1. Field of the Invention
The present invention is directed to a personal identification system.
2. Description of the Prior Art
The widespread acceptance of the use of credit and bank cards has led to the need of improved methods for identifying the bearer of a card, as its rightful owner. A variety of systems have been devised for providing personal identification, to prohibit the use of such cards by unauthorized users. Typically, a credit (or bank) card, issued by a particular institution, bears, in embossed form, the name of the person to whom the card was issued, his or her assigned account number, and the card's expiration date. The card also bears a magnetic stripe on which binary coded representations of the name (to whom the card was issued), the assigned account number, and the expiration date are magnetically recorded. The magnetically recorded information is permanently stored and conveniently accessible by means of a magnetic stripe reader. A space is often provided for the signature of the person to whom the card was issued. Such cards when lost, stolen, or counterfeited have been fraudently used by unauthorized users, resulting in significant losses.
More recently, systems have been devised which include in the identity verification process the effect of an assigned Personal Identification Number. The person to whom the card is issued is assigned a Personal Identification Number. A multi-digit number is derived from a combination of the assigned Personal Identification Number and the assigned account number by means of a generator. A binary-coded representation of the multidigit number, hereafter referred to as an Offset Number, is also recorded on the magnetic stripe.
Prior to a card transaction, the card is inserted into a verifier which "magnetically reads" the assigned account number and the Offset Number. The card user also enters his or her Personal Identification Number by such means, as a keyboard. Just as the assigned Personal Identification Number in combination with the assigned account number was utilized by the generator to derive the Offset Number, the verifier employs the entered Personal Identification Number in combination with the magnetically read assigned account number to derive an Offset Number. Only if the Offset Number, derived by the verifier, and the Offset Number recorded on the card's magnetic stripe are identical is the user of a card recognized as the rightful owner of the card. The assigned Personal Identification Number provides a measure of security that is limited, since Personal Identification Numbers are assigned and thus are necessarily known by others in the employ of the card issuing institution.
The security of the foregoing system may be further enhanced by allowing the person to whom the card is issued to secretly select his or her Personal Identification Number, hereafter referred to as PIN. Any alphanumeric sequence, composed of digits selected from the set of ten decimal digits and any given subset (including the entire set) of alphabetic characters may serve as a PIN. A PIN that is secretly selected should be known only to the rightful owner of the card. An assigned account number may be any numeric sequence composed of digits selected from the set of ten decimal digits. The assigned account number is, hereafter, referred to as the Primary Account Number or simply PAN. Clearly since the PAN is assigned it is known to those assigning the PAN.
A system described in U.S. Pat. No. 3,938,091 derives an 8-digit octal (i.e., base 8) number from a single input sequence. For comparison purposes, the single input sequence may be comprised of a secretly selected PIN followed by PAN (or a segment of leading digits of PAN). The 8-digit octal number may represent an Offset Number. The system transforms a PIN-PAN sequence into an Offset Number as follows. The alphanumeric characters of PIN are entered via a keyboard by the card user and the appended digits of PAN (or a segment of PAN) are entered via the same keyboard by a representative of the institution, honoring the transaction. Each character of the PIN-PAN sequence results in a succession of state changes in a 24-stage binary feedback shift register which initially is in the all/O's state. The terminal state (i.e., the representation of a 24-bit binary number stored in the feedback shif register after the entry of the PIN-PAN sequence) is dependent upon the PIN-PAN input sequence. The set of all PAN's, associated with a particular card-issuing institution, are necessarily distinct. Clearly, all possible PIN-PAN input sequences will be distinct if the PAN portions are complete. The relationship between the terminal state and the PIN-PAN input sequence is fixed by the manufacturer by means of circuit module selection. The depression of a particular key of the input keyboard results in clocking the 24-stage binary feedback shift register by a fixed number of clock pulses causing it to advance that number of states. The terminal state is governed by the cumulative number of clock pulses resulting from a succession of key depressions corresponding to the input sequence. The Offset Number is determined from the 24-bits, represented by the terminal state.
Each bit corresponds to the output (i.e., state) of a particular register stage. A permutation of the 24 outputs are partitioned into 8 3-bit segments. Each 3-bit segment is converted to and displayed as an octal digit taken from the set {0,1,2, . . . ,7}. The number of clock pulses associated with each key and the particular partitioning of the 24-bit terminal state into 3-bit segments is realized by circuit modules selected by the manufacturer. The feedback network of the 24-stage register is "hard-wired" and thus is fixed. The bit being fed back is a linear switching function (realized with Exclusive-OR gates) of the contents of a prescribed set of stages. It is claimed that the states of the register are pseudo-randomized. To those schooled in the art, the "hard-wired" feedback logic circuitry is among those linear switching functions which cause the 24-stage register to assume 2.sup.24 -1 distinct states (under continuous clocking) before repeating. The security of the foregoing system which transforms a PIN-PAN sequence into an Offset Number comprised of 8 octal digits is vulnerable for the following reasons.
1. In the system described in U.S. Pat. No. 3,938,091 a single alphanumeric sequence is transformed. PIN and PAN are sequentially entered in a fixed order via a single input device, thereby limiting their transformation.
If the PIN and PAN were entered by means of different input devices, removing the restriction of order, individual and separate transformations on them would be possible significantly increasing overall transformation selection (by the manufacturer), and allowing the introduction of a many-to-one into mapping of the transformed PIN and the transformed PAN to an Offset Number. A many-to-one into mapping guarantees irreversibility, regardless of which of the other transformations are selected. Many-to-one into mappings as well as transformations which may be one-to-one or many-to-one are realizeable with off-the-self integrated circuits.
2. In the system described in U.S. Pat. No. 3,938,091, the institution utilizing the system cannot independently participate in the selection of the overall transformation of a PIN-PAN sequence to an Offset Number. The manufacturer excercises complete control over the selection of the overall transformation.
3. The system as described in U.S. Pat. No. 3,938,091 transforms distinct PIN-PAN input sequences comprised of the same alphanumeric characters into the same Offset Number. For example, PIN-PAN input sequences A4B37, BA374, 7BA43, etc. each advance the 24-stage register from the all 0's initial state to the same terminal state. Hence, such PIN-PAN sequences are transformed into the same Offset Number. With a fixed correspondence between each input key and the number of resulting clock pulses, the cumulative sum of clock pulses, associated with an alphanumeric sequence is independent of the order in which the alphanumeric characters, comprising the alphanumeric sequence are entered.
From the foregoing it should be appreciated that the system described in U.S. Pat. No. 3,938,091 is quite vulnerable and therefore does not provide sufficient security against unauthorized use of a card.