The present invention relates to smart card transaction systems and, in particular, to a smart card reader and transaction system that uses a voice path through a switched telephone network to effect smart card transactions.
Remote transactions effected by telephone connections have been developed to a significant extent over the past few years. They are effected using a telephone network connection between a transaction terminal and an application server. The application server may send voice prompts to the user, who responds using the keys of the terminal keypad. The signals returned to the application server are generally of the dual tone multi-frequency (DTMF) type. These transactions generally occur at a location remote from a bank or a credit bureau. A disadvantage of such systems is that it is relatively easy for a person to use a misappropriated card or for a legitimate card owner to exceed their credit limit. Most merchants, therefore, require that before purchases above a relatively modest amount are completed, an authorization must be verified with the bank or credit bureau, as appropriate. Even with automated dialling, the procedure is also cumbersome and time consuming. Furthermore, a separate card is required for each account.
In this particular use of a telephone network, there is a vital need for security when the transactions of a monetary type, such as electronic funds transfer are effected and, in more general terms, whenever there is a risk of fraud.
In order to provide a requisite level of security, telephone terminals have been invented with data processing capability and an RS 232 serial data interface connected to a smart card reader. Such telephone terminals incorporate software programs appropriate for data communications with an application server. The card reader is used with a smart card enabled with security functions, such as user passwords, the authentication of host applications, assistance in the authentication of the card by a host application and the recordal of transactions, etc.
Such smart cards and smart card readers are well known in the art. Smart card readers read and write to smart cards using various contacts for data transfer. As an example, U.S. Pat. No. 4,798,322 which issued on Jan. 17, 1989 to Bernstein et al. is entitled CARD READER/WRITER STATION FOR USE WITH A PERSONAL MEMORY CARD USING DIFFERENTIAL DATA TRANSFER. This patent describes a card reader arranged for use with a contactless smart card. The card reader is adapted to interface with an application station such as a factory editing station, an office editing station, issue editing station, public telephone station or any other station suitably configured for interfacing with a smart card.
Although such devices are satisfactory for certain applications, they suffer from the disadvantage of requiring telephone terminals equipped with a data processing peripheral connector. Ordinary telephone terminals are not generally equipped with such a connector so that the devices are not adapted to be owned and operated by the general public.
Efforts have been developed to overcome this disadvantage by offering a simple way to perform transactions using standard telephone terminals. U.S. Pat. No. 5,740,232, for example, which issued on Apr. 14, 1998 to Pailles et al. and is entitled SMART CARD BASED SYSTEM FOR TELEPHONE-SECURIZED TRANSACTIONS, discloses a smart card reader which incorporates a smart card reader, a sound transmission device, a display surface and a keypad as well as a plurality of function keys. The smart card reader uses a PSTN voice path to communicate with an application server but does so in one direction by sound signals which are generated by the smart card reader and received by the telephone handset. In the other direction, the application server communicates through the telephone handset with the user who transcribes the information into the smart card reader using the keypad. The disadvantages of this system are apparent in that interference from environmental noise can obviously effect transactions and errors or fraud may occur because of the manual operation involved in one-way information transmission. Those disadvantages may have an undesirable impact on the reliability of the device. Therefore, there exists a need for a smart card reader which may be connected to an ordinary telephone terminal and a system which enables the smart card reader to work securely and reliably.
An object of the invention is to provide a smart card reader which may be connected to an ordinary telephone terminal to communicate with an application server for a smart card transaction.
Another object of the invention is to provide a portable smart card reader which may be connected to a telephone terminal to permit a keypad of the telephone terminal to be used to input information during communication with an application server for smart card transactions.
Another object of the invention is to provide a smart card transaction system which uses a voice path through a switched telephone network to communicate with a smart card application server.
Yet another object of the invention is to provide a smart card transaction system that enables a portable smart card reader to operate in conjunction with a telephone terminal for smart card transactions.
A further object of the invention is to provide a method of using a voice path through a switched telephone network to effect smart card transactions.
