The present invention relates, in general, to electronic transaction and identification systems, and, in particular, to portable electronic transaction devices, such as cards, keys, etc. and appertaining stationary equipment, such as terminals and coding and transaction devices.
For the sake of simplicity, the portable devices will be referred to as "cards" "M-cards" or "modules". M-cards, for the purpose of this application, are plastic devices, comprising integrated circuits, commonly called "smart cards" or "chip cards". Such smart cards or chip cards contain electronic components in microstructure, i.e. integrated circuits. Devices of this nature have been disclosed in German patent DE No. 19 45 777 C3 to DETHLOFF, filed on Sept. 10, 1969.
The integrated (semiconductor) circuits contained in such cards are generally of two types: logic structures and memories.
Before the advent of these cards, all machine-operable or machine readable cards carried only passive memory means. Information could be written on or read from a magnetic stripe, for instance. A piece of information could also be erased from the stripe and another, e.g. updated, piece of information, could be written onto it again. The capacity of magnetic media on cards is limited to a few hundred bits of information.
The advantage of a card containing chips is twofold: the logical structures make the card active, i.e. information can be processed within the card and could be computed or compared with other information and the like. The other advantage is provided by the semiconductor memories, which have a multifold capacity compared with magnetic media on cards, and which can be programmed in various ways (to make their contents inaccessible after write-in, to make it unalterable etc). It can be foreseen, that within a reasonable period of time, chip cards will be more generally introduced and will replace the presently widely used magnetic stripe cards. Presently, common cards, magnetic stripe, and others, are "single-user cards", i.e. such cards are assigned to only one cardholder.
Current magnetic stripe cards, which are machine-operable, carry as one piece of information on their magnetic stripe, a personal designation of the rightful cardholder. A so-called PIN (Personal Identification Number) is widely used as such a personal designation. It is encrypted and, when the card is used, it will be decrypted in the reading device. To ensure the identity of the user and the rightful owner, the PIN is read from the mag stripe and then decrypted. The PIN is then compared in the reader, with the PIN inputted into the reader by the user.
The algorithm to decrypt the coded PIN obtained from the card is available in all readers. It is obvious that technically trained criminals could obtain the algorithm or the decrypting module or a whole reader, to illegally decrypt PINs from stolen cards or to learn how to encrypt false PINs onto the memory of forfeited cards.
To overcome this drawback, U.S. Pat. No. 4,105,156, to DETHLOFF, discloses memory means that are inaccessibly and integrally incorporated in a card for entry and storage of information therein, and further, the contents of the memory being available only within the card.
This patent further discloses components included in the card and activated in response to inputs from a reader, to effect checking of the identity and entitlement of a user of the card. Thus, the comparing of the PIN stored in the card and the PIN inputted at the time of using the card is no longer executed in the reader. No algorithm can be derived or stolen from the reader, nor does it make sense to obtain a reader for deriving PINs from stolen cards or illegally encrypting PINs for faked cards.
But still the PIN is to be inputted into the card for checking via the reader by keying the PIN onto the PIN keypad of the reader. It is possible to illicitly tap the line from the PIN keypad in the reader to the terminals of the card. This would permit a criminal to learn individual PINs from specific cards.
To eliminate this kind of a risk, U.S. Pat. No. 3,641,316, to DETHLOFF et al, discloses means incorporated in a card to input the PIN directly into the card. This, in addition, eliminates the possibility of a third person unauthorizedly spying out the PIN, when same is keyed in onto the keypad of the reader by the rightful cardholder.
Upon checking (comparing the PINs), the checking means within the card produces a signal, which indicates whether the inputted PIN corresponds to the stored PIN or not.
It will be understood that cards can be faked to produce positive signals. It is therefore essential that a precedent card authentication check is made. Only an authentic, i.e., genuine card can produce a true identity check signal.
Such checks for authentication will very probably be based on so-called public key or "trapdoor" algorithms, as disclosed in U.S. Pat. No. 4,405,829 to RIVEST et al. This kind of verification requires a secret key to be "sealed" within the card, i.e., the key is to be charged into a memory within the card in a way that it cannot be read out from the card and cannot be altered after having been charged and that it is only available within the card for processing when executing an authentication check.
A key in the form of a card with a magnetic stripe that can be programmed by the issuer when issued for a selected period of time to unlock doors, for example, in a hotel, is known from U.S. Pat. No. 4,385,231 to MIZUTANI et al. U.S. Pat. No. 4,523,297 to UGON et al discloses a portable hand held machine which includes a keyboard, display, microprocessor and memory, and which receives a carrier in the form of a plastic card, which also carries a microprocessor and memory for the purpose of carrying on a dialogue between the machine and the carrier. Also, see U.S. Pat. No. 4,305,059 to BENTON which discloses a system for transferring funds utilizing portable modules carrying keyboards and displays; U.S. Pat. No. 4,614,861 to PAVLOV et al which discloses a unitary self contained card having keyboard and display; U.S. Pat. No. 3,996,450 to KERKHOFF disclosing a cash dispenser with a PIN changing function; and U.S. Pat. No. 4,460,965 to TREHN disclosing the loading of a sub transaction memory from a main credit memory in portable devices.
