`
`[191
`
`[11] Patent Number:
`
`4,900,904
`
`
`
`[45] Date of Patent: Feb. 13, 1990
`Wright et a1.
`
`{54]
`
`[75]
`
`[73]
`
`[21]
`
`[22]
`
`[62]
`
`[51] .
`[52]
`
`158]
`
`[56]
`
`AUTOMATED TRANSACTION SYSTEM
`WITH INSERTABLE CARDS FOR
`DOWNLOADING RATE 0R PROGRAM
`DATA
`
`Inventors: Christopher B. Wright, San
`Francisco; Stephen Bristow, Los
`Altos Hills, both of Calif.
`
`Assignee: Wright Technologies, L.P., San
`Francisco, Calif.
`
`Appl. No.: 258,517
`Filed:
`Oct. 17, 1988
`
`Related U.S. Application Data
`Division of Ser. No. 935,244, Nov. 26, 1986, Pat. No.
`4,802,218.
`‘
`
`Int. CL“ ................................................ GO6F 7/08
`U.S. Cl. .................................... 235/381; 235/380;
`235/441; 364/464.03
`Field of Search ............... 235/379, 380, 381, 449;
`364/464.01, 464.03
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`1/1977 Schatz .
`4,001,550
`4,024,380 5/1977 Gunn .
`4,204,113
`5/1980 Giraud et a1.
`4,277,837
`7/1981 Stuckcrt .
`4,430,716 2/1984 Dlugos et a1. .................. 364/464.03
`4,450,535
`5/1984 Pommery et a1.
`
`.
`
`.
`
`4,463,250 7/1984 McNeight et a1.
`4,490,798 12/1984 Franks et al.
`.
`4,575,621 ' 3/1986 Dreifus .
`4,594,663
`6/1986 Nagata et a1.
`4,637,051
`1/1987 Clark .
`4,709,136 11/1987 Watanabe .
`
`‘
`.................. 235/380 X
`
`Primary Examiner—David L. Trafton
`Attorney, Agent, or Firm—Chong, Leighton K.
`
`[57]
`
`ABSTRACT
`
`An automated transaction system employs portable rate
`cards having embedded memories for storing rate infor-
`mation corresponding to different services, and a termi-
`nal which receives an inserted rate card and operates to
`calculate the value of an item requested at the terminal
`by a user using the information stored in the rate card,
`and to dispense the requested item having the calculated
`value. In the preferred system, the rate cards are used
`for different postal carriers or different services of one
`carrier, and the item dispensed is a printed postmark
`corresponding to the value calculated and the selected
`carrier or service. The system also employs portable
`program cards which store programs for generating
`waybill forms used by different postal carriers or differ-
`ent postal services. The waybill generating program of
`a program card inserted in the terminal controls the
`display of the corresponding waybill form on the termi-
`nal display and the input of information to be printed on
`the resulting waybill.
`
`20 Claims, 11 Drawing Sheets
`
`.
`
`, TERM/N114
`
`:1 0000000 [:3 000
`
`:1 0000000 1:: 000
`I: OOOOOOO E 000
`
`I: 0000000 1:: 000
`
` .57
`
`50
`
`CHASE EX. 1017 - p. 1/23
`
`CHASE EX. 1017 - p. 1/23
`
`
`
`US. Patent
`
`Feb. 13, 1990
`
`Sheet 1 of 11
`
`4,900,904
`
`«SGRVUGQQ
`
`HERE
`
`Hana
`
`Egan
`
`CHASE EX. 1017 - p. 2/23
`
`CHASE EX. 1017 - p. 2/23
`
`
`
`US. Patent
`
`Feb. 13, 1990
`
`Sheet 2 of 11
`
`4,900,904
`
`n FIG.20
`
`C7197IVA/El.
`
`.
`6
`
`
` - fi/WVP5HAKE
`
`
`'I- I
`
`l
`'|
`
`I | I
`
`”mu/mm: ’
`1‘ P0577465
`fl/fiOU/VT ‘
`
`
`
`~|
`
`l l
`
`
`
`FRI/V7 F05M6£
`
`24:600.; MIA/55R
`// mm szcesr
`KEY kl by
`
`
`M/iflfi!Amok/m1
`
`l xv:£17m)
`I may” Mun/55;?
`
`I N mm 55mg
`
`
`| KEY M w
`5560”” Alfiafilffim
`
`
`W2- 52 (N, A I)
`
`k£ 5£7 ‘
`l— __ _______,______- _L
`——.———_.___.
