`
`[191
`
`[11] Patent Number:
`
`5,428,684
`
`Jun. 27, 1995
`[45] Date of Patent:
`Akiyama et a1.
`
`llIIllllllllllllllllllIlllllllllIllllllllllllllIlllllllllllllllllllllllllll
`USOOS428684A
`
`[54] ELECTRONIC CASHLESS TRANSACTION
`SYSTEM
`
`Attorney, Agent, or Firm—Nikaido, Marmelstein,
`Murray & Oram
`
`[75]
`
`Inventors: Ryota Akiyama; Takayuki Hasebe,
`both of Kawasaki, Japan
`
`[73] Assignee:
`
`Fujitsu Limited, Kawasaki, Japan
`
`[21] Appl. No.: 953,375
`
`[22] Filed:
`
`Sep. 30, 1992
`
`[30]
`
`Foreign Application Priority Data
`
`Japan .................................. 3-278831
`
`Sep. 30, 1991 [JP]
`
`Int. Cl.6 ............................................... H04K 1/00
`[51]
`[52] US. Cl. ........................................ 380/25; 380/21;
`380/23; 235/380
`[58] Field of Search ....................... 235/379, 380, 382;
`380/21, 23, 24, 25, 29, 49; 329/91, 97, 98
`
`[56]
`
`References Cited
`U.S. PATENT DOCUMENTS
`
`1/ 1989 Abraham et a1.
`4,799,061
`................. 380/23 X
`
`5,012,076 4/ 1991 Yoshida ............
`235/379
`5,120,939
`6/1992 Claus et al.
`235/382
`
`5,175,416 12/1992 Mansvelt et a1.
`235/379
`..................... 380/24
`5,224,162 6/1993 Okamoto et a1.
`
`OTHER PUBLICATIONS
`
`Wwinstein, Stephen; IEEE Spectrum; “Smart credit
`cards: the answer to cashless shopping”; Feb. 1984; pp.
`43—49.
`
`[57]
`
`ABSTRACT
`
`A key control method is for use in an electronic cashless
`transaction system including at least a bank center, a
`store transaction terminal and an IC card being used as
`an electronic cashless transaction medium. The key
`control method comprises a step of having the bank
`center generate and code a first parameter for a trans-
`mission to the IC card; a step of having the IC card
`receive and decode the coded first parameter by using
`the first key, thereby reconstructing the first parameter
`issued by the bank center, perform a first operation on
`the first parameter and a password of a holder of the IC
`card, and store in a first register; a step of having the
`store transaction terminal send to the IC card a second
`
`parameter coded by a second key, when the holder
`inserts the IC card 11 into the store transaction terminal;
`a step of having the IC card decode the coded second
`parameter by using the second key,
`thereby recon-
`structing the second parameter received from the store
`transaction terminal, perform a second operation on the
`second parameter and the value stored in the first regis—
`ter, store a result of the second operation in the second
`register; and a step of decoding a value stored in the
`second register by using a coding session key stored in
`a memory of the IC card, thereby obtaining a key for an
`intended authentication.
`
`Primary Examiner—Tod R. Swann
`
`14 Claims, 21 Drawing Sheets
`
`42 1C CARD
`
`PASSWORD
`ENTRANCE
`I30
`
`ATM
`44 BANK CENTER
`132
`
`
`141
`
`
`
`
`K: CARD
`LEGER
`FILE
`
`55 TRANSFER AMOUNT
`
`CHASE EX. 1004 - p. 1/39
`
`CHASE EX. 1004 - p. 1/39
`
`
`
`US. Patent
`
`June 27, 1995
`
`Sheet 1 of 21
`
`5,428,684
`
`5...qux25"m.
`
`2.35.85:0
`
`mozcim
`
`3....m3
`
`cusp—mac
`
`5:82
`
`2:20.552:
`
`
`
`G513:«mi—uh
`
`on$20”.N
`
`«9325:.
`
`.2523
`
`3253
`
`3285
`
`555$.
`
`220o.u__
`
`.8
`m
`
`8...:3:52...
`
`u.=.._mu
`
`
`
`2222...:“$2285..Hmm
`
`u552.22
`
`uu=<4<m
`
`m.=.._=3«3%a.
`
`EE
`Ea
`
`$8.5uN.
`:58:qum<2935.3.2mmém”¢N
`
`
`
`
`.2255»22535:...
`
`CHASE EX. 1004 - p. 2/39
`
`CHASE EX. 1004 - p. 2/39
`
`
`
`
`
`
`
`
`
`
`
`
`US. Patent
`
`5w
`
`S
`
`na2
`
`4006’m
`
`
`
`
`
`#25::20:325....”$3.5uN.3.3u.u:
`
`1‘n,:2.555%
`
`e$53.2...mudm>5me358.5m:52:825:
`
`
`w555.53
`
`
`”35.8%“.
`
`.252:
`
`mu
`
`4Os,Na_h.
`
`CHASE EX. 1004 - p. 3/39
`
`CHASE EX. 1004 - p. 3/39
`
`
`
`US. Patent
`
`June 27, 1995
`
`Sheet 3 of 21
`
`5,428,684
`
`$.53v.2:"22.22;.53.:.
