United States Patent
`
`[191
`
`[11] Patent Number:
`
`4,864,618
`
`[45] Date of Patent:
`Sep. 5, 1989
`Wright et al.
`_______________________________.____-———————-—————————-
`
`[54]
`
`[75]
`
`AUTOMATED TRANSACTION SYSTEM
`WITH MODULAR PRINTHEAD HAVING
`PRINT AUTHENTICATION FEATURE
`
`Inventors: Christopher B. Wright, San
`Francisco; Stephen Bristow, Los
`Altos Hills, both of Calif.
`
`[73]
`
`Assignee:
`
`Wright Technologies, L.P., San
`Francisco, Calif.
`
`[21]
`
`[22]
`
`[62]
`
`[51]
`[52]
`
`[5 8]
`
`[56]
`
`Appl. No.:
`Filed:
`
`258,395
`
`Oct. 17, 1988
`
`Related U.S. Application Data
`Division of Ser. No. 935,244, Nov. 26, 1986, Pat. No.
`4,802,218.
`
`Int. C1.4 ............................................... H04L 9/00
`US. Cl. ........................................ 380/51; 380/23;
`364/900; 340/825.34
`Field of Search .................................... 380/23—25,
`380/51; 235/379, 380, 487, 488, 492; 364/405,
`705, 900; 340/825.34
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`4,637,051
`4,757,537
`4,802,218
`
`
`1/1987 Clark ............................. ....... 380/51
`7/1988 Edelmann et a1.
`..
`380/51
`1/1989 Wright et al. ......................... 380/23
`
`FOREIGN PATENT DOCUMENTS
`
`0161181 11/1985 European Pat. Off.
`
`.
`
`Primary Examiner—Salvatore Cangialosi
`Attorney, Agent, or Firm—Leighton K. Chong
`
`ABSTRACT
`[57]
`An automated transaction system employs a terminal
`for printing a value indicia, such as a postmark, on an
`article. The terminal contains a modular printer unit
`which has a printhead and a dedicated microprocessor
`physically permanently bonded together such that the
`printhead microprocessor cannot be physically tam-
`pered with without disabling the printhead. The modu-
`lar printer unit includes a first supply of visible ink and
`a second supply of invisible ink, and an internal pro-
`gram for printing the value indicia with visible ink and
`an authentication code, which uniquely corresponds to
`the value indicia, with invisible ink. The invisible value
`indicia can be subsequently verified as authentic by
`machine reading of said invisible authentication code
`and comparing the authentication code for correspon-
`dence to the value indicia.
`
`4,024,380 5/1977 Gunn ................................... 235/487
`4,168,533
`9/1979 Schwartz et a1.
`................... 364/900
`
`18 Claims, 11 Drawing Sheets
`
`Va
`
`EMORY
`
`MP1]
`
`Fl
`é
`
`I
`
`E
`
`30
`
`aPEA’flT/MA‘
`
`EE
`IE
`EE
`EE
`
`CHASE EX. 1014 - p. 1/23
`
`CHASE EX. 1014 - p. 1/23
`
`

`

`US. Patent
`
`Sep.5,1989
`
`Sheet 1 of 11
`
`4,864,618
`
`§
`
`3 °
`
`CHASE EX. 1014 - p. 2/23
`
`CHASE EX. 1014 - p. 2/23
`
`

`

`US. Patent
`
`Sep.5, 1989
`
`Sheet 2 of 11
`
`4,864,618
`
`I
`
`FIG. 20
`
`r““‘""'"‘———§0————————j
`
`
`
`FIG. 2b
`
`I _I --‘I
`
`I I I I I I I I I
`
`
`
`
` 956005 AMI/FER
`l/ W/flr’ 550657
`
`
`KEY kl 5V
`l/VVifififAlfiOR/W/fi
`
`xv: Eff/4’1)
`I EMCXYPT Mus/35.2
`I N mm 5565457"
`
`KEY k1 b)’
`I 5560”” fllfiOR/IWM
`I wz- £2 {/v, A 1)
`
`
`
`
`
`
`
`CHASE EX. 1014 - p. 3/23
`
`”cam/1mm.”
`+F057H6£
`fi/fiOU/VT
`
`I I I I I I I I I
`
`I
`
`I I I I I I I
`
`Wfl/Fy Fame AWL/me
`
`ENCHFI' IVl/MBER N
`
`W/TH 554-257 key k /
`5y P7357 imam 77W,
`
`
`IV/- 5/ {/v, kl)
`
`
`
`
`
`
`
`
`
`
`
`756005 IUM5£R xv
`BY M/Ekfizs flack/mm
`”=52I/h/Z ); IF
`527/172 WMBEK rfiav
`255/7 C/M’P, A/vp
`552W Pk/A/r com/m p
`
`
`
`
`
`
`
`I
`
`I I I I I I I I I l I | I l l
`
`CHASE EX. 1014 - p. 3/23
`
`