`
`55w ’f/VP'fS/fiA/AL
`_]
`.———_—————_—_
`
`CHASE EX. 1017 - p. 3/23
`
`I I I I I I I I I I I I I I I
`
`
`
`
`
`§Il“‘h~< E“uE§ gERIn
`
`
`
`ENC/Q7177 NUMBER N
`W/TH SECRET/KEY kl
`
`5)’ #7357 Alec/W 77M,
`
`
`”4- 5/ {/v, M)
`
`
`
`
`
`
`
`056095 #1051851? N
`5y WVEKfiE At 60.0mm
`
`45527;”),- /F
`5/7/1715 M/MBEK WEN
`p55” c/mz AND
`529W FK/Nr COMM/l p
`
`
`
`
`
`
`
`CHASE EX. 1017 - p. 3/23
`
`
`
`US. Patent
`
`Feb. 13, 1990
`
`Sheet 3 of 11
`
`4,900,904
`
`QN‘RUmKVEQG
`
`QNQVQQQNRU>Q
`
`005qwzchkmk
`
`RSV“3&0
`
`ungkax
`
`wk“QERR
`
`
`
`“3&6mgfimkq
`
`kniksfikg:
`
`qw§§kflg»
`
`h§t§mmNV
`
`wk«$ka
`
`#3»:ka3kau
`
`
`
`m.0;
`
`‘ CHASE EX. 1017 - p. 4/23
`
`CHASE EX. 1017 - p. 4/23
`
`
`
`
`
`
`US. Patent
`
`Feb. 13,1990
`
`Sheet 4 of 11
`
`4,900,904
`
`56fl4£
`
`I-——l
`FIG4
`
`
` 20
`
` TERM/NAI. MPU
`
`CHASE EX. 1017 - p. 5/23
`
`CHASE EX. 1017 - p. 5/23
`
`
`
`US. Patent
`
`Feb. 13, 1990
`
`Sheet 5 of 11
`
`4,900,904
`
`FIG. 5
`
`(/55? 0420
`E/VfEPE D
`
`
`
`
`056/? COME/R
`
`57770”: Pm; MW;
`
`51/? 921725
`
`
`UNAUff/OR/Zfo
`(VI/PP pfffCTED
`
`
`
`
`
`
`
`
`E/W‘ER Z/P (0055
`Pia/557' P05?
`
`0/" sad/ROE fi'A/D
`A66 flmaz/xvf
`
`'/
`0
`gig/”152%”
`
`
`
`
`CflMP/Jl’é P057-
`
`6’65 [BIA/6
`R5475 CARD
`
`
`
`
`MleDA’flE Y
`mass 0/?
`M/Pl/Y'M?W2/7 7'19
`
`
`
`‘
`
`?’
`
`
`
`
`pig/r (/7212, 15505
`
`Pz/Nr COMM/WV
`
`
`
`75PMI/V/Jf5 OPER-
`
`AWOA/ 0F TERM/AMI.
`
`755
`
`CHASE EX. 1917 - p. 6/23
`
`CHASE EX. 1017 - p. 6/23
`
`
`
`US. Patent
`
`Feb. 13, 1990
`
`Sheet 6 of 11
`
`4,900,904
`
`
`[=-======.___=_=.v
`
`
`@332
`03.3”
`
`RbemeSKNEEV
`
`lflIfllflIflIflH
`Infill-IIIIH
`EEEEEHEHEEE
`IIflfllIflflIlMi
`IflflflfllIIfi
`
`cm.9“.
`
`CHASE EX. 1017 - p. 7/23
`
`CHASE EX. 1017 - p. 7/23
`
`
`
`
`
`
`US. Patent
`
`Feb. 13, 1990
`
`Sheet 7 of 11
`
`4,900,904
`
`Nd;
`
`\\k.
`
`000D0000000U
`
`000D0000000U000H0000000U000D0000000H.
