The present invention is in the field of electronic devices and equipment used in the processing and/or facilitation of financial and security smart card transactions (such as credit cards, debit cards, access cards etc.) using the existing magnetic card storage medium processing infrastructure.
Credit cards have been in use in the US and around the world for decades. Unauthorized or fraudulent use of credit card purchases for goods and services has been with the credit card and financial card industry ever since its inception. At least in the US, the culprit has generally been attributed to the use of multiple-track magnetic stripe or magstripe (typically three tracks) for storing all the pertinent personal and credit card account information (in tracks 1 and 2) of the cardholder. The information contained in the magnetic stripe (typically Track 2 for credit cards) is not visible or readable directly from the card except with the use of a special decoding equipment such as a magnetic stripe reader or magnetic credit card reader commonly used in today""s brick-and-mortar retail world for credit purchases of goods and services. It is a well-known fact that the cardholders"" vital information stored in tracks 1 or 2 of the magnetic stripe on the back of credit cards can be easily xe2x80x9cskimmedxe2x80x9d or stolen. Consequently anyone can in principle create illegally any number of these credit cards for fraudulent use and identity theft purposes. This indeed is the crux of credit card fraud and cardholder identity theft problems in the US today.
The advent of the so-called smart cards (smart credit or finance cards) first came about in Europe about three decades ago offered a lot of hope, then and now, for solving the credit card fraud and identity theft problems. Plastic cards are used as the carrier of microchips which can store much more information and much more securely than the magstripes counterparts. Indeed, with the development of modern cryptography technology in recent years, which enabled smart cards to have a high degree of security, the popularity of smart cards and their acceptance as financial and banking instruments by the consumers, at least in Europe, started to grow and flourish during the past decade.
Despite a great deal of efforts in advertisement dollars and the investment of literally hundreds of millions of dollars in system infrastructure made by numerous banking associations during the past five years or more, most notably American Express in the rollout of their so-called xe2x80x9cBlue Cardxe2x80x9d about two years ago, smart cards are simply not making any significant headway into the US marketplace. In other words, only a very small fraction of the US credit card holders today are using smart cards for credit purchases in the brick-and mortar retail world. For the very small percentage of smart card usage, most of them are used on the Internet.
Contrary to the situation in Europe today, where smart cards are the main stay for credit purchases for goods and banking services by the general populace, the behavior of most Americans towards smart card usage and acceptance in the US is generally considered as illogical, ridiculous (according to the Europeans) and difficult to explain. However, one can probably better understand the current smart card situation in the US by simply noting the fact that it took literally 20-25 years before the general public in the US accepts the use of the ATM (Automatic Teller Machine) cards for money withdrawal from the banks. The Bank of America first introduced such cards to the consumers in the early 1970""s and it is not until recently (starting a few years ago) that the American public embraces this wonderful convenience.
Thus one can argue that it is the ultra-conservatism of the American public towards the acceptance of new ideas and concepts about money that best explains why smart cards fail to be widely accepted in the US today. In addition to this seemingly simple but truistic reason, there are other economical factors that might also contribute to their behavior. First of all, one must not forget about the fact that there are at present over 20 millions magnetic card readers in use in the US today. That represents almost $10 B worth of hardware that have to be thrown away if one were to replace them with new smart card readers. That is indeed a lot of money to be written off by the merchants from the economical standpoint and something not likely to happen unless there is an overwhelming reason for them to do so. As far as the merchants are concerned, it is not just the magnetic card readers that they have to replace which to them is hard-earned money. They also have to retrain their employees to use the new smart card readers which represents additional business expenses that they have to bear. That is the reason why the merchants themselves are not enthusiastic in switching from the magnetic cards to the smart cards. When it comes to the question of who are influencing who between the consumers and the merchants, it is the latter that have the upper hand. It is more likely for the consumers to change over to use the smart cards if they find out that their magnetic cards are no longer universally accepted by the merchants.
Finally since the American economy is the number one economy in the world, whatever the Americans accept or not accept in financial or business undertakings usually has a tremendous impact on the actions and reactions for the rest of the world. Thus the fact that Americans today do not embrace the use of smart cards in the US, it has an important but regressive or unfavorable impact on the rest of the global citizens and businesses. Case in point, when Americans travel overseas, either for business or for pleasure, they only carry magnetic credit cards. That pretty much forces the merchants of other parts of the world to also equip themselves with magnetic card readers in addition to smart card readers. Otherwise they might stand to lose the business of those American travelers that happen to visit their territories. As for the Europeans, when they travel to the US either on business or for pleasure, they have to take with them magnetic credit cards otherwise they would not be able to purchase on credit goods or services in the US. Thus there exists an urgent need for a novel device and methodology that can serve as a xe2x80x9cbridgexe2x80x9d in order to link the magnetic cards world to that of the smart cards. In other words, the American consumers must best be provided with smart cards that would be compatible and useable with the magnetic card processing infrastructure in the US. The same holds true for world citizens other than Americans. They must also be provided with smart cards that can be recognized for use by the magnetic card readers in the US. Of course by being able to successfully link the two credit card worlds, the magnetic card and the smart card can coexist until such time that the smart card would ultimately be the one to use by choice of technology, common sense and uniformity.
Over the past two decades, literally dozens of devices and methodologies have been advanced and patented. They all share the common goal of trying to drastically reduce or totally eliminate all credit card frauds and identity thefts in those parts of the world today, including the US, where magnetic credit and debit cards, and not smart cards, are still widely in use for financial and credit transactions. As alluded to briefly above, since the rampant credit card frauds and identity thefts are still very much with us in the US today, it is evident that none of the ideas advanced and patented to date, implemented or otherwise, have been working effectively at all to alleviate this situation. In particular, no one has ever advanced, until the present invention, the idea of taking advantage of the secured aspects of the smart card and somehow teaming or working in tandem with it to arrive at a viable approach to solving the credit card frauds and identity thefts problem.
