wherein the processing requirement matches a personal identification number to a data record.
6. The method of claim 3 wherein the processing requirement is a function of information read by the magnetic stripe reader.
7. The method of claim 3 wherein the personal identification number is processed in the smart chip.
8. The method of claim 3 wherein the personal identification number is transmitted to the server and processed in the server.
9. A method for securely authenticating a user to a server on a public network performed in a user device including a smart chip, a keyboard and a magnetic stripe reader, comprising the steps of: a. receiving at the magnetic stripe reader information read from a magnetic stripe on a card; b. receiving at the keyboard an entered personal identification number; and c. processing the personal identification number and, if it satisfies a processing requirement which is a function of information read from the magnetic stripe, transmitting from the smart chip to the server across the public network an encrypted user device identification code for identifying the smart chip to the server.
10. The method of claim 9 wherein the user device is human portable.
11. The method of claim 9, further comprising: d. requesting an electronic cash transaction with a server; and downloading electronic cash into the smart chip in the user device.
12. The method of claim 9, further comprising: d. processing the information read from the magnetic stripe and, if it does not satisfy a processing requirement, reaching a result of failure to authenticate.
13. The method of claim 9, further comprising: d. receiving other information to be processed and forwarding said information to the server along with the encrypted user device identification code for identifying the smart chip to the server.
14. A method for securely authenticating a user to a server on a public network performed in a user device including a smart chip, a keyboard and a magnetic stripe reader, comprising the steps of: a. receiving at the magnetic stripe reader information read from a magnetic stripe on a card; b. receiving at the keyboard an entered personal identification number; and c. processing the personal identification number and, if it satisfies a processing requirement which is a function of information stored within the smart chip, transmitting from the smart chip to the server across the public network information read from the magnetic stripe with an encrypted user device identification code for identifying the smart chip to the server.
15. The method of claim 14 wherein the user device is human portable.
16. The method of claim 14, further comprising: d. processing within the smart chip the information read from the magnetic stripe and, if it does not satisfy a processing requirement, reaching a result of failure to authenticate.
17. The method of claim 14, further comprising: d. receiving other information to be processed by the server and transmitting it to the server.
18. The method of claim 14, further comprising: d. receiving a second personal identification number and transmitting it to the server.
19. A method for securely authenticating a user to a server on a public network performed in a user device including a smart chip, a keyboard and a magnetic stripe reader, comprising the steps of: a. receiving at the magnetic stripe reader information read from a magnetic stripe on a card; b. processing the information read from the magnetic stripe and, if it satisfies a processing requirement, transmitting from the smart chip to the server across the public network an encrypted user device identification code for identifying the smart chip to the server.
20. The method of claim 19, further comprising: d. receiving other information to be processed by the server and transmitting it to the server.
21. The method of claim 19, further comprising: d. receiving a personal identification number and transmitting it to the server.
22. The method of claim 19, further comprising: d. receiving a personal identification number; and e. processing the personal identification number and, if it does not satisfy a processing requirement, reaching a result of failure to authenticate.
23. The method of claim 19 wherein the user device is human portable.
24. The method of claim 19, further comprising: d. requesting an electronic cash transaction with a server; and downloading electronic cash into the smart chip in the user device.
PCT/US2000/014592 1999-05-28 2000-05-26 Network authentication with smart chip and magnetic stripe WO2000074007A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU52962/00A AU5296200A (en) 1999-05-28 2000-05-26 Network authentication with smart chip and magnetic stripe

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US32267099A 1999-05-28 1999-05-28
US09/322,670 1999-05-28

Publications (1)

Publication Number Publication Date
WO2000074007A1 true WO2000074007A1 (en) 2000-12-07

Family

ID=23255906

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/014592 WO2000074007A1 (en) 1999-05-28 2000-05-26 Network authentication with smart chip and magnetic stripe

Country Status (2)

Country Link
AU (1) AU5296200A (en)
WO (1) WO2000074007A1 (en)