`

`US. Patent
`
`Sep. 5, 1989
`
`Sheet 3 of 11
`
`4,864,618
`
`mgrmmkq
`
`.VSSSQE.3326
`
`
`
`QMVUmexwxmkm
`
`QNEQRWS>m3K
`
`mflqwzommmm
`
`3%Q85All]...3K
`
`
`
`u$§$xmxAlli!3%
`
`
`
`ud§§§AllllCk
`
`thVU“4bequ
`
`knxkukm.$§
`
`q$$¥kwx3%
`
`“\Vxfififiwwt
`
`CHASE EX. 1014 - p. 4/23
`
`CHASE EX. 1014 - p. 4/23
`
`
`
`
`

`

`US. Patent
`
`Sep. 5, 1989
`
`Sheet 4 0f 11
`
`4,864,618
`
`II
`
`N“
`
`ma
`
`v.o_n_
`
`Q.“
`
`C.
`
`
`
`CHASE EX. 1014 - p. 5/23
`
`CHASE EX. 1014 - p. 5/23
`
`

`

`US. Patent
`
`Sep. 5, 1989
`
`Sheet 5 of 11
`
`4,864,618
`
`FIG. 5
`
`(/55)? 04290
`E/VTEPE D
`
`(/55? CD/VF/z?
`mom- P/M MM
`51;? pm
`
`UNA (/ff/OR/Zfo
`04/29 DEffCI‘ED
`
`5/1/7253 2/? (0055
`0/“ SOURCE fM/D
`055TIA/A7'/0/V)
`EN75,? NE/é‘vé/T
`
`P5670557 P057:
`#65 fl/nOU/VT
`
`CUM/”UTE FUSI-
`fléf «VS/N6
`[@775 6/1)?!)
`
`lWl/T Fflk/ff Y
`PRESS 0/?
`
`_ ‘ Mlmmswmm
`
`COMPZEI'ED
`
`1755/7 0729, 5505
`
`PRINT COMM/WP TERM/NATE OPEA"
`
`H770/1/ 0F 7£KM//V/7L
`
`CHASE EX. 1014 - p. 6/23
`
`CHASE EX. 1014 - p. 6/23
`
`

`

`US. Patent
`
`Sep. 5, 1989
`
`Sheet 6 of 11
`
`4,864,618
`
`FlG.6b
`
`
`”I.75/”3,7...”
`lllII‘IIIIIllllll to
`USA—-7:
`
`
`
`lllllllI'llllll
`
`co
`(123
`
`“L5
`
`0
`
`LO
`
`0‘
`
`LI.
`
`2 F
`
`Jr:
`Ow
`VS
`350:
`K03
`N; 77
`C
`
`CHASE EX. 1014 - p. 7/23
`
`CHASE EX. 1014 - p. 7/23
`
`

`

`US. Patent
`
`59D&
`
`m,
`
`4’
`
`0016.,
`
`4o%wo_n.
`
`
`
`m000D0000000Un000U0000000Uw000D0000000.Umg000U0000000U
`
`CHASE EX. 1014 - p. 8/23
`
`CHASE EX. 1014 - p. 8/23
`
`
`
`

`

`US. Patent
`
`Sep.5, 1989
`
`Sheet 8 of 11
`
`4,864,618
`
`
`
`U55]? 04/20
`xix/552750
`
`//0
`
`
`F'G- 8
`
`
`[/Nfll/fHOR/ZEP CARD
`
`
`057256750, £06K C’flRD
`
`(/55)? CONFIRMATION
`PIN. MIN, EX}? 047.5
`
`
`
`
`
`
`
`
`(0/71/9072? POSTflGE
`0/5/9427 Y MENU 0F
`
`A’MT FROM KATE
`55/?was, 2500557
`551EC770M
`
`
`CARP
`
`
`
` EXE 607.5 FROG/37M
`
`FOR 35/. 5675.0 .55?-
`
`
`V/CE, COM/9U]? 1522571465
`
`
`4Mf/7KfflRP/f/6 1W Fkfléflflfl/
`
`
`
`
`
`
` REQUEJ‘7'
`
`P0577765 M7
`
`
`
`l 5750
` TEQMI/‘Vflfé 0PERA7/0A/
`0F TERM/”AZ.
`
`SHAKE cam.
`
`CHASE EX. 1014 - p. 9/23
`
`CHASE EX. 1014 - p. 9/23
`
`

