Classifications

• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
  • G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
  • G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07F—COIN-FREED OR LIKE APPARATUS
  • G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
  • G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
  • G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
  • G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
  • G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
  • G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
  • G06K19/08—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code using markings of different kinds or more than one marking of the same kind in the same record carrier, e.g. one marking being sensed by optical and the other by magnetic means
  • G06K19/083—Constructional details
  • G06K19/086—Constructional details with markings consisting of randomly placed or oriented elements, the randomness of the elements being useable for generating a unique identifying signature of the record carrier, e.g. randomly placed magnetic fibers or magnetic particles in the body of a credit card
• • G—PHYSICS
  • G06—COMPUTING OR CALCULATING; COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
  • G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
  • G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
• • G—PHYSICS
  • G07—CHECKING-DEVICES
  • G07F—COIN-FREED OR LIKE APPARATUS
  • G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
  • G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
  • G07F7/0806—Details of the card
  • G07F7/0813—Specific details related to card security
  • G07F7/082—Features insuring the integrity of the data on or in the card

Definitions

• the present invention relates in general to a medium used for performing transactions.
• the present invention relates to a medium used for performing secure transactions, such as banking or other commercial transactions.
• Plastic is inexpensive, allows for shaping, printing, embossing, and for the addition of a strip of magnetic tape.
• all of these common characteristics also enable misuse when a plastic card is applied to a financial or credit application. Credit card fraud is a major problem precisely because of the ease of duplication of the plastic card.
• the approach of using a small 25mm sq. hole in a card was defined by the physics of the semiconductor die.
• the overall dimensions of a single memory die is measured in width, length, and height. The length and width are fixed and immutable. However, the average die is between 20 and 25 mils thick. And of that thickness, approximately 12 to 17 mils is occupied by the alumina substrate necessitated by the photoetching process of semiconductor manufacturing.
• MCM multi-chip module
• the flexible MCM is completely sealed from outside environmental contaminates.
• the resultant module can be laminated within two outer layers of plastic and actually be reused if the outer housing should be damaged by accident or misuse.
• the unprotected die of memory or processor functions is currently wire bonded to an ISO-specified metal contact material (see ISO Std. 7816-2 / Physical Specifications and -3 / Electrical Specifications). As such, the die is open to probing, attachments, or any other type of physical analysis. Further, when you flex the current industry standard card, the imbedded die jumps up and off of the card like a flea.
• Fig. 1 a block diagram showing an exeplary use of the present invention.
• Metallic material can be shaped into very small particles. Slivers of metal of varying lengths have a particular characteristic when used as an antenna for radio frequency. When the metal length and the wavelength of the radio frequency are the same, the metal material resonates, or more accurately reflects the signal in a very efficient manner.
• This unique physical signature can be used to assure the physical integrity of the card as well as the unique identity of the card because the disturbance of the particles, not only as individual particles but also in relationship to each other particle as a whole entity (this is a 3 dimensional event), is detectable.
• the card and its unique RF signature can be read at the time of insertion, very quickly, and the physical integrity and unique identification of the card is corroborated.
• the frequency at which the card is read may also change or be varied at what ever periodicity is desired. For example, on the first day of manufacture, the card is read in a stripe fashion much the same as a common magnetic stripe is read today. However, this RF reading is made at an initial frequency of 10Ghz.
• the reflected signal is characterized and stored in a database along with the account number and name of the recipient of the card.
• the card can be read at another frequency to add to the initial characteristic database and can be used to check the same integrity and uniqueness.
• the continuous use of the card would allow for check and counter-check against an immutable physical characteristic, assuring the issuer of the card that it had not been tampered with in any physical way.
• the card of the present invention has two physical components, the plastic carrier or body of the card and the electronic module (approximately 1 square inch of semiconductor die, interconnected and embedded in plascon).
• the RF signature can be read on the module as a separate entity and/or combined with the signature of the card itself, to assure the relationship of the two devices is as originally intended. Moreover, if the card body or carrier should be damaged beyond the toleration level of the issuer or holder, the original card can be destroyed and the electronic module portion can be embedded into another card body, at which time a new signature would be read and used for future RF validation processes. This would allow continuous use of the content of the electronics, and reduce the replacement cost to the issuer of the cost of the plastic body or card.
• a token device is consistent with Federal Information Publication System Bulletin #140-1. It is within this document that the concept is expressed that identification of an individual to a system should be token-based. The idea is that individual information should reside off of the computer system that is used for information sharing and in a platform that is separate and isolated from access by others on that system. This means that the token may be represented by a floppy disk, a PCMCIA card, or a smartcard. The limitations of function and capacity of other cards have restricted the application of this type of a system. Tokens have been in use for a number of years. In fact, one of the problems in the security/access control market is the number of different tokens necessary in the day's events.
• a token (swipe card) is used to enter a garage area, another permits entry into a building, a third allows for access to a special secured area, and yet another token is required for access to a computer terminal.
• the number of tokens may exceed a dozen. This situation is caused primarily by the development of each of the various systems under different manufacturers, each of whom, in trying to get the most out of a sale, insists on their own token.
• a common token for all functions has not been possible for lack of computational power and memory capacity.
• the present invention with its 16-bit CPU and large (initially 1 Megabyte) memory capacity offers several significant parts to the overall solution set of problems associated with security and electronic transactions.
• the 16-bit CPU offers the computational capability necessary not only to process large addressing schemes, but also to process a variety of protocols and the communications structures of different manufacturers.
• the card of the present invention can support large memory transfers and more importantly, can support multiple applications on a single card.
• the introduction of Constructive Key Management cryptography enables the card to enforce this application separation. Each functional owner of a memory segment or application can operate a completely different process of access and data storage, with the knowledge that it is not possible for any one else to have access to an inappropriate information object.
• Such a card has been manufactured by Lockheed Martin, Sillcocks Plastics, and Secure Transaction Solutions using an Intel 80188EB CPU; 64k bytes of One Time Programmable processor instructions; 512k bytes of DRAM for memory buffer and scratchpad memory for CPU activity (program execution); 512k bytes of Electrically alterable program memory; and the associated latches and switches necessary to operate the card. Additional configurations may be utilized.
• the CPU addressing scheme allows for direct memory addressing of 32 megabytes of memory in various configurations of RAM and ROM consistent with the requirements of the various applications.
• the plastic stock material from which the card is cut is impregnated with the sub-micron chaff material necessary for the RF ID process to operate.
• the RF Signature and ID process is thereby associated with the card (for example, the RF signature at various frequencies and various locations on the card).
• the card is also capable of supporting magnetic stripe, printed information such as a 4-color photo, fingerprint, signature block, special symbols or logos, holograms, and other pieces of printed or attached information.
• the basic operating system for the CPU may be installed in the EEPROM at the time of manufacture, or prior to manufacturing, at the EEPROM factory.
• the card is assigned to a particular user, with a unique account number, and the RF ID is read and stored in non-volatile memory along with any other issuer / user-necessary information that might be desired, like a 4-color photo of the user (compressed and hashed), and a File Allocation Table (FAT) is created to allow the CPU to parse the memory sectors for later activation for additional applications.
• FAT File Allocation Table
• the user upon receipt, will activate the card if received remotely, much as one does with conventional cards, and consistent with security practice if access is granted under a separate channel of distribution, e.g., telephone, U.S. Mail, or courier.
• the user can accept the offered Personal Identification Number (PIN) or select his/her own.
• PIN Personal Identification Number
• the card is presented to an ATM.
• the RF ID is read from the card and its value is read into a register.
• the CPU of the card and the ATM exchange a series of signals to establish a common protocol.
• the card is capable of multiple protocols and therefore allows for a much greater degree of freedom of participation for the user.
• the ATM requests the PIN of the user of the card, which is stored in an encrypted form in the memory sector appropriate to that type machine, for example a MOST, or Cirrus transaction.
• the PIN is transmitted on-line to the respective clearing house via the dedicated SET- approved communications link, along with the previously-stored RF ID number. This information is sent to a clearing house firewall where the format of the information is screened for conformity.
• the packet is allowed to continue onward to the decryption area, where the information packet is decrypted using the indexing information bits in the header of the sent information along with the RF ID data to create a user key, which when combined with the database-stored component of a user access table generates the key to decrypt the actual packet.
• the credentials of the individual account the confirmation of the holder and card, and an audit of a predetermined number of past transactions which are relevant to this particular issuer. The past transactions are validated and the permission is sent to the ATM to proceed.
• the validation of past transactions includes the performance of several functions, the obvious update or correction if necessary, and also the assurance offered to the issuer that the message or content of encrypted data is large enough to assure no tampering or partial changes have occurred.
• the ATM then presents a list of actions which can be chosen by the user, and those selections are used as cryptographic splits to generate at the ATM an encrypted request/instruction which is sent to the clearing house.
• the screening process is repeated and if appropriate, the transaction is allowed.
• the updated (audit trail included) user packet is encrypted at the clearing house and sent back to the ATM to be entered on the user's card. No encryption occurred, on the card, in this particular transaction. In another protocol, or in a different application, encryption may be desired and desired to occur on the card.
• the powerful 16-bit processor and memory configuration of the card supports the choice.
• the card is offered to the merchant terminal.
• the terminal reads the RF ID value and stores it in a register.
• the card negotiates an exchange to determine correct protocol with the merchant device.
• the card having a powerful 16-bit CPU, is capable of processing many different applications and protocols, and having achieved an acceptable communications link, also negotiates the highest baud rate that is mutually acceptable, up to 115,200 baud (currently).
• the merchant terminal requests on-line status with the respective clearing house and the combined value of the RF ID and the merchant membership number, along with the terminal ID number, are used to generate a unique key which is used to communicate and build a session key with the clearing house.
• the unique session key assures the participating merchant and the user of the card that the total transaction will be transmitted to the clearing house and the resulting answer will be encrypted using the identical components for key construction, assuring that the answer or acknowledgement can only be deciphered by the appropriate parties, i.e., the user and the merchant, at that particular device.
• the information at the clearing house is decrypted and processed and the audited transaction is processed.
• the card of the present invention may also be used to establish a secure Internet commerce relationship.
• a user of the Internet selects a Web page of a particular vendor.
• the page offers an opportunity to download transaction software.
• a click of the mouse and the transfer is complete.
• the software is sent as a serialized self-extracting executable file, which when selected will extract and install itself and present a screen that asks if now would be a good time to fill out the registration form for that particular vendor. This is also suggested to occur off-line.
• the registration form is filled out and all significant data is entered, including the type of payment, credit card number, etc.
• the software asks if the user wishes to take advantage of a Storage of Permissions Feature, which allows the user to store on the card, the permission/identifying splits that were generated by the vendor software.
• the user agrees and the card is presented and the information stored.
• the send button is selected and the automatically-encrypted bundle is sent back to the vendor of choice.
• the vendor receives the encrypted bundle and opens it. Recognizing the form/structure of the bundle, the encryption is automatically keyed with the serial number of the copy of the downloaded software, and the vendor firewall allows the bundle to pass to the processing area.
• the user having gone back to the Web page, is now looking at the vendor catalog and selecting items for purchase, each of which has a number. It is the combination of these numbers and the number of the serialized software that generates the selected components of the split key encryption. All messages are protected and all communications are unique between the vendor and the user.

