1. Field of the Invention
The present invention generally relates to computer systems, particularly to an apparatus for accessing information residing on a substrate or medium, wherein the information is to be transmitted across a computer network, and more particularly to a device and system for reading from or writing to an article bearing commercial information, such as a credit card, for Internet-based commerce.
2. Description of Related Art
A generalized client-server computing network 2 is shown in FIG. 1. Network 2 has several servers 4, 6, 8 and 10 which are interconnected, either directly to each other or indirectly through one of the other servers. Each server is essentially a stand-alone computer system (having one or more processors, memory devices, and communications devices), but has been adapted (programmed) for one primary purpose, that of providing information to individual users at workstation clients 12. A client is a member of a class or group of computers or computer systems that uses the services of another class or group to which it is not related. Clients 12 can also be stand-alone computer systems (like personal computers, or PCs), or "dumber" systems adapted for limited use with network 2 (like network computers, or NCs). As used herein, "PC" generally refers to any multi-purpose computer adapted for use by a single individual, regardless of the manufacturer, hardware platform, operating system, etc. A single, physical computer can act as both a server and a client, although this implementation occurs infrequently.
The information provided by a server can be in the form of programs which run locally on a given client 12, or in the form of data such as files used by other programs. Users can also communicate with each other in real-time as well as by delayed file delivery, i.e., users connected to the same server can all communicate with each other without the need for the network 2, and users at different servers, such as servers 4 and 6, can communicate with each other via network 2. The network can be local in nature, or can be further connected to other systems (not shown) as indicated with servers 8 and 10.
The construction of network 2 is also generally applicable to the Internet. In the context of a computer network such as the Internet, a client is a process (i.e., a program or task) that requests a service which is provided by another program. The client process uses the requested service without having to "know" any working details about the other program or the service itself. Based upon requests by the user, a server presents filtered electronic information to the user as server responses to the client process.
Conventional protocols and services have been established for the Internet which allow the transfer of various types of information, including electronic mail, simple file transfers via FTP, remote computing via TELNET, gopher searching, Usenet newsgroups, and hypertext file delivery and multimedia streaming via the World Wide Web (WWW). A given server can be dedicated to performing one of these operations, or running multiple services. Internet services are typically accessed by specifying a unique address, or universal resource locator (URL). The URL has two basic components, the protocol to be used, and the object pathname. For example, the URL "http://www.uspto.gov" (home page for the U.S. Patent & Trademark Office) specifies a hypertext transfer protocol ("http") and a pathname of the server ("www.uspto.gov"). The server name is associated with a unique numeric value (a TCP/IP address, or "domain").
The Internet began as an infrastructure for a communications path between researchers at universities and defense contractors, but it has quickly become a medium for commercial transactions as well. These transactions not only include passive marketing techniques such as advertising and promotional activities, but further include active sales techniques which can culminate in the immediate (i.e., real-time) consumer purchase of goods and services. Such Internet-based commerce often relies on credit cards and similar banking devices.
Several security issues arise with regard to the use of credit cards on the Internet (or on any other commercial network). Since data packets which are transmitted along the Internet often pass through many servers, there are plenty of opportunities for unscrupulous individuals to "eavesdrop" on communications of nearly every sort. For many years, transmission of a credit card number from a consumer to a vendor using the Internet was consequently risky (whether the communication was via the WWW, e-mail, etc.). Various encryption schemes have since been developed to prevent interception of such transactions, but there is still a high risk of credit card fraud because a thief only needs to know a credit card number in order to submit a transaction; in other words, it is not necessary that the thief currently have physical possession of the card. The credit card number might be obtained, for example, from a receipt for an earlier purchase.
In face-to-face purchases using a credit card (or a similar article such as a bank debit card), there is a high degree of security because the purchaser must physically tender the card to the clerk. These cards are difficult to forge because data is encoded, e.g., on a magnetic stripe on the card, and they often include complicated anti-counterfeit measures. It takes a very sophisticated thief to be able to manufacture and encode a credit card, or else requires that the thief somehow obtain possession of the card, which is much harder to do than simply finding out the card number.
The risk of a thief using a credit card number, while not actually having the card, exists in other situations besides electronic commerce. Telephone sales are subject to this type of fraud, but there is still a higher degree of security associated with telephone transactions than with network or "on-line" transactions, because the telephone operator (salesperson) is able to interrogate the purchaser and obtain additional information (such as additional numbers that might be printed on the physical card but not appearing on any hard-copy receipt). This additional confirmation is not possible with conventional tools for implementing Internet-based commerce.
Many billions of credit card transactions are made annually on the WWW, and the number of transactions is expected to grow very rapidly. It would, therefore, be desirable to bring the same degree of security to Internet purchases that face-to-face purchases have, using a standard credit card for commercial transactions. It would be furthermore advantageous if this capability could be accomplished with little or no additional expense or equipment requirements.