`
`22:83.a:n8as2.__
`
`>mcuaoumo
`
`>mxmmzhcz<
`
`emceehe:
`
`>mauooo
`
`<->ux
`
`zuumz<zh
`
`hzsox<
`
`¢m
`
`CHASE EX. 1004 - p. 4/39
`
`CHASE EX. 1004 - p. 4/39
`
`
`
`
`
`
`
`US. Patent
`
`June 27, 1995
`
`Sheet 4 of 21
`
`5,428,684
`
`
`
`5...quxz<m
`
`2:29.55z:
`
`
`
`82:65.5.33
`
`EV
`
`5%
`
`N¢
`
`22.53.22...
`
`.3353.
`
`mac;
`
`v.2“.
`
`$202
`
`=2:95
`
`CHASE EX. 1004 - p. 5/39
`
`CHASE EX. 1004 - p. 5/39
`
`
`
`
`
`
`
`
`
`US. Patent
`
`June 27, 1995
`
`Sheet 5 of 21
`
`95
`
`428,684
`
`2.3o.n?J.-,_5:23:
`5.:93,.w:
`
`:b
`
`n5
`
`7%
`
` «a2.32”~¢
`Evfiwm_382.5I_F3111-
`
`awe
`
`<¢¢
`
`«2.23
`
`EE
`
`museumI
`
`$202u«w.1;.
`
`>53:
`
`225525...
`
`._<z_zmu._.
`
`umohw
`
`
`
`«:3E95:455».A“F:_xmco<
`
`$5.3”.05.5.8“
`2.8%5.:
`
`
`._.._-~¢:35:
`
`
`0-3
`
`.5
`
`m..~¢
`
`CHASE EX. 1004 - p. 6/39
`
`CHASE EX. 1004 - p. 6/39
`
`
`
`
`
`
`
`
`US. Patent
`
`June 27, 1995
`
`Sheet 6 of 21
`
`5,428,684
`
`:58:53¢:a
`
`
`
`£23025“3....
`
`
`
`
`
`Hmmzauz.<-=_.3.E
`
`:58:dAN.
`
`
`
`
`
`$2.13:5.32.
`
`muhzmu:233mm2:20.552.:<3$202«v
`
`
`E14.2505d5::in
`
`
`
`5222.3:223:2.222..
`
`mac;9
`
`
`
`:38..m.
`
`
`mama.“>28.82873..xomv.22E2822.2.?
`
`.582...3&3.534w”..-$$5.2...
`45:32.”:E.8x..?=..7_m.3
`
`
`
`
`
`
`
`
`
`
`3..:28:.20.;'38qu
`
`
`
`52......22...:.222-..2..-.......e.:-..u§$88..2.2:.5......
`
`52523.25.2..............2:3.8...
`9...:
`.rags...I’VE.23..I:
`
`
`
`
`
`.2.3288-23-9..
`
`
`
`
`
`a:“5.2.2.9.2:.$22“Mama”55.8".£22252I-3.222.
`
`
`
`
`
`
`
`2282...2823......
`
`‘
`
`
`
`g2...:“08.1.0..2222-...E_.2......<-922..uukufiqa
`
`:3:m2.25.525...5.3.”...e...
`IIII-fl1a.a:
`
`“2...;n«c
`2:8525..
`
`m4?.munv525..Scam.—
`
`
`
`
`
` 2-2.2m6.“-.-“El32....2-2..5.5.3..I2E...
`
`
`CHASE EX. 1004 - p. 7/39
`
`2.2...
`
`CHASE EX. 1004 - p. 7/39
`
`
`
`
`
`
`
`
`US. Patent
`
`mh
`
`n,
`
`m
`
`4006900
`
`
`M...:52:
`59Shag:2..
`
`s3....$835:as“:m2.32
`
`.m.75:8875x350w35:61::
`
`«23.553&558E:a:2
`
`
`
`$253:Edd»
`
`2.229551.2“<3
`
`
`
`muhzmoxz<m"ecem:2u~¢
`
`omaoo5:.szxx:838$202
`
`
`
`Euccuuaxzuaou.Susan—Emacs
`
`CHASE EX. 1004 - p. 8/39
`
`CHASE EX. 1004 - p. 8/39
`
`
`
`
`
`US. Patent
`
`June 27, 1995
`
`Sheet 8 of 21
`
`5,428,684
`
`.
`42 .
`
`IC CARD
`
`43 : STORE
`TRANSACTION
`TERMINAL
`
`44 : BANK CENTER
`
`IC CARD
`LEDGER FILE
`
`83
`SETTLEMENT
`
`REQUEST
`
`ACCOUNT
`
`TRANSACTION
`mum
`
`DETECTOR
`
`FRAUD-PROOF
`SETTLEMENT
`MAKER
`
`RETAILER
`
`‘
`;
`
`A
`‘
`
`CHASE EX. 1004 - p. 9/39
`
`CHASE EX. 1004 - p. 9/39
`
`
`
`US. Patent
`
`.4.
`
`«3
`
`m.-a.:53:aJ3.
`
`m9,523r1111111111J1,V2:
`s_$5.3”.5.:
`
`59:En
`_m-~¢
`
`a
`
`_a_.hmu=omm
`
`e
`
`n,m
`
`4006,mA,5
`
`w352.u
`
`I».nu-_:
`
`.¢_
`
`Q..._.._
`
`_-~¢
`
`zuaoomo
`
`
`
`«:03..m.
