In many transactions (financial or otherwise), a Personal Identification Number (PIN) is used to authenticate that the entity carrying out the transaction or service has proper authority to do so. Banks and credit card issuers provide their customers with a smart card containing a ‘Reference PIN’. Commonly for these cards, during a transaction, the customer inputs their PIN into a smart card terminal such as a retailer point-of-sale device which in turn sends it to the smart card for comparison against the reference PIN held on the smart card. If the PIN sent by the terminal matches the Reference PIN, the authentication process has succeeded and it is deemed that the customer is the bona-fide holder of the smart card and, therefore, has the proper authority to carry out the transaction.
One of the problems in such a system is where the customer has forgotten the PIN. In this situation, the customer may attempt to guess the PIN and after a given number of invalid attempts (normally three) the smart card may become unusable i.e. unable to complete the current and any subsequent transactions. Although methods are available to render the smart card back to its original usable (unlocked) state, these methods normally involve the customer having to physically attend a specific secure terminal, most commonly the card issuer's or reciprocal Automated Teller Machine (ATM), and in the case where the PIN has been forgotten, the customer must first be re-advised of the PIN through the mailing of a secure letter containing the details of the PIN.
This situation is an inconvenience to customers as not only do they have to “unlock” their smart card at an ATM, but if the PIN has been forgotten there will be a delay before the re-advice of the PIN is received in the mail. The second problem is that for the bank or credit card issuing institution, there are costs associated with the inbound call from the customer to the call centre, the cost of issuing the PIN re-advice but, more importantly, the customer may defect to a competitor's product or use a different product where the PIN is known.
In another example, a SIM (Subscriber Identification Module) cards used in a digital mobile communication device, such a GSM (Groupe Speciale Mobile) ‘phone, may be protected by a PIN so that the device can only be used when a valid PIN is entered. After a given number of invalid PIN entries, the SIM is locked and can only be unlocked by obtaining an unlocking code from the service provider, following authentication of user details.
Patent publication U.S. Pat. No. 6,179,205 discloses a system for locking and unlocking an application in a smart card without the need for a PIN, using a dedicated smart card reader. The reader authenticates itself to the device, and the application may be locked or unlocked using a dedicated button on the reader without the need to enter a PIN.
Patent publication U.S. Pat. No. 6,729,550 discloses a portable terminal with an IC card reader and means for locking/unlocking an IC card depending on authentication of a user by the portable terminal.