United States Patent 1191
`Davis et al.
`
`llllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllllll
`5,577,121
`Nov. 19, 1996
`
`USO 577121A
`[11] Patent Number:
`[45] Date of Patent:
`
`[54] TRANSACTION SYSTEM FOR INTEGRATED
`CIRCUIT CARDS
`
`[75] Inventors: Terry L. Davis, Scottsdale, Ariz.;
`James A. Hart, Radnor, Pa.; Vincent
`A. Imperia, Tempe, Ariz.; Michael
`Love, Wilmington, Del.; Michael F.
`O’Malley, Glenside, Pa.; James F.
`Russell, Hockessin, Del.; John W.
`Sears, Peoria; Philip H. Trice, Phoenix,
`both of Ariz.
`
`[73] Assignee: Electronic Payment Services, Inc.,
`Wilmington, Del.
`
`[21] Appl. No.: 255,612
`[22] Filed:
`Jun. 9, 1994
`
`[51] Int. Cl.6 ...................................................... .. H04L 9/00
`[52] US. Cl. ................................ .. 380/24; 380/25; 380/21
`[58] Field of Search ................................ .. 380/21, 23—25,
`380/46
`
`[56]
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`4/1991 Takahashi ............................. .. 235/379
`Re. 33,571
`9/1974
`3,833,885
`3,971,916 7/1976
`4,011,433
`3/1977
`.
`..
`4,023,013
`5/1977
`4,068,213
`1/1978 Nakamura et al. ............... .. 340/149 A
`4,197,986
`4/1980 Nagata .................................. .. 235/379
`4,361,754 11/1982 Hoskinson et al.
`235/381
`4,518,852
`5/1985
`235/381
`4,575,621
`3/1986
`235/380
`4,590,365
`5/1986 Okada ...... ..
`235/379
`4,629,874 12/1986 Pugsley etal.
`235/380
`235/492
`
`7/1987 Matsumoto 4,683,372 4,709,137 11/1987 Yoshida
`
`235/379
`.
`.. 235/380
`235/380
`380/23
`235/380
`235/379
`
`4,727,244 2/1988 Nakano et al
`4,746,788
`5/1988 Kawana ....... ..
`4,802,218
`1/1989 Wright et a1.
`4,804,825
`2/1989 Bitoh
`4,816,651
`3/1989 Ishording
`4,853,526
`8/1989
`4,877,947 10/1989
`
`2/1990 Wright et al. ......................... .. 235/380
`4,900,903
`3/1990 Halpern
`.. 235/379
`4,906,828
`9/1990 Nagata et al.
`364/408
`4,959,788
`7/1991 Barakat ...... ..
`364/900
`5,033,021
`7/1991 Elliott et al. .............. ..
`364/408
`5,036,461
`9/1991 Abraham et al. ......... ..
`380/23
`5,048,085
`8/1992 Nagata et al.
`364/408
`5,140,517
`9/1992 Yoshida .......... ..
`235/379
`5,144,115
`9/1992 Abraham et al.
`380/46
`5,148,481
`5,175,416 12/1992 Mansvelt et al.
`235/379
`5,191,193
`3/1993 Le Roux .... ..
`......... .. 380/23
`5,202,922
`4/1993 lijima
`......... .. 380/23
`5,222,140
`6/1993 Beller
`.. 235/379
`5,227,612
`7/1993 Le Roux .... ..
`5,227,613
`7/1993 Takagi et al. ........................... .. 380/21
`
`(List continued on next page.)
`
`Primary Examiner-Salvatore Cangialosi
`Attorney, Agent, or Firm—Panitch Schwarze Jacobs &
`Nadel, RC.
`
`[57]
`
`ABSTRACT
`
`A transaction system and method of conducting a transaction
`between in integrated circuit (IC) card and a transaction
`terminal which includes a security module comprises estab
`lishing communication between the terminal and the IC
`card. Separate session keys are generated in the IC card
`using data stored in the 1C card and a code associated with
`the particular IC card and the security module using data
`stored in the security module, and the code associated with
`the particular IC card. The session key generated by the IC
`card is used to encrypt data using an encryption algorithm to
`obtain a ?rst result and the session key generated by the
`security module is used to encrypt the same data using the
`same encryption algorithm to obtain a second result. The
`?rst and second results are compared to enable the terminal
`to conduct the transaction only if the comparison establishes
`that the ?rst result and the second result are identical. In one
`embodiment, the invention further comprises generating a
`transaction signature by the IC card using transaction data
`and data stored in the IC card, generating a transaction
`signature by the security module using transaction data and
`data stored in the security module and storing the transaction
`signatures generated by the IC card and the security module
`for creating an audit trail for the transaction.
`
`37 Claims, 9 Drawing Sheets
`
`A.
