1. Field of the Invention
The present invention generally relates to credit cards and debit cards and, more particularly, to secured credit cards, secured debit cards, or secured access control cards that provide protection against unauthorized use.
2. Background Description
The widespread availability and convenient use of credit and debit cards for general financial transactions have proliferated the number of these plastic cards or financial instruments throughout the world. Along with the benefits and ease of use, these inexpensive and readily available cards are highly susceptible to unauthorized use and theft. Security depends on maintaining personal possession of the cards and minimizing access to the account numbers as much as possible. Additionally, credit card theft is further complicated by the generation and falsification of these cards with illegally obtained personal identification numbers. Easy and reliable means to validate that the card is authentic does not exist.
Attempts to detect forged or altered credit cards have involved placing magnetic strips, codes, or similar means on the card. These schemes have not prevented thieves from either deciphering the codes or alternatively forging a new credit card.
The losses associated with the unauthorized use of these cards can have dramatic effects on the card user and the financial institutions providing these services. Although credit card insurance coverage relieves the effects of the immediate losses resulting from the theft, the overall loss to the individual and financial industry has been enormous and is increasing steadily. Confidence in these cards is being seriously eroded.
This problem can be further extended to a broader set of portable identification cards, badges, and access instruments. In the case whereby the card is used as an access control device, a commonplace incident of a lost badge can gain the finder unauthorized access to a secured area causing potentially undesirable consequences.
It is therefore an object of the invention to provide a means to secure credit cards or related instruments such as identification cards, badges, and access instruments.
It is another object of the invention to provide a means whereby the card or related instrument becomes useless or inoperable if lost or stolen.
It is yet another object of the invention to require an access code to activate and use the said card or instrument.
Further, it is another object of the invention to have all the security encoding contained entirely within the card in a manner where it cannot be transmitted to, or read from, outside the card.
According to the invention, there is provided a new means and method to encode a security function within a smart card credit card body. A smart card credit card incorporates integrated electronics within it so that basic processing of information and transmission of information to and from the card may occur. In addition, this invention also uses two linear feedback shift registers (LFSR) known as a reference LFSR and the secure LFSR. These LFSRs are synchronized by common free running clock oscillator. The secure LFSR is customized to a unique configuration for each secure credit card. This combination of LFSRs is the key to generating a pseudo random binary string that is used to encrypt information. The generated binary string is a very large sequence sufficient for effective randomness. It is the state of the LFSRs, i.e., the binary sequences generated from the LFSRs and the card id, that is transmitted to the issuing financial institution during a transaction whereby the institution can validate the authenticity of the card and the transaction. It is the configuration of the secure LFSR that gives the special uniqueness to each secure credit card. This configuration is very difficult, perhaps impossible for thieves to replicate as it cannot be read from the card itself. None of the memory configurations can be read or obtained from outside the secure card.
Unique LFSR configurations are accomplished by employing e-fuse technology within the card. e-fuse technology permits special memory arrangements to be created when the card is manufactured or when the card is issued. E-fuse technology uses writeable integrated fuses that can be xe2x80x9cburnedxe2x80x9d after the card is assembled which in turn provides the unique configurations of the LFSRs and the card id. There is a personalized identification number (PIN number) also burned into the card which the user must enter to activate the secure card during each transaction.
The institution that issues the card must maintain a record of every card configuration. Whenever a secure credit card is involved in a transaction, the card id permits the financial institution to retrieve the configuration data for the secure card involved in the transaction. From this configuration information, and the pseudo random number string returned from the secure credit card at the time of the transaction, the card and transaction can be authenticated.
When a user wants to use the secure card, a PIN number must be entered directly into the card. If the PIN matches the PIN burned on the card, the secure credit card is activated and a pseudo random sequence is generated which is communicated to the financial institution authenticating the transaction.
It is the nature of the invention that makes it unlikely that no two transactions of a secure card will have the same pseudo random number sequences communicated outside the card.
This concept can be applied to other devices such as badges and access control devices which require secure authentication of the card.