`
`CHASE EX. 1017 - p. 8/23
`
`CHASE EX. 1017 - p. 8/23
`
`
`
`
`
`US. Patent
`
`Feb. 13, 1990‘
`
`Sheet 8 of 11
`
`4,900,904
`
`
`
`use: , 04/20
`
`
`
`”0
`
`FIG. 8
`
`//2
`
`
`U/Vfll/f/IOR/ZEP 0720‘
`
`DETECTED, £06K CARD
`
`
`
`
`
`
`_
`
`(/sz CONFIRMAf/ON
`P/N.M//V. 5"}? 0,475
`
`
`
`
`
`
`
`
`
`COMP”)? POSTAGE
`0/5PL/IY MENU 0F
`
`
`4/}77’ FRO/P7 167 TE
`55/?wees, 25470557
`
`55156770”
`
`CARD
`
`
` EXE 67/725 F506R/9M
`
`F01? 5232156750 SEE“
`
`V/CE, COMM/725 FUSMGE
`
`
`4M7/7Kfflkfl/A’fi Wimam/4
`
`
`
`CWPZJIE Tflffll AMI
`
`
`Fm SEMCE //VFO
` filial/557'
`
`
`P0577455W7
`
`
`
`
`75?]!7/M47‘5 OPERATION
`0F TEEM/AMI.
`
`FEE/70130, /551/EFI?//Y
`COWfl/VP, FEfiEr
`
`CHASE EX. 1017 - p. 9/23
`
`CHASE EX. 1017 - p. 9/23
`
`
`
`US. Patent
`
`Feb. 13, 1990
`
`Sheet 9 of 11
`
`4,900,904
`
`—‘ Ill—I_lflllflilll,lflllfllflMi
`
`,
`
`DELIVERED "
`
`9
`
`l;
`
`CHASE EX. 1017 - p. 10/23
`
`CHASE EX. 1017 - p. 10/23
`
`
`
`
`
`05ER CAR I
`
`
`INSERI'EP
`
`
`5’55
`
`
`735
`
`/%
`Is
`
`
`
`l/NflUf/IOR/ZED ’
`
`Rial/55
`No
`(/5ER CARD
`
`
`
`[ISER amp,-
`
`(/55? PIN,
`NEW (Y) 0R 7'0
`V/Il. ID
`LOCK CARD .
`
`
`BE gig/ll-
`
`
`
`CHECK l/J‘ER CARP
`
`
`
`6523? 5/41 -
`'SER/flé MAM/BER .
`
`
`
`4/1/65 m 55
`KECORD 1x55»? wx-‘é
`
`
`CREq’IfEP
`
`
`KEQUE57’ (/55R F/N
`
`
`1! 5mm w SECRET
` 5,4145 arm/var FOR
`
`zo/vg
`(PEP/7' 61055
`
`MEMO’PY 556770”
`
`
`
`PEGUé‘fifAA/Y R5577?-
`[CT/0N5 - TkflA/fiflCflO/V
`Mrs, :12 0/975
`
`> CONT/N05 .7
`
`> UPMTE
` msmu. same-7
`
`SUPER V/SR
`Ki): 6405: 556/?57
`MEMORY zcw/s
`
`
`
`REC0RD
`
`
`> E1143Q55
`
`
`055/? CflR’D
`
`> VEFM/A/A TE
`
`OPERAT/O/V
`
`?
`
`
`
`US. Patent
`
`Feb. 13,1990
`
`Sheet 10 of 11
`
`4,900,904
`
`
`/5’/ Mfl57’ER CARD ACTIVATION:
`CHECK 50/25sz P/N,
`CHECK M375? 5EK/fiL
`#0.; ijALL [(5); EXE—
`
`curé #flprfl/IKE, u/v- ,
`’ £06K M4579?) E56060
`
`7707/15/70 770N
`
`MflSTER 04R?
`
`
`
`COMHRMflf/ON
`
`
`PROCEDURES 3
`
`
`SERIAL N0-
`
`
`UNAUTHORIZED 7144575?
`0790 05756750
`
`
`
` W5MLL NEW fiflZ/IMCE
`
`
`95- ”AND?
`SIM/8’! (PM-
`It???
`
`IA/ Alf/4’ M527? MEM.
`SECf/UN- Dig/71144575?
`
`FIG. ll
`
`CHASE EX. 1017 - p. 11/23
`
`CHASE EX. 1017 - p. 11/23
`
`
`
`US. Patent
`
`Feb. 13, 1990
`
`Sheet 11 of 11
`
`4,900,904
`
`q$<§§fikm2‘qika
`
`Qwaxb
`
`QBQAWQQSQ
`
`kahuxg
`
`«th
`
` meSW‘NW
`wfikwk$§m¥“$5:me
`
`
`ufixuwn‘flmask
`Qw‘xu
`NQEMQK Q36
`
`N70;
`
`>§th$<ka
`
`mztzfim3S?