`
`«-me
`
`amcoo.
`
`.4>mx
`
`azoimmcm
`
`CHASE EX. 1004 - p. 10/39
`
`CHASE EX. 1004 - p. 10/39
`
`
`
`
`
`US. Patent
`
`June 27, 1995
`
`Sheet 10 of 21
`
`5,428,684
`
`.73
`
`225555mac;u3
`
`.2253...
`
`
`
`5.53m:928$
`
`¢u~¢
`
`39..3m
`
`._..~¢
`
`.~-N¢
`
`.:..n¢
`
`
`
`in.+:38.+a5.u55..558¢
`
`452mm
`
`535:
`
`1.559..cz<T:_55.3:
`azoumm
`
`
`
` _m.~¢5.8.8”._
`
`z.:3mm<mu_WIIIL
`
`..-N¢
`
`.3
`
`.9
`
`mun—coma
`
`
`
`.39..Sam.
`
`:99:Bin
`
`
`
`526:55m.
`
`
`
`E323”.9:2:Eozmz
`
`9%
`
`03:
`
`
`
`$553.:58.»
`
`m..~¢
`
`:59:355
`
`CHASE EX. 1004 - p. 11/39
`
`
`
`a.$532.5::
`
`NV
`
`'0
`
`$8353Ex
`
`wt5.3o.
`
`CHASE EX. 1004 - p. 11/39
`
`
`
`
`
`
`
`US. Patent
`
`June 27, 1995
`
`Sheet 11 of 21
`
`5,428,684
`
`57$3<3.53u.
`
`
`
`.=39:3.x”...3m.2:5:ECG.3m
`
`xz<m
`
`E
`
`muncoma
`
`3>5.
`
`553r
`.553".25:.32::a.
`
`J
`
`:2...
`
`.39:Sam
`
`:39:Sam
`
`
`
`:39:33.”.—
`
`
`
`CHASE EX. 1004 - p. 12/39
`
`CHASE EX. 1004 - p. 12/39
`
`
`
`
`
`
`
`
`
`US. Patent
`
`June 27, 1995
`
`Sheet 12 of 21
`
`5,428,684
`
`
`
`muhzuoxz<m¢¢
`
`
`
`2h<u<¢v=¢<ou_~¢
`
`A/Hwwz_aoo
`
`<s>m¥
`
`AA“258
`
`<->ux
`
`2.3m
`
`
`
`ozotmm<mzuhzm
`
`CHASE EX. 1004 - p. 13/39
`
`CHASE EX. 1004 - p. 13/39
`
`
`
`
`
`
`U.S. Patent
`
`June 27, 1995
`
`Sheet 13 of 21
`
`5,428,684
`
`42 IC CARD
`44 BANK CENTER
`
`
`
`
`
`PASSWORD
`ENTRANCE
`
`I30
`
`
`1c CARD
`ACTIVATION
`
`RANDOM
`"mm
`
`133
`
`IOO-i
`
`
`
`
`
`llcome «1
`
`Ir SESSION KEYF 137
`'38
`DECODING
`
`Ill-.-
`
`{EDEN mom "F.-
`
`"
`
`UPDATION
`
`
`
`SESSION KEY
`
`136
`
`
`ml
`
`
`
`
`
`
`ADDITION
`
`N
`
`
`
`I39
`
`
`55 TRANSFER AMOUNT
`
`Fig.|4
`
`CHASE EX. 1004 - p. 14/39
`
`CHASE EX. 1004 - p. 14/39
`
`
`
`US. Patent
`
`June 27, 1995
`
`Sheet 14 of 21
`
`5,428,684
`
`PASSWORD
`42 "3 CARD
`44 BANK CENTER
`I32
`ENTRANCE
`ATM
`I30
`
`NUMBER
`
`RANDOM
`
`133
`
`ODING 0
`
`I
`
`‘
`
`‘
`
`I'llDECOQING l
`
`II—[F
`
`55 TRANSFER AMOUNT
`
`l4!
`
`RADOM
`
`NUMBER
`
`e
`
`IC CARD
`LEDGER
`FILE
`
`Fig.l5
`
`CHASE EX. 1004 - p. 15/39
`
`CHASE EX. 1004 - p. 15/39
`
`
`
`US. Patent
`
`June 27, 1995
`
`Sheet 15 of 21
`
`5,428,684
`
`
`
`45:23..225525....mac;ume
`
`295525:
`
`5....:3
`
`mum
`
`
`
`250$2253:”..."am
`
`$290.uwe
`
`5.5::ch
`
`<mmooo
`
`meg—Ema:
`
`22.53.25.
`
`<5:43.3
`
`mmuaou
`
`
`
`zo.._.u<mz<E”#85
`
`
`
`mug”:.2255:
`
`:52:>55
`
`2522
`
`2.52:
`
`9.3u.
`
`525..
`
`u.__.._
`
`«was;320u.
`
`EVE:Ehzu
`
`2.3m
`
`CHASE EX. 1004 - p. 16/39
`
`CHASE EX. 1004 - p. 16/39
`
`
`
`
`
`
`
`
`
`
`
`
`US. Patent
`
`June 27, 1995
`
`Sheet 16 of 21
`
`5,428,684
`
`
`
`<2:22.53::<2:3:8"mvu
`
`
`
`8:23.5:05<h<:225525....”mfimu
`
`
`
`:2.22:9522835::was
`
`
`
`2252.5845:25:.
`
`E:25:...
`
`
`
`.2255...22.5325:mac;“3:5:u.uwe
`
`><._n_m_:
`
`
`
`hz=o2<ammo;
`
`«25.5.28N._9“—:¢<ou.
`
`
`
`£5.53”-8“as2Eva:E5Ea525:225::35:$835:$85zezgzg3:8
`
`
`
`
`5:225:E85.5.35EcuwwuE.v.2:
`
`
`
`
`
`225525.285:3szgnaw"53..2.595.
`
`a£22522m:32253.2503mm<N._.UE
`
`
`<2:.22:<2:.22:$23.
`:52:E—E:§Ea._225325:
`
`
`
`Exam<5:20.5325..—_SN.22:mmm<zom=m:¢<ou.nemu
`:34:8,v2:
`
`n..53:$238<5:
`
`
`.|_$25.
`
`«-3323:2.32..3
`
`_:¢<uo.in.
`
`CHASE EX. 1004 - p. 17/39
`
`CHASE EX. 1004 - p. 17/39
`
`
`
`
`US; Patent
`
`.m
`
`2
`
`4869m495
`
`
`
`
`
`.58a.“.lIlIIIIc..l....m:2.
`
`zszgzg
`
`.25“m:52:2283.29,1,32.528223.5.322:32:sz=95awhzmzuzuz.2$35:
`
`
`
`
`
`
`1E.a:
`
`”2:3288ms:%3.55,:as.$25:2x8v.2:Egamm.525:2-8
`
`
`n38..5;m>5835:5as:
`
`:52:228325
`
`CHASE EX. 1004 - p. 18/39
`
`
`
`8255.s:3EE§<E8~222:555...m9..386..5262.3:.
`
`
`
`£22.93
`
`CHASE EX. 1004 - p. 18/39
`
`
`
`
`
`US. Patent
`
`J
`
`1n,
`
`6e
`
`1
`
`5
`
`4869
`
`w.828.58
`M98
`582.88....8Eaw2.3....2......8
`
`8.o.I88.8....u.o8u,m_n—m52.5E8:23.:
`$32.3v.2:8zozwfiumfl
`000«8“.3:n3....8:8ng
`
`5.53xz<m322.8535.mac;me
`39.xz<m$30I.28...225325:
`
`
`
`5......«88.55.....528:823:
`:2.88.8..2:8
`
`
`mop<u§zmx§<8868..u.".<53
`
`8N8:825:
`«Num...“—3.3
`
`2.3....
`
`CHASE EX. 1004 - p. 19/39
`
`Us:
`
`“.8;8
`
`.2255»
`
`CHASE EX. 1004 - p. 19/39
`
`
`
`US. Patent
`
`em
`
`m
`
`u,
`
`M
`
`n,358V2:3
`
`$2.8:35a“
`
`pm‘‘‘mII-
`
`«23:35.:8°8°_x"2.353-:
`
`mo...<o....zm:._.=<x
`
`22535b_mung:453m
`
`0_
`
`am“
`
`com«mm
`
`225525:
`
`5....<53
`
`55:58v.85
`
`..2.33
`
`
`
`So82_.4.«83.553um.:23:
`
`608,m.a:
`
`_‘‘
`
`CHASE EX. 1004 - p. 20/39
`
`CHASE EX. 1004 - p. 20/39
`
`
`
`
`
`
`US. Patent
`
`June 27, 1995
`
`Sheet 20 of 21
`
`5,428,684
`
`0 N 2
`
`...
`
`
`
`3...szxz<m3.
`
`22535;:H8572‘
`
`SK
`
`
`
`5.2..$5.38
`
`<.2255:
`
`2%«a3:
`
`«85.5.58
`
`
`
`mmhzmoxz<m¢¢
`
`.3
`
`<29wz_._.=m
`
`a45:23.?
`
`
`
`no<53$5.38”95:8
`
`22552;...#85
`
`<.2255...
`
`
`
`2255—25.$8.8«-3.
`
`a52.3.5
`
`
`
`<5:225323:
`
`3%a“3:
`
`.532253.25 <._<z_:muh
`22852::..
`
`5.53:588.8.m::3was“5$5.55352225535
`E2»..5«85:35.:4.3%hcumbfimufim
`
`
`mozzgxcu
`
`8068..w«
`
`op37:35.
`
`CHASE EX. 1004 - p. 21/39
`
`CHASE EX. 1004 - p. 21/39
`
`
`
`US. Patent
`
`emJ
`
`%m
`
`amS
`
`n,m
`
`4006.,m4’5
`
`
`
`E22..zzimfiE
`
`x,353via3
`
`$238
`
`aNN
`
`22.5525:
`
`m5:<53
`
`mum
`
`«33:35.3
`22533;:
`
`«:3.28:
`
`22.5525:
`
`e.2255...
`
`map—b
`
`
`
`«35:55:
`
`23.83w.m_
`
`
`
`225525....HEP—w
`
`<.2253...
`
`
`
`n.$2.2..22.sz
`
`mczofizuzha
`
`2568..um.
`
`22532:...was;
`
`m.2255...
`
`.2:
`
`CHASE EX. 1004 - p. 22/39
`
`CHASE EX. 1004 - p. 22/39
`
`
`
`
`
`
`
`
`1
`
`5,428,684
`
`ELECTRONIC CASI-ILESS TRANSACTION
`SYSTEM
`
`BACKGROUND OF THE INVENTION
`
`1. Field of the Invention
`
`This invention pertains to a security enhancement for
`an electronic cashless transaction system comprising
`elements such as a bank center, a bank ATM (automatic
`teller machine) [e.g. a modified CD (cash dispenSer)L an
`IC (Integrated Circuit) card [e.g. an IC smart card or an
`IC memory card] and a store transaction terminal [e.g.
`a modified POS (point of sales) terminal]. [A store is
`defined as a retailer, a wholesaler, a shop storage area or
`the like.] More specifically, it relates first to a system for
`controlling a key necessary for authenticating elements
`in proper operations of the electronic cashless transac-
`tion system and second to a money transfer system for
`enhancing the security of transferring money stored in
`the IC card.
`2. Description of the Related Arts
`Recently, a variety of debit cards have been offered
`for sales, which shed or reduce the necessity for carry-
`ing or using changes, and improve cash flows of the
`issuers. In Japan, those cards are used for paying a tele-
`phone charge for a call from a public phone booth, a
`transportation fare at a train station or even aboard a
`bus, and a food voucher at a restaurant.
`However, most debit cards are currently good only
`for specific goods or services offered by the issuers,
`they are not valid for merchandise transactions in gen-
`eral. Besides, most debit cards offered for sales in Japan
`are of a disposable type, i.e. good only for the use of
`their stated values, unlike fare cards offered for sales
`e.g. by the BART in San Francisco, which allow addi-
`tional fares to be supplemented for storage.
`Therefore, an all-in-one card is awaited as an power-
`ful electronic cashless transaction medium, whereby a
`financial institution, e.g. a bank, issues an IC card to its
`customer such that he asks his bank to credit a desired
`amount to his IC card, e.g. by transferring from his
`other accounts, and a participating store to debit a pur-
`chase amount to the card and credits the same to the
`store’s account, thereby consummating a transaction
`without an actual exchange of cash. In the following
`description, debits and credits are defined as being from
`the ledger entries of the issuers of the all-in-one cards,
`and are exactly the opposite for the holders of such
`cards.
`
`Such an all-in-one card system has an advantage in
`safety and efficiency in that the customers need not
`carry cash and stores and banks need not physically
`transport printed bills and coins accumulated as sales
`proceeds.
`However, such an advantage is premised on an
`wholeness of an ATM, an IC card, and a store’s POS
`system.
`FIG. 1 is a block diagram of a conventional elec-
`tronic cashless transaction system using an all-in-one
`card, based on an IC card 11.
`The conventional cashless system comprises an IC
`card 11, a store transaction terminal (POS terminal) 12
`provided at a participating store allowing a holder of
`the IC card 11 to make a purchase, and a bank center 13.
`The bank center 13 has a customer account 14 of the
`holder of the IC card 11, a customer card balance log
`file 15 for storing data on an amount a holder transfers
`to his card, an unsettled funds file 16 for storing the sum
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`4O
`
`45
`
`50
`
`55
`
`65
`
`2
`total of amounts a user transfers to a plurality of cards,
`a store account 17 of a participating store into which the
`sales proceeds are transferred from the unsettled funds
`file 16. A bank center 13 has at least one [1] unsettled
`funds file 16. A customer account 14 and a customer
`card balance file 15 exist for each holder of the 1C card
`
`11. A store account 17 exists for each participating
`store.
`
`The 10 card 11 has a balance storage register 18 for
`registering the amount expendable with the IC card 11.
`Also, the store transaction terminal 12 has a sales data
`file 19 for storing the total amount of the sales and the
`total amount of the sales returns and allowances.
`A holder of the IC card 11 transfers money to his
`card before using it. He enters his PW (password) from
`a keypad on the IC card 11. After activating the IC card
`11, he accesses the bank center 13 via a finance terminal
`or a money transfer terminal such as an ATM 20. On
`determining that the amount the holder wishes to trans-
`fer to the IC card 11 of his own is within the funds
`balance or a predetermined revolving limit of the cus—
`tomer account 14, the bank center 13 instructs the ATM
`20 to credit the transferred amount (a card transfer
`amount 21) to the balance storage register 18 in the IC
`card 11 and to debit the same to the customer account
`14 of his own. That is, at the same time, the bank center
`13 stores the card balance in the customer card balance
`log file 15.
`The customer card balance log file 15 operates as a
`first check in preventing a fraud using the 1C card 11.
`This is because, since the amount stored in the balance
`storage register 18 of the IC card 11 cannot be more
`than the amount stored in the customer card balance log
`file 15, an amount stored in the balance storage register
`18 of the IC card 11 which is more than the amount
`stored in the customer card balance log file 15 can be
`construed as a possible falsification of the IC card 11.
`Also, the amount stored in the customer card balance
`log file 15 can be used as a basis for calculating an in-
`sured value for the holder of the IC card 11 for compen—
`sating a damage to or a loss of the IC card 11.
`When a store has the store transaction terminal 12
`credit to the IC card 11 an amount of a sales return and
`allowance, the bank center 13 has the customer card
`balance log file 15 control an amount credited by a store
`due to a sales return and allowance separately from an
`amount credited by a holder of the IC card 11 due to a
`transfer-in from his other account, thereby limiting the
`amount a store can credit a customer on the IC card 11
`as a sales return and allowance, e.g. to the credit balance
`posted in the unsettled funds file 16.
`The holder of the IC card 11 wishing to make a pur-
`chase at a participating store inserts the IC card 11 into
`the store transaction terminal 12 indicating a sales
`amount or an amount of sales returns and allowances,
`and enters his PW on the keypad of the IC card 11,
`thereby performing a purchase activation 22 of the IC
`card 11. The store transaction terminal 12 updates the
`fund balance stored in the balance storage register 18 of
`the IC card 11 by debiting the sales amount or crediting
`the amount of sales returns and allowances,
`thereby
`performing a balance adjustment 23, and credits the
`sales amount or debits the amount of sales returns and
`allowances to the sales data file 19. More specifically,
`when the holder of the IC card 11 has an account in a
`bank A,
`the store transaction terminal 12 updates
`
`CHASE EX. 1004 - p. 23/39
`
`CHASE EX. 1004 - p. 23/39
`
`
`
`3
`amounts a related to accounts for bank A in the sales
`data file 19.
`The store transaction terminal 12 thus credits the
`total amount of sales or debits the total amount of the
`sales returns and allowances to the sales data file 19,
`then sends their sum totals to the bank center 13 by
`coding these amounts in the sales data file 19 after a
`lapse of a predetermined period. That is, the store trans-
`action terminal 12 sends to the bank center 13 of bank A
`sales (billing) data 24 by coding the amounts a, compris-
`ing the amount of sales and the amount of sales returns
`and allowances. The bank center 13 decodes the sales
`(billing) data 24 and transfers the amounts from the
`unsettled funds file 16 to the store account 17.
`FIG. 2 is a block diagram for explaining conventional
`updations of sales tallying data and a fund balance
`stored in the IC card 11 by the store transaction termi-
`nal 12.
`
`As explained in the description of FIG. 1, a holder
`wishing to make a purchase inserts the IC card 11 into
`the store transaction terminal 12 after activating it by
`entering his PW, and allows the store transaction termi-
`nal 12 to debit a purchase amount 25. The purchase
`amount 25 is an input to an adder 26 of
`the store transaction terminal 12 and a subtracter 27
`of the IC card 11, which is outputted to an amount
`display 28 of the IC card 11. This allows the holder of
`the IC card 11 to judge whether or not the purchase
`amount 25 is appropriate.
`The other input to the adder 26 of the store transac-
`tion terminal 12 is sales tallying data 29. On receiving an
`input of the purchase amount 25, the adder 26 adds to
`the sales tallying data 29 data on the purchase amount
`25, thereby updating the sales tallying data 29. Mean-
`while, the other input to the subtracter 27 of the IC card
`11 is the value of the balance storage register 18. On
`receiving an input of the purchase amount 25, the sub-
`tracter 27 subtracts the purchase amount 25 from the
`value of the balance storage register 18, and re-stores
`the difference in the balance storage register 18, thereby
`updating the balance.
`As described above, a conventional all-in-one card
`system takes security measures, e.g. an access control
`for disabling the abuse by an inappropriate holder and a
`coding to prevent eavesdropping of line between a store
`and the bank center 13.
`
`However, the conventional system such as described
`above has a security problem in that it has no defense
`against a fraud via the store transaction terminal 12.
`FIG. 3 is a block diagram of a conventional process
`for transferring a replenishing amount to an all-in-one
`card, such as the IC card 11.
`The system shown in FIG. 3 comprises the IC card
`11, the ATM 20 for handling a money transfer from or
`to another account, and the bank center 13 of the issuer
`of the IC card 11.
`
`The holder of the IC card 11 wishing to transfer
`money to or from the 10 card 11 inserts the IC card 11
`into the ATM 20 after activating the IC card 11 by
`entering his PW for the IC card 11 e.g. from the keypad
`of the IC card 11. Alternatively, the holder may acti-
`vate the IC card 11 by entering his PW e.g. from the
`touch sensor panel of the ATM 20 after inserting the IC
`card 11 into the ATM 20. This allows a communications
`link to be established between the IC card 11 and the
`bank center 13 via the ATM 20.
`
`Then, the holder of the IC card 11 inputs a transfer
`amount 34 (which is defined as being positive for a
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`65
`
`5,428,684
`
`4
`transfer-in to the IC card 11 and being negative for a
`transfer-out from the IC card 11) e.g. from the keyboard
`of the ATM 20. Alternatively, the holder of the IC card
`11 can input the transfer amount 34 from the keypad of
`the IC card 11 before he inserts his card to the ATM 20.
`Thereafter, the ATM 20 reads the balance stored in
`the IC card 11 (from the balance storage register 18)
`and sends to the bank center 13 data on the stored bal-
`ance and on the transfer amount 34, asking for an autho-
`rization to credit or debit the transfer amount 34 to the
`IC card 11 and to debit or credit to the customer ac-
`count 14.