`

`US. Patent
`
`Sep.5, 1989
`
`'
`
`Sheet 9 of 11
`
`4,864,618
`
`/
`
`5,
`
`'__"'£9"191'!911"
`
`DELIVERED
`
`
`
`CHASE EX. 1014 - p. 10/23
`
`CHASE EX. 1014 - p. 10/23
`
`

`

`US. Patent
`
`Sep.5,1989
`
`Sheet 10 of 11
`
`4,864,618
`
`
`/,0/ Mfl57ER CARD ACflV/lf/OM'
`CHECK SUPEKVR. P/N,
`
`CHECK MST/:7? fifR/fil.
`#0. ,: ”V5741. k5); EXE-
`
`CUfE #ANDflM/(E, J/v- _
`
`Lam M4575?) zeroep
`
`7767/10/70 f/ON
` AMSTER 04KB
`
`
`caxVHRMAr/ON
`
`PROCEDURES 3
`
`SER/fll. N0.
`
`fiNAUTHOR/ZEP ' M45753
`
`CflRD DEfECTEfl
`
`
`
`/5
`
`
`055k 07!? -
`
`INSEPI'EP
`
`
`
`
`
`
`I475
`
`l5
`
`
`
`
`
`(/5
`RAM/£5
`N0
`l/NflUf/IOR/Zé'p
`
`New;5)%?o W
`(/59? FIN,
`(/55? amp,-
`
`
`
`
`ae ggxu-
`v41. m
`LOCK CflRD
`
`
`
`
`
`CHECK ”55R CARP
`559/”; ”(M/852? .
`
`
`RECORD [HER/M‘s
`
` 5W5 54mm— Fm
`
`(PEP/7' 620.55
`MEMd/ey SECWON
`
`
`Rial/£57m” R5577?-
`
`
`Icr/axvs - rmwwcr/O/v
`
`
`
`4/9/75, :12 0/775
`
`
`
`> CO/Vf/NUE .7
`
`
`
`mama. SECRET
`> (#751475
`
`
`
`MEX 64055 55¢“st7
`SUPER V/SR
`MEMORY ZONE
`RECORD
`
`> 51148 055
`USER C‘fiRO
`
`> TERM/M4 7'5
`
`
`0FE¢647/0/V
`
`
`WSMLL NEW bflZ/M/(E
`
`
`AVA/[W J55? MEM
`
`
`
`SHIM’E C007-
`SEC/YON- 055/7M/I57’EI?
`
`1 HEP
`
`
`
`
`
`FIG. ll
`
`CHASE EX. 1014 - p. 11/23
`
`CHASE EX. 1014 - p. 11/23
`
`

`

`US. Patent
`
`Sep.5,1989
`
`Sheet11.0f11
`
`4,864,618
`
`
`
`mzx«4?me
`
`.NV\<\&\N\NI\.
`
`QR‘U
`
`QQHSQNKQW
`
`kwkhmx;
`
`(NW5
`
`EQQMVhEVuR
`
`
`
`QZRZENauxmhx
`
`
`
`.VSUNKW.mKtk
`
`
`
`meSQwhQwfib
`
`NQEMQK QQRU
`
`
`
`
`
`mflkwfixwfifik“35%me
`
`N_.07.
`
`QEMNKNS
`
`“Vixxww‘mk
`
`CHASE EX. 1014 - p. 12/23
`
`CHASE EX. 1014 - p. 12/23
`
`
`
`