`
`«Vixkkmk
`
`Emfimxx
`
`CHASE EX. 1017 - p. 12/23
`
`CHASE EX. 1017 - p. 12/23
`
`
`
`
`
`1
`
`4,900,904
`
`AUTOMATED TRANSACTION SYSTEM WITH
`INSERTABLE CARDS FOR DOWNLOADING
`RATE OR PROGRAM DATA
`
`This is a divisional application from the prior applica—
`tion Ser. No. 935,244, filed on Nov. 26, 1986, entitled
`“Automated Transaction System Using Microprocessor
`Cards”, issued as US. Pat. No. 4,802,218.
`FIELD OF INVENTION
`
`’10
`
`The invention relates to an automated transaction
`
`system which receives with a user card having a micro-
`processor for executing secure transactions in which an
`article or item of value is dispensed from a terminal, and
`an account balance stored in the card’s memory is deb-
`ited. In particular, the invention is applied to a postage
`transaction system in which a postage account is main-
`tained within the microprocessor card and is used in
`transactions with postage printing and metering termi- 20
`nals.
`
`15
`
`BACKGROUND OF INVENTION
`
`Point-of-sale (POS) terminals and automated teller
`machines (ATM) have been widely used in conjunction
`with various types of cards issued to users for sale or
`credit transactions. For example, banks regularly issue
`account cards which have a magnetically coded num-
`ber stored on a stripe for accessing the user’s account
`through ATM terminals. Credit cards which have
`coded magnetic stripes are inserted in ATM or POS
`terminals to access a central account system for authori-
`zation of a credit transaction. There also have been
`proposals to use cards which have large non-volatile
`memories, e.g. magnetic,
`integrated circuit (1C), or
`optical memory storage, for storing and retrieving in-
`formation specific to the user, such as a medical history,
`biographical history, maintenance of an account bal-
`ance and transaction history, etc.
`These conventional systems generally employ a card
`which has a passive memory that is read in a card reader
`of computerized terminal maintained by a vendor. The
`security of the cards is problematic since most account
`cards used conventionally are passive and do not au-
`thenticate themselves or the particular transactions for
`which they are used. Instead, on—line access through a
`terminal to a central account system, such as bank or
`credit card account records, is required for confirma-
`tion of each transaction. This requirement places an
`access time andcost burden on vendors, such as bank
`branches and retail stores, which must maintain the
`terminal facilities, as well as on the operator of the
`central account system, which must provide sufficient
`on-line access for all the users of the system and ensure
`the security of the entire system.
`By comparison, off-line transactions, i.e. between a
`user with an authorized card and a terminal not con-
`nected to a central account system, have the advantage
`that the vendor does not have to confirm each transac-
`tion. A card bearer merely inserts the card in a terminal
`to pay for a purchase and the authorized amount of the
`card is debited for the amount of the transaction. In
`off-line transactions, the vendor’s responsibility can be
`reduced and the transaction process simplified, so that a
`transaction can be completely automated through the
`use of widely distributed user cards and automated
`terminals.
`
`25
`
`30
`
`35
`
`45
`
`50
`
`55
`
`65
`
`2
`However, off-line transactions are more vulnerable to
`the use of counterfeit cards and to tampering with the
`terminals. Thus, the cards have to be made secure and
`the transactions limited to small amounts. As an exam-
`ple of conventional card security measures, a memory
`card can be divided into a number of separately vali- '
`dated sectors of limited value which are irreversibly
`debited with each transaction, as disclosed in US. Pat.
`Nos. 4,204,113 and 4,256,955 to Giraud et al. A personal
`identification number (PIN) can be written into the
`card’s memory at the time of issuance and requested of
`the user with each transaction. Terminals are generally
`made secure by maintaining them in areas to which
`access is restricted or supervised. However, these re-
`quirements increase the cost of operating the system
`and at the same time decrease its utility.
`The sophistication of card counterfeiting and credit
`fraud has increased with the widespread use of account
`and credit cards, and even greater security measures are
`currently needed to ensure the validity of card transac-
`tions. Conventional microprocessor cards employ resi-
`dent programs to control access to data stored on the
`card, store a selected user PIN to confirm an authorized
`user, and prevent use of the card if an unauthorized user
`is detected, such as after a limited number of incorrect
`PIN entries. Although such microprocessor cards pro-
`vide greater security than passive cards, the overall
`system is still vulnerable in that, once a valid user’s PIN
`has been ascertained, a stolen card can be used for unau-
`thorized transactions in any terminal, and the terminals
`themselves are subject
`to penetration. These vul-
`nerabilities can be offset by limiting the authorized
`amount of the card, controlling access to the terminals,
`or requiring on—line confirmation of transactions. How-
`ever, such measures again increase the cost of the sys-
`tem and decrease its utility.