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002077936A1 (en) * 2001-03-26 2002-10-03 Scm Microsystems Gmbh Method for carrying out electronic transactions with a terminal for reading chipcards
WO2002095549A2 (en) * 2001-05-22 2002-11-28 Inqucor Limited Secure information exchange
EP1349031A1 (en) * 2002-03-18 2003-10-01 Ubs Ag Secure user and data authentication over a communication network
EP1349032A1 (en) * 2002-03-18 2003-10-01 Ubs Ag Secure user authentication over a communication network
EP1400906A1 (en) * 2001-06-11 2004-03-24 Sony Corporation Electronic commercial transaction support method
US6749114B2 (en) 2001-05-15 2004-06-15 Inadam Corporation Universal authorization card system and method for using same
WO2004091170A2 (en) * 2003-03-31 2004-10-21 Visa U.S.A. Inc. Method and system for secure authentication
WO2009038823A2 (en) * 2007-05-30 2009-03-26 Atmel Corporation Secure communications
EP2188942A2 (en) * 2007-09-06 2010-05-26 Human Interface Security Ltd. Information protection device
US7810735B2 (en) 2001-05-15 2010-10-12 Inadam Corporation Computer readable universal authorization card system and method for using same
EP2426652A1 (en) * 2010-09-06 2012-03-07 Gemalto SA Simplified method for customising a smart card and associated device
US8403228B2 (en) 2001-05-15 2013-03-26 Inadam Corporation Computer readable universal authorization card system and method for using same
GB2528043A (en) * 2014-07-03 2016-01-13 Vodafone Ip Licensing Ltd Security authentication
US20160019531A1 (en) * 2012-02-16 2016-01-21 Dave Gormley A method of processing a card present, card payment transaction
CN103155010B (en) * 2010-09-06 2016-12-14 格马尔托股份有限公司 For smart card being carried out personalized method for simplifying and the equipment being associated
WO2017112812A1 (en) 2015-12-23 2017-06-29 Trusona, Inc. Systems and methods for registering for card authentication reads
US11526885B2 (en) 2015-03-04 2022-12-13 Trusona, Inc. Systems and methods for user identification using graphical barcode and payment card authentication read data

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE4234158A1 (en) * 1992-10-10 1994-04-14 Walter Holzer Dual memory data card having magnetic strip and chip memorye.g. for health insurance - has strip used for confidential data and chip memory for non confidential data
DE29520925U1 (en) * 1995-04-25 1996-10-17 Philips Patentverwaltung Mobile device with a card reader
EP0794651A1 (en) * 1996-03-07 1997-09-10 France Telecom Method of prepayment for usage of telephonic communcations
WO1998027519A1 (en) * 1996-12-14 1998-06-25 Yogendra Khimji Raja Improvements in or relating to credit cards
US5786587A (en) * 1995-08-10 1998-07-28 American Bank Note Holographics, Inc. Enhancement of chip card security
US5815577A (en) 1994-03-18 1998-09-29 Innovonics, Inc. Methods and apparatus for securely encrypting data in conjunction with a personal computer

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE4234158A1 (en) * 1992-10-10 1994-04-14 Walter Holzer Dual memory data card having magnetic strip and chip memorye.g. for health insurance - has strip used for confidential data and chip memory for non confidential data
US5815577A (en) 1994-03-18 1998-09-29 Innovonics, Inc. Methods and apparatus for securely encrypting data in conjunction with a personal computer
DE29520925U1 (en) * 1995-04-25 1996-10-17 Philips Patentverwaltung Mobile device with a card reader
US5786587A (en) * 1995-08-10 1998-07-28 American Bank Note Holographics, Inc. Enhancement of chip card security
EP0794651A1 (en) * 1996-03-07 1997-09-10 France Telecom Method of prepayment for usage of telephonic communcations
WO1998027519A1 (en) * 1996-12-14 1998-06-25 Yogendra Khimji Raja Improvements in or relating to credit cards

