Consumers use credit cards, debit cards, and other cards to make purchases. Increasingly, consumers use these cards in electronic commerce conducted, for example, over the Internet. But conventional credit cards are not ideally suited for transactions where the card is not present at the merchant's site. Thus, “smart cards” or integrated circuit cards are growing in popularity.
An integrated circuit card (IC) has, for example, a processor, a data input/output port controlled by the processor to receive and output data, a random access memory (RAM), a read only memory (ROM), and a programmable data memory (e.g., EEPROM, FLASH). IC cards are available from various sources and in several configurations. IC cards can store information and thus can simplify electronic transactions. Confidential information like private keys can be maintained in a private storage area while non-confidential information, like a card identification number, can be stored in a public storage area. Thus, an electronic transaction may rely on both public and private data. The processor can be configured to access both the public and private storage areas. The private storage may only be accessible after the processor has verified a password (e.g., personal identification number (PIN)). Even though IC cards can simplify and improve electronic transactions, they can also introduce security and verifiability of intent problems into electronic transactions, especially “card not present” transactions.
Numerous patents describe various computerized systems for conducting electronic transactions in multiple different environments. For example, U.S. Pat. No. 6,038,551, filed Mar. 11, 1996 and issued Mar. 14, 2000, concerns a system supporting computer implemented applications that access and manage a multi-purpose integrated circuit card. The '551 patent even discloses employing public and private keys with a smart card. However, the '551 patent, and others like it, typically bind the smart card to accounts, applications, and so on at an early time in the life cycle of the card, which limits the use of this type of IC card.
U.S. Pat. No. 6,044,349, filed Jun. 19, 1998, and issued Mar. 28, 2000, describes a portable storage medium that stores data and provides access to information from an information dissemination system. The storage medium is a smart card (e.g., IC card) that stores information like a customer name, a customer address, and various customer account data. The '349 patent describes a smart card as a small electronic device containing a re-writable memory and additional integrated circuitry. These types of smart cards typically have data downloaded to the card (e.g., a debit amount) and have that downloaded data manipulated by various applications. These types of smart cards, while potentially more secure than cash, may not provide assurances adequate to carry out a card not present transaction across an insecure medium like the Internet.
Smart cards are well known in the art. For example, U.S. Pat. No. 6,005,942, filed Mar. 24, 1998, and issued Dec. 21, 1999, describes a system that allows smart card users to securely add applications to the card during the lifetime of the card after the card has been issued. The smart cards in the '942 patent are typically credit card sized plastic cards holding a semiconductor chip that can support multiple applications. The smart card interfaces with external devices (e.g., ATMs, computers, vending machines). The semiconductor chip embedded in the smart card facilitates performing computational operations like encryption and decision making. One example of a smart card implemented as a “processor card” is illustrated in Prior Art FIG. 1. It is to be appreciated that a smart card can be implemented in various ways and programmed with various functionalities. In some embodiments, smart card 10 has a microcontroller 20 that includes a microprocessor 30, RAM 40, ROM 50, non-volatile memory 60, a cryptographic module 70, and a card reader interface 80. Other standard features of a microcontroller like a clock, a random number generator, control logic and so on may be present but are not illustrated.
Microprocessor 30 can be any of various central processing units that execute commands and control the device. RAM 40 can store calculated results and perform other typical RAM functions. ROM 50 can store fixed data, standard routines, and other typical ROM memory items. Non-volatile memory 60 (e.g., electronically programmable ROM (EPROM)) stores persistent information that should be maintained even when the card is not connected to a power source. This information includes, but is not limited to, a card identification number, a personal identification number, and so on. Cryptographic module 70 is an example of an optional hardware module on typical smart cards that performs a variety of cryptographic algorithms. Card reader interface 80 includes hardware and software that facilitates the smart card communicating with devices external to the smart card. Thus, the internal architecture of a smart card is well known.
The '942 patent describes a smart card being initialized with data placed on the card before the card is issued to a card user. This data can include data common to a large number of cards and a minimal amount of card unique terms like a serial number and personalization keys. The '942 patent then describes overcoming a limitation of conventional smart cards through the ability to add applications to traditional smart cards. While adding an application to a smart card after issuance increases the usefulness of the smart card, it may not facilitate using the smart card in card not present transactions in a way that provides adequate assurances that an offer was presented correctly, accepted in a verifiable manner, and transmitted securely to the offer or and/or other third party verifiers.
Other patents, for example, U.S. Pat. No. 5,781,723, filed Jun. 3, 1996, and issued Jul. 14, 1998, concern a smart card storing information that facilitates the smart card identifying itself to other computing units. The '723 patent describes a smart card architecture that enables a smart card to identify its type and properties to computing units with which it communicates. This communication may involve interacting with a certificate authority. However, the '723 patent, like the other patents described herein, does not describe and/or suggest functionality in a smart card that facilitates producing a level of trust in a transaction adequate to support verifiably trustworthy card not present transactions.
Some patents have attempted to address security concerns in card not present transactions. For example, U.S. Pat. No. 5,590,197, filed Apr. 4, 1995, and issued Dec. 31, 1996, concerns an electronic payment system and method that stores sensitive account information and public/private key processing. In a conventional point of sale credit transaction, a consumer physically presents their credit card to a merchant. The merchant can then verify the authentication information (e.g., signature, photograph, fingerprint, card verification numbers). The merchant can also transmit card information to a credit card servicer for authorization. Thus, the security of the parties involved in the transaction (e.g., authorized card owner, merchant, credit card account company) depends on the merchant authenticating the card, the merchant protecting sensitive account information, the credit card servicer protecting sensitive information, and so on. In this conventional model, much sensitive information is transmitted across an insecure network like the Internet. Furthermore, in this conventional type of transaction, the consumer credit card was likely bound to a credit card account at the credit card servicer very early in the life cycle of the card. Thus, this conventional point of sale credit transaction includes significant risks for all parties involved in the transaction. These risks are exacerbated in a card not present transaction, like when a consumer purchases an item across the Internet from their home computer. The merchant cannot authenticate the card by comparing signatures or fingerprints, and an additional transmission of sensitive information is made from the consumer's computer to the merchant's computer. Financial institutions may be reluctant to accept risk of fraud loss in card not present transactions, so the merchant typically must bear greater risk.
Thus, although numerous patents and products have attempted to address problems associated with insecure card not present transactions, improvements can still be made.