Instead, almost all of these novel devices and methodologies advanced and patented to date focus only in how to modify the current magnetic credit and debit cards. New operating features have been added to them with new processing algorithms implemented including the installation of new and more advanced electronic subsystems in order to render these magnetic credit and debit cards and/or systems fraud resistant under all manners of conditions wherein they are used. One can categorize all the prior art in this field generally into three groups. Group one has to do with the novel improvement, new features and configurations for standalone cards. Group two has to do with the advancement of new methodologies in the processing and transaction systems for financial cards. Group three has to do with the advancement of card systems hardware encompassing new technologies in electronic components, devices and subsystems.
Examples of Group I prior art inventions relating to the novel improvement, new features and configuration for standalone cards are disclosed in the following patents:
U.S. Pat. No. 4,614,861 issued to Parlov et al. in 1986 discloses a unitary, self-contained credit card which has the ability to verify a personal identification number (PIN) which is entered directly into the card by way of a keypad without the use of an outside terminal. Furthermore, a transaction identification code (TIC), which varies for each transactional use of the credit card, is automatically generated for later transaction validity verification after a valid PIN is entered and accepted by the card. While the idea of such an all-encompassing card advanced at the time was indeed novel in its capability of eliminating unauthorized or fraudulent use by individuals other than the cardholder, it suffers from a number of drawbacks judging from today""s technological and utilization viewpoints. First of all, this card is too complex to use and too expensive to manufacture in view of number of components that need to be incorporated onto the card. Second, the microprocessor used was not a modern-day smart chip with the level of security absolutely required by all today""s card-issuing banks. Finally, the card system is incompatible with existing magnetic stripe financial card transaction infrastructure and merchants who opt to use such a system must invest in new and expensive equipment in order to reap the system benefits. Consequently, such a credit card system has not achieved a widespread level of acceptance and usage by the general public.
U.S. Pat. No. 4,701,601 issued to Francini et al. in 1987 discloses a new and improved transaction card having a magnetic stripe emulator which can interface with the sensor or reader head of existing transaction terminals (magnetic card readers). A transducer means is provided to generate a varying magnetic field that extends beyond the surface of the transaction card. Such transducer means were claimed to be either a thin film head or an electromagnetic coil.
For the thin film head used as the magnetic stripe emulator, no description nor explanation was put forth by this patent as to how this device would function as a magnetic stripe emulator, not even in a very simple language. Instead U.S. Pat. No. 4,437,130 issued to Hennessy in 1984 for a device receiving multiple eight-track tape cartridges was cited as an example. But in actuality if a thin film head could somehow be successfully implemented on the surface of the transaction card, the only varying magnetic field that could be generated is perpendicular to the card surface and hence useless in emulating the magnetic field transitions encoded in a magnetic stripe, which is parallel to the card surface.
For an electromagnetic coil claimed to be usable by this patent as a magnetic stripe emulator, no description was put forth as to how this device would function as such. Consequently no working transaction cards advanced by this patent have ever surfaced because the claims of this patent have never been satisfactorily supported by the disclosure of a viable or demonstrable embodiment.
U.S. Pat. No. 4,786,791 issued to Hodama in 1988 discloses a data card using a simulator for magnetic stripes in generating a data signal. The data signal is generated by the use of a magnetic coil having a drive signal provided to it by a circuit on the card which simulates the magnetic flux reversals of the magnetic stripes. This is a very important prior art invention in that the inventor was the first one to recognize the fact that many different types of cards are in use today and much equipment is installed for reading the magnetic strips on the cards. Consequently any new card, in order to be practical, should maintain compatibility with the existing magnetic card equipment. As the magnetic stripe simulator, the inventor uses a coil consisting of about 80 turns of wire having approximately 0.006xe2x80x3 diameter and wound on a high permeability magnetic core material such that both the core and the windings are embedded in the card. The inventor further uses a circuit means for providing a drive signal having logic one and logic zero data values to the coil for generating a bit pattern which correctly simulates the magnetic flux reversals encoded on the magnetic stripe provided to the magnetic card reader.
U.S. Pat. No. 4,791,283 issued to Burkhardt in 1988 discloses a device and method for transferring data from a microprocessor located in a transaction card through a card reader by emulating a prerecorded magnetic stripe on a conventional transaction card such as a credit or debit card. Data is sequentially produced by the microprocessor within the card and applied to a xe2x80x9cmagnetic field generatorxe2x80x9d which produces magnetic fields that emulate prerecorded data on a conventional stripe of a transaction card. While the xe2x80x9cmagnetic field generatorxe2x80x9d of this invention does not require any specially designed magnetic card reader for data transfer, the device itself is extremely complex involving multiple integrating circuit processing steps for its fabrication. The overall cost for setting up such needed custom tooling and special processing equipment together with the delicate precision process development itself is staggering. This is probably the reason why such a xe2x80x9cmagnetic field generatorxe2x80x9d has never surfaced for use in the financial card transaction arena since its inception over 13 years ago.
U.S. Pat. No. 4,868,376 issued to Lessin et al. in 1989 discloses a general-purpose re-programmable intelligent transaction card. The card includes an alphanumeric keypad, an alphanumeric display and one or more input/output ports controlled by a microprocessor and programs stored in a memory associated with the microprocessor. The microprocessor is provided with an operating system and may be programmed or re-programmed for a specific application for a variety of applications. While the card can serve multiple functions, it suffers from several drawbacks that prevent it from being widely accepted by the bank community and the general public. These include its complexity in use, its innate incompatibility with the existing credit card transaction infrastructure and the resultant high cost of the card itself.
U.S. Pat. No. 5,130,519 issued to Bush et al. in 1992 discloses a portable Personal Identification Number (PIN) card which allows a user to enter a PIN code at a location remote from an authorization terminal. The PIN number is entered into volatile RAM and will remain active for some finite period of time. The PIN, along with a random number input from a remote computer is processed through a code matrix contained within the card to generate an image of the PIN (CGPIN), which can be compared at either the authorization terminal or at a remote computer.
A German publication No. 42 02 998 (1993) discloses a plastic xe2x80x98smartxe2x80x99 card which has a built-in coil located on the card in the position occupied by a magnetic strip on ordinary cards. The data contained in the memory of the smart card may be read using an inductive coupling between the coil and the head. The supply to the coil is provided by the electronic circuit chip of the smart card. The timing of the signals corresponds to that of a magnetic strip. No details were put forth as to what kind of a coil it is, whether it has a magnetic core, if so, what are the characteristics of it. Also there is no disclosure as to how this coil can inductively output the data stored in the memory of the smart chip or what kind of circuitry will be needed to achieve such a function. In any event, the essential teaching of this disclosure had been advanced earlier in U.S. Pat. No. 4,768,791 issued to Hodama in 1988.
