United States Patent 1191
`Akiyama et al.
`
`llllllllllllllllllllllIllllllllllllllllllllllllllllllllllllllllllllllllllll
`5,428,684
`Jun. 27, 1995
`
`US005428684A
`[11] Patent Number:
`[45] Date of Patent:
`
`[54] ELECTRONIC CASHLESS TRANSACTION
`SYSTEM
`[75] Inventors: Ryota Akiyama; Takayuki Hasebe,
`both of Kawasaki, Japan
`[73] Assignee: Fujitsu Limited, Kawasaki, Japan
`[21] Appl. No.; 953,375
`[22] Filed:
`Sep. 30, 1992
`[30]
`Foreign Application Priority Data
`Sep. 30, 1991 [JP]
`Japan ................................ .. 3-278831
`
`[51] Int. 01.6 ............................................. .. H04K 1/00
`[52] US. Cl. ...................................... .. 380/25; 380/21;
`330/23; 235/330
`[53] Field of Search ..................... .. 235/379, 380, 3232;
`330/21, 23, 24, 25, 29, 49; 329/91, 97, 93
`References Cited
`U.S. PATENT DOCUMENTS
`
`[56]
`
`4,799,061 l/ 1989 Abraham et a1. ............... .. 380/23 X
`5,012,076 4/ 1991
`5,120,939 6/1992
`..
`5,175,416 12/1992
`5,224,162 6/1993 Okamoto et a1. ................... .. 380/24
`
`OTHER PUBLICATIONS
`Wwinstein, Stephen; IEEE Spectrum; “Smart credit
`cards: the answer to cashless shopping”; Feb. 1984; pp.
`43-49.
`Primary Examiner—Tod R. Swann
`
`Attorney, Agent, or Firm-Nikaid0, Marmelstein,
`Murray & Oram
`ABSTRACT
`[57]
`A key control method is for use in an electronic cashless
`transaction system including at least a bank center, a
`store transaction terminal and an IC card being used as
`an electronic cashless transaction medium. The key
`control method comprises a step of having the bank
`center generate and code a ?rst parameter for a trans
`mission to the IC card; a step of having the IC card
`receive and decode the coded ?rst parameter by using
`the ?rst key, thereby reconstructing the ?rst parameter
`issued by the bank center, perform a ?rst operation on
`the ?rst parameter and a password of a holder of the IC
`card, and store in a ?rst register; a step of having the
`store transaction terminal send to the IC card a second
`parameter coded by a second key, when the holder
`inserts the IC card 11 into the store transaction terminal;
`a step of having the IC card decode the coded second
`parameter by using the second key, thereby recon
`structing the second parameter received from the store
`transaction terminal, perform a second operation on the
`second parameter and the value stored in the ?rst regis
`ter, store a result of the second operation in the second
`register; and a step of decoding a value stored in the
`second register by using a coding session key stored in
`a memory of the IC card, thereby obtaining a key for an
`intended authentication.
`
`14 Claims, 21 Drawing Sheets
`
`"SWORD
`ENTRANCE
`[30
`\
`
`42 1C CARD
`
`1c CARD
`ACTIVATION
`
`\‘3'
`B5
`
`44 BANK CENTER
`m r]
`44A
`,5
`
`NUMBER
`moon ,
`
`I132
`
`loo-2
`(V
`I KEY-A
`}
`
`I
`
`m\_\ moon
`NUMBER
`
`~
`i H
`comm; b I
`|34~¢¥SESSION KEY
`__L
`come
`0
`
`|42\
`
`IOO-l
`(J
`KEY-A
`
`}
`
`133
`H
`[come 0
`134-!
`
`F- I43
`[w
`DECODING
`c
`
`145
`(\
`
`come 1]
`
`146
`(‘J
`commsou
`[as
`come
`mm
`T n
`an: no
`54
`\ °"
`r1
`1
`1c cm ACCESS
`ECOBINE F-J
`Pasta '“GATE
`.b_. t
`
`144
`C’
`
`CODIllGf -
`
`l
`
`13s
`1
`
`[I
`71100111011
`
`I
`
`T
`‘)3?
`income
`0
`
`139
`)
`some a
`
`55 TRANSFER AMOUNT
`
`PNC-JP MORGAN EXHIBIT 1014
`
`Page 1 of 39
`
`

`

`US. Patent
`
`June 27, 1995
`
`Sheet 1 0f 21
`
`5,428,684
`
`\L
`
`558 is u a
`
`25 $358 )2
`
`
`
`3.... 2: 2235s :2 .
`
`2 w 55.2.:
`
`
`
`582 3:55
`
`/~._ \
`
`
`
`
`22: 8:525 22523 $222 H m2 35.5
`v 5: Z3.
`
`2 CM 2.3 H a 21
`
`
`
`.55; 5.32 w
`8:5: 23 2 . __
`
`
`
`
`
`2582 we; E2 3255. 2:3 " 5 cs 3 x g m
`
`1 _ a @ .._
`
`A a Q z
`
`
`
`5: 3:. 22a 2
`
`.. :52: is <
`
`
`
`0 .552: xzg u
`
`. 522.22
`
`
`
`
`
`.2255.» 225525; mzohm “ EN
`
`Page 2 of 39
`
`

`

`US. Patent
`
`5my
`
`.m2
`
`n“
`
`5,428,684
`
`1.‘mm<h<a
`w555.58
`J.259:3:53
`muhm_ommm$53.2...mudm>5me358.5
`
`
`
`
`mm<zom=m
`
`hzaoz<
`
`nu
`
`
`
`
`
`4<z_xmmhzo_hu<mz<mpmachmuN.az<o0.":
`
`Page 3 0f 39
`
`Page 3 of 39
`
`

`

`US. Patent
`
`June 27, 1995
`
`Sheet 3 of 21
`
`5,428,684
`
`N
`
`N mm
`
`53A.
`
`$20 2 u :
`
`
`
`>8. 55.22 E euaou mo
`
`
`
`$58 .82
`
`wwé
`5.325:
`
`.5523
`
`Page 4 of 39
`
`

`

`US. Patent
`
`June 27, 1995
`
`Sheet 4 of 21
`
`5,428,684
`
`5.53 x55
`
`A
`
`A
`
`28.5
`
`we
`
`$20 2
`
`N
`‘A
`
`$20 2
`
`:2 :95
`
`Page 5 of 39
`
`

`

`US. Patent
`
`%m”m
`
`5
`
`95
`
`428,684
`
`zo_ho<mz<¢h
`
`4<z_z¢UH
`
`
`
`zumz=z4<_¢um.
`
`.._-~¢
`
`
`
`:35:nEnemamd_n.—nm<F<a
`m35.3,.5.553,.$2.8%5.:
`
`
`m.ha:2.a.J.:33:
`v.2:E5:83I:mE57$
`umohw,n-~¢
`
`<¢¢
`
`zmhzmu
`
`
`
`Page60f39
`
`Page 6 of 39
`
`

`

`US. Patent
`
`June 27, 1995
`
`Sheet 6 of 21
`
`5,428,684
`
`
`
`:52... 5..
`
`
`
`2.2.5. 5.5.3....
`
`
`
`
`
`$5.0.“ (TS. =8. \.....8. 3.8 .65.. £28.22. ...m m...‘
`
`
`
`
`
`
`
`
`
`
`
`.mgn?wmuwm /\ _....e...-.. 2..-... .28...
`
`
`
`
`
`
`
`
`
`:3... we. .. =8 5...... 2.. $5....
`
`
`
`
`
`2.8.... 3...... / , 2.... . 5.... (J
`
`
`
`
`
`
`
`
`lulmf?m. .Eil 1|1=§=<HE 5:: 5.8.2.68. / 38:... .~-~¢
`
`
`
`5:... .5... 3 8 2235s :2 <3 2.... Q. N.
`
`7. . .55.... .5... \L
`
`
`
`
`5.8.... 2.252..
`.._......3...._. a... U .28. Q 23.. a. i.
`
`$2225: I.
`
`.23... .. a.
`
`
`
`45:22: 258...???6 .3
`
`
`
`
`
`w a m h- / ....... (\/ 2-...
`
`
`
`mi. .3... 5......
`
`2-..?
`
`
`
`. .27 N. a:
`
`
`
`
`
`
`
`
`
`
`
`
`
`2... .52.... .5... 3.... .v?uwu _...5....._ ..<............. _ .25....
`
`
`
`/ B 5.-..‘ -7 9...: .28...
`
`
`
`
`
`
`
`. 5.8... 5.. ..m .2...
`
`
`§§=m=5< .2. . .22.... .2... ..._.§3.<
`
`
`
`1352.51.23 m3<> 2-: IM'NQJ $2
`
`
`
`
`3.5 .N.:=...<-e....... .58. $.22. 5...... E52...
`.51: E<lmv=z=zu : zzahum
`
`.5 .5...
`
`Page 7 of 39
`
`

`

`US. Patent
`
`em
`
`.ox.
`
`m.m
`
`5,428,684
`
`
`1,5:23v.552.5o.
`
`m3....58m:5:ES“:
`
`$22553&558V2:5.32
`75:35,5233m$22553
`
`:52:
`
`5.325....mm
`
`omaoo5:.szxx:8389.5o.
`
`
`
`.zuacumaxzuaoeSusan—Emacs
`
`
`
`$2.13:Edd»
`
`2.229551.2“<3
`
`
`
`muhzmoxz<m"ec5.5u.u~¢
`
`Page 8 0f 39
`
`Page 8 of 39
`
`
`
`

`

`US. Patent
`
`June 27, 1995
`
`Sheet 8 of 21
`
`5,428,684
`
`.
`42 - "3 CARD
`2
`
`54
`
`i
`|c CARD
`LEDGER FILE
`
`43 : STORE
`TRANSACHON
`TERMINAL
`
`i?
`
`8|
`‘\
`S#LEERTOTAL
`8 0R
`
`83 \A
`
`44 : BANK CENTER
`2
`
`A HOLDER
`i5 - AccouMT
`as
`r.’
`uMsETTLEo
`Eunos FlLE
`
`sETTLEMEMT <
`84
`REQUEST
`TRANSACTION
`‘K
`REGISTER!
`FRAUD-PROOF
`9° “KA CODER
`sETTLEMEMT
`82
`,
`5
`MAKER
`FRAUD M 87‘
`DETECTOR
`RETAILER
`ACCOUNT
`
`a?’
`TRANSACTION
`“gum
`
`Fig.8
`
`Page 9 of 39
`
`

`

`US. Patent
`
`..u.
`
`(cc
`
`J3.
`
`m.-a.:53:.d
`
`m9,528r1111111111J1,v.2:
`s_35.8”.E:
`
`.:
`
`_a_.hmm=omm
`
`E
`
`n,m
`
`5,428,684
`
`m352.sis."59:En
`
`w352.u
`
`_m-~¢
`
`ma_.._
`
`_-~¢
`
`zuaoomo
`
`
`
`«:03..m.
`
`.¢_
`
`«-me
`
`amcoo.
`
`.4>mx
`
`azoimmcm
`
`Pagel00f39
`
`Page 10 of 39
`
`
`
`

`

`US. Patent
`
`June 27, 1995
`
`Sheet 10 of 21
`
`5,428,684
`
`.:..n¢
`
`.Illl
`
`
`
`55.9%.azoumm.mun—coma:99:52m2.=3mm<mu_L
`
`.73
`
`225555mac;u3
`
`.2253...
`
`a32a$98.33Q.
`
`.7?N.2.32
`
`Page 11 0f 39
`
`452mm
`
`535:
`
`
`Yue93
`
`
`
`5:23:28%«éa.$53:5.:
`
`
`
`=1.=33..3.ua;.258¢
`
`.1:_3e
`
`
`
`.355.8,.Excfiozmz
`
`03:
`
`
`
` _m-~¢5.8.8:_1.559..SE79._
`
`
`
`$5.3”.:52:
`
`.59..33
`
`mg.l-8.ace:5%n
`
`
`
`_33:25.
`
`Page 11 of 39
`
`
`
`
`

`

`US. Patent
`
`June 27,1995
`
`Sheet 11 of 21
`
`5,428,684
`
`
`
`zmhzmo
`
`xz<m
`
`¢¢
`
`<¢¢
`
`J
`
`r.558”.22:.32::a.
`
`.:
`
`.._cmx._=_xm._4m
`
`..=amx._a_xu__4m
`
`:;a~¢
`
`az<ou.
`
`muncouc
`
`.4>mx
`
`Pag€120f39
`
`Page 12 of 39
`
`
`
`
`
`
`
`

`

`US. Patent
`
`June 27, 1995
`
`Sheet 12 0f 21
`
`5,428,684
`
`
`
`5.53 zz<m :
`
`Too
`
`1
`
`2.; " <3.
`1
`
`V
`AA‘ 238
`
`1 ~62
`a: u_ we
`I
`
`
`
`$833: muhzu
`
`2.2;
`
`Page 13 of 39
`
`

`

`US. Patent
`
`June 27, 1995
`
`Sheet 13 of 21
`
`5,428,684
`
`42 IC CARD
`PASSWORD J
`ENTRANCE
`130
`\
`
`24121!
`2
`
`Bl
`1c CARD
`ACTIVATION '\
`135
`
`'°°-2 \\
`KEY-A
`
`44 BANK CENTER
`(‘J
`132
`
`RANDOM
`B3 NUMBER
`100-1
`P:
`S
`came a -- KEY-A
`
`l
`—-coome b
`N I344
`SESSIWRZEY
`vm SESSION KEY
`m
`DECgDING N ‘a;
`
`'36
`
`_‘
`coolue c
`
`54
`
`'4°
`m <
`FILE
`TDECtLDING
`UPDATION
`
`ADDITlGN
`
`‘
`A mm d
`B95
`
`Fig.|4
`
`55 TRANSFER AIOUNT
`
`Page 14 of 39
`
`

`

`US. Patent
`
`June 27, 1995
`
`Sheet 14 0f 21
`
`5,428,684
`
`42 IC CARD
`F)
`
`PASSWORD
`ENTRANCE
`130 /
`\?'
`\
`1c cm
`I35
`ACTIVATION
`\
`l00-2
`‘ 2
`rv
`KEY-A P-comne b
`
`44 BANK CENTER
`m A
`44A
`(5
`
`[I32
`
`NUMBER
`RANDOM
`I33
`IOO-l
`,J
`r"
`come 0 - KEY-A
`
`l34-2\_ SESSION KEY
`I42\
`coome
`e
`
`\
`’
`
`I344
`
`I43
`\ DECODING__
`'
`c
`
`|4|\\ nmol
`NUMBER
`
`I45
`r~
`come 9
`
`14s
`r’
`common
`
`\
`’
`
`uncn
`
`‘
`
`k
`J
`
`136
`5
`A concme
`'47 GATE
`I40
`54
`\ °" 1
`1
`IC cm ACCESS DECODING
`IEIEBEGER "'GATE
`b
`
`I44
`r’
`CODINGf
`
`\
`L___
`
`'37
`oEcoome
`°
`
`1
`
`I38
`
`)
`
`r ADDITION
`
`I39
`)
`A mm d
`
`55 TRANSFER AMOUNT
`
`Page 15 of 39
`
`

