Data transfer systems using portable devices such as cards with some memory capability, for example, a magnetic strip, and terminals to which the portable devices can be connected are well known. Generally they are used to control access to some area or service. Usually the terminals are connected to a central processing unit or computer which controls access and is the ultimate storage facility for the information on the card.
British Patent 1504196 to Moreno describes such a prior art system comprised of a portable device and a peripheral device or terminal which is connected to a central computer. Many of the portable devices referred to as prior art in Moreno used magnetic track memories which could easily be modified or the contents read. Also the memory storage capacity was quite low and the memory was susceptible of accidental modification. This left such systems vulnerable to abuse from fraudulent intervention.
U.S. Pat. No. 3,702,464 addressed the problem of lack of memory capacity and volatility by disclosing a portable device containing an integrated circuit memory. The device still suffered from the problem that the memory could be read and the contents extracted or changed. Moreno advanced the art by adding inhibiting means to prevent the transfer of data out of or into prohibited areas of the memory of the portable device. Preferably the portable device contained its own inhibiting means but the inhibiting means could be contained in the peripheral device.
In British Patent 1505715 to Moreno there is disclosed a system for interchanging information which is like those described above, but without the error prone direct connections from the periperal devices connected to the central computer. The peripheral devices contained a write mechanism which could transfer the information from the portable device to the peripheral device which could in turn write the information on a second portable device. These second portable devices would then be collected on some regular basis and taken to the central computer where the information would be transfered to the central computer's memory.
Canadian Patent 1207460 to Ugon discloses a method and apparatus for authorizing access to a service offered by an authorizing entity. The system comprises a portable card with memory and a microprocessor, and an authorizing entity system capable of communicating with the card and also performing computer program operations. The card and the system have the same algorithm to be executed and each has secret data upon which the algorithms operate to produce a result which can be compared to ensure that proper access is granted. This system is rather complicated and involves an operator at the authorizing entity end.
It is also known to encode a fingerprint on a portable card to verify the identity of the user. UK Patent Application GB 2185937 A of O'Shea et al discloses a credit or similar card which incorporates a computer generated image of the fingerprint of the authorized user. When a transaction is to be verified the user's finger print is scanned by a finger print reader and the result is compared with the information on the card. The user is authorized to have access if the prints match. Such devices are presently commercially available.
The systems described above suffer from the problem of complexity or they are susceptible to fraudulent and unauthorized access and tampering with the information in the card or the terminal. The present invention provides an apparatus and method for providing a highly secure and highly fraudproof system for providing access to services of an authorizing entity.