`.
`One potential area of application of automated sys-
`tems employing account or credit cards is in postage
`vending and metering machines. Purchases of postage
`and mailing transactions are made primarily in person
`with cash through tellers at post offices. Only limited
`types of postage stamps can be purchased from public
`vending machines. Most private postage metering ma-
`chines have limited operational features and must have
`their metering devices removed periodically to a post
`office for refilling. The size and weight of the metering
`devices make them inconvenient to carry. Some meter-
`ing systems can be refilled by a remote computer, but
`the caller must still phone the computer center and
`execute the operator’s instructions on the postage meter
`manually.
`The elimination of cash purchases, in-person mailing
`transactions, unnecessary limitations on automated
`postal services, and physical refilling of postage meter-
`ing machines could greatly reduce the waiting lines at
`post offices and facilitate the wider dissemination of
`postage vending and metering machines for the conve-
`nience of users and provide greater access to postal
`services. The use of account or credit cards for auto-
`mated postal machines has been considered. However,
`the security problems of conventional card automated
`systems would require that used cards be validated only
`for relatively small amounts of prepaid postage, that
`vending and metering machines provide limited postal
`products and be refilled with limited total postage
`amounts, and that access to the machines be strictly
`controlled. These restrictions are a substantial obstacle
`
`CHASE EX. 1017 - p. 13/23
`
`CHASE EX. 1017 - p. 13/23
`
`
`
`3
`which contribute to the difficulty of implementing an
`automated postal transaction system.
`SUMMARY OF INVENTION
`
`4,900,904
`
`In view of the foregoing disadvantages and problems
`of conventional systems, it is a primary purpose of the
`invention to provide an automated transaction system
`which has security features that will facilitate the wide-
`spread use of account or credit cards for off-line trans-
`actions and the dissemination of automated transaction
`terminals to which access does not have to be strictly
`controlled. A principal object of the invention is to
`provide an interactive card/terminal system in which
`the card and the terminal each have a security feature
`which prevents the completion of a requested transac-
`tion unless a secure handshake recognition procedure is
`mutually executed between the card and the terminal
`such that they each recognize the other as authorized to
`execute a transaction. In particular, it is desired that the
`card and the terminal cooperate together to execute a
`simultaneous dispensing of value by the terminal and
`debiting of an authorized balance by the card.
`A specific object of the invention is to apply the
`above-mentioned automated transaction system to post-
`age metering machines. A further object is to provide a
`new generation of card automated postal
`terminals
`which have greater flexibility in the range of postal
`products and services offered, wherein the terminals are
`individually secure and can be accessed in relatively
`unrestricted areas, and the cards can be refilled at any
`desired location through secure refilling terminals vali-
`dated by the issuer.
`In accordance with the purposes and objects of the
`invention, a card automated transaction system employs
`a card having a secure, resident microprocessor which
`operates to confirm that a requested transaction is au-
`thorized and to then initiate an interactive handshake
`
`recognition procedure with a resident microprocessor
`in the value dispensing section of an automated termi-
`nal. Upon successful completion of the handshake pro-
`cedure, the card microprocessor and the dispensing
`section microprocessor simultaneously actuate the dis-
`pensing of the requested article or item of value and the
`debiting of an authorized balance from the card.
`A particular embodiment of the invention is a mutual
`handshake recognition procedure executed as follows:
`(1) upon confirming that a requested transaction is au-
`thorized, the card passes to the terminal a word com-
`prising a randomly generated or other object number
`encrypted by a first resident algorithm and a key num-
`ber stored in the card; (2) the terminal decodes the
`number using a corresponding inverse of the first algo-
`rithm and the key number; (3) the terminal sends back to
`the card a second word comprising the decoded ran-
`dom number encrypted by a second resident algorithm
`and the key number; (4) the card decodes the second
`word using a corresponding inverse of the second algo-
`rithm and the key number and compares the decoded
`number to the one originally sent; (5) if the numbers
`match, the card microprocessor debits its authorized
`balance for the indicated amount of the transaction and
`sends an actuation signal to the terminal to proceed
`with the transaction; and (6) upon receipt of the actua—
`tion signal, the dispensing microprocessor actuates the
`dispensing section to complete the transaction. The
`transmitted actuation signal may also be encrypted and
`decoded by the above algorithms or a similar method.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`45
`
`50
`
`55
`
`65
`
`4
`the above-
`Under the principles of the invention,
`described interactive card automated transaction sys-
`tem is applied to postage metering machines. In one
`embodiment, a postage metering terminal has a slot for
`receiving a microprocessor card issued with an autho-
`rized balance, a print head with a secure microproces-
`sor which interacts with the card microprocessor, a
`keypad, a display, and an operations microprocessor
`which accepts a keyed input of the postage amount
`requested, displays the keyed input, queries the card to
`authorize and initiate the postage printing transaction,
`and then resets the machine for the next transaction or
`executes a series of transactions in a repeat mode.