`El'ilD/E mewma
`mm: mums
`Reta/um LSM;
`0 m
`5 ma
`.
`msswoao
`
`1
`
`comma Fast/tr ,5,
`9464mm
`m
`mmuzmom
`
`56
`
`is
`
`nmscr sv:
`
`Maxim Exhibit 2003 - Groupon, CBM2014-00090 – Page 2003-001
`
`

`
`5,577,121
`Page 2
`
`US. PATENT DOCUMENTS
`
`5,379,344
`
`1/1995 Larsson ................................... .. 380/23
`
`2/1 5
`
`8/1993 Graves .................................. .. 235/380
`5,239,166
`5,255,182 10/1993 Adams.
`5,288,978
`2/1994 Iijima ...................................... .. 380/23
`5,293,029
`3/1994 Iijima e161.
`.. 380/28
`5,295,188
`3/1994 Wilson .... ..
`380/23
`5,299,263
`3/1994 Beller ...................................... ._ 380/21
`5,302,811
`4/1994 Fukatsu,
`5,339,402
`8/1994 Ueda.
`5,352,876 10/1994 Watanabe.
`5,357,563 10/1994 Hamilton.
`5367’149 11/1994 Takahim_
`5,367,150 11/1994 Kitta.
`
`'
`
`.
`
`M335 3mg?“
`OS 1 ‘1
`1
`1
`4/1995 Kat-Summ
`5,408,633
`5,409,092 4/1995 Iwko.
`5,428,684
`6/1995 Akiyama ................................. .. 380/25
`5,434,395
`7/1995 S[O1-Ck_
`5,438,184
`8/1995 Roberts.
`5440108 8,1995 T
`’
`3
`Ya“
`5,445,295
`8/1995 Brow“
`5,450,938
`9/1995 Rademacher.
`5,461,217 10/1995 Claus.
`
`Page 2003-002
`
`

`
`US. Patent
`
`Nov. 19, 1996
`
`Sheet 1 of 9
`
`5,577,121
`
`Page 2003-003
`
`

`
`US. Patent
`
`Nov. 19, 1996
`
`Sheet 2 0f 9
`
`51,57 7 ,121
`
`aw
`
`A172
`
`svc
`
`svc
`ACCEPTOR/HOLDER "'“'——*EEJ[\ 24
`l
`
`I
`
`,74
`READER/WRITER ’
`PROCESSOR
`T
`
`76
`\‘“
`> MEMORY
`
`\
`
`\\
`70
`
`———
`
`1|—'
`
`I
`sEcuRITY’
`MODULE
`
`78
`
`TERMINAL ,\_
`APPLICATION
`80
`MODULE
`
`/
`
`40 539\
`FIG. 2 53% p32
`
`
`
`1 ——————~T--— svg ——
`cuRR‘ENcY
`DISPLAY
`svc
`REcEIvER /
`b
`ACCEPTOR/\—
`READER
`HOLDER
`572
`533\ *-—T I,
`
`>=U
`
`TERMINAL
`\
`MEMORY T PROcEssOR
`‘A
`53!
`
`*
`
`M M Y
`READER/ ‘
`_WRITER
`- ' E 9R
`PROCESSOR \
`\
`574
`576
`
`535\
`INPUT‘ A
`MEANS
`
`/’I
`570
`
`sEcuRITY A" 578
`MODULE 1
`
`II
`
`/56O
`AUTHORIZATION
`MEMOIRY‘ T PROcEssOR ‘T562
`\
`I
`564
`r
`568 SECURITY
`-~ MODULEZ
`
`_
`
`5
`
`Page 2003-004
`
`

`
`U.S. Patent
`
`Nov. 19, 1996
`
`Sheet 3 0f 9
`
`5,577,121
`
`S V C
`
`L
`
`.m
`
`svc INSERETED
`CONTACT
`ESTABLISHED
`
`304
`
`EEIIDRQ‘E’IZR ‘
`I/ 306 / SIGNALTO §vc
`REcEwE PDwER
`SIEBAFEESR‘EEET
`
`RECEIVE RESET
`
`-
`
`308
`
`SIGNAL TO R/w / SIGNAE T8 svc
`
`REES'IELIE
`
`NUMBER
`
`READ SERIAL’
`NUMBER AND
`_\-u-.
`sEND TO SM
`,
`
`3'6
`SELECT KEY TO
`BE USED TO
`EENERATE DERIVED
`
`/
`sEND sELEcT'ED KEY
`IDENTIFICATION AND
`GENERATE DERIVED
`KEY COMMANDTOSM
`[322
`SEND RANDDM NUMBER
`COMMAND TO s M
`
`314
`/
`RECEIVE 'sERlAL
`NUMBER
`
`3 2,0
`RETRIEVE‘KEYAND
`C';(BE~IYIERATE DERIVED
`
`[324
`GENERATE RANDOM
`NUM BER
`
`32?
`INCREMENT
`TRANSACTION
`COUNT
`
`‘ 33,0
`
`GENERATE svc’
`SESSION KEY USING
`TRANSACTION COUNT
`QEQSTORED DERIVED
`@
`
`32 6
`READ RANDDM
`AND sEND TO svc
`
`II
`
`Fl 6. 3A
`
`Page 2003-005
`
`

`
`US. Patent
`
`Nov. 19, 1996
`
`Sheet 4 0f 9
`
`5,577,121
`
`332
`ENCRYPT RANDDM
`NUMBER WITH svc
`SESSION KEY
`
`334
`/
`'
`SESDDOEANPELTJSTRE D
`AND TRANSAC ION
`COUNT FROM SVC
`AND SEND TO SM
`
`336
`/
`GENENERATE' sM
`SESSION KEY USING
`svc TRANSACTION
`COUNT AND DERIVED
`KEY
`338
`L I
`ENCRYPT RANDDM
`NUMBER USING sM
`EssIoN KJEY
`340
`
`coMPARE ENCRYPTED
`RANDOM NUMBERS
`
`sEND cIPHERED‘
`PASSWORD ooMMAND
`TO sM
`
`SESSION KEYS
`IDENTICAL
`
`REJECT SW
`346\
`RETRIEVE PASSWORD
`KEYAND ENCRYPTSVC
`SERIAL NUMBER USING
`PASSWORD KEY ‘IO
`PROVIDE DERIVED
`PASSWORD
`348
`\
`sENER‘ATE msswoRD
`,
`fzsz
`CRYPTOGRAM BY
`READ PASSWORD
`cREcEIvE PASSWORD
`DWIW‘IMTQND / CRYPTOGRAM AND /ENCRYFTING DERIVED
`.
`S
`T
`C
`H
`SESSION KEY
`END 0 SV
`
`350
`
`COMPARE RESULT—-\_
`WITH DERIVED
`354
`
`358
`
`SECURE sEséIoN
`CONFIRMED
`
`REJECT svc
`
`G‘
`
`Page 2003-006
`
`

`
`US. Patent
`
`Nov. 19,1996
`
`Sheet 5 0f 9
`
`5,577,121
`
`S V C
`
`3/74
`DECREMENT BALANCE
`
`‘f 376
`‘
`ENCRYPT‘I'RANSACTION
`AMOUNT‘IOGENERATE
`VERIFICATION
`CERTIFICATE (vc)
`
`_S_M_
`
`R
`_W_ 370
`RECENE TRANSACTION!
`AMOUNT FROM TAM
`[372
`
`REQUEST DEBIT
`
`378
`/
`
`READ
`vc
`
`380
`
`SEND vc AND
`
`l /
`3/82
`‘ATTSTATTTaNSM
`AND REQUEST \ TREAqNgeAYCqTO’N
`
`VERIFICATION
`
`AMOUNT
`
`COMPARE 'WITH
`RECEIVED vs
`
`386
`
`IDENTICAL?
`
`REJECT
`38\8
`‘INCORPORATE
`TRANSACTION
`AMOUNT WITH
`HASH VALUE
`
`390
`H
`\ CONFIRM
`
`. PURCHASE
`
`FIG. 3C
`
`Page 2003-007
`
`

`
`U.S. Patent
`
`Nov. 19, 1996
`
`Sheet 6 0f 9
`
`5,577,121
`
`5L
`
`404
`
`4/0 2
`R/
`REDuEsTsIGNATuRE
`FROM svC
`
`S M
`
`‘ RETRIEvE DERIVED
`KEY ANDTRANsACTIoN
`COUNT
`
`406
`
`408
`
`GENERATE sIGNING
`KEY
`
`I
`RErRIEvETRAN
`AMOUNT
`
`410
`/
`
`GENERATE
`EIQGANNAQTACIJIIZON
`U
`
`4'2
`READ TRANSACéON
`\SIGNATURE FROM
`svc AND sToRE
`4“
`J
`IN MEMORY
`CLEAR sEssIoN ’
`KEY
`
`/"4|4
`/
`
`‘
`SEND svC
`416
`TRANsACTIoN
`\
`S GNATURE TOSM
`RECENE svc '
`AND REQUEST \ TRANSACTION
`SlGNATURE FROM SM
`SIGNAT R
`
`“f {4T8
`
`GENERATE SIGNING
`KEY
`
`420
`\
`V
`GENERATE s M Y
`TRANsACTIoN
`SIGNATURE
`422
`CLEAR sEssIoN KEY
`
`F‘ 4
`
`4?4
`READ sNI
`\
`TRANSACTION
`SIGNATURE AND
`sToRE
`
`426
`4
`PO ER DO N AND /
`w
`w
`RELEASE 5V
`C
`
`4/28
`REMOVE svc
`'
`
`Page 2003-008
`
`

`
`US. Patent
`
`Nov. 19, 1996
`
`Sheet 7 of 9
`
`5,577,121
`
`SVC
`
`R/W
`
`SM-l
`I
`
`TERM AUTH SM-Z
`INSERT svc T 502
`
`,_604
`‘
`READ svc DATA '
`
`oBTATN DARDHDLDER /6O8
`DATA
`'
`i
`6l2
`REQUEST SECURE ,JG'O
`\\
`ESTABLISH SECURE /SESSION
`sEss|DN BETWEEN
`svc AND sm WITH
`
`64
`
`6 ' 6 \
`cERTTFIDATEWCTAND
`EQUEST VC AND / SECURITY DATA
`gEAcDmTYDAT/A FROM
`_ 618
`2
`ESTABLISH iSSION
`KEY-Z ENCRYPT SVC
`SERIAL NUMBER WITH
`\*\SlON KEY-2 TO
`REATE VC
`
`62$ ~GET SECURITY DATA
`
`FROM SVC '
`
`IREAD VCAND
`EECIURITY DATA FROM
`RECEIVE vc AND ‘
`\ SVC/SM 1 SECURITY
`DATA
`
`624
`
`626
`SEND TRANSACTION /
`REQUESTWITH SVC‘
`DATA, CARDHOLDER
`DATA, VCANJENC/SM]
`/628
`SECURITY DATA
`\ RECEIVETRANSADTTDN
`REQUEST AND DATA
`630
`T
`sEND VCANJ sEcumY
`632
`DATA TO SM 2
`/
`\ ESTABLISH 'SESSION
`KEY-2
`
`634
`
`VALlDATE VG
`ERIFYCAHDHOLDER
`DAIAANDTHAI'ANUNT
`AVAILABLE
`
`Page 2003-009
`
`

`
`US. Patent
`
`Nov. 19, 1996
`
`Sheet 8 of 9
`
`5,577,121
`
`\ 6/40
`GENERATE'OERIVEO’
`. MEL N KEY
`I
`642\IGENERATE
`AUTHORIZATION
`SESSION KEY
`‘
`ENCRYPT AMOUNT
`
`644
`
`64
`
`646
`\ENCRYP'I'AC WITH
`SESSION KEY-2
`
`V
`
`SEND TRANS REPLY
`IZATION WITH
`650 \ EMZRYPTED AC (ENAC) Y
`RECEIVE EPLYAUTI-O
`RIZATION WITH EN/AC
`
`654
`
`RECEIVE AMOUNT AND
`
`_ SEND AMOUNT ANJENAC
`
`EN/ACSEND TO SMI 656\ RECEIVEAND IECRYPT
`
`‘EN/AC WITH SESSION
`KEY-2
`
`6
`
`.
`NCRYPTRESULTWITH
`660\ ESSION KEY-1
`
`. R=cEIvE EN/AcANO
`8 END AUTHORIZED
`6 62\ AMOUNT
`RECEIVE‘ AMOUNT ;
`AND EN/AC
`L
`GENERATE
`AUTHORIZATION
`SESSION KEY
`
`6 6 4
`1/
`
`@
`
`FIG. 6B
`
`Page 2003-010
`
`

`
`US. Patent
`
`Nov. 19, 1996
`
`Sheet 9 0f 9
`
`5,577,121
`
`@ (666
`
`IICRYPT m WITH
`SESSION KEY-1
`DECRY PT RESUJ' WITH
`AUTH ORIZATIQ‘J
`SESSION KEY TDwIAIN
`AUTHGQIZED AMOUNT
`1
`_/ 668
`CCNPAREANQNTWTTH
`_ AUTHORlZED AMOUNT
`
`672
`/
`NO VALUE LOADED
`
`YES <674
`svc CREDITED wnH‘
`AMOUNT
`
`676
`
`\GEbER/STETRANSOCTDN
`678
`SIGNATURES (no.4) |\>
`/
`lREcElvE STGNATU'RESJ
`v
`SEND SIGNATURES IN ’
`TRANSACTION COMPl:
`ETION MESSAGE TO
`AUTHORIZER
`
`680
`
`682
`
`RECEIVETRANSAQQ‘ON
`commrnou w:
`686
`SIGNATURES
`\ 1
`TRANSACTION
`COMPLETED. SELECT
`ANOTH TRANsAc:
`.
`ER
`“(N
`688\ / OR RETURN CARD
`Pom-:R‘ DOWN AND
`L06 TRANSACTION
`RELEASE svc.
`AND SIGNATURES
`
`/ 684
`
`FIG.6C
`
`Page 2003-011
`
`

`
`5,577,121
`
`1
`TRANSACTION SYSTEM FOR INTEGRATED
`CIRCUIT CARDS
`
`FIELD OF THE INVENTION
`
`5
`
`The present invention relates generally to automated
`. systems for performing transactions, such as ?nancial trans
`actions, using an integrated circuit device or card and, more
`particularly, to such transaction systems and methods of
`utilizing such transaction systems in a convenient and secure
`manner to permit such an integrated circuit device or card to
`be used in place of cash for the purchase of goods and/or
`services.
`
`BACKGROUND OF THE INVENTION
`
`15
`
`Goods and/or services are generally purchased by con
`sumers and others utilizing credit cards, debit cards and/or
`cash or its equivalents, i.e., checks, money orders and bank
`drafts. Credit and debit cards have been used only relatively
`recently for this purpose. Cash, both coin and currency, has
`been the primary medium of exchange for goods and ser
`vices for centuries. During that entire time, problems such as
`theft, fraud, counterfeiting and short-changing have always
`been present.
`-
`The present invention comprises a transaction system for
`integrated circuit devices, more particularly, integrated cir
`cuit cards or “smart cards” which are employed in the
`transaction system as a substitute for cash (i.e., currency or
`coins). The present invention is superior to the use of cash
`in that the transfer of value from the card for the purchase
`of goods or services occurs in an automated manner without
`the need to produce, transport, store or secure currency or
`coins. With the transaction system of the present invention,
`the integrated circuit card is as simple and as easy to use as
`cash and yet all transactions are secure and self~validating.
`With the present invention, ?nancial institutions and other
`entities issue one or more integrated circuit cards to each
`system user or cardholder. A cardholder, utilizing a special
`ized automated terminal, loads “value” in the form of a cash
`or dollar balance onto his or her integrated circuit card by
`debiting an existing ?nancial account, such as a checking,
`savings, or money market account, or by inserting cash into
`the terminal. Thereafter, the cardholder may use the inte
`grated circuit card to purchase virtually any type of goods
`and/or services.
`When a cardholder wishes to purchase goods and/or
`services, the integrated circuit card is inserted into a terminal
`at the point of purchase or sale of the desired goods and/or
`services. After an automatic veri?cation and validation pro
`cess takes place, the cardholder may purchase goods and/or
`services by having the cost of the goods and/or services
`deducted from the balance stored in the integrated circuit
`card. The card is then removed from the terminal for
`subsequent purchases and/or loading of value.
`
`SUMMARY OF THE INVENTION
`
`Brie?y stated, the present invention comprises a method
`of conducting a transaction between an integrated circuit
`(IC) card and a transaction terminal which includes a
`security module. The method comprises establishing com
`munication between the terminal and the IC card and
`separately generating a session key in the IC card using data
`stored in the _IC card and a code associated with the
`particular IC card and in the security module using data
`stored in the security module and the code associated with
`
`25
`
`30
`
`35
`
`45
`
`55
`
`65
`
`2
`the particular IC card. The session key generated by the IC
`card is used to encrypt data using an encryption algorithm to
`obtain a ?rst result and the session key generated by the
`security module is used to encrypt the same data using the
`same encryption algorithm to obtain a second result. The
`?rst and second results are compared and the terminal is
`enabled to conduct the transaction only if the comparison
`establishes that the ?rst result and the second result are
`identical.
`In another aspect, the present invention further comprises
`generating a transaction signature by the IC card using
`transaction data and data stored in the IC card, generating a
`transaction signature by the security module using transac‘
`tion data and data stored in the security module, and storing
`the transaction signatures generated by the IC card and the
`security module for creating an audit trail for the transaction.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`The foregoing summary, as well as the following detailed
`description of preferred embodiments of the invention, will
`be better understood when read in conjunction with the
`appended drawings. For the purpose of illustrating the
`invention, there is shown in the drawings embodiments
`which are presently preferred. It should be understood,
`however, that the invention is not limited to the precise
`arrangements and instrumentalities shown. In the drawings:
`FIG. 1 is a functional schematic block diagram of a
`preferred embodiment of a transaction system in accordance
`with the present invention;
`FIG. 2 is a more detailed functional schematic block
`diagram of a portion of a POS terminal of FIG. 1;
`FIGS. 3A and 3B are a ?ow diagram of the preferred
`method employed for establishing a secure session between
`an integrated circuit card and a terminal in accordance with
`the present invention;
`FIG. 3C is a ?ow diagram of the preferred method of
`transferring value from an integrated circuit card to a POS
`terminal;
`‘
`FIG. 4 is a ?ow diagram of a preferred method employed
`for establishing transaction veri?cation signatures in accor~
`dance with the present invention;
`FIG. 5 is a more detailed functional schematic block
`diagram of a portion of a load value terminal of FIG. 1; and
`FIGS. 6A-6C are a ?ow diagram of a preferred method
`employed for loading value in accordance with the present
`invention.