`

`US. Patent
`
`June 27, 1995
`
`Sheet 15 of 21
`
`5,428,684
`
`29.
`
`f 1
`
`
`
`
`
`.2552. zoiugzgb. “.295 " me
`
`~ 1 f KN em
`Ev EN 5: E3 /
`
`mum A
`
`mg 5 3:
`
`
`
`<5: .53 :52: E3 2
`
`
`
`2.52: E83
`
`
`
`223525; 23 o- u we
`
`
`
`is 5%: >55 1 585 .2255:
`
`m 558
`
`/8~
`
`h 55:55 was 5%: £5
`
`$25.28 < 5:8 mm org
`a » $25 23 2
`
`w _ .0 _ .._
`
`Page 16 of 39
`
`

`

`US. Patent
`
`June 27, 1995
`
`Sheet 16 of 21
`
`5,428,684
`
`
`
`£5.53”-8“as2Eva:E5Ea525:225::35:$835:$85zezgzg3:8
`
`
`
`
`5:225:E85.5.35EcuwwuE.v.2:
`
`
`.225525.285:3szgnaw"53..2.595
`
`
`
`
`a£22522m:32253.2503mm<N._.UE
`
`
`<2:.22:<2:.22:$23.
`:52:E—E:§Ea._225325:
`
`
`Exam<5:20.5325..—_SN.22:mmm<zom=m:¢<ou.nemu
`
`.2255...22.5325:mac;“3:5:u.uwe
`:34:8,v2:
`
`n..53:$238<5:
`
`
`
`
`<2:22.53::<2:3:8"mvu
`
`
`
`8:23.5:05<h<:225525....”mfimu
`
`
`
`:2.22:9522835::was
`
`
`
`2252.5845:25:.
`
`.|_$25.
`
`«-3323:2.32..3
`
`_:¢<uo.in.
`
`E:25:...
`
`
`
`Page 17 0f 39
`
`><._n_m_:
`
`
`
`hz=o2<ammo;
`
`«25.5.28N._9“—:¢<ou.
`
`Page 17 of 39
`
`
`

`

`US. Patent
`
`June 27, 1995
`
`Sheet 17 of 21
`
`5,428,684
`
`
`
`
`
`C228352.5:02...._.2=c2<22.5335u>:<._=z=u.3mm=m<
`
`
`
`
`
`E..E
`
`.3ch2052
`
`
`
`
`
`
`
`
`
`92:552.“.2o...23322a.xomV852C2233m.522:22-8
`
`
`
`
`
`.85.3225325.....8mm=m<¢2_.p2u>m2._20...305
`
`
`
`.305@2322$23.22
`
`
`
`...2=o:<225323:
`
`55.5233
`
`
`
`
`
`$2322.822232328295amhzmzmzuz.w.23222452mm
`
`532.98
`III!!!.
`
`II
`
`22.5325..—
`
`:2.4:2.
`
`Page 18 0f 39
`
`Page 18 of 39
`
`
`

`

`US. Patent
`
`J
`
`1n,
`
`6e
`
`5,428,684
`
`m«25.558
`1:23.«83:55.:.5822552::na:
`
`52.88,:noEaw2.3;2.58
`$$53V2:3zemufiumfl
`000NNN“.3:n:33:3ng
`.23.83xm_3n—E22.5.3:
`5.53xz<m322.8535.mac;me
`39.xz<m$30I.28...225325:
`
`
`2.3;.88.8.w::3
`
`mop<u§zmx§<8868..um.<53
`
`am22:52::
`«mu”3:3.3
`
`.2255»
`
`Page 19 0f 39
`
`<P<=
`
`Us:
`
`mac;3
`
`Page 19 of 39
`
`

`

`US. Patent
`
`June 27, 1995
`
`Sheet 19 of 21
`
`5,428,684
`
`
`
`muhzmoxz<m3
`
`5:58:35EN
`
`
`
`5.558xumzu
`
`«23:35.:8°8°._x.2.353-:
`
`_..2.338°8°__+«83.553x._z:23:
`
`26:
`
`am“
`
`mo...<o_...zu:._.=<
`
`@238.I5.3.22:
`
`22.5325:_mung:453m
`
`20.5525:
`
`5....<53
`
`«mm
`
`Page 20 0f 39
`
`Page 20 of 39
`
`
`
`
`
`
`
`
`

`

`US. Patent
`
`June 27, 1995
`
`Sheet 20 of 21
`
`5,428,684
`
`0 N 2
`
`...
`
`«85.5.58
`
`
`
`mmhzmoxz<m¢¢
`
`.3
`
`<29wz_._.=m
`
`a45:23.?
`
`
`
`no<53$5.38”95:8
`
`22552;...#85
`
`<.2255...
`
`
`
`2255—25.$8.8«-3.
`
`a52.3.5
`
`
`
`<5:225323:
`
`3%a“3:
`
`mozzgxcu
`
`8068..w«
`
`op37:35.
`
`.532253.25 <._<z_:muh
`22852::..
`
`5.53:588.8.m::3was“5$5.55352225535
`E2»..5«85:35.:4.3%hcumbfimufim
`
`
`
`
`3...szxz<m3.
`
`22535;:H8572‘
`
`SK
`
`
`
`5.2..$5.38
`
`<.2255:
`
`2%«a3:
`
`Page 21 0f 39
`
`Page 21 of 39
`
`

`

`US. Patent
`
`J
`
`%m
`
`ae
`
`n,m
`
`5,428,684
`
`
`
`$25:3.5.”:E
`
`n,£58£3.3m2.38
`
`aNN
`
`
`
`«23:35:zesgzét
`
`«:3.28:
`
`
`n.3252.32.sz
`
`%520.55325.83mm“
`ooodoc;um.
`
`mczofizuzha
`
`__
`
`22.5525:
`
`e.2255...
`
`map—b
`
`22.5525:
`
`m5:<53
`
`mum
`
`Page 22 0f 39
`
`.2:
`
`
`
`225525....HEP—w
`
`<.2253...
`
`22532:...was;
`
`m.2255...
`
`Page 22 of 39
`
`
`
`
`
`

`

`1
`
`5,428,684
`
`ELECTRONIC CASI-ILESS TRANSACTION
`SYSTEM
`
`BACKGROUND OF THE INVENTION
`
`1. Field of the Invention
`
`This invention pertains to a security enhancement for
`an electronic cashless transaction system comprising
`elements such as a bank center, a bank ATM (automatic
`teller machine) [e.g. a modified CD (cash dispenSer)L an
`IC (Integrated Circuit) card [e.g. an IC smart card or an
`IC memory card] and a store transaction terminal [e.g.
`a modified POS (point of sales) terminal]. [A store is
`defined as a retailer, a wholesaler, a shop storage area or
`the like.] More specifically, it relates first to a system for
`controlling a key necessary for authenticating elements
`in proper operations of the electronic cashless transac-
`tion system and second to a money transfer system for
`enhancing the security of transferring money stored in
`the IC card.
`2. Description of the Related Arts
`Recently, a variety of debit cards have been offered
`for sales, which shed or reduce the necessity for carry-
`ing or using changes, and improve cash flows of the
`issuers. In Japan, those cards are used for paying a tele-
`phone charge for a call from a public phone booth, a
`transportation fare at a train station or even aboard a
`bus, and a food voucher at a restaurant.
`However, most debit cards are currently good only
`for specific goods or services offered by the issuers,
`they are not valid for merchandise transactions in gen-
`eral. Besides, most debit cards offered for sales in Japan
`are of a disposable type, i.e. good only for the use of
`their stated values, unlike fare cards offered for sales
`e.g. by the BART in San Francisco, which allow addi-
`tional fares to be supplemented for storage.
`Therefore, an all-in-one card is awaited as an power-
`ful electronic cashless transaction medium, whereby a
`financial institution, e.g. a bank, issues an IC card to its
`customer such that he asks his bank to credit a desired
`amount to his IC card, e.g. by transferring from his
`other accounts, and a participating store to debit a pur-
`chase amount to the card and credits the same to the
`store’s account, thereby consummating a transaction
`without an actual exchange of cash. In the following
`description, debits and credits are defined as being from
`the ledger entries of the issuers of the all-in-one cards,
`and are exactly the opposite for the holders of such
`cards.
`
`Such an all-in-one card system has an advantage in
`safety and efficiency in that the customers need not
`carry cash and stores and banks need not physically
`transport printed bills and coins accumulated as sales
`proceeds.
`However, such an advantage is premised on an
`wholeness of an ATM, an IC card, and a store’s POS
`system.
`FIG. 1 is a block diagram of a conventional elec-
`tronic cashless transaction system using an all-in-one
`card, based on an IC card 11.
`The conventional cashless system comprises an IC
`card 11, a store transaction terminal (POS terminal) 12
`provided at a participating store allowing a holder of
`the IC card 11 to make a purchase, and a bank center 13.
`The bank center 13 has a customer account 14 of the
`holder of the IC card 11, a customer card balance log
`file 15 for storing data on an amount a holder transfers
`to his card, an unsettled funds file 16 for storing the sum
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`4O
`
`45
`
`50
`
`55
`
`65
`
`Page 23 0f 39
`
`2
`total of amounts a user transfers to a plurality of cards,
`a store account 17 of a participating store into which the
`sales proceeds are transferred from the unsettled funds
`file 16. A bank center 13 has at least one [1] unsettled
`funds file 16. A customer account 14 and a customer
`card balance file 15 exist for each holder of the 1C card
`
`11. A store account 17 exists for each participating
`store.
`
`The 10 card 11 has a balance storage register 18 for
`registering the amount expendable with the IC card 11.
`Also, the store transaction terminal 12 has a sales data
`file 19 for storing the total amount of the sales and the
`total amount of the sales returns and allowances.
`A holder of the IC card 11 transfers money to his
`card before using it. He enters his PW (password) from
`a keypad on the IC card 11. After activating the IC card
`11, he accesses the bank center 13 via a finance terminal
`or a money transfer terminal such as an ATM 20. On
`determining that the amount the holder wishes to trans-
`fer to the IC card 11 of his own is within the funds
`balance or a predetermined revolving limit of the cus—
`tomer account 14, the bank center 13 instructs the ATM
`20 to credit the transferred amount (a card transfer
`amount 21) to the balance storage register 18 in the IC
`card 11 and to debit the same to the customer account
`14 of his own. That is, at the same time, the bank center
`13 stores the card balance in the customer card balance
`log file 15.
`The customer card balance log file 15 operates as a
`first check in preventing a fraud using the 1C card 11.
`This is because, since the amount stored in the balance
`storage register 18 of the IC card 11 cannot be more
`than the amount stored in the customer card balance log
`file 15, an amount stored in the balance storage register
`18 of the IC card 11 which is more than the amount
`stored in the customer card balance log file 15 can be
`construed as a possible falsification of the IC card 11.
`Also, the amount stored in the customer card balance
`log file 15 can be used as a basis for calculating an in-
`sured value for the holder of the IC card 11 for compen—
`sating a damage to or a loss of the IC card 11.
`When a store has the store transaction terminal 12
`credit to the IC card 11 an amount of a sales return and
`allowance, the bank center 13 has the customer card
`balance log file 15 control an amount credited by a store
`due to a sales return and allowance separately from an
`amount credited by a holder of the IC card 11 due to a
`transfer-in from his other account, thereby limiting the
`amount a store can credit a customer on the IC card 11
`as a sales return and allowance, e.g. to the credit balance
`posted in the unsettled funds file 16.
`The holder of the IC card 11 wishing to make a pur-
`chase at a participating store inserts the IC card 11 into
`the store transaction terminal 12 indicating a sales
`amount or an amount of sales returns and allowances,
`and enters his PW on the keypad of the IC card 11,
`thereby performing a purchase activation 22 of the IC
`card 11. The store transaction terminal 12 updates the
`fund balance stored in the balance storage register 18 of
`the IC card 11 by debiting the sales amount or crediting
`the amount of sales returns and allowances,
`thereby
`performing a balance adjustment 23, and credits the
`sales amount or debits the amount of sales returns and
`allowances to the sales data file 19. More specifically,
`when the holder of the IC card 11 has an account in a
`bank A,
`the store transaction terminal 12 updates
`
`Page 23 of 39
`
`