U.S. Pat. No. 5,317,636 issued to Vizcaino in 1994 discloses a method and apparatus for secure credit card transactions. This invention describes a system apparatus used to authorize credit card transactions. This apparatus is made up of an authorization computer and a credit card that work in conjunction with each other to enhance the security of credit card transactions. More specifically, the system includes a smart credit card that has a microprocessor, associated memories and a liquid crystal display. The credit card is used to produce a unique verification number by processing a transaction sequence number with an encryption algorithm. The verification number is then displayed in the display device, and can be transmitted to the authorization computer along with a customer identifying account number. The computer, which is used for authorizing the credit card transactions for the customers of the credit card issuer, uses the account number to access an account file for the credit cardholder. That account file has the general account data for the given customer, as well as a transaction sequence number, which corresponds to the transaction sequence number stored in the credit card. Additionally, the account file contains a de-encryption algorithm, which is complementary to the encryption algorithm of the credit card, such that the computer can use the de-encryption algorithm together with the verification number to produce a computed transaction sequence number.
The computed transaction sequence number is compared with that stored in the computer to determine whether the two numbers correspond to one another. If they do, then the computer will authorize the transaction, and if they do not, then the transaction will be rejected.
Both transaction sequence numbers, the one in the card and the one in the computer, are changed by increment after the authorized transaction so that a different verification number is generated and used in the authorization in each subsequent credit card transaction. In other words, the verification number used in one particular transaction will not be useful again in a subsequent transaction.
This invention advances a viable methodology for preventing unauthorized usage for credit card transactions. However, such a methodology has several drawbacks. One drawback is that crucial information pertaining to the cardholder and the encryption algorithm are not stored in the memory of a secure microprocessor like the modern-day smart chip and consequently they are vulnerable to electronic piracy. Another drawback is that since the credit card number and the verification number generated for each transaction are both visibly made available to the merchant so that they can be sent for authorization, once the content of the card is illegally obtained, it would be difficult to safeguard against subsequent large scale fraud. Yet another drawback is the fact that transmittal of the encrypted verification number, which is an alphanumeric number comprising 14 or more characters, rather than the common 4-decimal-digit PIN, along with the user identifying credit card number, is not compatible with existing credit card transaction infrastructure. This represent a major roadblock for such system methodology to be widely accepted by the financial community.
U.S. Pat. No. 5,434,398 issued to Goldberg in 1995 discloses a xe2x80x9cmagnetic smart cardxe2x80x9d which takes advantage of the secure microprocessor of the smart card and also renders it compatible with the existing magnetic card readers. Two specific embodiments of this invention were advanced. The first one is a standalone magnetic smart card comprising a card base, a power source, a secure microprocessor which generates a modulated output corresponding to pre-selected card information, a ferromagnetic element embedded in the card base and arranged such that a portion of the element is positioned at a location suitable for interfacing with a magnetic card reader, and an inductor operative to induce in the ferromagnetic element a modulated magnetic field corresponding to the modulated output generated by the embedded microprocessor.
The second embodiment of Goldberg""s invention provides a portable, smart magnetic interface device for use with at least one magnetic card having a magnetic strip. This device is equipped with a housing, a power source, a secure microprocessor which generates an output corresponding to pre-selected card information, a slot associated with the housing suitable for accommodating the magnetic card, and a magnetic head associated with the slot and arranged to operatively engage the magnetic strip when the magnetic card is inserted into the slot for inputting or erasing information from the said magnetic strip.
Although inventor Goldberg (U.S. Pat. No. 5,434,398) clearly had the right idea, like inventor Hodama (U.S. Pat. No. 4,786,791) in taking advantage of the secure smart chip to combat frauds and identity thefts while maintaining the usage of the existing magnetic card transaction and processing infrastructure for cost and merchant acceptance considerations, the teachings of this patent have several shortcomings. First, let us consider the patent""s first embodiment. In the arena of financial cards, unit card cost to the issuers is exceedingly important and this invention""s xe2x80x9cmagnetic smart cardxe2x80x9d is expensive. Second, unlike Hodama""s teaching in U.S. Pat. No. 4,786,791 (1988) on how the simulator for the magnetic stripe should work and be implemented, inventor Goldberg""s explanation in how his xe2x80x9cinductorxe2x80x9d operates is unclear and imprecise. Finally, even though this is a xe2x80x9cmagnetic smart cardxe2x80x9d, apart from the fact that it works with a conventional magnetic card reader, it does not work with a smart card reader. As for the second embodiment put forth by the inventor, there is no perceived advantage over the first embodiment. The portable, smart, magnetic interface device is equally costly if not more so than the standalone xe2x80x9cmagnetic smart cardxe2x80x9d.
U.S. Pat. No. 5,789,732 issued to McMahon et al. in 1998 discloses a consumer data device of a plastic encased, credit-card sized case containing a memory for data and transaction retention, an LCD display for displaying information, an LCD display for bar-codes to be read by a bar-code scanner, a controller to scroll through stored information, and a data communication link via spread-spectrum RF or direct electrical contact to a host computer. Although many of the elements advanced by this invention have potentials for exploitation in the design and implementation for future financial cards, this prior art is not as useful as others and its inclusion is primarily for the sake of completeness only.
U.S. Pat. No. 5,955,961 issued to Wallerstein in 1999 discloses a programmable transaction card which enables accessing a selected one of a plurality of different accounts with the same or different financial institutions through communication with an authorization center while providing important anti-fraud features. The transaction card includes a keypad for selecting a desired account and for entering optional identification information for the card. The transaction card generates an account number corresponding to the selected account. The account number, together with the identification information, if entered, is presented in a form that is readable by a reader device but is not discernable by the human eye, e.g. by emulation of a magnetic strip or an optical pattern. After a reader device (magnetic or optical reader) reads the account number and the identification information during a transaction, the account number and the identification information are transmitted to the authorization center for verification and access to the selected account.