`
`DETAILED DESCRIPTION OF PREFERRED
`EMBODIMENT
`
`Referring to the drawings, wherein like numerals are used
`to indicate like elements throughout the several ?gures,
`there is shown in FIG. 1, some of the elements of a
`transaction system 10, in the presently preferred embodi
`ment, a ?nancial-based transaction system in accordance
`with the present invention. It should be appreciated by those
`skilled in the art that while a ?nancial-based transaction
`system is shown and described, the present invention is not
`so limited and could encompass other, non-?nancial trans—
`action systems including identi?cation or access control
`systems (not shown).
`As shown in FIG. 1, the principal element of the trans
`action system 10 is a portable integrated circuit (IC) device
`20. In the present embodiment, the IC device 20 is com
`prised of a generally ?at, rectangular, card-like substrate 22
`
`Page 2003-012
`
`

`
`3
`having two principal surfaces which is preferably formed of
`a polymeric material but may be formed of some other
`material or of composite materials if desired. In the presently
`preferred embodiment, the substrate 22 has an overall size
`which is substantially the same as a standard or typical credit
`or debit card and is formed of substantially the same
`polymeric material. However, the particular size, shape and
`material composition of the substrate may vary if desired.
`One or both principal surfaces of the substrate 22 may
`include embossed or imprinted indicia such as the name of
`a ?nancial entity which has issued the IC device 20 to a
`cardholder, the name of the cardholder to which the IC
`device 20 has been issued, an elfective and/or expiration
`date of the 1C device 20, an account number or other number
`used by the issuing entity or the like. A magnetic stripe (not
`shown) of the type generally well known and commonly
`used in credit cards, debit cards and the like, may also be
`incorporated into one or both principal surfaces of the
`substrate 22 in a manner well known in the art and any such
`magnetic stripe may include identi?cation and other types of
`data stored in a manner well known in the art.
`The substrate 22 in the present embodiment further
`includes an integrated circuit or chip 24 embedded therein.
`The integrated circuit 24 in the present embodiment includes
`a processor or a microprocessor, memory, including random
`access memory and a more permanent, or non-volatile form
`of memory such as an EPROM, EEPROM or other type of
`PROM, as well as a plurality of electrical contacts (not
`shown) conveniently located to facilitate the establishment
`of a direct mechanical type of electrical connection between
`the integrated circuit 24 and other elements of the transac
`tion system 10 in a manner which will hereinafter be
`described. It will be appreciated that while mechanical
`contact type electrical connections are presently preferred,
`other non-mechanical contact technologies (not shown) may
`be alternatively employed for establishing communication
`for the transfer of signals and data between the integrated
`circuit 24 and other system elements. The non-volatile
`memory of the integrated circuit 24 also preferably includes
`a stored operating system program and certain stored data,
`further details of both of which will be hereinafter provided.
`The IC device 20 as shown in FIG. 1 and as brie?y
`described above is typical of a class or type of IC devices
`known as “smart cards” or “stored value cards”. For pur
`poses of clarity and brevity in the present description, the IC
`device 20 will hereinafter be referred to as a “stored value
`car ” or “SVC”. Further details of the physical structure of
`the SVC 20 and, more particularly, the integrated circuit 24
`are not necessary for a complete understanding of the
`present invention and are not provided herein. Such details
`may be obtained from a variety of other sources including
`printed publications, issued U.S. and other patents, as well
`as from various manufacturers of stored value cards. In the
`presently preferred embodiment, the SVC 20 is a general
`purpose, reusable smart card available from Gemplus. Fur
`ther, more speci?c details concerning the operation of the
`integrated circuit 24 and the method of use of the SVC 20
`will hereinafter become apparent.
`In the present transaction system 10, the SVC 20 is used
`as a substitute for cash (currency or coins) as a medium of
`exchange for a cardholder to obtain goods and/or services
`from a variety of sources. Thus, instead of or in addition to
`carrying cash, a cardholder carries the SVC 20 which
`includes, within its memory, at least one electronic purse
`which, when loaded with value in a manner which will
`hereinafter be described, may be conveniently used for the
`purchase of goods and/or services in place of cash. For
`
`45
`
`55
`
`65
`
`5,577,121
`
`10
`
`20
`
`25
`
`4
`purposes of the present description, the SVC 20 will be
`assumed to have a single electronic purse, but it should be
`understood that multiple identi?able electronic purses which
`may be used for particular applications may be provided.
