1. Field of the Invention
This invention relates to a method and apparatus for storing and retrieving a number of personal identification numbers (PINs) for protected-access devices, in particular smart cards and magnetic stripe cards.
2. Description of Related Art
Nowadays many devices have protected access through personal identification numbers. PINs are granted in particular for smart cards, money cards, ID cards as well as access-protected software and the like. Access is only possible after the particular PIN code is entered. The PIN owner must remember the PINs so that only he can have knowledge of them. The constantly rising number of PINs to be remembered is a problem since human memory is limited and the PINs are usually not freely selectable and therefore difficult to remember.
EP-A-0 742 532 discloses a method and apparatus for storing and retrieving PIN codes easily and safely. The proposal is to store the secret PIN code in an externally unreadable primary memory and to store a freely selectable personal code more easily remembered by the PIN code owner in a secondary memory. If the PIN code owner has forgotten the secret PIN code he inputs the personal code into the apparatus, and if a comparison performed in a microprocessor matches the personal code stored in the secondary memory a display indicates for a predetermined time period the secret PIN code stored in the primary memory. A plurality of secret PIN codes can also be stored in the primary memory that are indicated on the display one after the other by means of the same personal code. EP-A-0 637 004 likewise discloses such a method at the end of the introduction to the description.
The solutions proposed in the prior art have the disadvantage that the owner of a plurality of secret PIN codes must remember not only the more easily remembered personal code but also at least which smart card or magnetic card the stored and retrieved secret PIN codes are to be assigned to. With the constantly increasing number of devices with protected access through PINs, this proposed solution is unsatisfactory.
The objective of the present invention is therefore to provide a method and apparatus for storing and retrieving a number of PIN codes by which a single, freely selectable personal code permits retrieval of exactly the secret PIN code associated with the particular protected-access device.
Unlike known systems for storing and retrieving a number of PIN codes, the invention provides for a unique feature of the particular associated protected-access device, for example the serial number of a smart card or an automatically measured property of the chip contained in the smart card, to be stored in addition to each stored PIN code. Between each stored PIN code and the associated stored unique feature of the particular device or smart card a unique firm link is generated. Upon retrieval of an individual PIN code for a protected-access device, two entries are made: firstly a previously freely selected access code which is the same for each retrieval process and therefore easily remembered, and secondly the unique feature of the protected-access device or smart card whose individual PIN is to be retrieved. The access code known only to the owner of the individual PIN guarantees that the individual PINs cannot be spied out by third parties. Entry of the unique feature is required in order to retrieve the associated individual PIN via the unique firm link. The individual retrieved PIN can then be indicated.
The inventive method and apparatus, through the particular linking of the secret PIN codes with the unique feature of the associated protected-access device, thus offer the advantage of permitting safekeeping and accurate retrieval of different PIN codes by means of a single, freely selectable access code.
For retrieval of the PIN code it is irrelevant whether the freely selected access code or the unique feature is entered first. The individual PIN is in any case outputted only if both the entered access code was permissible and the entered unique feature matches one of the stored unique features.
The access code and/or unique features and/or PIN codes are advantageously stored in encoded form. This makes it harder for a third party who has procured access to the memory areas to detect the relevant contents of the memories.