In order for this transaction card to perform all the above-mentioned chores, it has to pack away so many features and devices in the card that it becomes overly cumbersome and complicated to use for an average consumer. For example, the incorporation of the feature of being able to select from a plurality of different accounts necessitates the use of an awkward thumb-wheel switch on the card, which is very user-unfriendly. The same applies to the situation when tonal identifying controls are added to the card, which will certainly make the latter even more complicated to use. But the most significant disadvantage of this invention is the high cost for producing the card which is the most critical and sensitive criteria for card issuers to consider before adopting the use of any card for their customers.
On the technical side, the inventor of U.S. Pat. No. 5,585,787 did not disclose the details how he envisions the use of an inductor coil for generating a time-varying magnetic field that appears to the card reader as if a conventional magnetically encoded card had been xe2x80x9cswipedxe2x80x9d through the reader head Instead he cited the embodiment of an analog drive circuitry described in U.S. Pat. No. 4,868,376 issued to Lessen et al. in 1989 as an example of accomplishing such a feat. However, no details were expounded in the cited U.S. Pat. No. 4,868,376 as to the exact nature of the coil, its magnetic properties such as its core composition and permeability, number of winding turns per inch, length of the winding coil etc. Furthermore no mention was made to Hodama""s magnetic stripe simulator (U.S. Pat. No. 4,868,376) which is clearly an important prior art.
U.S. Pat. No. 6,089,451 issued to Krause in 2000 discloses a transaction card system for authenticating the use of transaction cards having a magnetic stripe. The system involves the use of a card possessing a non-standard magnetic stripe. Specifically the magnetic stripe disclosed has a coercivity approximately an order of magnitude lower than the 300 oersteds value for a standard low coercivity magnetic stripe card. The card receives input from a user and determines if the input is valid. If the user""s input is valid, the card responds by enabling said non-standard magnetic stripe thereon. The magnetic stripe is enabled for a limited time after which it is disabled. In this patent, the inventor discloses a transducer which can convert electrical energy supplied by the energy source into magnetic energy which can write data to the magnetic stripe in a predetermined format. By passing just a single current through a xe2x80x9ccircuit of wirexe2x80x9d, magnetic fields can be produced in designated locations along the magnetic stripe so as to simulate digital data encoded on same.
There are two basic drawbacks in the above disclosed embodiment. First, in order to generate strong enough magnetic fields to xe2x80x9cencodexe2x80x9d digital data onto the magnetic stripe using just a single continuous wire forming a xe2x80x9ccircuitxe2x80x9d or desired spatial pattern, a large current, typically several amperes, has to be deployed. Thus from the consideration that only a limited capacity energy source is available onboard the card, the standard low coercivity magnetic stripe (300 oersteds) is too high for use as the magnetic storage medium for this disclosed embodiment. Instead, a much lower coercivity magnetic stripe having an xe2x80x9cidealxe2x80x9d coercivity of only 30 oersteds must be used. The use of such a low coercivity magnetic stripe cannot guarantee the integrity of the dynamically encoded digital data for card transaction purposes, even though it may only take a few minutes in most cases to complete a transaction. Second, the transducer disclosed can only xe2x80x9cencodexe2x80x9d one particular digital data package (equivalent to one credit card""s worth) onto the non-standard magnetic stripe because the so-called xe2x80x9cwire circuitxe2x80x9d or the spatial pattern of the wire is fixed and is therefore invariant. No details were put forth in the disclosure as to how to render this transducer capable of xe2x80x9cencodingxe2x80x9d different digital data packages at different times on demand onto the non-standard magnetic stripe. The only skeletal teaching was afforded as xe2x80x9ccoils of wires, multiple current carrying conductors together, printed circuits, etc. all may serve to task without deviating from the objective which is to convert electrical energy into magnetic energy in a spatially distributed manner.xe2x80x9d
U.S. Pat. No. 6,095,416 issued to Grant et al. in 2000 discloses an authorized card, such as a credit card, having a security feature. The authorization card generally has two operational states, a disabled state and an enabled state. In the disabled state, which is the default mode of operation, access to confidential information stored on the card is denied. The card remains in the disabled state until a PIN code is entered on a keypad provided on the card. Once the card is enabled, access to the confidential information is permitted for a predetermined period of time, after which the card reverts back to the default disabled state. Such a security feature could be implemented on a magnetic card, an electronic smart card, and passive electronic card.
U.S. Pat. No. 6,188,309 B1 issued to Levine in 2001 discloses an intelligent credit card which includes a keypad for inputting numbers and other information, a processor for controlling the operation of the credit card, a power source, and an output device for selectively outputting the credit card number when the card is activated. The output device is a magnetic strip. A user inputs a sequence of numbers using the keypad. The received sequence of numbers are compared to a stored PIN number if the sequence of numbers matches the PIN number, the card is activated, and the credit card number is outputted using the output device.
U.S. Pat. No. 6,206,293 B1 issued to Gutman et al. in 2001 discloses a magnetically communicative card having a ferrite core extending substantially the width of the card body and has a conductor wound around the ferrite core for the entire length of the ferrite core. Embedded within the card body is a controller that controls a varying magnetic field emanating from the conductor to mimic a varying magnetic field produced by a conventional magnetic stripe card. Optionally, the card includes a sensor to sense a signal intercepted by the conductor from a varying magnetic field emanating from another device. The controller reads the sensed signal to receive communication from the other device.
U.S. Pat. No. 6,223,984 B1 issued to Renner et al. in 2001 discloses an intelligent card reader to replace existing magnetic stripe readers, bar code readers, and Wiegand effect readers without the need for expensive retrofitting of existing computer systems which are coupled to the existing readers. The intelligent card reader can replace the aforementioned readers and yet remain compatible with their existing interfaces by emulating a magnetic card reader, a Wiegand effect reader, or a bar code reader.