`FIG. 1 shows examples of three different types of auto
`mated terminals with which the SVC 20 may be employed.
`A load value terminal 30 is employed for the purpose of
`loading value into the electronic purse of the SVC 20. The
`load value terminal 30 as illustrated in FIG. 1, is generally
`similar in appearance to a standard automatic teller machine
`(ATM) of the kiosk or standalone type. In some applications,
`an existing ATM may be modi?ed to function as a load value
`terminal. It will be appreciated by those skilled in the art that
`the load value terminal 30 may take on many other forms
`such as a countertop or tabletop terminal and, therefore, the
`particular embodiment of the load value terminal 30 shown
`in FIG. 1 should not be considered to be limiting.
`The load value terminal 30 preferably includes a display
`device 32 which may be a cathode ray tube (CRT) as
`illustrated or, alternatively, may comprise a liquid crystal
`display (LCD), light emitting diode (LED) display, or any
`other type of display device employed for displaying or
`otherwise communicating information from the load value
`terminal 30 to a cardholder. The load value terminal 30 also
`includes input means for permitting a cardholder to provide
`information to the load value temrinal 30. In the illustrated
`embodiment, the input means comprises a plurality of activ
`ity selection contacts or buttons 34 and a typical or standard
`ten-digit numerical keypad 36, both of a type well known to
`those skilled in the art. It will be appreciated that while the
`input means 34, 36 are illustrated as being individual buttons
`and/or a keypad on the front of the load value terminal 30,
`other types of input means, such as on-screen or touch
`screen input means or the like may be employed in the
`alternative.
`The load value terminal 30 also includes an opening or
`slot 38 for receiving the SVC 20. The card receiving slot 38
`is part of a reader/writer device (not shown in FIG. 1) which
`is employed in the present embodiment to engage and hold
`the SVC 20 within the terminal 30 and to establish and
`maintain communication, in the present embodiment, an
`electrical connection between the terminal 30 and the inte
`grated circuit 24 of the SVC 20. The load value terminal 30,
`in some embodiments, may also include a currency receiver/
`reader 39, illustrated in phantom in FIG. 1. The currency
`receiver/reader 39 is adapted to receive, read and verify
`currency, for example, dollar bills, for use in loading value
`onto the SVC 20 in a manner which will hereinafter be
`described. Currency receiver/readers are well known in the
`art and need not be described in greater detail in order to
`understand the present invention.
`In operation, the SVC 20 is inserted by a cardholder into
`the card receiving slot 38 of the load value terminal 30 and
`is engaged and held by the reader/writer device within the
`terminal 30. Once the electrical connection is established
`between the SVC 20 and the load value terminal 30 and the
`validity of the SVC 20 and the temrinal 30 have been
`veri?ed in a manner as described below to establish a
`“veri?ed session” or “secure session”, instructions for load
`ing value onto the SVC 20 are provided to the cardholder on
`the display device 32. Using the selection buttons 34 and the
`numerical keypad 36 or other such input means, the card
`holder selects the manner in which value, i.e., a selected cash
`balance, is to be loaded onto the SVC 20 and the total
`amount of value to be loaded. Value can be loaded by
`inserting currency into the currency receiver/reader 39 if the
`load value terminal 30 is so equipped. Alternatively, value
`
`Page 2003-013
`
`

`
`5,577,121
`
`10
`
`15
`
`25
`
`35
`
`40
`
`5
`can be loaded onto the SVC 20 by deducting a correspond
`ing cash value from an established and identi?ed account,
`such as a designated savings or checking account, of the
`cardholder in a manner which will hereinafter be described
`in greater detail. Typically, the load value terminal 30 is in
`communication with one or more ?nancial entities with
`access to the designated account of the cardholder for
`authorization of the transfer of value to the SVC 20. Once
`the desired authorized amount of cash value has been loaded
`by the load value terminal 30 onto the SVC 20 (i.e., into the
`memory of the integral circuit 24), the SVC 20 is released
`by the terminal 30 and the cardholder removes the SVC 20
`from the card receiving slot 38 and, thereafter, uses the SVC
`20 to purchase goods and/or services as hereinafter
`described.
