1. Field of the Invention
This invention relates to transaction execution systems and more particularly to secure transaction execution systems having a central data base in communication with remote terminals which permit the execution of transactions such as the issuance of cash or the interaccount transfer of funds.
2. History of the Prior Art
For reasons of public convenience and economy a variety of systems have been developed for executing user requested transactions. One example is a check cashing machine. Such a machine reads data from a check inserted therein and issues cash equal to the amount of the check if the check is found to be in order. Other systems have been developed for use in conjunction with credit cards.
One credit card system stores credit card account information in a central data base. In response to the submission of an account number from a remote terminal, the system provides information relating to the account. For instance, the system may indicate that the card has expired, that it has been stolen or may indicate the dollar amount of available credit. After a transaction is completed the system properly adjusts the stored information to account for the transaction.
Other credit card systems, which are frequently used by banks to extend their services during times of heavy business or business closure, permit the issuance of cash or the receipt of deposits through a terminal. Such a terminal typically includes a mechanism for receiving and reading information from a credit card, a keyboard, a display and document entry and exit apertures. The terminal may operate in conjunction with a data base or as a stand alone unit. Increased security for the issuance of cash without human intervention is attained by issuing a personal ID number with each credit card. A credit card transaction is then enabled only when an ID number corresponding to the account number read from the credit card is entered through the keyboard. This required correspondence prevents a thief or mere finder of a credit card from receiving cash from a terminal. If a terminal operates in conjunction with a data base the correspondence between account numbers and ID numbers can be chosen at random, but frequently the ID number is derivable from the account number in accordance with a predetermined code. This predetermined relationship permits a stand alone terminal to check the ID number by algorithmically relating the ID number to the account number.
While this dual credit card and ID number identification technique improves the security of cash issue terminals, there are still weaknesses that may be exploited to gain access to the large amounts of cash that are stored in the terminals. For instance it may be necessary to employ a substantial number of computer operators, programmers, analysts and other people at the host data base who have at least limited access to information stored in the host data base. It would be possible for any of these people to compile lists of account numbers and corresponding ID numbers to be used in conjunction with forged or stolen credit cards to obtain cash.
An equally serious problem relates to the security of the encryption algorithm for terminals which are capable of stand alone operation. A large number of operators or maintenance personnel are required for the day-to-day support of cash issue terminals. For example, one or two people at each branch bank location may have internal access to the cash issue terminals. Often times these people may have access to the encryption key for normal maintenance. Alternatively, with only a little training these people could learn to acquire the key by measuring electrical signals on the internal circuitry. Once the encryption key is acquired, a correspondence between a large number of account numbers and ID numbers could be generated.
Another possible security problem arises from the transmission of account information and ID information between a terminal and a host data base. These transmissions often involve utility communication lines and are therefore subject to monitoring by a large number of people. Encryption is often used to improve communication security but anyone who is able to break the code or gain access to the code would be able to extract and compile a list of correspondence between credit card account information and ID numbers by monitoring these transmissions. In addition, by generating fake terminal communication traffic a person might gain access to the host data base and fraudulently transfer funds within data base accounts. Thus, while protected against a common thief, conventional systems which use this dual identification technique are not adequately protected against a sophisticated thief having knowledge of modern data processing equipment.