U.S. Pat. No. 6,257,486 B1 issued to Teicher et al. in 2001 discloses a smart card, smart card reader, and system for secure entry of a secret personal identification number (PIN) directly into the smart card while the card is presented to the reader. Because the user""s PIN is entered directly into the smart card itself, and not propagated outside the smart card, the PIN cannot be covertly obtained through the use of a compromised reader or other device in the system. A PIN keypad on the smart card allows user entry of the PIN, and an authentication unit within the smart card verifies that the PIN is correct. The reader merely supplies electrical power for the smart card to take the PIN entry and perform the authentication, but does not handle the PIN itself in any way. The reader, however, is designed to allow access to the keypad on the smart card while the smart card is being presented. The reader may also have a separate keypad of its own for use with conventional smart cards that lack a keypad.
Examples of Group II prior art inventions relating to advancement of new methodologies in the processing and transaction systems for financial cards are disclosed in the following patents:
U.S. Pat. No. 4,650,978 issued to Hudson et al. in 1987 discloses a rather complicated xe2x80x9cbankxe2x80x9d cash card system for handling fund transfer transactions between a payor and a payee having a magnetic xe2x80x9chysteresisxe2x80x9d security arrangement. A cash card has a magnetic stripe on which the available cash balance, the identification and security information are scramble-recorded. A transaction register machine reads data form the card, carries out the transaction and records the new account balance on the card. The modified information is restored on the card in the form of a re-scrambled code. The transaction register machine also includes a magnetic tape of the cassette type or disk for storing each transaction thereon for further processing of the information at a remote data processing center. The transaction register machine further includes a main keyboard on the side of the payee for displaying the cash balance on the card. The main keyboard is responsive to the to the cardholder""s keyboard which has a slot for insertion of the card for verification by entering the correct identification number known only to the cardholder. Again, the complexity of such a system, together with its inherent incompatibility with the existing magnetic credit card transaction infrastructure, has proved to be too much of a barrier for the system to be widely accepted and implemented by the financial community.
U.S. Pat. No. 5,627,355 issued to Rahman et al. in 1997 discloses a security equipment protecting the relaying of account numbers and personal identification numbers (PINs) by telephonic or other communication link. This equipment includes a host computer and a remote portable transaction device that interact with one another. A credit granting institution generates an account number and a series of unique personal identification numbers for each account number. This information is stored in the host computer""s memory and is assigned as a reference series to an individual customer account number. An identical series of numbers in the same sequence is stored in the memory of the remote device. In operation, the customer account on the host computer is activated and the host computer""s memory is indexed sequentially to the first number in the reference series. During use of the remote device, a unique personal identification number is added to the customer account number and transmitted to the host computer. There it is compared to the account number and personal identification number in the reference series. The computer will authorize the transaction if the number in the stored series is identical to the number in the reference series; otherwise the transaction will be denied or questioned.
The method advanced in U.S. Pat. No. 5,627,355 for preventing theft of credit information, in particular the personal identification numbers (PINs), has a number of operational disadvantages. In this patent""s teaching, the credit card number is always visible for use by anybody getting hold of the card. This number, along with a special PIN visibly generated on command on the card which varies sequentially in synchronism with the issuer from transaction to transaction, must be passed on to the credit granting institution for authorizing the transaction. Even though the PIN is unique for each transaction, there is nothing to prevent anyone in possession of a stolen card from sequentially generating the right combination of the PIN and account number, even though it might take some time to successfully carry out an unauthorized transaction.
Furthermore, it is operationally questionable whether or not the method taught in U.S. Pat. No. 5,627,355 is actually scaleable. Because the host computer has to store so many PIN numbers (literally hundreds for each customer alone that has multiple credit cards form different issuers), access time and memory capacity of the host computer may become critical parameters in terms of whether the processing system will function smoothly as the number of cardholders continues to grow. The same problem might surface when occasional but unavoidable system glitches take place due simply to too much load or demand for card approval or reconciliation.
U.S. Pat. No. 5,754,652 issued to Wilfong in 1998 discloses a method for sequentially encrypting the digits of a personal identification number, and an apparatus for practicing the method. According to the method, a random number is generated and supplied to a user requesting access to a system. The user encrypts a digit of his personal identification number by performing a function on the random number and the digit and then provides the encrypted digit to a verification system. A second random number is then generated, provided to the user, applied to encrypt another digit of the user""s personal identification number and then input to the verification system. The dialogue between verification system and the user continues, digit by digit, until each digit of the personal identification number has been provided to the verification system in encrypted form. The verification system then compares the encrypted input with the user""s personal identification number accessed from memory.
U.S. Pat. No. 5,844,497 issued to Gray in 1998 discloses a method and apparatus for controlling access to at least one program on a computer by verifying data entered through a keyboard with data stored on a token such as a card, while isolating the entered data from the computer. The apparatus includes a verification device, external to the computer, which receives the entered data and compared it with data stored on the card. The verification unit then generates a status signal indicative of the result of the comparison, the verification device is operable in a first mode wherein data provided to the verification unit via the keyboard is not provided to the computer. The verification device is also operable in a second mode, wherein at least one program on the computer is accessible via the keyboard when the data from the keyboard matches the data from the card. When operating in a third mode, communications are restricted to that between the verification device and the computer. The verification device operates in one of the three modes in accordance with commands from the computer.
U.S. Pat. No. 5,917,168 issued to Nakamura et al. discloses a terminal for carrying out at a private location a transaction consisting of alteration of a token value stored in an IC card issued to a cardholder via an on-line transaction session with an operatively compatible terminal at a remote location. The private terminal establishes data links with the IC card and the remote terminal and passes secure authentication and transaction messages between them via these data links, relying on the IC card and the remote terminal for message security.
U.S. Pat. No. 6,075,861 issued to Miller II in 2000 discloses an entry access system includes a locking mechanism enabling authorized entry at a secured entry point to a closed access area or computing device. Entry is approved in response to an interaction between an intended entrant and the entry access system that involves an interchange of multi-digit numbers and use of ID and PINs for generation of a multi-digit check number to establish authenticity of a request for entry.
Examples of Group III prior art inventions relating to the advancements of card systems hardware encompassing new technologies in electronic components, devices and subsystems are disclosed in the following patents:
U.S. Pat. No. 4,742,351 issued to Suzuki in 1988 discloses an IC (integrated circuit) card system of the type in which IC cards are identified when they are connected to an external device such as a terminal. When an IC card is inserted into an IC card terminal, the PAN (primary account number) data read out from the IC card is compared with the decrypted PAN data for identification purposes. Then, the IC card is removed from the terminal. The PIN data input to the IC card is compared with the PIN data pre-stored in the IC card, the results of the comparison are used to identify the validity of the IC card, the terminal, and the card owner.