`

`1
`
`4,864,618
`
`AUTOMATED TRANSACTION SYSTEM WITH
`MODULAR PRINTI-IEAD HAVING PRINT
`AUTHENTICATION FEATURE
`
`This is a divisional application from the prior applica-
`tion Ser. No. 935,244, filed on Nov. 26, 1986, entitled
`“Automated Transaction System Using Microprocessor
`Cards”, issued as US. Pat. No. 4,802,218.
`
`FIELD OF INVENTION
`
`The invention relates to an automated transaction
`system which receives with a user card having a micro-
`processor for executing secure transactions in which an
`article or item of value is dispensed from a terminal, and
`an account balance stored in the card’s memory is deb-
`ited. In particular, the invention is applied to a postage
`transaction system in which a postage account is main-
`tained within the microprocessor card and is used in
`transactions with postage printing and metering termi-
`nals.
`
`BACKGROUND OF INVENTION
`
`Point-of-sale (POS) terminals and automated teller
`machines (ATM) have been widely used in conjunction
`with various types of cards issued to users for sale or
`credit transactions. For example, banks regularly issue
`account cards which have a magnetically coded num-
`ber stored on a stripe for accessing the user’s account
`through ATM terminals. Credit cards which have
`coded magnetic stripes are inserted in ATM or POS
`terminals to access a central account system for authori-
`zation of a credit transaction. There also have been
`proposals to use cards which have large non-volatile
`memories, e.g. magnetic,
`integrated circuit (IC), or
`optical memory storage, for storing and retrieving in-
`formation specific to the user, such as a medical history,
`biographical history, maintenance of an account bal-
`ance and transaction history, etc.
`These conventional systems generally employ a card
`which has a passive memory that is read in a card reader
`or computerized terminal maintained by a vendor. The
`security of the cards is problematic since most account
`cards used conventionally are passive and do not au-
`thenticate themselves or the particular transactions for
`which they are used. Instead, on-line access through a
`terminal to a central account system, such as bank or
`credit card account records, is required for confirma-
`tion of each transaction. This requirement places an
`access time and cost burden on vendors, such as bank
`branches and retail stores, which must maintain the
`terminal facilities, as well as on the operator of the
`central account system, which must provide sufficient
`on-line access for all the users of the system and ensure
`the security of the entire system.
`By comparison, off-line transactions, i.e. between a
`user with an authorized card and a terminal not con-
`nected to a central account system, have the advantage
`that the vendor does not have to confirm each transac-
`tion. A card bearer merely inserts the card in a terminal
`to pay for a purchase and the authorized amount of the
`card is debited for the amount of the transaction. In
`off-line transactions, the vendor’s responsibility can be
`reduced and the transaction process simplified, so that a
`transaction can be completely automated through the
`use of widely distributed user cards and automated
`terminals.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`45
`
`50
`
`55
`
`65
`
`,
`
`2
`However, off-line transactions are more vulnerable to
`the use of counterfeit cards and to tampering with .the
`terminals. Thus, the cards have to be made secure and
`the transactions limited to small amounts. As an exam-
`ple of conventional card security measures, a memory
`card can be divided into a number of separately valida-
`table sectors of limited value which are irreversibly
`debited with each transaction, as disclosed in US. Pat.
`Nos. 4,204,113 and 4,256,955 to Giraud et al. A personal
`identification number (PIN) can be written into the
`card’s memory at the time of issuance and requested of
`the user with each transaction. Terminals are generally
`made secure by maintaining them in areas to which
`access is restricted or supervised. However, these re-
`quirements increase the cost of operating the system
`and at the same time decrease its utility.
`The sophistication of card counterfeiting and credit
`fraud has increased with the widespread use of account
`and credit cards, and even greater security measures are
`currently needed to ensure the validity of card transac-
`tions. Conventional micrOprocessor cards employ resi-
`dent programs to control access to data stored on the
`card, store a selected user PIN to confirm an authorized
`user, and prevent use of the card if an unauthorized user
`is detected, such as after a limited number of incorrect
`PIN entries. Although such microprocessor cards pro-
`vide greater security than passive cards, the overall
`system is still vulnerable in that, once a valid user’s PIN
`has been ascertained, a stolen card can be used for unau-
`thorized transactions in any terminal, and the terminals
`themselves are subject
`to penetration. These vul-
`nerabilities can be offset by limiting the authorized
`amount of the card, controlling access to the terminals,
`or requiring on-line confirmation of transactions. How-
`ever, such measures again increase the cost of the sys-
`tem and decrease its utility.
`.
`,
`.
`One potential area of application of automated sys-
`tems employing account or credit cards is in postage
`vending and metering machines. Purchases of postage
`and mailing transactions are made primarily in person
`with cash through tellers at post offices. Only limited
`types of postage stamps can be purchased from public
`vending machines. Most private postage metering ma-
`chines have limited operational features and must have
`their metering devices removed periodically to a post
`office for refilling. The size and weight of the metering
`devices make them inconvenient to carry. Some meter-
`ing systems can be refilled by a remote computer, but
`the caller must still phone the computer center and
`execute the operator’s instructions on the postage meter .
`manually.
`The elimination of cash purchases, in-person mailing
`transactions, unnecessary limitations on automated
`postal services, and physical refilling of postage meter-
`ing machines could greatly reduce the waiting lines at
`post offices and facilitate the wider dissemination of
`postage vending and metering machines for the conve-
`nience of users and provide greater access to postal
`service. The use of account or credit cards for auto-
`mated postal machines has been considered. However,
`the security problems of conventional card automated
`systems would require that user cards be validated only
`for relatively small amounts of prepaid postage, that
`vending and metering machines provide limited postal
`products and be refilled with limited total postage
`amounts, and that access to the machines be strictly
`controlled. These restrictions are a substantial obstacle
`
`CHASE EX. 1014 - p. 13/23
`
`CHASE EX. 1014 - p. 13/23
`
`