`

`5,428,684
`
`3
`amounts a related to accounts for bank A in the sales
`data file 19.
`The store transaction terminal 12 thus credits the
`total amount of sales or debits the total amount of the
`sales returns and allowances to the sales data file 19,
`then sends their sum totals to the bank center 13 by
`coding these amounts in the sales data file 19 after a
`lapse of a predetermined period. That is, the store trans-
`action terminal 12 sends to the bank center 13 of bank A
`sales (billing) data 24 by coding the amounts a, compris-
`ing the amount of sales and the amount of sales returns
`and allowances. The bank center 13 decodes the sales
`(billing) data 24 and transfers the amounts from the
`unsettled funds file 16 to the store account 17.
`FIG. 2 is a block diagram for explaining conventional
`updations of sales tallying data and a fund balance
`stored in the IC card 11 by the store transaction termi-
`nal 12.
`
`As explained in the description of FIG. 1, a holder
`wishing to make a purchase inserts the IC card 11 into
`the store transaction terminal 12 after activating it by
`entering his PW, and allows the store transaction termi-
`nal 12 to debit a purchase amount 25. The purchase
`amount 25 is an input to an adder 26 of
`the store transaction terminal 12 and a subtracter 27
`of the IC card 11, which is outputted to an amount
`display 28 of the IC card 11. This allows the holder of
`the IC card 11 to judge whether or not the purchase
`amount 25 is appropriate.
`The other input to the adder 26 of the store transac-
`tion terminal 12 is sales tallying data 29. On receiving an
`input of the purchase amount 25, the adder 26 adds to
`the sales tallying data 29 data on the purchase amount
`25, thereby updating the sales tallying data 29. Mean-
`while, the other input to the subtracter 27 of the IC card
`11 is the value of the balance storage register 18. On
`receiving an input of the purchase amount 25, the sub-
`tracter 27 subtracts the purchase amount 25 from the
`value of the balance storage register 18, and re-stores
`the difference in the balance storage register 18, thereby
`updating the balance.
`As described above, a conventional all-in-one card
`system takes security measures, e.g. an access control
`for disabling the abuse by an inappropriate holder and a
`coding to prevent eavesdropping of line between a store
`and the bank center 13.
`
`However, the conventional system such as described
`above has a security problem in that it has no defense
`against a fraud via the store transaction terminal 12.
`FIG. 3 is a block diagram of a conventional process
`for transferring a replenishing amount to an all-in-one
`card, such as the IC card 11.
`The system shown in FIG. 3 comprises the IC card
`11, the ATM 20 for handling a money transfer from or
`to another account, and the bank center 13 of the issuer
`of the IC card 11.
`
`The holder of the IC card 11 wishing to transfer
`money to or from the 10 card 11 inserts the IC card 11
`into the ATM 20 after activating the IC card 11 by
`entering his PW for the IC card 11 e.g. from the keypad
`of the IC card 11. Alternatively, the holder may acti-
`vate the IC card 11 by entering his PW e.g. from the
`touch sensor panel of the ATM 20 after inserting the IC
`card 11 into the ATM 20. This allows a communications
`link to be established between the IC card 11 and the
`bank center 13 via the ATM 20.
`
`Then, the holder of the IC card 11 inputs a transfer
`amount 34 (which is defined as being positive for a
`
`Page 24 0f 39
`
`4
`transfer-in to the IC card 11 and being negative for a
`transfer-out from the IC card 11) e.g. from the keyboard
`of the ATM 20. Alternatively, the holder of the IC card
`11 can input the transfer amount 34 from the keypad of
`the IC card 11 before he inserts his card to the ATM 20.
`Thereafter, the ATM 20 reads the balance stored in
`the IC card 11 (from the balance storage register 18)
`and sends to the bank center 13 data on the stored bal-
`ance and on the transfer amount 34, asking for an autho-
`rization to credit or debit the transfer amount 34 to the
`IC card 11 and to debit or credit to the customer ac-
`count 14.
`The bank center 13 determines whether it can autho-
`rize the transfer-in to or transfer-out from the IC card
`11, calculates a new balance by adding the transfer
`amount 34 to the hitherto stored balance, and sends the
`new balance to the ATM 20. The ATM 20 in turn stores
`the new balance to the IC card 11.
`The above processes allow the IC card 11 to have a
`new balance, thereby completing a transfer-in or trans-
`fer-out.
`the IC card 11 and the ATM 20
`Conventionally,
`share a key-A 35 for coding communications between
`the IC card 11.and the ATM 20, thereby masking a
`protocol for a money transfer. However, in most cases,
`the communications between the ATM 20 and the bank
`center 13 are not coded. When they are in fact coded,
`the bank center 13 and the ATM 20 share a same key for
`coding and decoding the communications between
`them.
`
`However, a conventional system such as this has a
`security problem with respect
`to an unauthorized
`money transfer due to its openness to eavesdropping.
`That is, the communications between the ATM 20 and
`the bank center 13, unless coded, are vulnerable to un-
`wanted interceptions, which may allow one of skill to
`detect and analyze the data flow between the ATM 20
`and the bank center 13 and transmit phony data that
`enable money to be transferred without a proper ap-
`proval, or even bogus account data to be created.
`Besides, even when the communications between the
`bank center 13 and the ATM 20 are coded, the key
`needs to be changed every time, for a defense against
`the possibility that a hacker can somehow log on to the
`ATM 20 and interpret the communications between the
`bank center 13 and the ATM 20 for the purpose of
`interfering with the system e.g. by destroying data.
`SUMMARY OF THE INVENTION
`
`This invention is conceived based on the above back-
`ground. It aims at enhancing the security of an elec-
`tronic cashless transaction system,
`thereby allowing
`versatile uses of an IC card as an almighty medium for
`commercial transactions in general.
`A feature of this invention resides in a key control
`method for use in an electronic cashless transaction
`system including at least a bank center, a store transac-
`tion terminal and an IC card being used as an electronic
`cashless transaction medium. The key control method
`comprises a step of having the bank center generate and
`code a first parameter for a transmission to the IC card;
`a step of having the IC card receive and decode the
`coded first parameter by using the first key, thereby
`reconstructing the first parameter issued by the bank
`center, perform a first operation on the first parameter
`and a password of a holder of the IC card, and store in
`a first register; a step of having the store transaction
`terminal send to the IC card a second parameter cod'ed
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`65
`
`Page 24 of 39
`
`