U.S. Pat. No. 4,849,613 issued to Eisele in 1989 discloses a methodology and equipment of an operating procedure and to a device for making an electronically authorized determination of a matter as well as to a computer device for implementing the operating procedure. The objective is the electronically authorized determination of an individual matter and the remotely authorized individual differentiation of a transaction authentication requiring on the part of the authorized person. With the exception of the authentication concept, this prior art has very little to do with the operation and processing of financial cards and is included here for the purpose of completeness.
U.S. Pat. No. 5,770,849 issued to Novis et al. in 1998 discloses a smart card device including a portable housing with a viewing aperture and a visual image display positioned to provide an image at the aperture of information contained on a smart card as well as transactions processed in response to data transmitted by a transceiver between a host database and the smart card device. The primary purpose of this invention is to provide new and improved apparatus for viewing and utilizing information stored on a smart card. This prior art is also included in the current disclosure for the sake of completeness.
U.S. Pat. No. 5,818,030 issued to Reyes in 1998 discloses a secure, smart credit card having the same basic dimensions of a standard credit card. This invention provides a security system that uses the concept of a key, which, when removed prevents unauthorized use of the card. The so-called dual device system has tow parts. A first part is a micro-programmable central unit (CPU) in the main body. The second part is an engageable intelligent micro-memory module that functions as a key unit and is configured to join the main body to form an engaged unit having the general dimensions and appearance of a xe2x80x9csmart credit-type card.xe2x80x9d The CPU of the main body and instructions are designed to operate in conjunction with the external intelligent micro-memory module or key unit. The key unit stores the programs and date required by the processor CPU in the main body to allow the user to operate the credit card system. Although such a credit card system has the ability to help prevent unauthorized or fraudulent use, it is unlikely that this system will be widely accepted in the financial community because of its operational complexity from the user""s standpoint, and its questionable compatibility with the prevalent credit card transaction processing infrastructure.
U.S. Pat. No. 6,010,066 issued to Itou et al. in 2000 discloses a portable terminal device in which electronic money IC (integrated circuit) cards storing electronic monetary information are inserted, and with which the electronic monetary information can be read out and/or written into the cards. One of the primary objects is to provide a portable terminal device for electronic money IC cards, hitherto unavailable, into which at least two electronic money IC cards can be inserted and with which monetary data of them can be transferred to and/or exchanged with each other.
U.S. Pat. No. 6,012,636 issued to Smith in 2000 discloses a multiple application card data system comprising a data management device and a user card (a dual component system). This credit card system is, by design, complicated. A user can carry a single card that may be modified at will to be, in effect, a clone for any one of the user""s provider data cards, through the use of a companion data management device that can store data from a plurality of provider data cards. However, the system requires a user""s interaction in order to transfer data from the data management device to the user card. In addition, the data management device also stores a digital data representation of the user""s fingerprint for verifying the user""s identity when compared with an actual scanning of the user""s fingerprint image by the same device during the process of authentication. Thus, the user""s identification verification is by no means a simple procedure. Furthermore, the user card itself comprises two memories for storing data, the first memory stores data issued by a service provider and the second memory stores a set of data unique to the user. Before the user""s scanned fingerprint image can be used for identification purposes, the data management device must first verify the data contents of the two memories resident on the user card without even raising the issue of the questionable public acceptance today with regards to using fingerprint imaging as a form of personal identity, the procedures the card user must endure in order to safeguard the card""s security against unauthorized use are far too complicated. It is believed, as advanced in the current invention below, a much simpler and much less costly card system that will work just as well against unauthorized fraudulent use identity thefts of financial cards.
In examining and analyzing the exhaustive prior art presented above in finance cards, their transaction and processing methodologies and new equipment and subsystems, it counters one""s intuition and logic to observe that each of the prior art inventions to date addresses the overall card security problem mostly from a very narrow point of view. Not one single prior art patent tackles the problem of today""s credit card frauds and identity thefts (at least for magnetic cards) using a total picture approach that takes into considerations the real issues and needs for the solution of this problem. Very simply, one can describe the current total picture as follows. Credit card frauds and identity thefts are still rampant today in the United States with no sign of abatement. One solution clearly has stood out for adoption over the past several years and that is the use of smart cards in lieu of the magnetic cards. However, due to the colossal cost of replacing existing magnetic card readers and the needed retraining of workers from the standpoint of the merchants, and the proven slow acceptance of new monetary device and equipment by the conservative American public (e.g. the ATM cards), the smart card solution to date has simply not been working. It is amply clear that a new and novel device and methodology is urgently needed that can serve as a xe2x80x9cbridgexe2x80x9d to link the world of the magnetic cards to that of the smart cards. However, such a device and methodology must afford very low unit cost cards and very low unit cost accessories (if needed). Furthermore, this novel device and method must possess a very high efficacy of eliminating finance card frauds and identity thefts. They must be very simple and easy to use without any appreciable resistance from both the merchants and the consumers. Finally, this novel device and methodology must be technically sound and have no measurable risk in both its implementation and fast-track adoption by the general public. The current invention in the Magnetic Stripe Bridge (MSB) is just one such device and methodology.
It is therefore a primary object of the present invention to provide improved methods and systems for linking the attributes of smart cards to those of the existing magnetic stripe card infrastructures.
A further object of the present invention is to provide a unique bridge device to accomplish the functional linking of xe2x80x98nakedxe2x80x99 smart cards to the magnetic stripe (or strip) card infrastructure to provide additional levels of security to the linking process by virtue of a transaction number generator carried within the smart card.
The objective of the present invention is to take advantage of the secured characteristics of smart cards to devise a methodology with associated hardware that would eliminate magnetic card frauds and identity thefts. More precisely, such a scheme acts in effect like a xe2x80x9cbridgexe2x80x9d that would link the world of the vulnerable magnetic financial cards with that of the secured smart cards. With the use such a xe2x80x9cbridgexe2x80x9d, one can take advantage of the secured attributes of the smart financial cards while still be able to use the existing magnetic financial card transaction and processing infrastructure to eliminate the need for expensive reader replacement, personnel retraining and most of all, to be accepted by the conservative American public with minimum resistance.