In accordance with one aspect of the invention, there is provided a portable smart card reader adapted for communication with an application server using a voice path of a switched telephone network, comprising:
a smart card reader/writer unit for reading information from and writing information to a smart card;
a front-end linked to the smart card reader/writer unit adapted to selectively connect the smart card reader/writer unit to a telephone line, that is shared with a telephone terminal, for communication with the application server and to selectively disconnect the smart card reader/writer unit from the telephone line to permit a keypad of the telephone terminal to be used as a user interface for input of information during a smart card transaction session; and
a micro-controller associated with the smart card reader/writer unit and the front-end for operational control of each.
The front-end may be connected in series between a base set and a handset of the telephone terminal or in line between the telephone terminal and the switched telephone network.
Preferably, the micro-controller controls a mode selection between a card communication mode and a user input mode during a card transaction session, and mutes the handset in the card communication mode.
The smart card reader preferably comprises a connection detector associated with the micro-controller and the front-end for detecting a connection signal sent from the application server to activate the card communication mode. The user input mode is preferably a default mode.
In accordance with a second aspect of the invention, there is provided a smart card transaction system that uses a voice path through a switched telephone network to perform smart card transactions, comprising:
an application server connected to the switched telephone network;
a telephone terminal connected to the switched telephone network, the telephone terminal having a keypad; and
a portable smart card reader for communication with the application server, including:
a smart card reader/writer unit for reading information from and writing information to a smart card;
a front-end linked to the smart card reader/writer unit for selectively connecting the smart card reader/writer unit to a telephone line, that is shared by the telephone terminal, for communication with the application server and selectively disconnecting the smart card reader/writer unit from the telephone line to permit a keypad of the telephone terminal to be used as a user interface for input of information during a smart card transaction session; and
a micro-controller associated with the smart card reader/writer unit and the front-end for operational control of each.
The micro-controller preferably controls a mode selection between a card communication mode and a user input mode during the card transaction session and mutes the handset or the telephone in the card communication mode.
The application server preferably comprises application software for providing services; a first interface associated with the application software to communicate with and control the telephone; and a second interface associated with the application software to communicate and control the smart card reader.
The second interface preferably generates a connection signal to prompt the smart card reader to switch to the card communication mode.
In accordance with a third aspect of the invention, there is provided a method of using a voice path through a switched telephone network for a smart card transaction comprising the steps of:
a) receiving a call for the transaction from a telephone terminal connected to a telephone line of the switched telephone network at an application server which is connected to the switched telephone network;
b) verifying from the application server that a smart card reader is connected to the telephone line of the switched telephone network and a smart card is properly associated therewith;
c) receiving at the application server smart card user ID information which is input using a keypad of the telephone terminal in a user input mode;
d) verifying at the application server the smart card user ID information by retrieving smart card user ID information from the smart card in a card communication mode and comparing the retrieved information with the input information;
e) receiving at the application server transaction information which is input from the keypad in the user input mode;
f) exchanging transaction data between the smart card and the application server in the card communication mode;
whereby the application server is adapted to prompt the smart card reader to switch selectively between the user input mode that permits input through the keypad of the telephone terminal and the card communication mode that permits information exchange between the smart card and the application server.
The application server preferably sends a connection signal to activate switching from the user input mode to the card communication mode.
The advantages of the invention are apparent. First, it provides a simple smart card reader which may be manufactured at low cost. The smart card reader according to the invention enables input through the keypad of the telephone terminal so that the smart card reader does not require a keypad and has no moving parts except a few function keys. Second, it is simple and convenient to connect the smart card reader to a public switched telephone network (PSTN). The smart card reader shares a single telephone line with a telephone terminal that may or may not be an analogue display service interface (ADSI) telephone and requires no modification of the telephone terminal to function therewith. Third, it overcomes the disadvantages of similar prior art smart card readers. There are no sound signals transmitted from the smart card reader to the PSTN through air, no manual typing involved in the transmission of data from the application server so that the smart card reader is able to provide services in a more reliable and more secure manner. The above advantages enable the invention to be widely used by the general public and enables smart card transactions to be performed from home.