1. Field of the Invention
This invention relates to "Smart Cards" and Personal Computer Memory Card Interface Association cards and the like for insertion into personal computers, communication devices, point-of-sale terminals and the like, and particularly to means for securing such cards to preclude unauthorized use.
2. Description of the Related Art
Well known in the prior art are small, usually thin, usually pocketable devices commonly known as "cards" into which information that may be used to identify a particular user is electronically stored. Such cards are intended to be inserted into host devices such as personal computers, communication devices and the like which, in concert with such cards, may provide services only to certain users as identified by the aforesaid user information stored in such cards.
An organization known as the Personal Computer Memory Card Interface Association (PCMCIA) specifies the interface standards for such cards. Cards which meet most of the PCMCIA interface standards are hereinafter referred to as "PCMCIA security cards" or "PCS cards". In addition, there are other "credit card" sized devices known as smart cards. The ISO specifies the interface standards for those cards.
A user might have a card into which is coded a representation of her identity, her signature, passwords or keys that identify her or are reserved for her use, etc. Such parameters are hereinafter referred to as "security parameters". The user might insert her card into a host device such as a computer or communications terminal, said host device might then read such information from the card, and might then grant her access to data intended only for her, allow her to enter messages that recipients will believe to be only from her, enter a digital signature that will be interpreted as hers, etc.
PCS cards, being small, are easily lost, stolen, or left unguarded permitting temporary unauthorized use or duplication. If an unauthorized party inserts the card or a copy of the card into a host device, the host device will read the security parameters from the card just as if the authorized holder of the card had inserted it. Such unauthorized party will thus gain access to services and privileges intended only for the authorized holder of the card; system security may thus be severely compromised.
In order to forestall such unauthorized use, it is common to associate with each individual card a parameter known as a Personal Identification Number, or PIN, known only by authorized parties (usually the card's intended user and the issuer of the card). Commonly, when the card is used, the user is prompted by the host device for the user's PIN. A method is used which compares the number entered by the user to the PIN associated with the card. If the method does not produce a positive result, then the user is denied access to the services normally provided by use of the card.
In the prior art, as exemplified by cards used with automatic teller machines, the user is assumed to not have access to the mechanism in the host device or network which verifies the PIN. However, there are many new applications of cards for which that assumption is inappropriate. For example, a card may be used to provide a digital signature on a document that is produced on a personal computer that is owned by and could be modified or even designed by the user of the card. If an intruder should gain access to the card, the intruder could copy its contents, return the card surreptitiously to the rightful owner, and then use specialized "PIN cracking" algorithms on the card copy using his own computer in order to discover the PIN that unlocks the signature mechanism. From then on, the intruder can use the copy. Since the intruder has control of the host, it is possible for the intruder to program the host to try millions of different PINs per second. In most cases the PIN will be discovered in a few seconds. If we assume that the intruder has access to the internals of the card copy, the intruder can disable any self-destruction mechanism the card may employ.
In some cases, a user may even be motivated by financial considerations to divulge his own PIN. There are situations where the user of an authorized card or a host device will be motivated to make unauthorized copies of the card or host device in order to defraud the provider of a service. Consider the case where a card is inserted into a home cable converter box in order to gain access to premium services. The user may purchase an authorized converter box and card, and then produce copies of the card and the box for sale to others who are not specifically authorized by the provider of the service.