Another objective of the present invention is to extend the usage of this xe2x80x9cbridgexe2x80x9d whereby other extremely sensitive and vital personal information such as one""s medical records, names of one""s physicians and names of relatives to notify in case of emergencies, insurance policy number etc. can be securely stored in the smart chip of the same financial card. This private and vital information could be made available to relevant authorized individuals such as ambulance operators or emergency care center personnel. If the ambulances and emergency care centers are equipped with relatively inexpensive magnetic card readers that can read vital data from track 3 of the magnetic strip, and by a priori arrangement they have access to one""s medical PIN number for track 3, then in the case of an emergency, one""s vital medical records can be made readily available for use by the healthcare personnel. In certain circumstances that could mean the difference between life and death for an individual.
The present invention has to do with a novel xe2x80x9cbridgexe2x80x9d device and methodology that couple or link the world of the smart cards to that of the magnetic credit cards as discussed earlier above. As its name implies, this device is called the xe2x80x9cMagnetic Stripe Bridgexe2x80x9d or MSB The main function of the MSB is to interface the smart card after authentication by same to a magnetic card reader for credit transaction and processing. As such any smart card is effectively transformed via the use of the MSB instantly into an ordinary magnetic credit card and admissible for use by any existing magnetic card reader.
The Magnetic Stripe Bridge is arranged as a plastic encased, credit-card sized case. It houses an electrical power source, a microprocessor, a ten or more digits alphanumeric LCD display, a 16-characters keypad, a contact pad for electrical interfacing with the smart card upon proper registration and a magnetic stripe simulator in the form of a flat multi-turn wire-wound coil with a similarly-shaped high permeability magnetic core. A card slot is located on the top right hand side of the housing for accommodating the horizontal insertion (from right to left) of a smart card. In a preferred embodiment of the present invention, the bottom one-third of the housing (xcx9c1.00xe2x80x3) is a thin section with a thickness roughly the same as a conventional magnetic credit card or 0.033xe2x80x3. The magnetic stripe simulator is centrally embedded in this thin section and approximately 0.40xe2x80x3 from the bottom edge. This thin section arrangement for the case allows the MSB (with or without the inserted smart card into its side) to be centrally inserted from the top into any magnetic card reader with the magnetic stripe simulator properly engaging the reader head.
Consider now briefly the overall operation of the MSB into transforming a regular smart card instantly into a card (magnetic) that is admissible for transaction and processing by a conventional magnetic card reader. A smart card is first inserted into the MSB through a card slot located on the right hand side of the case housing. A proper insertion will activate via a contact switch or software provision the microprocessor-controlled circuit inside the MSB while at the same time bring the smart card contact pad into registration with the corresponding springy contact pad inside the MSB and thereby powering up the smart chip of the smart card via the MSB battery.
The microprocessor inside the MSB (hereby referred to as the MMSB) initiates an ATR communication with the smart chip according to the standard ISO 7816 protocol. After the communication is properly established, the MMSB effects a xe2x80x9cxe2x80x9cENTER PINxe2x80x9dxe2x80x9d message on the LCD of the MSB. The smart card cardholder is requested to enter his or her 4- or 6-digit PIN number using the keypad on the MSB. The MMSB then communicates this information to the smart chip for verification. After the smart chip verifies this PIN number to be valid, it sends over to the MMSB all the magnetic stripe track 2 data information plus a 3-digit transaction number. After that the smart card has nothing more to do and can be pulled out of the MSB card slot for safekeeping.
Upon correctly receiving and storing all the transaction data information from the smart chip, the MMSB effects another message xe2x80x9cOK 4 READERxe2x80x9d on the LCD. At this point the MSB takes over the role as the xe2x80x9cmagnetic-card-reader-admissible smart cardxe2x80x9d. The merchant or sales clerk can now treat the MSB as if it is a valid magnetic credit card transformed from the smart card. In one preferred embodiment of the MSB, the merchant can simply swipe the thin section of the MSB through the magnetic card reader and the transaction will be put through to the existing magnetic card processing infrastructure for any conventional magnetic credit card. In another preferred embodiment of the MSB, the merchant can simply place the thin section of the MSB into the slot of the magnetic card reader from the top and approximately centers it in the middle of the reader where the reader head resides. He then pushes one of the designated keys on the keypad of the MSB to begin the transaction.
In either of the two preferred embodiments of the MSB described above, the merchant can xe2x80x9cswipexe2x80x9d or xe2x80x9ccenter and push buttonxe2x80x9d the MSB several times just like he is handling an ordinary magnetic credit card.
In the event that the smart card cardholder""s PIN number is not valid, the smart chip automatically keeps account of how many consecutive times an invalid PIN number is being tendered. Every time the smart chip rejects a tendered PIN to be invalid, that information is relayed back to the MMSB. At which point the MMSB will effect a xe2x80x9cTRY AGAINxe2x80x9d message on the LCD display. After three, illustratively, consecutive times of an invalid PIN number being tendered to the smart chip for verification, the smart chip will no longer verify any additional PIN numbers and it will take itself out of the service. Meanwhile the MMSB will effect a xe2x80x9cINVALID PINxe2x80x9d on the LCD display and shuts itself down and leaves the LCD display blank. However, to re-activate the MSB after its shutdown, one simply has to pull out the smart card (if it is still engaged with the MSB) and re-insert it to resume operation. If the smart card has already been pulled out of the MSB, one simply re-inserts the smart card again to achieve the same result.
One of the greatest advantage of the current invention of the Magnetic Stripe Bridge (MSB) and its methodology is the fact that it leaves both the old magnetic card world and the new smart card world virtually undisturbed. The present invention merely serves as the vital xe2x80x9cbridgexe2x80x9d that links these two worlds together in order to achieve the heretofore almost impossible task of convincing the cost-conscious merchants and the conservative American consumers to buy in on the secure smart card technology in a much shorter time frame. It is important to point out that the cardholders themselves do not have to carry the MSB with them. Rather, it is only the merchants, if they care to do new smart card business, that need to have the MSB ready for the new smart cards using their old magnetic card readers.
