In the transmission of data between digital systems, security concerns have been frequently raised. Specifically, in data communication between terminal and terminal, between terminal and network, between terminal and host computer and between host computers themselves, there is an important need to positively insure that (1) the user and terminal are both whom they represent themselves to be, and (2) that the communications have not been altered during transmission. While these needs present themselves in many different contexts, they are especially paramount in banking transactions. The present invention provides positive user and terminal identification and data security. Though it is not so limited, the present invention finds particular applicability in the banking industry.
Computerized banking services have become commonplace Specifically, the use of automatic teller machines has proliferated such that banking customers may remotely access a central bank computer from many locations. In the case of automatic teller machines, data security is of paramount importance. It is essential that only authorized persons access the bank's central computer. It is further essential that only authorized persons access each particular account.
To accomplish these results, each customer who is authorized to access the bank's central computer is typically issued a card which permits system access. This card then becomes, in effect, a hardware key to the bank's central computer system. Each customer is also issued a number which uniquely identifies him and his accounts and which permits access to those accounts or files in the computer system. This number, typically referred to as a personal identification number or (PIN) is, in effect, a software key to a particular account. It is only when a customer possesses both a hardware key and a complementary software key that data access is permitted. If a customer's hardware key is lost or stolen, the system security remains intact unless the finder is somehow aware of the corresponding software key.
With automatic teller machines, the bank's central computer typically may be accessed from only a limited number of automated teller machine locations. Automatic teller machines are typically located only at secure locations. Dedicated communications links are provided between the automatic teller machines and the bank's central computer such that data security may be maintained. Because of these features, it is extremely difficult for an unwanted system user to access the bank's central computer by tapping those dedicated lines and mimicking an automatic teller machine.
Despite the ease, convenience and security of automatic teller machines, however, there is a growing trend in the banking industry to provide even more automatic, remote banking services such as bank-at-home services. Accordingly, bank-by-phone services are provided by many banks. These bank-by-phone services are necessarily limited, however, because of data security concerns. For example, customers are not given free access to the bank's central computer system by telephone, nor are all types of banking transactions permitted by phone. Nevertheless, because of the desirability and market acceptance of bank-at-home services, it has been proposed to permit widespread home banking utilizing home computer terminals rather than telephone interface with the host computer.
As is well known, home or personal computers have also proliferated, and it would be particularly desirable to permit home computer users to access centralized bank computers so as to permit home banking from remote computer terminals. Data security problems, not found with automatic teller machines, however, stand in the way. Telecommunications links between home computers and centralized bank computers are not of the dedicated type as in the case of automatic teller machines. Moreover, unlike automatic teller machines, home computers are not necessarily in secure locations. These data security concerns have precluded home computer access to centralized bank computers. In addition, due to the wide variety of home computer operating system software and hardware, the provision of computer security apparatus to protect home computer data transferred across telecommunications links to a central computer must be system specific.
It would be desirable to provide a home computer banking system which does not suffer from the aforementioned disadvantages. Specifically, it would be desirable to provide an economical, electronic bank-at-home computer system which provides improved data security. Further, it would be desirable to provide an electronic bank-at-home system in which the centralized bank computer could positively identify not only the home computer device or terminal with which it is to communicate, but also the user of that terminal as well.
In addition to the problem of positive user and terminal identification mentioned above, still another difficulty which precludes large-scale, at-home banking utilizing personal computers is the need for what might be termed message authentication. It is important that only authorized persons be permitted to access the bank's computer system and particular files in that computer system, and also that all parties to a given transaction be able to rely upon the fact that the transaction is accurately executed in a manner which accomplishes their wishes.
For example, one problem which afflicts some banking transactions across telecommunication links is the problem of "piggy-backing." If, for example, an authorized system user obtains access to a central computer of a banking system, that user may begin and complete a transaction. It is possible, however, that an unauthorized eavesdropper on the telecommunication link between the authorized system user and the bank computer may be monitoring the transaction. After the authorized user has completed his transaction, but before that authorized user has disconnected the telecommunications link between himself and the bank's central computer, it is possible for the eavesdropper to come on-line and mimic the authorized user. Such a result is detrimental for obvious reasons. Accordingly, it would be particularly desirable to provide a data security device which not only ensures that users of a given computer system are authorized users, but which further ensures that messages conveyed by those users across telecommunications links are authentic.
In short, it would be particularly desirable to provide a data security device which permits at-home banking from personal computer terminals and which provides not only positive identification of authorized users, but also message authentication as well.
It would also be desirable to provide a data security device which provides positive user and terminal identification as well as message authentication in a wide variety of contexts including, but in no way limited to bank computer systems.
It would also be desirable to provide a data security device which is not system specific, i.e., which may be used with a wide variety of different computer equipment without modification.