`

`3
`which contribute to the difficulty of implementing an
`automated postal transaction system.
`
`SUMMARY OF INVENTION
`
`In view of the foregoing disadvantages and problems
`of conventional systems, it is a primary purpose of the
`invention to provide an automated transaction system
`which has security features that will facilitate the wide-
`spread use of account or credit cards for off-line trans-
`actions and the dissemination of automated transaction
`terminals to which access does not have to be strictly
`controlled. A principal object of the invention is to
`provide an interactive card/terminal system in which
`the card and the terminal each have a security feature
`which prevents the completion of a requested transac-
`tion unless a secure handshake recognition procedure is
`mutually executed between the card and the terminal
`such that they each recognize the other as authorized to
`execute a transaction. In particular, it is desired that the
`card and the terminal cooperate together to execute a
`simultaneous dispensing of value by the terminal and
`debiting of an authorized balance by the card.
`A specific object of the invention is to apply the
`above-mentioned automated transaction system to post-
`age metering machines. A further object is to provide a
`new generation of card automated postal
`terminals
`which have greater flexibility in the range of postal
`products and services offered, wherein the terminals are
`individually secure and can be accessed in relatively
`unrestricted areas, and the cards can be refilled at any
`desired location through secure refilling terminals vali-
`dated by the issuer.
`In accordance with the purposes and objects of the
`invention, a card automated transaction system employs
`a card having a secure, resident microprocessor which
`Operates to confirm that a requested transaction is au-
`thorized and to then initiate an interactive handshake
`recognition procedure with a resident microprocessor
`in the value dispensing section of an automated termi-
`nal. Upon successful completion of the handshake pro-
`cedure,
`the card microprocessor and the dispensing
`section microprocessor simultaneously actuate the dis-
`pensing of the requested article or item of value and the
`debiting of an authorized balance from the card.
`A particular embodiment of the invention is a mutual
`handshake recognition procedure executed as follows:
`(1) upon confirming that a terminal requested transac-
`tion is authorized, the card passes to the terminal a word
`comprising a randomly generated or other object num-
`ber encrypted by a first resident algorithm and a key
`number stored in the card; (2) the terminal decodes the
`number using a corresponding inverse of the first algo-
`rithm and the key number; (3) the terminal sends back to
`the card a second word comprising the decoded ran-
`dom number encrypted by a second resident algorithm
`and the key number; (4) the card decodes the second
`word using a corresponding inverse of the second algo-
`rithm and the key number and compares the decoded
`number to the one originally sent; (5) if the numbers
`match, the card microprocessor debits its authorized
`balance for the indicated amount of the transaction and
`sends an actuation signal to the terminal to proceed
`with the transaction; and (6) upon receipt of the actua-
`tion signal, the dispensing microprocessor actuates the
`dispensing section to complete the transaction. The
`transmitted actuation signal may also be encrypted and
`decoded by the above algorithms or a similar method.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`45
`
`50
`
`55
`
`65
`
`4,864,618
`
`4
`
`the above-
`Under the principles of the invention,
`described interactive card automated transaction sys-
`tem is applied to postage metering machines. In one
`embodiment, a postage metering terminal has a slot for
`receiving a microprocessor card issued with an autho-
`rized balance, a print head with a secure microproces-
`sor which interacts with the card microprocessor, a
`keypad, a display, and an operations microprocessor
`which accepts a keyed input of the postage amount
`requested, displays the keyed input, queries the card to
`authorize and initiate the postage printing transaction,
`and then resets the machine for the next transaction or
`executes a series of transactions in a repeat mode.
`In a related embodiment, a postage metering terminal
`has a first slot for receiving a user micrOprocessor card,
`a second slot for receiving a postal rate card, a print
`head with a secure microprocessor, a keypad and other
`means for entering source and destination (postal zip)
`codes, means for entering the weight and postal class of
`the article to be mailed, and an operations microproces-
`sor having a program for calculating the correct post-
`age based upon the listings of the rate card and the
`keyed-in information.
`The card automated postal transaction system can be
`readily applied not only to the postal products and
`services of the US. Postal Service, but also to private
`carriers and parcel delivery companies. In a further
`embodiment, a postal waybill terminal has a third slot
`for receiving a special services card which has stored
`data from which the terminal can print postal and deliv-
`ery services information on standard form blanks. For
`example, the special services card can be used to print
`Post Office forms, such as Certified Mail or Registered
`Mail, or the waybills of private carrier companies. The
`terminal is also provided with a full field display of the
`waybill form, prompts the user for information‘by pro-
`grammed cursor movements, and has command keys
`for inputting sender and addressee information, rate or
`service class, waybill number, carrier information, etc.
`As subsidiary features, the microprocessor cards can
`be configured to provide different types of access to the
`terminals as desired, for example, limited numbers or
`types of users in limited numbers or types of machines,
`unlimited users in limited machines,
`limited users in
`unlimited machines, or unlimited users in unlimited
`machines. The different types of access can be imple-
`mented by storing key numbers in the card for identify-
`ing authorized users and/or machines, and/or key num-
`bers in the terminal operations microprocessor for iden-
`tifying authorized users. The user cards can also be
`configured at the time of issuance for limits to the
`amounts and types of individual transactions, and tem-
`porary or permanent locking upon detection of an unau-
`thorized user or card. Another system feature is the
`storing of a history of transactions executed by the card,
`and the recomputing of the remaining balance upon
`each transaction request, in order to save card memory
`space. A separate transaction printer may be used to
`obtain a printout of the card’s transaction history.
`The postage metering terminals according to the
`invention are also provided with means for allowing a
`post office or carrier to authenticate the postage marks
`or waybills that are printed. In one embodiment, the
`terminal printer prints within or under the postmark a
`coded number or sequence of marks corresponding to
`an element of the postmark, such as the amount of post-
`age,
`the terminal
`identification number, and/or the
`sender’s zip code. The marks may be disguised or made
`
`CHASE EX. 1014 - p. 14/23
`
`CHASE EX. 1014 - p. 14/23
`
`