`In a related embodiment, a postage metering terminal
`has a first slot for receiving a user microprocessor card,
`a second slot for receiving a postal rate card, a print
`head with a secure microprocessor, a keypad and other
`means for entering source and destination (postal zip)
`codes, means for entering the weight and postal class of
`the article to be mailed, and an operations microproces-
`sor having a program for calculating the correct post~
`age based upon the listings of the rate card and the
`keyed-in information.
`.
`The card automated postal transaction system can be
`readily applied not only to the postal procedure and
`services of the US. Postal Service, but also to private
`carriers and parcel delivery companies. In a further
`embodiment, a postal waybill terminal has a third slot
`for receiving a special services card which has stored
`data from which the terminal can print postal and deliv-
`ery services information on standard form blanks. For
`example, the special services card can be used to print
`Post Office forms, such as Certified Mail or Registered
`Mail, or the waybills of private carrier companies. The
`terminal is also provided with a full field display of the
`waybill form, prompts the user for information by pro-
`grammed cursor movements, and has command keys
`for inputting sender and addressee information, rate or
`service class, waybill number, carrier information, etc.
`As subsidiary features, the microprocessor cards can
`be configured to provide different types of access to the
`terminals as desired, for example, limited numbers or
`types of users in limited numbers or types of machines,
`unlimited users in limited machines, limited users in
`unlimited machines, or unlimited users in unlimited
`machines. The different types of access can be imple-
`mented by storing key numbers in the card for identify-
`ing authorized users and/or machines, and/or key num-
`bers in the terminal operations microprocessor for iden-
`tifying authorized users. The user cards can also be
`configured at the time of issuance for limits to the
`amounts and types of individual transactions, and tem-
`porary or permanent locking upon detection of an unau-
`thorized user or card. Another system feature is the
`storing of a history of transactions executed by the card,
`and the recomputing of the remaining balance upon
`each transaction request, in order to save card memory
`space. A separate transaction printer may be used to
`obtain a printout of the card's transaction history.
`The postage metering terminals according to the
`invention are also provided with means for allowing a
`post office or carrier to authenticate the postage marks
`or waybills that are printed. In one embodiment, the
`terminal printer prints within or under the postmark a
`coded number or sequence of marks corresponding to
`an element of the postmark, such as the amount of post-
`age,
`the terminal
`identification number, and/or the
`sender’s zip code. The marks may be disguised or made
`
`CHASE EX. 1017 - p. 14/23
`
`CHASE EX. 1017 - p. 14/23
`
`
`
`5
`invisible by printing with a magnetically or optically
`readable ink to deter tampering or unauthorized simula-
`tion. They may then be machine-read by the post office
`or private carrier company to determine whether the
`printed postmark was printed by an authorized printer,
`and at the same time provide an audit trail to the sender.
`In accordance with a further application of the inven-
`tion, an integrated system of microprocessor cards and
`terminals provides transaction facilities which permit
`widespread use and convenient access to users. The
`authorized amount of the user card may be initially
`validated or refilled from a master refilling card, which
`has a larger authorized aniount, preferably in conjunc-
`tion with a supervisor card issued under strict distribu-
`tion control. A refilling terminal is provided with three
`insertion slots for the three cards, and has an operations
`program to check the identity of the master refilling
`card and the user card to determine if they are valid for
`use in the refilling terminal. Upon clearance, the secure
`handshake recognition procedure must be successfully
`executed between the microprocessors of the supervisor
`and master cards in order to permit a debit to the master
`card of the refill amount and a credit to the user card. If
`the user card is a new card, a validation procedure and
`the selection and storing of a user PIN are executed.
`The card automated transaction system of the inven-
`tion has broad applicability to many other types of
`purchase or credit transactions besides postal services
`and products. For example, it can also be used for credit
`card transactions,
`inventory control, bills of lading,
`automated cash machines, or virtually any other type of
`transaction in which a user account must be securely
`debited through an automated terminal in exchange for
`an article or item of value. The invention is especially
`advantageous in off-line transactions in which distrib-
`uted terminals not under strict access controls are used.