`The bank center 13 determines whether it can autho-
`rize the transfer-in to or transfer-out from the IC card
`11, calculates a new balance by adding the transfer
`amount 34 to the hitherto stored balance, and sends the
`new balance to the ATM 20. The ATM 20 in turn stores
`the new balance to the IC card 11.
`The above processes allow the IC card 11 to have a
`new balance, thereby completing a transfer-in or trans-
`fer-out.
`the IC card 11 and the ATM 20
`Conventionally,
`share a key-A 35 for coding communications between
`the IC card 11.and the ATM 20, thereby masking a
`protocol for a money transfer. However, in most cases,
`the communications between the ATM 20 and the bank
`center 13 are not coded. When they are in fact coded,
`the bank center 13 and the ATM 20 share a same key for
`coding and decoding the communications between
`them.
`
`However, a conventional system such as this has a
`security problem with respect
`to an unauthorized
`money transfer due to its openness to eavesdropping.
`That is, the communications between the ATM 20 and
`the bank center 13, unless coded, are vulnerable to un-
`wanted interceptions, which may allow one of skill to
`detect and analyze the data flow between the ATM 20
`and the bank center 13 and transmit phony data that
`enable money to be transferred without a proper ap-
`proval, or even bogus account data to be created.
`Besides, even when the communications between the
`bank center 13 and the ATM 20 are coded, the key
`needs to be changed every time, for a defense against
`the possibility that a hacker can somehow log on to the
`ATM 20 and interpret the communications between the
`bank center 13 and the ATM 20 for the purpose of
`interfering with the system e.g. by destroying data.
`SUMMARY OF THE INVENTION
`
`This invention is conceived based on the above back-
`ground. It aims at enhancing the security of an elec-
`tronic cashless transaction system,
`thereby allowing
`versatile uses of an IC card as an almighty medium for
`commercial transactions in general.
`A feature of this invention resides in a key control
`method for use in an electronic cashless transaction
`system including at least a bank center, a store transac-
`tion terminal and an IC card being used as an electronic
`cashless transaction medium. The key control method
`comprises a step of having the bank center generate and
`code a first parameter for a transmission to the IC card;
`a step of having the IC card receive and decode the
`coded first parameter by using the first key, thereby
`reconstructing the first parameter issued by the bank
`center, perform a first operation on the first parameter
`and a password of a holder of the IC card, and store in
`a first register; a step of having the store transaction
`terminal send to the IC card a second parameter cod'ed
`
`CHASE EX. 1004 - p. 24/39
`
`CHASE EX. 1004 - p. 24/39
`
`
`
`5
`by a second key, when the holder inserts the IC card 11
`into the store transaction terminal; a step of having the
`IC card decode the coded second parameter by using
`the second key, thereby reconstructing the second pa-
`rameter received from the store transaction terminal,
`perform a second operation on the second parameter
`and the value stored in the first register, store a result of
`the second operation in the second register; and a step
`of decoding a value stored in the second register by
`using a coding session key stored in a memory of the IC
`card, thereby obtaining a key for an intended authenti—
`cation.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`One of skill in the art can easily understand additional
`features and objects of this invention from the descrip-
`tion of the preferred embodiments and some of the
`attached drawings. In the drawings:
`FIG. 1 is a block diagram of a conventional elec-
`tronic cashless transaction system using an all-in-one
`card, based on an IC card;
`FIG. 2 is a block diagram for explaining conventional
`updations of sales tallying data and a fund balance
`stored in the IC card 11 by the store transaction termi-
`nal 12;
`FIG. 3 is a block diagram of a conventional process
`for transferring a replenishing amount to an all-in-one
`card, such as the IC card 11;
`FIG. 4 is a block diagram of a first embodiment of an
`electronic cashless transaction system;
`FIG. 5 is a block diagram outlining key control oper-
`ations of this invention;
`FIG. 6 shows in further detail the processes for con—
`trolling coding session keys;
`FIG. 7 is a block diagram of a money transfer to or
`from the IC card 42;
`FIG. 8 is a block diagram illustrating a sales data
`updation and a sales billing;
`FIG. 9 shows a process of supplying via the ATM
`44A to the IC card 42 the first parameter Kcent neces-
`sary for creating a key KIDi for decoding a variable
`bank key KB;
`FIG. 10 shows processes between the IC card 42 and
`the store transaction terminal 43 executed when a
`holder and a participating store executes a transaction;
`FIG. 11 shows processes between the IC card 42 and
`the bank center 44 when the bank center 44 supplies to
`a holder a key for transferring money;
`FIG. 12 shows exemplary cycles of changing a series
`of coding session keys KBal through KBan supplied to
`a holder;
`FIG. 13 is a sketch of a second embodiment of this
`invention;
`FIG. 14 is a block diagram of the second embodiment
`of this invention;
`FIG. 15 is a block diagram of the second embodiment
`modified for preventing a fraud;
`FIG. 16 is a block diagram of a third embodiment of
`this invention;
`FIG. 17 is a block diagram of a fourth embodiment of
`this invention;
`FIG. 18 is an explanatory chart illustrating a data
`falsification incidental to transaction data stored in the
`store transaction terminal 43 pursuant to the third and
`fourth embodiments of this invention;
`FIG. 19 is an explanatory chart for a system configu-
`ration of a fifth embodiment of this invention in which
`a serial number is assigned to a transaction data file 222;
`
`5,428,684
`
`6
`
`FIG. 20 is an explanatory chart illustrating a data
`falsification incidental to transaction data stored in the
`store transaction terminal 43 pursuant to the fifth em-
`bodiment of this invention; and
`FIG. 21 is an explanatory chart for a system configu-
`ration of a sixth embodiment of this invention in which
`a store transaction terminal
`identification number is
`assigned to a transaction data file 222.