Landscapes

• Engineering & Computer Science (AREA)
• General Physics & Mathematics (AREA)
• Physics & Mathematics (AREA)
• Theoretical Computer Science (AREA)
• Business, Economics & Management (AREA)
• Computer Security & Cryptography (AREA)
• Accounting & Taxation (AREA)
• Computer Networks & Wireless Communication (AREA)
• Microelectronics & Electronic Packaging (AREA)
• Strategic Management (AREA)
• General Business, Economics & Management (AREA)
• Credit Cards Or The Like (AREA)
• Storage Device Security (AREA)
• Transition And Organic Metals Composition Catalysts For Addition Polymerization (AREA)
• Preparation Of Compounds By Using Micro-Organisms (AREA)
• Medicinal Preparation (AREA)
• Laminated Bodies (AREA)
• Casting Or Compression Moulding Of Plastics Or The Like (AREA)

Applications Claiming Priority (3)

Publications (2)

Family

ID=21858590

Family Applications (1)

Country Status (18)

Families Citing this family (3)

Family Cites Families (10)

• 1997
  • 1997-11-20 JP JP52400198A patent/JP2001504617A/ja active Pending
  • 1997-11-20 HU HU0001638A patent/HUP0001638A3/hu unknown
  • 1997-11-20 CN CN97181207A patent/CN1246188A/zh active Pending
  • 1997-11-20 CA CA002272383A patent/CA2272383A1/en not_active Abandoned
  • 1997-11-20 TR TR1999/01122T patent/TR199901122T2/xx unknown
  • 1997-11-20 CZ CZ991785A patent/CZ178599A3/cs unknown
  • 1997-11-20 AP APAP/P/1999/001571A patent/AP1098A/en active
  • 1997-11-20 EA EA199900482A patent/EA001552B1/ru not_active IP Right Cessation
  • 1997-11-20 PL PL97333506A patent/PL333506A1/xx unknown
  • 1997-11-20 KR KR10-1999-7004483A patent/KR100372628B1/ko not_active Expired - Fee Related
  • 1997-11-20 AU AU56882/98A patent/AU728517B2/en not_active Ceased
  • 1997-11-20 WO PCT/US1997/021809 patent/WO1998022914A2/en not_active Ceased
  • 1997-11-20 UA UA99063444A patent/UA43455C2/uk unknown
  • 1997-11-20 NZ NZ336338A patent/NZ336338A/en unknown
  • 1997-11-20 BR BR9713162-8A patent/BR9713162A/pt unknown
  • 1997-11-20 EP EP97953060A patent/EP1008101A4/de not_active Withdrawn
• 1999
  • 1999-05-19 OA OA9900104A patent/OA11120A/en unknown
  • 1999-05-20 NO NO992416A patent/NO992416L/no not_active Application Discontinuation

Also Published As

Similar Documents

Legal Events