`The SVC 20 may be used for the purchase of all types of
`goods and/or services in substantially the same way that
`cash or money is used. Thus, for example, the SVC 20 may
`be used by a cardholder to purchase groceries from a
`supermarket, to purchase food items or other items from a
`vending machine, to purchase food at a restaurant, to pay the
`fare for a bus ride or other transportation services, to pay
`tolls on a toll road, to pay for a telephone call or the like. The
`purchase of such goods and/or services is accomplished by
`transferring cash value which is stored in the memory of the
`integrated circuit 24, from the SVC 20 to a terminal having
`the capability of receiving and interfacing with the SVC 20
`to facilitate the transfer of cash value corresponding to the
`value or cost of the goods and/or services purchased by a
`cardholder. FIG. 1 illustrates only two such terminals, a
`point of sale (POS) terminal 40 and a vending machine
`terminal 50. It will be appreciated by those skilled in the art
`that while only two speci?c types of terminals are illustrated
`in FIG. 1, many different types of terminals may be
`employed for receiving and transferring value from a SVC
`20. Accordingly, the two typical terminals speci?cally illus
`trated and hereinafter discussed should not be considered to
`be a limitation upon the present invention.
`The POS terminal 40 illustrated in FIG. 1 is similar in
`structure and appearance to a standard electronic cash reg
`ister. More speci?cally, the POS terminal 40, which, in the
`present embodiment, preferably is computer controlled,
`includes a standard keyboard 42 having both numeric and
`specialized keys typical of the type employed in an elec
`tronic cash register. The POS terminal 40 may also include
`a ?xed or hand-held scanner (not shown) such as a bar code
`scanner of the type in use with many electronic cash
`registers. Other means for the entry of pricing or other
`information may be employed in the POS terminal 40. A
`display screen 44, such as a CRT or other display device also
`typical of an electronic cash register is provided. In some
`applications, no display device is required. The POS termi
`nal 40 may also include an openable drawer 46, such as a
`cash drawer or the like, which allows the terminal 40 to also
`effectively handle transactions involving cash, checks, credit
`cards or the like.
`The POS terminal 40 also includes an opening or slot 48
`for receiving the SVC 20 to facilitate transfer of value from
`the SVC 20 to the POS terminal 40. The card receiving slot
`48 is part of a reader/writer device (not shown in FIG. 1)
`which is employed to engage and hold the SVC 20 within
`the POS terminal 40 and to establish and maintain commu
`nication, in the present embodiment, a mechanical type
`electrical connection, between the terminal 40 and the SVC
`20. Preferably, the POS terminal 40 includes a processor or
`microprocessor (not shown) which uses a stored operating
`program to interact with the SVC 20 for the transfer of value
`
`45
`
`55
`
`65
`
`6
`in a manner hereinafter described. The POS terminal 40 as
`described may be employed in virtually any type of whole
`sale, retail or other facility in which virtually any type of
`goods (i.e., food, clothing, cleaning supplies, hardware,
`appliances, etc.) may be purchased or where any type of
`services (i.e., restaurant services, video rentals, dry cleaning
`services, car wash services, etc.) may be purchased. Typi
`cally, such a POS terminal 40 will be located in the same
`place in which a cash register is located, typically at or near
`an entrance or exit to a facility but the POS terminal 40 could
`be at some other location, for example, within a particular
`area or department of a retail or other facility, if desired.
`In use, when a holder of the SVC 20 desires to pay for
`selected goods and/or services, typically when leaving a
`retail or other facility, a clerk or other person associated with
`the facility enters the cost of the goods or services as well as
`any other requisite information (i.e., department or item
`codes) into the POS terminal 40 using the entry keys of the
`keyboard 42, a scanner (not shown), or any other type of
`data entry device. Once the cost of the goods and/or services
`and/or other requisite information has been entered and is
`totalled, the SVC 20 is inserted into the card slot 48 on the
`POS terminal 40. It will be appreciated that while the card
`receiving slot 48 in the embodiment illustrated in FIG. 1 is
`shown as being incorporated in the front surface of the POS
`terminal 40, the card slot 48 could be in some other location
`such as on the customer side of the POS terminal 40 or at a
`remote location, such as on the side of a check-out counter
`associated with the POS terminal 40. In some applications,
`the SVC 20 may be inserted into the card slot 48 before or
`during the time that the cost and/or other information is
`entered. In some applications, the cardholder may enter the
`cost and/or other information into the POS terminal 40.
`Regardless of where the card receiving slot 48 is located and
`when the SVC 20 is inserted, when the SVC 20 is inserted
`into the card receiving slot 48, a veri?cation process is
`performed (described in detail hereinafter) to establish a
`secure session between the SVC 20 and the POS terminal 40
`and the total value of the purchased goods and/or services is
`thereafter deducted from the available cash value balance
`stored within the memory of the SVC 20 and the transaction
`is logged or stored within the memory of the POS terminal
`40. Once the transfer of value from the SVC 20 to the POS
`terminal 40 has been completed, the SVC 20 is released by
`the POS terminal 40 and is removed by the cardholder or
`facility clerk from the card receiving slot 48 thereby com
`pleting the purchase of the goods and/or services. Of course,
`the amount transferred from the SVC 20 for the goods and/or
`services being purchased must be less than or equal to the
`total amount of cash value