`
`DESCRIPTION OF THE PREFERRED
`EMBODIMENTS
`
`FIG. 4 is a block diagram of a first embodiment of an
`electronic cashless transaction system.
`The transaction system using an electronic cashless
`medium of the first embodiment comprises a bank cen-
`ter 44, an ATM 44A, an IC card 42 and a store transac-
`tion terminal 43. The ATM 44A can be a CD (cash
`dispenser), with necessary functions, e.g. a data ex-
`change function, attached. The store transaction termi-
`nal can be a POS terminal with necessary functions, e.g.
`a card reading function, attached. As described before,
`the IC card can be an IC smart card or IC memory card.
`The IC smart card comprises a CPO and a memory, and
`can be an IC memory card with necessary function, e.g.
`an access control function attached.
`Although the transaction system of the first embodi—
`ment of this invention basically operates in a manner
`similar to the conventional transaction system, it has
`differences in (1) a key control, including a control of a
`bank key, (2) an amount replenishment to the IC card
`11, (3) an updation of sales data and (4) a sales billing.
`Described below are these principles.
`FIG. Sis a block diagram outlining key control oper-
`ations of this invention.
`
`The first principle of this invention comprises a step
`(STl) of procedures between the ATM 44A and the IC
`card 42, a step (5T2) of procedures between the IC card
`42 and the store transaction terminal 43, and a step
`(ST3) of assigning a coding key to the IC card 42.
`STl
`
`Step STl represents procedures between the IC card
`42 and the bank center 44 via the ATM 44A. The bank
`center 44 randomly generates a first parameter, codes it
`by using a master key L, and supplies the coded first
`parameter to the IC card 42 via the ATM 44A.
`After receiving the coded first parameter supplied via
`the ATM 44A, the IC card 42 has its decoder 42-1
`decode the coded first parameter by using the master
`key L it shares with the bank center 44, thereby recon-
`structing the first parameter generated by the bank
`center 44. Then, the IC card 42 has its adder 42-2 add
`the first parameter thus decoded to a number converted
`from the PW entered by its holder, and has its first
`register 42-3 store the sum.
`The IC card 42 may cause corresponding digits of the
`decoded first parameter and the number converted
`from the PW to undergo some other operations (e.g. a
`multiplication, a division, a subtraction, a disjunction, a
`conjunction, an exclusive disjunction or any combina-
`tion thereof) instead of a simple addition by the adder
`42-2, by incorporating a substitute operator. To summa— '
`rize, the IC card 42 has the first register 42-3 store the
`result of operating a function whose variables comprise
`the decoded first parameter and the PW.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`6O
`
`65
`
`CHASE EX. 1004 - p. 25/39
`
`CHASE EX. 1004 - p. 25/39
`
`
`
`7
`
`8T2
`
`5,428,684
`
`8
`The bank center 44 generates a first parameter, codes
`the first parameter, and supplies the coded first parame-
`ter to the IC card 42 via the ATM 44A. On receiving
`the coded first parameter supplied via the ATM 44A,
`the IC card 42 has its decoder 42-1 decode the coded
`first parameter by using its master key L it shares with
`the bank center 44, thereby reconstructing the first
`parameter issued by the bank center 44. Then, the IC
`card 42 has its adder 42-2 add the first parameter thus
`decoded to the PW controlled by the holder, and has its
`first register 42-3 store the sum. (Refer to step STl.)
`Then, the holder of the IC memory card 42 wishing
`to make a purchase at a participating store inserts the IC
`card 42 into a card reader of the store transaction termi-
`nal 43. The store transaction terminal 43 sends to the IC
`card 42 a second parameter coded in advance by the
`master key L of the bank center 44. On receiving a
`coded second parameter, the IC card 42 has its decoder
`42-1’ decode the coded second parameter by using its
`master key L it shares with the bank center 44, has its
`adder 42-2’ add the second parameter thus decoded to
`the value stored in the first register 42—3, and has the
`second register 424 store the sum. Then, the IC card 42
`has its decoder 42~1” decode the sum stored in the sec-
`25 ond register 424 by using one [1] of coding session keys
`stored in its memory 42-5, thereby obtaining key KB-Ai
`for an intended authentication. (Refer to step ST2.)
`To be more specific, the IC card 42 has its memory
`42-5 store a plurality of coding session keys, and re-
`ceives serial number data including address data of the
`memory 42-5, on receiving the coded second parameter
`from the store transaction terminal 43, thereby access-
`ing an address in the memory 42-5 specified by the
`address data of the serial number data, obtaining an
`output of a coding session key stored therein. Then, the
`IC card 42 has its decoder 42-1” decode the output by
`using the sum stored in the second register 42—4, thereby
`obtaining key KB-Ai for an intended authentication.
`(Refer to step ST2.)
`W