The development of computer communications has demonstrated a novel problem, i.e., how to be recognized, whether at a distance or not, by a correspondent who does not know us personally or by a data processing system with which one wishes to communicate, from a terminal, for example.
This development has assumed concrete form in the appearance of portable and non-portable electronic carriers, such as cards including a non-volatile, protected memory, which suggest numerous applications, especially intended for the general public. Reference may be made to U.S. Pat. Nos. 4,211,919; 4,264,912 and 4,310,897 for typical portable data carriers. Other forms of such devices are, of course, also known.
Thanks to the personalizing of these cards by data prerecorded in their memories, it has been possible to conceive of and put into practice systems enabling the authorization of persons or entities to perform protected operations specific to the intended applications.
All these applications give rise to an exchange of information in the form of a dialogue between at least one card and one terminal. From the moment where an exchange of information takes place, particularly of confidential information, it is imperative to implement controls charged essentially with verifying the validity of the information exchanged. This is all the more imperative because the idea of fraud must necessarily be associated with the idea of protected access or of a protected service.
Systems are already in existence in which a card enables access to protected fields. See, for example, U.S. Pat. Nos. 4,211,919; 4,224,666; 4,271,482 and 4,295,041. To improve the resistance to fraud on the part of these systems, a dialogue has been instituted which takes into account randomly selected passwords in such a way as to prevent a defrauder from reproducing a sequence of previous dialoge and gaining illicit access to the protected field. Such a system is described in particular in U.S. Pat. No. 4,471,261, the subject matter of which is hereby incorporated by reference.
Other systems allow a card to be used for financial applications. At the outset the card must be credited with a certain sum of money by a duly authorized issuing entity. To prevent attempted fraud, especially by modifying the amount credited on the card, the issuing entity protects itself by using a password to safeguard the control of the operations. An improvement has been made in these systems to enhance resistance to fraud, by using a specific password the value of which is correlated with a datum specific to the card by way of algorithm known solely to the issuing entity.
After being used several times, the credit on the card is used up and its holder must have a new credit inscribed on it. At the present time there are only two possible ways to recredit a card: Either the card is purely and simply no longer usable, and a new card must be reissued; or one must have the card recredited by the issuing entity solely authorized to perform such an operation. In both cases, the holder of the card must accordingly travel to the location of the issuing entity.
Thus far the cardholder has not able to have this card recredited at a distance, and in particular from his home. In fact, such an operation would necessitate the transmission of confidential information on the communication line connecting a terminal located in the home of the card holder with a system located at the issuing entity. This confidential information essentially comprises a customer key to permit the transaction equipment of the entity to certify the legitimacy of the card holder and furthermore a key specific to the entity transmitted to the card to enable the card to certify that it is indeed in communication with the terminal of the authorizing entity. From the moment that there is communication of confidential information, the possibility of fraud exists.