`

`5
`by a second key, when the holder inserts the IC card 11
`into the store transaction terminal; a step of having the
`IC card decode the coded second parameter by using
`the second key, thereby reconstructing the second pa-
`rameter received from the store transaction terminal,
`perform a second operation on the second parameter
`and the value stored in the first register, store a result of
`the second operation in the second register; and a step
`of decoding a value stored in the second register by
`using a coding session key stored in a memory of the IC
`card, thereby obtaining a key for an intended authenti—
`cation.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`One of skill in the art can easily understand additional
`features and objects of this invention from the descrip-
`tion of the preferred embodiments and some of the
`attached drawings. In the drawings:
`FIG. 1 is a block diagram of a conventional elec-
`tronic cashless transaction system using an all-in-one
`card, based on an IC card;
`FIG. 2 is a block diagram for explaining conventional
`updations of sales tallying data and a fund balance
`stored in the IC card 11 by the store transaction termi-
`nal 12;
`FIG. 3 is a block diagram of a conventional process
`for transferring a replenishing amount to an all-in-one
`card, such as the IC card 11;
`FIG. 4 is a block diagram of a first embodiment of an
`electronic cashless transaction system;
`FIG. 5 is a block diagram outlining key control oper-
`ations of this invention;
`FIG. 6 shows in further detail the processes for con—
`trolling coding session keys;
`FIG. 7 is a block diagram of a money transfer to or
`from the IC card 42;
`FIG. 8 is a block diagram illustrating a sales data
`updation and a sales billing;
`FIG. 9 shows a process of supplying via the ATM
`44A to the IC card 42 the first parameter Kcent neces-
`sary for creating a key KIDi for decoding a variable
`bank key KB;
`FIG. 10 shows processes between the IC card 42 and
`the store transaction terminal 43 executed when a
`holder and a participating store executes a transaction;
`FIG. 11 shows processes between the IC card 42 and
`the bank center 44 when the bank center 44 supplies to
`a holder a key for transferring money;
`FIG. 12 shows exemplary cycles of changing a series
`of coding session keys KBal through KBan supplied to
`a holder;
`FIG. 13 is a sketch of a second embodiment of this
`invention;
`FIG. 14 is a block diagram of the second embodiment
`of this invention;
`FIG. 15 is a block diagram of the second embodiment
`modified for preventing a fraud;
`FIG. 16 is a block diagram of a third embodiment of
`this invention;
`FIG. 17 is a block diagram of a fourth embodiment of
`this invention;
`FIG. 18 is an explanatory chart illustrating a data
`falsification incidental to transaction data stored in the
`store transaction terminal 43 pursuant to the third and
`fourth embodiments of this invention;
`FIG. 19 is an explanatory chart for a system configu-
`ration of a fifth embodiment of this invention in which
`a serial number is assigned to a transaction data file 222;
`
`Page 25 0f 39
`
`5,428,684
`
`6
`
`FIG. 20 is an explanatory chart illustrating a data
`falsification incidental to transaction data stored in the
`store transaction terminal 43 pursuant to the fifth em-
`bodiment of this invention; and
`FIG. 21 is an explanatory chart for a system configu-
`ration of a sixth embodiment of this invention in which
`a store transaction terminal
`identification number is
`assigned to a transaction data file 222.
`
`DESCRIPTION OF THE PREFERRED
`EMBODIMENTS
`
`FIG. 4 is a block diagram of a first embodiment of an
`electronic cashless transaction system.
`The transaction system using an electronic cashless
`medium of the first embodiment comprises a bank cen-
`ter 44, an ATM 44A, an IC card 42 and a store transac-
`tion terminal 43. The ATM 44A can be a CD (cash
`dispenser), with necessary functions, e.g. a data ex-
`change function, attached. The store transaction termi-
`nal can be a POS terminal with necessary functions, e.g.