DETHLOFF U.S. Pat. No. 4,105,156 claims memories that are chargeable only once and the contents of same being only available within the card.
As will be seen thereafter, the integrated circuits within a card, which include memories whose contents are only available within the card, components included in a card, which are responsive to an input from outside the card, and means incorporated in a card to input information directly into a card, represent the state of the art.
It is further within the state of the art that cards are issued and assigned to one and one only user or cardholder. It is common practice for card issuing organizations to strictly instruct card users not to give away or permit other persons to use the card. The organizations hold the cardholder liable for any seemingly authorized use of the card by third persons.
For example: the instructions of a known card issuing organization, which will be called XY, read as follows:
"keep your XY card in a safe place and permit no other person to use it . . . do not tell any other person your secret Personal Identification Number (PIN) or write your number on your XY card or otherwise make it available to anyone". PA1 "We will mail you a secret PIN and you agree to keep the number secret, even from bank employees".
The XY cardholder Agreement states:
The limitation by the principle "one card--one user" represents an uncomfortable inconvenience. If one thinks, for example, of a card used by travelers abroad. The cardholder is accompanied by his or her family; the cardholder is required, in each and every case, to execute card transactions personally, i.e. he/she could not send somebody else of the family or shopping with his/her card.
Aside from traveling, there are numerous examples when cardholders are hindered by having to appear personally to use their cards. They often would like to charge somebody else to do the transaction or to obtain the service in question for him/her. However, cardholders are not permitted to hand over their cards and name their PIN to third parties. In most cases, they would not want to do this either. So card issuing organizations and cardholders find themselves on the same side. If third persons were permitted to use the cards and, therefore, to learn the PIN of the original cardholder, they could dispose of the whole value which is assigned to the card.
In an attempt to overcome this inconvenience, card issuing organizations sometimes offer additional cards for cardholders' families ("partner cards") or members of cardholders' business, often at lower cost.
The card issuing organization may thus assign one card to more than one person and personalize such card with more than one PIN, each one for a different person. This, however, would require an advance determination of the use data (money, services, time frames or other authorization) for each authorized person. Such procedure would only meet the requirements of a small percentage of conceivable applications or cardholders. It would also require quite some amount of red tape to be exchanged between the card issuing organization and such applicant cardholders to prepare and agree upon the individual card (use) data for the personalization of those cards in a legally satisfying way and to cover the relevant liabilities.
All in all such preprogrammed cards for plural users would be an inflexible instrument as day-to-day requirements of users cannot be foreseen.
The multi-user card (M-card) of the present invention should not be mistaken for a multi-purpose or multi-service card, i.e., a card which is commissioned or backed by different "issuers", that is to say by different businesses, for example, by one or more banks, a railway company, a gasoline company and by a car parking business. Cards of this nature have been disclosed, for example, in U.S. Pat. No. 4,443,027, by McNEELY et al as a Multiple Company Credit Card System. Also, see U.S. Pat. No. 4,656,342, to UGON. Such cards are still assigned to only one cardholder.
U.S. Pat. No. 4,277,837 to STUCKERT discloses a portable terminal for receiving two cards for conducting transactions between the cards. PCT application no. WO83/03018 discloses the use in cards of a plurality of identifying characteristics which can be randomally selected.
The limitation of one card to one cardholder is not the only drawback of present card systems. Another one is represented by the inflexibility of the values of stored units of money or other credits.
Cards contain in their memories, information which permits the cardholder to obtain certain values, i.e., a piece of merchandise, a service such as car parking, or a fare from location A to location B. Such credit information is usually expressed by "units". Those units may represent different values, even in the same card. In a multi-purpose or multi-company card system, one card may contain different kinds of units for different kinds of businesses, such as a bank, a railway company, a gasoline company or a parking lot. For example, the "units" in banking are designated as money units (1 unit--1 U.S. $ or 1 yuean), the "units" of a railway company can be designated as a number of rides between two predetermined locations for commuting The "units" of a gasoline company are--again designated as money units, and a unit of the car parking can be equivalent to one day's parking.
All cards to date have in common that such units do not change their individual value from the time of card issuance or re-issuance until the moment when the last unit is "consumated". In other words one unit "initiated" as one U.S. Dollar or as a one way fare from location A to location B, retain, for the time of their "life", the value of one U.S. Dollar and of such one way fare.
Presently known cards, thus, (a) are single-user cards (unless they would originally be personalized by the issuer for more than one user, which, however, has practically not yet been done) and (b) contain "units" whose value is unalterable once loaded.
Summarizing, it can be stated that the relevant assignments, such as (a) the assignment of a card to a user (cardholder), (b) the assignment of a designation to the credit units, and (c) the assignment of a value to one unit, are (A) controlled by the issuer(s) and (B) accomplished prior to issuance or reissuance of the card.