1. Field of the Invention
The present invention relates generally to a method of and system for verifying that the holder of an identification card is an authorized holder of the card, and more particularly to a method of and system for verifying that a holder of the card is an authorized holder at a remote terminal in an on-line system, wherein secret data, keyboard-entered by the holder, is compared to invisible, machine-readable data contained on the card, and wherein the secret data cannot be determined by monitoring the communication line between the terminal and central computer.
2. Description of the Prior Art
Machine-readable identification cards have become prevalent in such applications as gaining access to a restricted area and performing credit sales transactions. In commercial banking, unattended, on-line banking terminals permit the performance of certain transactions. These transactions include accepting deposits, dispensing cash, transferring funds from one account to another, and making payments on credit card, utility or other accounts, or on mortgage or installment loans and the like. The customer is required to present an identification card, often formed of a plastic medium, and which contains machine-readable information. The information includes, but is not limited to, the customer's account number, the identification number of the bank or institution, and expiration date, credit limit, account balance, and types of transactions authorized. Although the information is preferably contained on the card in the form of invisible magnetically recorded indicia, the information could be contained in embossed indicia, apertures, or electrically conducting segments.
The remote banking terminal contains a keyboard, as well as a card reader. The customer places his identification card in the card reader, and his account number and other data are read from the card and converted into digital signals. Using the keyboard, the customer enters a secret number that is known to only the authorized holder of the identification card. The account number, read from the card, is transformed to another number having no logical relationship to the account number, and the transformed number is compared to the keyboard-entered, secret number. A positive comparison indicates that the customer is the authorized holder of the identification card.
The secret number is issued to the authorized holder of the identification card when the card is issued. The secret number is determined in accordance with the particular algorithn or transformation used to transform the account number.
Optionally, the keyboard-entered, secret number may be combined with an offset number, prior to comparison with the transformed account number. The offset number causes the keyboard-entered, secret number to correspond to the translated account number. This permits the customer to choose his own secret number when his card is issued.
A system for transforming a machine-read, account number for comparison with a keyboard-entered secret number, and optionally combining an offset number with the secret number prior to comparison is disclosed in U.S. patent application Ser. No. 585,401, assigned to the assignee of the present invention.
When the customer at the remote terminal is determined to be the authorized holder of the identification card presented at the terminal, the secret data along with account number and other data are transmitted to the host or central computer over a communication line. By monitoring the communication line, it is possible for an unauthorized person to "pick up" the secret data of a customer and, with possession of the identification card, effect unauthorized transactions at the terminal.
Accordingly, one objective of the present invention is to provide a highly secure method of and system for gaining entry to a remote terminal of an on-line system.
Another objective of the present invention is to provide a new and improved method of and system for determining whether a holder of an identification card is an authorized holder at a remote terminal of an on-line system.
Another objective of the present invention is to provide a highly secure method of and system for completing transactions, such as depositing or withdrawing funds, or transferring funds from one account to another, at a remote terminal of an on-line banking system.
Yet another objective of the present invention is to provide a highly secure method of and system for gaining entry to a terminal in an on-line system, wherein one portion of secret data, entered at the terminal, is verified at the terminal, and another portion is verified at the central computer.
Still another objective of the present invention is to provide a method of and system for operating a central computer from an on-line, remote terminal, wherein secret data are used to gain entry to the terminal, but the secret data are not determinable by monitoring the communication line between the central computer and the terminal.