`

`5
`invisible by printing with a magnetically or optically
`readable ink to deter tampering or unauthorized simula-
`tion. They may then be machine-read by the post office
`or private carrier company to determine whether the
`printed postmark was printed by an authorized printer,
`and at the same time provide an audit trail to the sender.
`In accordance with a further application of the inven-
`tion, an integrated system of microprocessor cards and
`terminals provides transaction facilities which permit
`widespread use and convenient access to users. The
`authorized amount of the user card may be initially
`validated or refilled from a master refilling card, which
`has a larger authorized amount, preferably in conjunc-
`tion with a supervisor card issued under strict distribu-
`tion control. A refilling terminal is provided with three
`insertion slots for the three cards, and has an operations
`program to check the identity of the master refilling
`card and the user card to determine if they are valid for
`use in the refilling terminal. Upon clearance, the secure
`handshake recognition procedure must be successfully
`executed between the microprocessors of the supervisor
`and master cards in order to permit a debit to the master
`card of the refill amount and a credit to the user card. If
`the user card is a new card, a validation procedure and
`the selection and storing of a user PIN are executed.
`The card automated transaction system of the inven-
`tion has broad applicability to many other types of
`purchase or credit transactions besides postal services
`and products. For example, it can also be used for credit
`card transactions,
`inventory control, bills of lading,
`automated cash machines, or virtually any other type of
`transaction in which a user account must be securely
`debited through an automated terminal in exchange for
`an article or item of value. The invention is especially
`advantageous in off-line transactions in which distrib-
`uted terminals not under strict access controls are used.
`The above principles, advantages, and features of the
`invention are described in further detail below in con-
`junctiOn with the following drawings.
`BRIEF DESCRIPTION OF DRAWINGS
`
`FIG. 1 illustrates schematically a preferred embodi-
`ment of an automated postal transaction terminal using
`a microprocessor card in accordance with the inven—
`tion;
`FIG. 2a shows a structure in the embodiment of FIG.
`1 for executing a secure handshake recognition proce-
`dure between the microprocessor card and a value dis-
`pensing section of the terminal, and FIG. 2b outlines the
`handshake sequence;
`FIG. 3 illustrates the multiple levels of security pro-
`vided by the system of FIG. 1;
`FIG. 4 shows another embodiment of the postal
`transaction terminal and an optional scale of the inven-
`tion which receives a rate card for automatically com-
`puting postal amounts;
`FIG. 5 is a flow diagram of the operation of the termi-
`nal of FIG. 4;
`FIG. 60 shows the use of coded marks for authentica-
`tion of a postmark printed by a postal transaction termi-
`nal, and FIG. 6b shows one exemplary form of authenti-
`cation coding;
`FIG. 7 illustrates schematically a preferred embodi-
`ment of an automated waybill printing terminal and an
`optional scale using a microprocessor card and a special
`services card in accordance with the invention;
`FIG. 8 is a flow diagram of the operation of the termi-
`nal of FIG. 7;
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`45
`
`50
`
`55
`
`65
`
`4,864,618
`
`6
