1. Field of the Invention
The present invention generally relates to so-called smart cards and, more particularly, to alternative uses of highly secure credit card-like structures, especially for providing such functions through existing credit card transaction infrastructure.
2. Description of the Prior Art
Proliferation of fraudulent activities such as identity theft, often facilitated by streamlining of electronic financial transactions and the proliferation of credit and debit cards often used in such transactions, has led to great interest in techniques for improving security and authentication of the identity of a user of such credit and debit cards. In particular, the streamlining of transactions has led to the proliferation of credit card readers which read information from a magnetic stripe formed on a surface of a credit card and which are often integrated with point-of-sale terminals such as cash registers and fuel pumps. In such cases, it is often left to the customer to manipulate the card through the reader where the card is read and, in some cases, the read information is used to automatically print a memorandum of the transaction for signature by the customer to complete the transaction. In other cases, such as transactions at fuel pumps, no action need be taken by sales personnel at all and the transaction is completed automatically based only on the information read from the credit card and with no verification of customer identity. In such streamlining of transactions the principal amount of time and effort saved is at the expense of the small and possibly unreliable but very important safeguard provided by the opportunity for sales personnel to at least compare the signature of a customer on a sales memorandum with the signature on the credit card to authenticate customer identity and possibly detect unauthorized use of the credit card. Nevertheless, loss of this important security feature is evidently considered by the public, merchants and financial institutions to be more than balanced by the capability for worldwide, near real-time tracking of credit card use and usage profiling provided by the reading of credit card data and immediate communication to financial institutions to accept or reject any individual transaction as well as the expediting of transactions and the continuity of possession of the credit card by the customer. On the other hand, the monitoring of credit card transactions and transaction profiling may also cause rejection of transactions which are, in fact, legitimate such as those of a person who may travel only infrequently, causing attempted transactions while traveling to be rejected since the identity of the credit card user cannot be authenticated based on magnetic stripe information. Thus, temporally proximate transactions at remote locations, as might occur due to transactions immediately before and after air travel, may lead to an inference of credit card theft or other fraudulent activity.
Recent advances in semiconductor technology, particularly extremely thin substrates, has also allowed chips to be fabricated with substantial mechanical flexibility and robustness adequate for inclusion of electronic circuits of substantial complexity within conveniently carried cards physically similar to credit cards currently in use. Such technology has also allowed records of substantial information content to be similarly packaged and associated with various articles, animals or persons such as maintenance records for motor vehicles or medical records for humans or animals. In regard to increase of security for financial transactions however, various attempts to increase security through improved identity authentication or disablement in case of theft or other misuse, while large in number and frequently proposed, have not, until recently, proven adequate for the purpose.
However, a highly secure credit or debit card design has been recently invented and is disclosed in U.S. Pat. No. 6,641,050 B2, issued Nov. 4, 2003, and assigned to the assignee of the present invention, the entirety of which is hereby fully incorporated by reference for details of implementation thereof. In summary, the secure credit/debit card disclosed therein includes a keyboard or other selective data entry device, a free-running oscillator, an array of electronic fuses (e-fuses) or other non-volatile memory, a processor, a pair of linear feedback shift registers (LFSRs) and a transmitter/receiver to allow communication with an external card reader. The card is uniquely identified by a unique identification number, preferably stored in the card by the programming of e-fuses and the programming of additional e-fuses which control feedback connections for each of the LFSRs, one of which is used as a reference and the other is used in the manner of a pseudo-random number generator. The programming of the e-fuses to record the card identification code and to establish unique sets of feedback connections for the LFSRs is referred to as a pre-initialized personality configuration for the card. The card is activated only for short periods of time sufficient to complete a transaction by entry of a personal identification number (PIN) that can also be permanently programmed into the card. When the card is activated and read by a card reader, the two sequences of numbers generated by the LFSRs are synchronously generated and a portion thereof is communicated to a reader which not only authenticates the number sequences against each other and the card identification number but also rejects the portion of the sequence if it is the same portion used in a previous transaction in order to guard against capture of the sequences by another device to simulate the operation of a secure card. This system provides combined authentication of the holder/user and the card, itself, together with encryption of transaction information unique to each card which renders the card useless if stolen while providing highly effective protection against simulation and/or duplication of the card or capture of information from it.
However, in its preferred form and to obtain the highest levels of security, a special reader including a complementary receiver and transmitter is required to, in effect, allow direct communication in real-time between the secure credit card and the secure card authentication processor at the financial institution. While such special readers may be manufactured in quantity and distributed at relatively low cost and do not require a change in the communication system for reporting authentication and transaction information to a financial institution, current magnetic stripe readers are so ubiquitous and numerous worldwide as to represent an extremely large capital expenditure to which the cost of replacement of special card readers adapted to the secure credit card of the above-incorporated patent would be comparable. Further, even if cost was not an unavoidable practical consideration, replacement of the billions of credit cards and millions of credit card magnetic stripe readers now in use would require an extended period of time during which both magnetic stripe readers and secure credit card readers would be required, in parallel, at point-of-sale terminals.