`a card reading function, attached. As described before,
`the IC card can be an IC smart card or IC memory card.
`The IC smart card comprises a CPO and a memory, and
`can be an IC memory card with necessary function, e.g.
`an access control function attached.
`Although the transaction system of the first embodi—
`ment of this invention basically operates in a manner
`similar to the conventional transaction system, it has
`differences in (1) a key control, including a control of a
`bank key, (2) an amount replenishment to the IC card
`11, (3) an updation of sales data and (4) a sales billing.
`Described below are these principles.
`FIG. Sis a block diagram outlining key control oper-
`ations of this invention.
`
`The first principle of this invention comprises a step
`(STl) of procedures between the ATM 44A and the IC
`card 42, a step (5T2) of procedures between the IC card
`42 and the store transaction terminal 43, and a step
`(ST3) of assigning a coding key to the IC card 42.
`STl
`
`Step STl represents procedures between the IC card
`42 and the bank center 44 via the ATM 44A. The bank
`center 44 randomly generates a first parameter, codes it
`by using a master key L, and supplies the coded first
`parameter to the IC card 42 via the ATM 44A.
`After receiving the coded first parameter supplied via
`the ATM 44A, the IC card 42 has its decoder 42-1
`decode the coded first parameter by using the master
`key L it shares with the bank center 44, thereby recon-
`structing the first parameter generated by the bank
`center 44. Then, the IC card 42 has its adder 42-2 add
`the first parameter thus decoded to a number converted
`from the PW entered by its holder, and has its first
`register 42-3 store the sum.
`The IC card 42 may cause corresponding digits of the
`decoded first parameter and the number converted
`from the PW to undergo some other operations (e.g. a
`multiplication, a division, a subtraction, a disjunction, a
`conjunction, an exclusive disjunction or any combina-
`tion thereof) instead of a simple addition by the adder
`42-2, by incorporating a substitute operator. To summa— '
`rize, the IC card 42 has the first register 42-3 store the
`result of operating a function whose variables comprise
`the decoded first parameter and the PW.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`6O
`
`65
`
`Page 25 of 39
`
`

`

`7
`
`8T2
`
`5,428,684
`
`8
`The bank center 44 generates a first parameter, codes
`the first parameter, and supplies the coded first parame-
`ter to the IC card 42 via the ATM 44A. On receiving
`the coded first parameter supplied via the ATM 44A,
`the IC card 42 has its decoder 42-1 decode the coded
`first parameter by using its master key L it shares with
`the bank center 44, thereby reconstructing the first
`parameter issued by the bank center 44. Then, the IC
`card 42 has its adder 42-2 add the first parameter thus
`decoded to the PW controlled by the holder, and has its
`first register 42-3 store the sum. (Refer to step STl.)
`Then, the holder of the IC memory card 42 wishing
`to make a purchase at a participating store inserts the IC
`card 42 into a card reader of the store transaction termi-
`nal 43. The store transaction terminal 43 sends to the IC
`card 42 a second parameter coded in advance by the
`master key L of the bank center 44. On receiving a
`coded second parameter, the IC card 42 has its decoder
`42-1’ decode the coded second parameter by using its
`master key L it shares with the bank center 44, has its
`adder 42-2’ add the second parameter thus decoded to
`the value stored in the first register 42—3, and has the
`second register 424 store the sum. Then, the IC card 42
`has its decoder 42~1” decode the sum stored in the sec-
`25 ond register 424 by using one [1] of coding session keys
`stored in its memory 42-5, thereby obtaining key KB-Ai
`for an intended authentication. (Refer to step ST2.)
`To be more specific, the IC card 42 has its memory
`42-5 store a plurality of coding session keys, and re-
`ceives serial number data including address data of the
`memory 42-5, on receiving the coded second parameter
`from the s