`The above principles, advantages, and features of the
`invention are described in further detail below in con-
`junction with the following drawings.
`
`BRIEF DESCRIPTION OF DRAWINGS
`
`FIG. 1 illustrates schematically a preferred embodi-
`ment of an automated postal transaction terminal using
`a microprocessor card in accordance with the inven-
`tion;
`FIG. 2a shows a structure in the embodiment of FIG.
`1 for executing a secure handshake recognition proce-
`dure between the microprocessor card and a value dis-
`pensing section of the terminal, and FIG. 2b outlines the
`handshake sequence;
`FIG. 3 illustrates the multiple levels of security pro-
`vided by the system of FIG. 1;
`FIG. 4 shows another embodiment of the postal
`transaction terminal and an optical scale of the inven-
`tion which receives a rate card for automatically com-
`puting postal amounts;
`FIG. Sis a flow diagram of the operation of the termi-
`nal of FIG. 4;
`FIG. 6a shows the use of coded marks for authentica-
`tion of a postmark printed by a postal transaction termi-
`nal, and FIG. 6b shows one exemplary form of authenti-
`cation coding;
`FIG. 7 illustrates schematically a preferred embodi-
`ment of an automated waybill printing terminal and an
`optional scale using a microprocessor card and a special
`services card in accordance with the invention;
`FIG. 8 is a flow diagram of the operation of the termi-
`nal of FIG. 7;
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`45
`
`50
`
`55
`
`65
`
`4,900,904
`
`6
`FIG. 9 illustrates a standard form of waybill and
`cursor prompts for filling in its information fields;
`FIG. 10 illustrates schematically a preferred embodi-
`ment of an automated refilling terminal using a micro-
`processor card, a master card, and a supervisor card in
`accordance with the invention;
`FIG. 11 is a flow diagram of the operation of the
`terminal of FIG. 10; and
`FIG. 12 shows the integrated system of microproces-
`sor cards, memory cards, and terminals of the invention.
`DETAILED DESCRIPTION OF INVENTION
`
`In accordance with the basic principles of the inven-
`tion, an automated transaction system employs a micro-
`processor card in an automated transaction terminal.
`Various types of microprocessor cards are available
`commercially, and the technology of manufacturing
`such cards and using them in terminal devices is well
`understood. As an example, Micro Card Technologies
`Inc. of Dallas, Tex, makes the Micro Card Mask M4
`card which is a standard (ISO) size, similar to a credit
`card, having an 8-bit microprocessor, 8 contact pinout,
`9600 bps asynchronous serial exchange protocol, 12.8
`Kbits of Read-Only Memory (ROM), 288 bits of Ran-
`dom Access Memory (RAM), and 8 Kbits of Erasable/-
`Programmable ROM (EPROM). An array of electrical
`contacts provided in one section of the card connects
`with the corresponding contacts in the terminal
`to
`allow the card microprocessor to communicate data
`with the terminal. It is of course understood that other
`type of data communicating connections can be used,
`such as, for example, by magnetic induction.
`The conventional microprocessor card as used in the
`present invention operates by executing an internally
`stored program (firmware) which cannot be accessed
`from the outside. The firmware may be written in ran-
`domized form to secure is against tampering from the ‘
`outside. An electrically programmable (EPROM) mem-
`ory portion associated with the microprocessor of the
`card is generally divided into three zones: 3. secret zone
`which can only be accessed internally; a protected
`read/write zone which can only be accessed after a key
`number or PIN has been confirmed, and a free-reading
`zone. The card is used in a terminal for performing
`desired functions in accordance with the rules, proce-
`dures, and data stored in or executed by the card and
`the terminal.
`When conventional microprocessor cards are issued
`to individual users, a validation procedure is executed
`on a validating terminal. The procedure generally re-
`quires the issuer to enter the correct manufacturers’
`serial number of the card in order to confirm that the
`card is authorized. A PIN is then assigned to or selected
`by the cardholder and stored in the secret zone. More-
`over, a secret key number unique to the issuer, which
`may be common to a class or chronological series of
`cardholders, may also be stored in the secret zone. In
`some card systems, the secret key is used as an argument
`of an encryption algorithm to send an encrypted word
`to the terminal for verification. If the word can be de-
`coded by the terminal to derive the secret key, the card
`is presumed to be authentic. Upon completion of the
`validation procedure, the card MPU irreversibly alters
`its program so that no further words can be written in
`the secret memory zone. Thereafter, upon using the
`card, a user must enter the correct PIN in order to
`confirm that the card is being used by its authorized
`user. Conventional microprocessor cards also have the .
