Exemplary embodiments disclosed herein pertain to electronic security. More particularly, exemplary embodiments disclosed herein pertain to electronic cards implementing security protocols.
There are a great many applications for electronic security. For example, security is desirable or required for financial transactions, or for providing access to various physical and non-physical resources. One area of great concern for electronic security is in the field of financial transaction cards, e.g. credit and debit cards.
Conventional credit cards, debit cards and other financial transaction cards hereafter “transaction card” have a typically plastic body upon which is embossed a 16 digit account number and other data. A magnetic strip, usually referred to as a “stripe”, is adhered to the back of the card, and also includes the account number and other data. The stripe allows the transaction card to be read by a card reader, hereafter referred to as a “legacy card reader.”
There are many security problems with conventional transaction cards. For one, the stripe is static and is not encrypted, allowing transaction card thieves to “steal”, in the virtual sense, the data from the stripe and use it for unauthorized transactions. Also, a stolen conventional card can be freely used by the thief unless until it is cancelled.
In addition to a lack of security, conventional transaction cards are also quite limited in storage capacity. To address this problem, the “Smart Card”, i.e. a transaction card including an on-board processor and digital memory, has been developed. By providing an on-board processor and digital memory, a transaction card can implement security protocols such as encryption, store user information, etc.
A common standard for Smart Cards is referred to as the ISO 7816 standard. With this protocol, a Smart Card is provided with an electrical interface including a number of electrically conductive and externally accessible contact pads which are coupled to an embedded secure processor. The Smart Card is inserted into a Smart Card reader which makes electrical contact with the contact pads to provide power to and communications with the secure processor. Smart cards can also include a conventional stripe, which does not in any way interact with the secure processor.
While broadly adopted abroad, Smart Cards have not been extensively adopted in the U.S. A major reason for this is the investment made by millions of merchants in legacy card readers, which cannot communicate with the secure processors of Smart Cards. Also, Smart Cards conforming to the ISO 7816 standard suffer from their own limitations, including severely restricted I/O, an inability to provide “smart” transactions with legacy card readers, etc.
A third approach, not yet in use, uses a general processor and a stripe emulator which work with legacy card readers. As used here, the term “stripe emulator” will refer to a transaction card where data transmitted to a legacy card reader can be changed under the control of the general processor. This third approach will be referred to herein as an “emulator card.”
Emulator cards potentially have a number of distinct advantages over conventional credit cards. For one, a single card can emulate a number of different transaction cards, greatly reducing the bulk in one's wallet. For example, an emulator card can emulate a Visa card, a MasterCard, and an ATM card. Also, since the emulator card includes a processor, it is possible to implement additional functionality, such as security functions.
However, emulator cards, too, have their limitations. For one, since general processors are used the security level of the card is reduced. For example, a hacker could potentially obtain data stored in unsecured electronic memory. Also, emulator cards do not address Smart Card protocols, as they are designed to work with legacy card readers. For example, as with conventional credit cards, data flows from the emulator card to the legacy card reader, and not vice versa. Still further, the information that can be provided by the emulator card is limited to the amount of information that a conventional stripe can hold and that a legacy card reader can read.
These and other limitations of the prior art will become apparent to those of skill in the art upon a reading of the following descriptions and a study of the several figures of the drawing.