`FIG. 9 illustrates a standard form of waybill and
`cursor prompts for filling in its information fields;
`FIG. 10 illustrates schematically a preferred embodi-
`ment of an automated refilling terminal using a micro-
`processor card, a master card, and a supervisor card in
`accordance with the invention;
`FIG. 11 is a flow diagram of the operation of the
`terminal of FIG. 10; and
`FIG. 12 shows the integrated system of microproces-
`sor cards, memory cards, and terminals of the invention.
`
`DETAILED DESCRIPTION OF INVENTION
`
`In accordance with the basic principles of the inven-
`tion, an automated transaction system employs a micro-
`processor card in an automated transaction terminal.
`Various types of microprocessor cards are available
`commercially, and the technology of manufacturing
`such cards and using them in terminal devices is well
`understood. As an example, Micro Card Technologies
`Inc. of Dallas, Texas, makes the Micro Card Mask M4
`card which is a standard (ISO) size, similar to a credit
`card, having an 8-bit microprocessor, 8 contact pinout,
`9600 bps asynchronous serial exchange protocol, 12.8
`Kbits of Read-Only Memory (ROM), 288 bits of Ran-
`dom Access Memory (RAM), and 8 Kbits of Erasable/-
`Programmable ROM (EPROM). An array of electrical
`contacts provided in one section of the card connects
`with the corresponding contacts in the terminal
`to
`allow the card microprocessor to communicate data
`with the terminal. It is of course understood that other
`types of data communicating connections can be used,
`such as, for example, by magnetic induction.
`The conventional microprocessor card as used in the
`present invention operates by executing an internally
`stored program (firmware) which cannot be accessed
`from the outside. The firmware may be written in ran-
`domized form to secure it against tampering from the
`outside. An electrically programmable (EPROM) mem-
`ory portion associated with the microprocessor of the
`card is generally divided into three zones: a secret zone
`which can only be accessed internally; a protected
`read/write zone which can only be accessed after a key
`number or PIN has been confirmed, and a free-reading
`zone. The card is used in a terminal for performing
`desired functions in accordance with the rules, proce-
`dures, and data stored in or executed by the card and
`the terminal.
`v
`When conventional microprocessor cards are issued
`to individual users, a validation procedure is executed
`on a validating terminal. The procedure generally re-
`quires the issuer to enter the correct manufacturers’
`serial number of the card in order to confirm that the
`card is authorized. A PIN is then assigned to or selected
`by the cardholder and stored in the secret zone. More-
`over, a secret key number unique to the issuer, which
`may be common to a class or chronological series of
`cardholders, may also be stored in the secret zone. In
`some card systems, the, secret key is used as an argument
`of an encryption algorithm to send an encrypted word
`to the terminal for verification. If the word can be de-
`coded by the terminal to derive the secret key, the card
`is presumed to be authentic. Upon completion of the
`validation procedure, the card MPU irreversibly alters
`its program so that no further words can be written in
`the secret memory zone. Thereafter, upon using the
`card, a user must enter the correct PIN in order to
`confirm that the card is being used by its authorized
`user. Conventional microprocessor cards also have the
`
`CHASE EX. 1014 - p. 15/23
`
`CHASE EX. 1014 - p. 15/23
`
`