`
`CHASE EX. 1017 - p. 15/23
`
`CHASE EX. 1017 - p. 15/23
`
`
`
`4,900,904
`
`7
`feature of temporarily or permanently locking the card
`from use if a succession of incorrect PIN entries on a
`terminal is detected.
`At the time of issuance, an amount in monetary or
`other units is validated for the card being issued. In
`conventional cards, the amount is permanently written
`in one of a plurality of transaction sectors in the pro-
`tected memory zone. Each time the card is to be “filled”
`with a new amount, one of the sectors is unlocked and
`written with a new amount by the issuer. Thus, a limited
`authorized amount can be written each time, and the
`card is then refilled a number of times before its mem-
`ory space is used up. This is a security feature to mini-
`mize monetary loss in case the card is lost or stolen. The
`authorized amount is decremented with each transac-
`tion and a new balance is written until the balance is
`used up. Although any amount or balance can be writ-
`ten into the card’s transaction memory, as a further
`security feature the card may prevent a balance being
`written which exceeds a predetermined limit or a previ-
`ously written balance.
`A card automated transaction system incorporating
`the particular features of the invention will now be
`described. It should be understood that although partic-
`ular embodiments are described, the invention is not
`limited to such embodiments, but encompasses all modi-
`fications and variations which use the principles of the
`invention. For purposes of this description, the transac-
`tion terminal is selected to be a postage metering termi-
`nal for printing a postmark on a label, envelope, or
`waybill for articles to be mailed or shipped. However, it
`should be understood that the general principles of the
`invention have broad applicability to any type of trans-
`action terminal in which a microprocessor card may be
`used. For example, the terminal may also be a cash or
`article dispensing machine or a printer which prints
`validation marks, coupons, receipts, tickets, inventory
`documents, etc.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`Postage Metering Terminal
`
`Referring to FIG. 1, a microprocessor card 10, as
`previously described, is adapted to be inserted in a card
`insertion slot 11 of an automated transaction terminal
`20. The card 10 has a contact section 12 supporting a
`number of contacts 13 connected to the pinout leads of 45
`an IC chip including a microprocessor unit (card MPU)
`60 laminated beneath a protective layer of the card
`contact section 12. The contacts 13 are mated with
`
`corresponding contacts 23 of a terminal contact section
`22 upon insertion of the card 10 into the slot 11 in the
`direction indicated by arrow A. As the card is inserted,
`its leading edge abuts a part of the terminal contact
`section 22 which is moved in the same direction, indi-
`cated by arrow B, so as to merge in operative electrical
`contact with the card contact section 12. A trip switch
`224 is provided at the base of slot 11, and triggers a start
`signal to an operations microprocessor (terminal MPU)
`30 when the card has been fully inserted in position with
`the slot.
`The card MPU 60 executes an internally stored (firm-
`ware) program to check whether a requested transac-
`tion is authorized and, prior to debiting the card ac-
`count balance, to perform a secure handshake recogni-
`tion procedure (described further below) with a micro-
`processor in the terminal. Although the handshake pro~
`cedure can be performed with an operations micro-
`processor for the terminal, or one remote to the tenni-
`nal, it is preferred in the invention that the procedure be
`
`50
`
`55
`
`65
`
`8
`performed with a secure microprocessor embedded in
`the actual value dispensing section of the terminal. The
`value dispensing section is a separate element in the
`terminal, and its microprocessor is made physically
`secure, such as by embedding it in epoxy, so that any
`attempt to tamper with it would result in rendering the
`value dispensing section inoperative. For the postal
`transaction terminal of the invention, the microproces-
`sor is embedded in the printer unit which prints the
`postmark.
`The terminal contacts 23 are connected with the
`functional parts of the terminal, including a Clock syn-
`chronizing connection 24, a Reset connection 25, an
`operational voltage Vcc connection 26, an Input/Out-
`put (I/O) port 27, an EPROM-writing voltage Vpp
`connection 28, and a ground connection 29. The termi-
`nal MPU 30 controls the interface with the card and the
`operation of the various parts of the terminal, including
`a keyboard 31, a display 32, such as an LCD, and a
`postmark printer 40, which is the value dispensing sec-
`