In the prior art, several apparatuses, systems etc. have been developed for identifying a cardholder or for verifying the cardholder's authenticity relative to a data system on the basis of data read from or originating from data read from the cardholder's card by a card reading terminal and on the basis of a code input by the cardholder and known by the legal cardholder exclusively.
Among these known systems, some carry out the authenticity verification on-line, while others carry out the authenticity verification off-line. In an on-line system, it is customary to encrypt the data read from or originating from the data read from the card and the code input by the cardholder, and to transmit the encrypted data and the encrypted code to a remote central processing unit. In the central processing unit, the encrypted data and the encrypted code are compared in an encrypted or in a de-encrypted state, to determine whether the cardholder, i.e. the person in possession of the card in question, is positively identified as the legal cardholder. In an off-line system, the data and the code are compared to one another in the card reading terminal, in an encrypted state or in a non-encrypted state for carrying out the positive identification of the cardholder relative to the card. After a positive identification of the cardholder, the system may allow a transaction of a sum of money to or from an account identified by the card and the cardholder, allow access for the cardholder to a carefully locked territory, region or zone, or dispense objects, articles, etc. to the cardholder in a predetermined amount, i.e. determined by the data of the card, or alternatively in an amount determined by the cardholder by input of a number corresponding to the amount in question.
The card may be an optically readable card, i.e. a card having light transparent and light intransparent areas, such as cards having transparent windows; it may be a mechanically readable card having mechanical data identifying means, e.g. punched areas; it may be a magnetic card having magnetic zones or magnetic strips in which the data are recorded; or it may be an active or electronic card having integral electronic storage means which are connected to the reading terminal through electronic connection means. Alternatively, the card may be a combined optically, mechanically, magnetically readable and electronic card. However, it has become customary to employ cards having magnetic strips arranged thereon together with a name or symbol identifying the card system or data system, such as cards conforming to among others the ISO Standard 2894 (International Organization of Standardization), also known as ISO cards.
As still more functions are automatied and still more card systems are issued, there is a need for an apparatus which renders it possible to identify different card or data systems and to provide communication to the correct data system. First of all, this need has a conveniency aspect as a person may purchase goods by means of several different machine readable cards, such as a card, conventionally a credit card, issued by the company or the firm in question, a credit card issued by a credit card organisation, such as a Diners Club Card, a Eurocard, etc., or a card such as a debit card, e.g. a card issued by a bank organisation, such as the "Dankort System". However, apart from the conveniency aspect of providing a single apparatus for reading cards issued by different card issuing organisations, a very important security aspect is also involved therein.
Basically, the different organisations or data systems have different levels of data secrecy and data security; as mentioned above, some data systems verify the authenticity of the cardholder or the person in possession of the card on-line, others carry out the verification off-line, while in some data systems, the verification is carried out semi-on-line in that the data are read from the card and output to a verification block together with the secret code input by the cardholder. Conventionally, this verification block is included in a so-called "back office computer". As the transmission from the card reading terminal to the back office computer or verification block may very easily be tapped, a coherent set of data and code, read from the card and input by the cardholder, respectively, may be tapped. Consequently, the person tapping the transmission may provide a false copy of the card and use this false copy as a legal card as the secret code has been exposed to him. Therefore, as some card and data systems involve high secrecy and high security, there is a risk that a high secrecy and high security card may inadvertently be presented to a low secrecy and low security terminal by the legal cardholder, who also inputs the secret code to this low secrecy and low security terminal which exposes the information, i.e. the data of the card and the secret code.
Apart from the above risk of inadvertently presenting the card data and the secret code known to the legal cardholder exclusively, a false or dummy terminal provided by a person who wants to tap coherent sets of data and code by means of the dummy terminal and having identifications corresponding to the high secrecy and high security card system could also expose the card data and the secret code, especially in cases where several card reading terminals of different organisations are arranged side by side.
It is believed that the provision of a single apparatus communicating with the different data systems is of the utmost importance for obtaining a high secrecy and high security level as the possibility of confusing the cardholder is minimized when the possibility of providing a trustworthy copy or dummy terminal is reduced.
However, a simple apparatus communicating with different data systems, for reading data from a data carrying card and for transmitting the data and the code input by the cardholder to the different data systems can in itself provide transparency to the high secrecy and high security data system from a low secrecy and low security data system as the apparatus very easily may be falsely controlled into a mode in which the data read from the high secrecy and high security card together with the corresponding code are output to a low security and low secrecy data system.
Therefore, there is a need for an apparatus communicating with more than one data system for obtaining the above discussed security advantages offered by a combined apparatus, however, still eliminating the risk of providing transparency to a high security and high secrecy data system from a low secrecy and low security data system.