`

`4,864,618
`
`7
`feature of temporarily or permanently locking the card
`from use if a succession of incorrect PIN entries on a
`terminal is detected.
`At the time of issuance, an amount in monetary or
`other units is validated for the card being issued. In
`conventional cards, the amount is permanently written
`in one of a plurality of transaction sectors in the pro-
`tected memory zone. Each time the card is to be “filled”
`with a new amount, one of the sectors is unlocked and
`written with a new amount by the issuer. Thus, a limited
`authorized amount can be written each time, and the
`card is then refilled a number of times before its mem-
`ory space is used up. This is a security feature to mini-
`mize monetary loss in case the card is lost or stolen. The
`authorized amount is decremented with each transac-
`tion and a new balance is written until the balance is
`used up. Although any amount or balance can be writ-
`ten into the card’s transaction memory, as a further
`security feature the card may prevent a balance being
`written which exceeds a predetermined limit or a previ-
`ously written balance.
`A card automated transaction system incorporating
`the particular features of the invention will now be
`described. It should be understood that although partic-
`ular embodiments are described, the invention is not
`limited to such embodiments, but encompasses all modi-
`fications and variations which use the principles of the
`invention. For purposes of this description, the transac-
`tion terminal is selected to be a postage metering termi—
`nal for printing a postmark on a label, envelope, or
`waybill for articles to be mailed or shipped. However, it
`should be understood that the general principles of the
`invention have broad applicability to any type of trans-
`action terminal in which a microprocessor card may be
`used. For example, the terminal may also be a cash or
`article dispensing machine or a printer which prints
`validation marks, coupons, receipts, tickets, inventory
`documents, etc.
`. Postage Metering Terminal
`Referring to FIG. 1, a microprocessor card 10, as
`previously described, is adapted to be inserted in a card
`insertion slot 11 of an automated transaction terminal
`20. The card 10 has a contact section 12 supporting a
`number of contacts 13 connected to the pinout leads of
`an IC chip including a microprocessor unit (card MPU)
`60 laminated beneath a protective layer of the card
`contact section 12. The contacts 13 are mated with
`corresponding contacts 23 of a terminal contact section
`22 upon insertion of the card 10 into the slot 11 in the
`direction indicated by arrow A. As the card is inserted,
`its leading edge abuts a part of the terminal contact
`section 22 which is moved in the same direction, indi-
`cated by arrow B, so as to merge in operative electrical
`contact with the card contact section 12. A trip switch
`22a is provided at the base of slot 11, and triggers a start
`signal to an operations microprocessor (terminal MPU)
`30 when the card has been fully inserted in position in
`the slot.
`The card MPU 60 executes an internally stored (firm-
`ware) program to check whether a requested transac-
`tion is authorized and, prior to debiting the card ac-
`count balance, to perform a secure handshake recogni-
`tion procedure (described further below) with a micro-
`processor in the terminal. Although the handshake pro-
`cedure can be performed with an operations micro-
`processor for the terminal, or one remote to the termi-
`nal, it is preferred in the invention that the procedure be
`performed with a secure micrOprocessor embedded in
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`65
`
`8
`the actual value dispensing section of the terminal. The
`value dispensing section is a separate element in the
`terminal, and its microprocessor is made physically
`secure, such as by embedding it in epoxy, so that any
`attempt to tamper with it would result in rendering the
`value dispensing section inoperative. For the postal
`transaction terminal of the invention, the microproces-
`sor is embedded in the printer unit which prints the
`postmark.
`The terminal contacts 23 are connected with the
`functional parts of the terminal, including a Clock syn-
`chronizing connection 24, a Reset connection 25, and
`operational voltage Vcc connection 26, and Input/Out-
`put (I/O) port 27, and EPROM-writing voltage Vpp
`connection 28, and a ground connection 29. The termi-
`nal MPU 30 controls the interface with the card and the
`operation of the various parts of the terminal, including
`a keyboard 31, a display 32, such as an LCD, and a
`postmark printer 40, which is the value dispensing sec-
`tion of the terminal. A power source V0 is provided by
`a battery and/or an external AC or DC line to power
`the various parts of the terminal.
`The printer 40 has a microprocessor unit (printer
`MPU) 41 which individually and uniquely controls the
`operation of a print head 42, such as an electrothermic
`or impact print head. The MPU 41 executes an internal
`program (firmware), like the card microprocessor, so
`that it cannot be tampered with from the outside. The
`print