Cited By (32)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002077936A1 (en) * 2001-03-26 2002-10-03 Scm Microsystems Gmbh Method for carrying out electronic transactions with a terminal for reading chipcards
US7299980B2 (en) 2001-05-15 2007-11-27 Inadam Corporation Computer readable universal authorization card system and method for using same
US7810735B2 (en) 2001-05-15 2010-10-12 Inadam Corporation Computer readable universal authorization card system and method for using same
US6749114B2 (en) 2001-05-15 2004-06-15 Inadam Corporation Universal authorization card system and method for using same
US8403228B2 (en) 2001-05-15 2013-03-26 Inadam Corporation Computer readable universal authorization card system and method for using same
WO2002095549A2 (en) * 2001-05-22 2002-11-28 Inqucor Limited Secure information exchange
WO2002095549A3 (en) * 2001-05-22 2003-11-27 Inqucor Ltd Secure information exchange
EP1400906A4 (en) * 2001-06-11 2010-06-02 Sony Corp Electronic commercial transaction support method
EP1400906A1 (en) * 2001-06-11 2004-03-24 Sony Corporation Electronic commercial transaction support method
US10354300B2 (en) 2001-06-11 2019-07-16 Sony Corporation Electronic commercial transaction support method
EP1349032A1 (en) * 2002-03-18 2003-10-01 Ubs Ag Secure user authentication over a communication network
US7296160B2 (en) 2002-03-18 2007-11-13 Ubs Ag Secure user authentication over a communication network
US7296149B2 (en) 2002-03-18 2007-11-13 Ubs Ag Secure user and data authentication over a communication network
EP1349031A1 (en) * 2002-03-18 2003-10-01 Ubs Ag Secure user and data authentication over a communication network
WO2004091170A3 (en) * 2003-03-31 2005-02-17 Visa Usa Inc Method and system for secure authentication
WO2004091170A2 (en) * 2003-03-31 2004-10-21 Visa U.S.A. Inc. Method and system for secure authentication
US7702916B2 (en) 2003-03-31 2010-04-20 Visa U.S.A. Inc. Method and system for secure authentication
WO2009038823A3 (en) * 2007-05-30 2009-09-11 Atmel Corporation Secure communications
WO2009038823A2 (en) * 2007-05-30 2009-03-26 Atmel Corporation Secure communications
EP2188942A4 (en) * 2007-09-06 2014-02-26 Human Interface Security Ltd Information protection device
EP2188942A2 (en) * 2007-09-06 2010-05-26 Human Interface Security Ltd. Information protection device
EP2426652A1 (en) * 2010-09-06 2012-03-07 Gemalto SA Simplified method for customising a smart card and associated device
WO2012031848A1 (en) * 2010-09-06 2012-03-15 Gemalto Sa Simplified method for personalizing a smart card, and associated device
CN103155010A (en) * 2010-09-06 2013-06-12 格马尔托股份有限公司 Simplified method for personalizing a smart card, and associated device
US9292992B2 (en) 2010-09-06 2016-03-22 Gemalto Sa Simplified smartcard personalization method, and corresponding device
CN103155010B (en) * 2010-09-06 2016-12-14 格马尔托股份有限公司 For smart card being carried out personalized method for simplifying and the equipment being associated
US20160019531A1 (en) * 2012-02-16 2016-01-21 Dave Gormley A method of processing a card present, card payment transaction
GB2528043A (en) * 2014-07-03 2016-01-13 Vodafone Ip Licensing Ltd Security authentication
GB2528043B (en) * 2014-07-03 2021-06-23 Vodafone Ip Licensing Ltd Security authentication
US11526885B2 (en) 2015-03-04 2022-12-13 Trusona, Inc. Systems and methods for user identification using graphical barcode and payment card authentication read data
EP3394718A4 (en) * 2015-12-23 2019-06-19 Trusona, Inc. Systems and methods for registering for card authentication reads
WO2017112812A1 (en) 2015-12-23 2017-06-29 Trusona, Inc. Systems and methods for registering for card authentication reads

Also Published As

Publication number Publication date
AU5296200A (en) 2000-12-18

Similar Documents

Publication Publication Date Title
US10142114B2 (en) ID system and program, and ID method
US7558965B2 (en) Entity authentication in electronic communications by providing verification status of device
US9246903B2 (en) Authentication method
US7552333B2 (en) Trusted authentication digital signature (tads) system
US5546463A (en) Pocket encrypting and authenticating communications device
CA2417770C (en) Trusted authentication digital signature (tads) system
US8397988B1 (en) Method and system for securing a transaction using a card generator, a RFID generator, and a challenge response protocol
CN106415611B (en) Self-authentication chip
KR20090086979A (en) Proxy authentication methods and apparatus
WO2000074007A1 (en) Network authentication with smart chip and magnetic stripe
CN101652782A (en) Communication terminal device, communication device, electronic card, method for a communication terminal device and method for a communication device for providing a verification
WO2001082167A1 (en) Method and device for secure transactions
WO1999046881A1 (en) Transaction card security system
KR20190004250A (en) Method for Providing Non-Faced Transaction by using Appointed Terminal
JP4729187B2 (en) How to use card management system, card holder, card, card management system
KR101471006B1 (en) Method for Operating Certificate
KR101598993B1 (en) Method for Operating Certificate
KR101471000B1 (en) Method for Operating Certificate
KR101541539B1 (en) Method for Operating Certificate
KR101519580B1 (en) Method for Operating Certificate
JP2024507012A (en) Payment cards, authentication methods, and use for remote payments
KR20170124504A (en) Method for Providing Non-Faced Transaction by using Appointed Terminal
TW201947454A (en) Secure enrolment of biometric data
KR20160057362A (en) Method for Providing Non-Faced Transaction by using Appointed Terminal

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP