Proliferation of fraudulent activities such as identity theft, often facilitated by streamlining of electronic financial transactions and the proliferation of credit and debit cards often used in such transactions, has led to great interest in techniques for improving security and authentication of the identity of a user of such credit and debit cards. In particular, the streamlining of transactions has led to the proliferation of credit card readers which read information from a magnetic stripe formed on a surface of a credit card and which are often integrated with point-of-sale terminals such as cash registers and fuel pumps. In such cases, it is left to the customer to manipulate the card through the reader where the card is read and, in some cases, the read information is used to automatically print a memorandum of the transaction for signature by the customer to complete the transaction. In other cases, such as transactions at fuel pumps, no action is taken by sales personnel at all and the transaction is completed automatically based only on the information read from the credit card and with no verification of customer identity. In such streamlining of transactions the principal amount of time and effort saved is at the expense of the small and possibly unreliable but very important safeguard provided by the opportunity for sales personnel to at least compare the signature of a customer on a sales memorandum with the signature on the credit card to authenticate customer identity and possibly detect unauthorized use of the credit card. Nevertheless, loss of this important security feature is evidently considered by the public, merchants and financial institutions to be more than balanced by the capability for worldwide, near real-time tracking of credit card use and usage profiling provided by the reading of credit card data and immediate communication to financial institutions to accept or reject any individual transaction as well as the expediting of transactions and the continuity of possession of the credit card by the customer. On the other hand, the monitoring of credit card transactions and transaction profiling may also cause rejection of transactions which are, in fact, legitimate such as those of a person who may travel only infrequently, causing attempted transactions while traveling to be rejected since the identity of the credit card user cannot be authenticated based on magnetic stripe information and temporally proximate transactions at remote locations, as might occur due to transactions immediately before and after air travel, may lead to an inference of credit card theft.
Recent advances in semiconductor technology, particularly extremely thin substrates, has also allowed chips to be fabricated with substantial mechanical flexibility and robustness adequate for inclusion of electronic circuits of substantial complexity within conveniently carried cards physically similar to credit cards currently in use. Such technology has also allowed records of substantial information content to be similarly packaged and associated with various articles, living organisms or persons such as maintenance records for motor vehicles or medical records for humans or animals. In regard to increase of security for financial transactions however, various attempts to increase security through improved identity authentication or disablement in case of theft or other misuse, while large in number and frequently proposed have not, until recently, proven adequate for the purpose.
However, a highly secure credit or debit card design has been recently invented and is disclosed in U.S. Pat. No. 6,641,050 B2, issued Nov. 4, 2003, and assigned to the assignee of the present invention, the entire disclosure of which is hereby fully incorporated by reference for details of implementation thereof. In summary, the secure credit/debit card disclosed therein includes a keyboard or other selective data entry device, a free-running oscillator, an array of electronic fuses (e-fuses) or other non-volatile memory, a processor, a pair of linear feedback shift registers (LFSRs) and a transmitter/receiver to allow communication with an external card reader. The card is uniquely identified by a unique identification number and the programming of e-fuses which control feedback connections for each of the LFSRs, one of which is used as a reference and the other is used in the manner of a pseudo-random number generator, the card identification number and the feedback connections together forming a pre-initialized personality configuration of the card. The card is activated only for short periods of time sufficient to complete a transaction by entry of a personal identification number (PIN) that can also be permanently programmed into the card. When the card is activated and read by a card reader, the two sequences of numbers generated by the LFSRs are synchronously generated and a portion thereof is communicated to a reader which not only authenticates the number sequences against each other and the card identification number but also rejects the portion of the sequence if it is the same portion used in a previous transaction to guard against capture of the sequences by another device. This system provides combined authentication of the holder/user and the card, itself, together with encryption of transaction information unique to each card which renders the card useless if stolen while providing highly effective protection against simulation and/or duplication of the card or capture of information from it and has proven highly effective in use.
However, in its preferred form and to obtain the highest levels of security, a special reader including a complementary receiver and transmitter is required to, in effect, allow direct communication in real-time between the secure credit card and the authentication processor at the financial institution or other authorization facility. While such special readers may be manufactured in quantity and distributed at relatively low cost and do not require a change in the communication system for reporting authentication and transaction information to a financial institution, the number of communications may cause some noticeable delay in completion of transactions. Further, implementing the system of the above-incorporated patent may require an extended period of time and the special readers may be subject to some degree of wear or damage in use which may compromise the functionality thereof. Such a compromise of functionality may reduce the acceptability of the secure credit/identification card system and cause erroneous rejection of transactions, particularly when it is considered that number sequences of significant length must be communicated error-free in order to authorize a transaction. Provision of power to support even the relatively rudimentary communications involved with the above-incorporated secure credit/identification card has also presented relatively intractable problems compromising reliability when in use.
So-called near field communication (NFC) systems have recently become known and standards therefor have recently been ratified. In accordance with that standard, for NFC systems are limited to a range of only about 10 cm and are capable of a bit transfer rate of 424 kilobits per second using a carrier frequency of 13.56 MHz. Similarly to radio frequency identification (RFID) systems (on which the new NFC standard is based), a principal function contemplated for NFC devices is the capacity to interrogate them in a passive mode in which they consume no power and to have a unique code previously stored therein rapidly and reliably returned in a manner which does not interfere with other wireless communications and which minimizes or avoids interference from such other wireless communications whenever such an interrogation is made. Accordingly, NFC systems transmit information by inductive electromagnetic coupling in the radio frequency portion of the spectrum. The NFC standard also provides for software which enables nearly instantaneous peer-to-peer network setup. NFC devices thus effectively seek each other and establish a communication link between themselves in sharp contrast to, for example, so-called Bluetooth enabled devices in which, while also intended for short range peer-to-peer communications, set up procedures are complex and extended, largely to establish device configuration which is unnecessary in NFC systems. This networking facility is in sharp contrast to RFID systems which are set up in a master/slave relationship in which usually passive chips or transponders are read by relatively expensive, powered reader devices having a range of about two to five meters. NFC systems also differ from other types of known wireless communication systems such as so-called “Wi-Fi systems which generally require an access hub. Further, NFC devices can be set to either an active or passive mode such that identification data can be sent even when the device is off and consuming no power. Even in an active mode, the range of NFC devices is so small that very little power is consumed, Accordingly, NFC devices have been implemented in single chips and chip sets for a wide variety of applications.