It is often desirable today to conduct trusted transactions, such as financial transactions, with an individual where only limited or no supervision is required of a trusted party, such as an employee of the financial institution. Such automated transactions are common today as automated teller machine (ATM) transactions. There, an individual may conduct a transaction, such as withdrawal of an amount of cash from a bank account, at a location remote from the financial institution and without any supervision or interaction with anyone from the financial institution.
It shall be appreciated that, although no person provides supervision (arbitration) over the transaction, the device with which the individual conducts the transaction provides trusted interaction through the use of secure vaults, passwords, etcetera. For example, the ATM requires an individual to identify an account through information provided on an ATM card and to identify himself through input of a personal identification number (PIN).
Typically, to provide security for the transaction, i.e., to avoid fraud or rogue interception/use of transaction information, the transactions are conducted using secure links. For example, because the account information and the associated PIN are stored on the ATM card, the ATM provides a secure link between the ATM card and the ATM, such as by accepting the card for reading of the information within the secure confines of the ATM itself. However, often it is desirable to conduct such transactions remotely, such as for example the electronic transmission pecuniary value for use in a value dispensing device such as a postage meter.
Although information security techniques, such as encryption of transmitted electronic data, may be utilized to maintain a certain amount of security in a transaction conducted remotely, there are additional problems to be overcome, especially in the case of financial transactions. In the case of the ATM transaction above, it should be realized that when the individual withdraws an amount of cash from an account there are at least two transactions that take place. Initially, the ATM must deduct from the individual's account records an amount equal to the cash amount ultimately to be dispensed to the individual. Additionally, the ATM must dispense an amount of cash, or cash value, equal to the amount deducted from the individual's account records to the individual. If the withdrawal transaction were to be interrupted between these two steps, i.e., the individual's account is debited but the individual does not receive the amount of cash, the failed transaction will result in error in at least one party's status.
A technique used to ensure such transactions do not result in an undesired state if interrupted is the "two-phase commit." Here a centralized arbiter, such as a central processor or server, will ensure that a transaction that involves more than a single step does either all or none of the steps. If the transaction fails to complete the final phase of processing all the updates made so far are reversed automatically. Accordingly, if the transaction were to be interrupted before the individual received his cash, the ATM would reverse the debit to the individual's account.
It should be appreciated that the two-phase commit requires central control or arbitration in order to reliably determine/command a complete transaction or a complete reversal. This requirement is not a problem in the ATM example, as the ATM provides a secure environment in which to conduct the transaction. However, conducting remote transactions, as is often desired, does present a problem for a two-phase commit type solution.
In the case of the aforementioned postage meter, remote credit transfer likely includes the use of unsecured communication links, such as a public switched network (PSN) to interact with a user or service not under control of a trusted party. Moreover, a single arbiter is unable to reliably determine/command a compete transaction or complete reversal as communication with the remote site may be lost, either accidentally or purposefully.
A need therefore exists in the art for a system and method for reliably providing secure fault tolerant transactions, such as financial transactions, through the use of remotely located devices.
There is a further need in the art for a secure portable processor device to provide trusted interaction with a remote device in conducting a transaction.
There is still a further need in the art for a system and method for providing complete financial transactions between coupled devices or for resetting such devices in the event of a failure to complete the financial transaction. Likewise, there is a need in the art to provide for such financial transactions over an unsecured data path while maintaining security and fault tolerance.
A yet further need exists in the art for a system and method for recording, as transactions take place, information about each transaction and maintaining a log of the most recent transactions, in order to provide resetting of the devices and/or management functions such as detection of fraud.