1. Field of the Invention
This invention relates to a small, portable credit card like device for assisting its owner in identifying himself to an external system, for cryptographically securing communication between its owner and the external system, for performing financial transactions in cooperation with the external system, and for providing credentials to the external system.
2. Prior Art
Society has developed several methods to allow its members to identify themselves to each other and to conveniently perform financial transactions. Identification methods have included issuance of documents such as driver's licenses, passports, bank cards, etc. Financial transactions may be performed via use of currency, checks, credit cards, and various electronic funds transfer schemes.
Each of these methods of identification or performing financial transactions has numerous disadvantages. For instance, one of the primary factors that discourages the use of currency is the possibility of theft. Additionally, certain types of cash transactions may require presentation of credential documents. For instance, in connection with the purchase of alcoholic beverages, submission of a document establishing proof of age is often required. In certain countries, conversion of one country's currency into another's requires proof of citizenship such as that obtained from a passport.
Inasmuch as a check is easily forged, payment by check usually requires submission to the payee of identification documents such as a driver's license. Additionally, every check is microfilmed by the band maintaining the corresponding checking account. Accordingly, the transaction details recorded on the check, which include payee, amount paid, and data of the transaction, are available to the banking industry, to governmental bodies, and possibly to other third parties to the original transaction, creating the possibility for covert invasion of privacy.
Another disadvantage with checks is that often a merchant will refuse to accept a check from a bank distant from him. Such refusal is usually based upon the difficulty he has in ascertaining whether a check drawn on a distant bank will be honored. On the other hand, a check has the advantage that the individual must provide his signature on the actual instrument, certifying his approval of the unalterable transaction record.
The use of stolen credit cards has been a substantial problem. Verification of credit card number validity and current credit limits has been an inconvenient process for merchants to perform, and therefore is often neglected. Another problem with credit cards is that illegal use may be made of a credit card account if the card number is obtained, such as may be done by retrieving discarded receipts, or merely by memorization of the number by an onlooker. Another disadvantage with credit cards is that, unlike cash or checks, exchanges between individuals are difficult to perform via credit cards.
Electronic funds transfer systems (EFTS) typically do not require the user's signature on an instrument to perform a payment transaction. Rather, the user's secret personal identification number (PIN) and plastic card are entered into a point-of-sale terminal located on a merchant's premise. Once the PIN and data recorded on the card have been supplied by the user to the terminal, he is at the mercy of the terminal and associated system to properly record the details of the transaction. Additionally, if the security of the EFTS is breached, the PIN and card number may be obtained by others, who may then perform unauthorized transactions. Like checks or credit cards, and EFTS has the same disadvantage of allowing covert records to be maintained on a person's financial transactions.
Accordingly, it is an object of the herein disclosed invention to provide a small, forgery resistant card-like device which is `personalized` so that only its proper owner may utilize it. The owner may identify himself via the device to an external system, such as a merchant's point-of-sale terminal or financial institution's EFTS, only after the device is itself enabled by entry of an ID known only to its owner. It is a further object to provide in such a device a general computer processing and data storage capability which the owner may utilize to maintain various personal and financial data. Another object of the invention is to allow convenient and secure display of selected transaction details to the card owner, and to allow convenient and secure entry of data, authorization codes, and other information by the owner. An additional object of the invention is to allow the device to provide cryptographically secure storage of data concerning accounts the owner may maintain with various financial institutions, such data being modifiable only upon proper authorization by the appropriate financial institution and the owner.
Another object of the invention is to permit use of any of a variety of standard cryptographic algorithms, such as the National Data Encryption Standard algorithm (DES) or various "public key" algorithms, to secure certain confidential data stored in the device and to secure communications between the device and an external system, such securing to be performed without the necessity of transmitting over a communications link sufficient information to enable an eavesdropper to itself determined the cryptographic key in use or the identity of the card owner.
It is a further object of the invention to provide a device able to selectively present a specific credential concerning its owner, without releasing other unrelated information. Another object of the invention is to provide a device which will assist in the performance of a financial transaction, yet secure the transactions details against covert inspection. A further object of the invention is to eliminate the possibility that the equivalent of a bad check will be offered or that a line of credit will be exceeded. Yet another object of the invention is to allow transactions to be conveniently conducted between individuals. An additional object is to provide a device which obviates the need for assignment of a universal identification number to a person for use with various organizations.