Even more importantly, the present invention is one that is easily affordable by both the card-issuing banks and the merchants. First of all, the burden of the meager cost for the MSB (only a few US dollars when manufactured in millions quantity) is not borne by the issuing banks nor by the cardholders. When the issuing banks decide to issue smart cards in lieu of the traditional magnetic cards, the incremental cost is relatively small, estimated to be less than US$ 0.50 per card. However, by issuing these secure smart cards, the issuing banks stand to reap huge financial benefits in fraud reduction and in the scaling down of personnel counts needed to service the growing fraud complaints from customers and merchants alike.
For the cardholders, if there is no fee increase or other charges, there is an excellent chance that they will buy in on the new smart cards just because they no longer have to worry about losing their cards that could lead to frauds and identity thefts, not to mention the many new smart card features, e.g. the storage of their own vital personal medical record on the same smart card, that they now can enjoy and take advantage of.
From the merchants"" standpoint, it is for them really a matter of practicing good business. For the investment they have to put up (in most cases a handful of MSB""s at a few dollars each), not only will they not lose new smart card business, they also are in line to reap the financial benefits and time savings with the issuing banks because of the overall fraud reduction of credit cards.
We have mentioned earlier that the present invention literally will leave both the magnetic card world and the smart card world undisturbed. It is relatively easy to have a smart card mimic a conventional magnetic card. All one has to do is to have the track 1 and track 2 data for a card belonging to a particular cardholder stored in the EEPROM (Electrically Erasable Programmable Read Only Memory) of the smart chip. We mentioned earlier that after the smart chip verifies the PIN of the cardholder to be valid, it sends the track 2 data over to the microprocessor of the MSB (MMSB) to be transmitted subsequently to the magnetic card reader for transaction processing. In addition it also sends over a 3-digit transaction number which is automatically updated by the smart chip every time it verifies a valid PIN number and sends over the track 2 data belonging to the cardholder. Thus the track 2 data processed for every valid transaction for the card is actually dynamic. In other words the valid credit card number of the cardholder is always accompanied by a variable 3-digit transaction code. Only the issuing bank would know the algorithm governing the updating of this transaction number every time the cardholder legitimately uses the card. Therefore, even though the cardholder""s name and valid credit card number can be embossed on the smart card like any conventional magnetic credit card, skimming of this information from the card is insufficient to commit a fraud against the cardholder because of this dynamic 3-digit transaction number. What we have shown here is just one embodiment example in the methodology of the present invention. Other anti-fraud schemes can be implemented and used in coordination with the smart chip including those currently used by most issuing banks.
Another equally important advantage afforded by the present invention is the very low technological risk associated with the realization of the MSB. Unlike many prior art inventions listed and discussed above that require implementing more and more components and features onto the card (magnetic or smart types alike), both the technological complexity and their unit production cost will correspondingly and significantly rise. But even more worrisome is the reliability issues for these cards and their ability to meet the stringent ISO compliance standards, both in whether they will be able to actually meet such standards and how long it will take them to do so. For the present invention, we are dealing only with the so-called xe2x80x9cnakedxe2x80x9d smart cards, i.e. cards that have only the smart chip on them and nothing else. These xe2x80x9cnakedxe2x80x9d smart cards have been reliably manufactured in millions during the past 2 decades. They all have no problems to date meeting the stringent ISO compliance standards for smart cards.
As far as the MSB itself is concerned, with the exception of the magnetic stripe simulator, which has excellent demonstrable prior art, most notably U.S. Pat. No. 4,786,791 (1988) issued to Hodama, the other components are routine and the complexity of the MSB unit less the simulator likens to nothing more than just a credit-card sized calculator which has been produced in the millions with extreme cost effectiveness since the 1960""s. Furthermore Hodama""s xe2x80x9cmagnetic stripe simulatorxe2x80x9d prior art invention has been greatly improved in efficacy and reliability by the present inventor. The prior art analog circuit for driving the coil has been replaced with a microprocessor for achieving more precise and more energy-efficient driving. The coil itself is now wound with smaller diameter (0.003xe2x80x3) and much better insulated wire for achieving an even more compact and closer-spaced winding for the coil. As a result of these improvements to the xe2x80x9cmagnetic stripe simulatorxe2x80x9d, the MSB of the current invention can be readily produced in very large quantities and at a very low unit production cost.
Finally, another significant advantage of the present invention lies in the fact that the MSB and the accompanying methodology not only links the two worlds of finance cards together in forging the smart card forward, it also allows the usefulness of the magnetic card to expand into new and much needed areas by exploiting the secure attribute and superior capability of the smart chip, and also the popularity, ubiquity and trust by most Americans in the magnetic cards. In essence, the xe2x80x9cmagnetic stripe simulatorxe2x80x9d not only can simulate track 2 data but easily track 1 and track 3 data as well. Unlike the track 2 data which is only numeric, data format in tracks 1 and 3 are alphanumeric. The fact that the data density in both tracks 1 and 3 (210 bpi) is almost three times as dense as track 2 (75 bpi) poses hardly any problem for the brilliant xe2x80x9cmagnetic stripe simulatorxe2x80x9d prior art (U.S. Pat. No. 4,786,791 issued to Hodama in 1988) and the improvements subsequently advanced to it over the years (U.S. Pat. No. 5,434,398 to Goldberg in 1989, U.S. Pat. No. 5,955,961 to Wallerstein in 1999 and the present invention).
The embodiment of the present invention is not limited to the deployment of just one xe2x80x9cmagnetic stripe simulatorxe2x80x9d to emulate data encoded in track 2 of the MSB but can be extended to any number from one to three emulating all three tracks of a magnetic stripe. Since any data stored in the smart chip is secure, one""s personal and vital medical records can certainly be safely stored there. These secure data can be outputted through track 3 of the MSB upon entering a special medical PIN number for the cardholder. This medical PIN number is accessible only to certain authorized health professionals such as the ambulance operators and the medical staff of emergency care centers equipped with a magnetic track 3 reader. This is but one example to show how the magnetic card world can be expanded for use in other information areas when linked to the world of the smart cards.