1. Field of Invention
The embodiments relate generally to identification and transaction cards, specifically to a device for virtualizing such cards and the security of using that device.
2. Prior Art
Most people carry at least twenty cards in their wallets, many of them containing private information that would be valuable to an identity thief. These include driver's licenses, credit/debit cards, gift cards, membership/rewards cards, library cards, health/car insurance cards, ATM cards, and business cards. The quantity increases every year, which creates concerns about the inconvenience of carrying so many cards and the risk of identity theft if a wallet is lost or stolen. Furthermore, to reduce energy consumption and help the environment, one desires a device that reduces the need to produce so much plastic.
Attempts to consolidate cards into one secure device have yet to yield a universal, practical solution. Some of the limitations in the prior art stem from static thinking. For instance, some assume that a “card” is the desired end product, instead of seeing it as just a convenient vehicle on which to carry information. U.S. Pat. No. 5,276,311 to Hennige (1994) and U.S. Pat. No. 6,315,395 to Ramachandran (2001) reflects this conventional approach. Not only is a card not inherently necessary, but its elements (data, graphics, interface) can be re-arranged, combined, sized, and accessed in any number of ways, free from any physical limitation. Hennige and Ramachandran also assumes that a signature is a desired feature, instead of seeing it as just the available method of authentication that gained acceptance before better measures emerged. Other devices assume that a check is a prevailing method of payment, rather than a method that is giving way to newer technologies. U.S. Pat. No. 5,748,737 to Daggar (1998) describes a device without a graphics display. Most inconveniently, some prior art assumes that its devices exist in the vacuum of a particular transaction, rather than as a critical resource that one would use under all sorts of life circumstances. For instance, U.S. Pat. No. 6,991,155 B2 to Burchette, Jr. (2006) discloses a transaction card device that automatically generates a one-time security code to associate with a card account and transaction, to be transmitted to a remote computer via a card reader. This system does not take into consideration that one sometimes uses a credit card over the telephone, without a card reader to transmit the code.
Some improvements have been modest, limited to a single feature, or a single card. U.S. patent application Ser. No. 11/713,759 to Woo (2007), for instance, only describes adding a digitized fingerprint system to individual magnetic stripe cards. U.S. patent application Ser. No. 11/552,651 to Kane (2006) only discusses a combination of a membership card with a payment card. U.S. Pat. No. 5,530,232 to Taylor (1996) and U.S. Pat. No. 7,191,952 B2 to Blossom (2007) disclose smart cards with limited storage and functions.
Devices with multiple applications and features have remained too cumbersome to fit in a typical wallet, making them inconvenient to carry. See U.S. Pat. No. 5,221,838 to Gutman (1993) and U.S. Pat. No. 6,293,462 B1 to Gangi (2001) for examples. Other prior art has been complicated or tedious to operate, requiring a user to perform many steps on an unwieldy apparatus and to input changing codes. Instead of using the apparatus described by U.S. Pat. No. 6,315,195 to Ramachandran (2001) and U.S. Pat. No. 7,140,550 B2 to Ramachandran (2006), for instance, it may be faster and easier to pull an existing plastic card out of one's wallet.
Some devices are limited in how they transfer information. Some only use a magnetic stripe. Others only use near-field communication. For instance, U.S. Pat. No. 7,044,468 B1 to Barron (2006) discloses a system that requires merchants to adopt entirely new bar code readers. Some prior art limits its ability to adapt to existing card readers. U.S. patent application Ser. No. 11/456,906 to Cox et al. (2006), U.S. patent application Ser. No. 11/782,526 to Zehnacker (2007), and U.S. Pat. No. 7,503,504 to Mitra (2009) show cards which are too thick to slide into transaction terminals that require a card to be entirely inserted into a slot. These devices also operate as one unit, rather than as a main unit storing all data and a detachable part that temporarily carries the data of one selected card. Therefore, all of one's identification/financial data may be at risk when one entrusts the device to someone else. It would be like giving a waiter one's entire wallet rather than a single credit card.
In attempting to offer greater convenience, some prior art has incorporated the ability to store and transmit identification/financial information with a mobile electronic device such as a cell phone, PDA, or music player. U.S. patent application Ser. No. 11/537,347 to Johnson et al. (2006), U.S. patent application Ser. No. 11/714,800 to Leblanc (2007), and U.S. patent application Ser. No. 12/167,576 to Chen et al. (2008) combine mobile phones with financial transactions. This innovation may actually put one's personal identification/financial information at greater risk. While wallets tend to be protected and carried in a pocket or a purse, cell phones, PDAs, and music players tend to be handled more casually. They are borrowed, put down in public places, lost more frequently, and made more vulnerable to theft. Information need not be stolen in order for privacy to be breached; it just needs to be read. It may be practical to carry small cash amounts in these mobile devices, but risky to include all one's identification/financial data. Additionally, wireless transmissions can be recorded and surveilled, and they inevitably involve third parties, which increase the risk of fraud. U.S. patent application Ser. No. 11/534,653 to Koh et al. (2006) and U.S. patent application Ser. No. 11/466,544 to Vawter (2006) describe such systems that use cell phones and third party computers.
Most notably, some prior art may actually increase the risk of identity theft by requiring the involvement of third parties, the use of unsecure internet communication, and the storage of identification/financial data on remote servers that can be hacked. Systems described in U.S. patent application Ser. No. 09/949,874 to Hosogoe (2001), U.S. Pat. No. 6,494,367 B1 to Zacharias (2002), U.S. Pat. No. 6,715,679 B1 to Infosino (2004), U.S. patent application Ser. No. 11/279,294 to Little (2006), and U.S. Pat. No. 7,182,254 B2 to Changryeol (2007) all require the user to transfer identification/financial information to a database separate from the card issuer. Regardless of how securely encrypted a computer system claims to be, the developer of any application, or anyone else who understands the system, can retrieve or decrypt any of the data in the system. It's unlikely that a programmer can design a computer system to automatically decrypt data for the user, while making it impossible for that programmer to reconstruct the same process to retrieve the data manually. Also, data must be decrypted to be usable on the interne. Therefore there must be a system behind it that can decrypt it. If any person has access to this system, that person also has the ability to access the data.
Accordingly, a need remains for a device to solve the issues mentioned above, to unconventionally manage ID/transaction cards and reduce fraud.