The extensive use of various identification devices to support a wide variety of commercial transactions has reached phenomenal proportions. Typically in the form of plastic cards, these transaction devices have substantially replaced cash in many fields of commerce. The transaction devices, in the form for example of credit or debit cards, usually are issued to an assigned person by an organization for use during a limited period of time and with certain other limitations. While convenience and certain other advantages are apparent for such cards, persistent disadvantages accompany their use.
Perhaps one of the greatest problems attendant the widespread use of transaction cards in various forms involves their unauthorized use, specifically with regard to devices that have been lost, stolen or counterfeited. Efforts to control the proper use of such devices while restricting illicit authorizations, have involved various systems and techniques. For example, transaction cards have been issued with a limited life. That is, imposing a limited effective lifetime on a card invokes an ultimate safeguard against misuse of the card.
Generally, the shorter the effective life of a card, the less susceptible the card is to misuse. However, periodically issuing fresh cards is complex and expensive. Furthermore, the production and delivery of cards involves considerable exposure. That is, during production and distribution, transaction cards are particularly vulnerable to loss and theft. Consequently, a need exists for an improved system to impose ultimate safeguards on transaction cards and similar devices without the complications and expense of replacing existing devices.
In the past, various techniques and mechanisms have been employed to authenticate or verify transaction cards as a condition to their use. According to one technique, data on each car is maintained at a central location and is consulted before allowing the card to be used. Normally the technique involves extensive communication facilities along with data processing apparatus. The technique is generally referred to as "on-line" authentication.
As an alternative or supplement to on-line authentication, various techniques have been employed to verify that a card is genuine and is being presented by its assigned holder. For example, anticounterfeiting techniques have involved utilizing unique or difficult characteristics of a card which characteristics can be sensed to verify the authenticity of the card. Private personal identification data also has been used along with coding techniques to verify the holder of hhe card. When such techniques serve as the sole basis of verifying a card (without on-line checking) the verification is generally called "off-line" authorization. Accordingly, when a card is authorized for use to support a transaction without reference to a central file, the authentication is off-line and when reference is made to such a file, the authorization is termed on-line. Generally, off-line authentication at any of a multitude of transaction terminals is usually faster and cheaper but less reliable than on-line authorization.
It has been previously proposed to operate systems in both on-line and off-line modes. For example, in an on-line system, any of a multitude of individual terminals may function in an off-line mode in the event of a failure in the external communication system or at the central station. Other composite systems have employed system activity and transaction values as criteria for alternatively utilizing on-line and off-line modes of operation.
Generally, the system of the present invention affords relatively reliable off-line authentication during a controlled period of time. Thereafter, an on-line verification is required to refresh the card for another period of off-line use. In accordance with the present invention, off-line use of the card is controlled by verifying some anticounterfeit data characteristic of the card encoded with identification data, while on-line verification involves central-station verification of different anticounterfeit data that is highly obscure in the card.
Implementations of systems of the present invention may involve a variety of different applications comprising on-line or both on-line and off-line terminals. The necessity for an on-line authentication may be based on different criteria, for example, time or the significance of a transaction being approved may govern. In an exemplary application, a card may be issued with no expiration date except that an occasional on-line validation is required to maintain its effective life. In another alternative application of the system, a card may be issued to support routine transactions with off-line authentication, however, an on-line authentication is required to support exceptional transactions. Accordingly, the system hereof affords economy in a variety of relatively secure applications along with the possibility of reducing the cost and danger of frequently reissuing cards.
As another specific exemplary application of the present invention, alien identification cards may be validated normally by off-line operation as, for example, at isolated border locations. However, periodically a thorough check of a card's subject may be required at a location having on-line capability.
As still another example, an entry card for an extensive military installation involving classified areas of different security levels may be used for entry at lower levels with off-line validation but requiring on-line verification for use at higher levels. Of course, various other applications, including many related to commercial transactions will be readily apparent in view of the disclosed embodiment.