Data terminals are employed in a variety of contexts to provide information to a remote host computer, and to receive data from or exchange data with the remote host computer or other communicating device. Such data terminals are configured in one of a stand-alone mode, where access to the host is established over the public telephone network, and in a cooperative mode, where access to the host is established over a private, dedicated communication network.
Host computer access by both types of data terminals is a factor of major concern. The confidentiality and integrity of the processed and/or stored information needs to be protected, and the risk of malicious manipulation and/or theft or misuse of products or financial instruments must be minimized if not altogether eliminated.
For the stand-alone configured variety of data terminals, they are generally of a desktop size and include a keyboard for data entry, a display screen for display of messages and data, and operating controls as well as communications devices to permit the exchange of data with the host computer. Data terminals of this type can be configured in a portable container, which is usually of a briefcase size, so that access to a remote host from virtually any telephone connected in the public telephone network is possible. The heretofore known prior art security techniques for remote data terminals via the telephone network, as exemplified by U.S. Pat. Nos. 4,679,236, 4,815,031, 4,484,306, and 3,976,840, each incorporated herein by reference, generally limit access to the host computer to a class of users who either are privileged with a password, or who have a pre-established phone number, such that the host computer calls back the data terminal to confirm that it is a valid data terminal. The pre-established phone number call-back security technique is limited to one permanent location, where the portable terminal may be connected, so that password oriented security is the only known technique for controlling access to the remote host computer from any general telephone on the public telephone network from the heretofore known stand-alone data terminals.
In the other mode, where a private network of cooperative data terminals has been installed, security is assured, in part, because of the private connection with the host computer via the dedicated communications network. Automated bank teller terminals and airline reservation terminals are examples of such cooperative mode data terminals.
Security is further assured for access by automated teller machine cooperative mode data terminals to a remote host bank computer by a magnetic stripe card which has the customer's account number and a Personal Identification Number (PIN). The magnetic card is entered to the terminal, which reads the encoded PIN, and the PIN is manually entered to the keyboard of the automated teller machine. So long as there is a match therebetween, the user is free to access his personal account from any network terminal. The utility of such private networks of data terminals, although they are reasonably secure, is limited insofar as one such automated teller machine must be sought out before access can be gained to the remote bank computer.
There are a multitude of financial and other transactions which could be conducted electronically via the public telephone network with stand-alone data terminals, provided, among others, that security like the security of the cooperative-mode data terminals is able to be provided. For instance, a stock purchase, or sale, could be authorized electronically, or a purchase order for goods to be delivered could be authorized electronically. But failing being physically present at a network terminal for a secure connection to the host computer, only a stand-alone portable data terminal with limited security could heretofore be used to gain access to the host computer via the public telephone network. And for those who do not want to be physically encumbered with a briefcase size programmable data terminal, it was not heretofore possible to gain such access.