PCT
`
`International Bureau
`WORLD INTELLECTUAL PROPERTY ORGANIZATION
`
`
`
`INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT)
`
`(51) International Patent Classification 3 :
`
`
`
`
`
`G07F 7/10
`
`
`
`
` (11) International Publication Number:
`
`
`W0 83/ 03018
`A1
`(43) International Publication Date: 1 September 1983 (01.09.83)
`
`(21) International Application Number:
`
`PCT/SE83/00062
`
`24 February 1983 (24.02.83)
`
`(81) Designated States: AT (European patent), AU, BE (Eu-
`ropean patent), CH (European patent), DE (Euro-
`pean patent), DK, FI, FR (European patent), GB
`(European patent), JP, LU (European patent), NL
`(European patent), NO, SE (European patent).
`
`
`
`
` (22) International Filing Date:
` (31) Priority Application Number:
`
` 411/82
`(32) Priority Date:
`
`With international search report.
`25 February 1982 (25.02.82) Published
`
`
`(33) Priority Country:
`IE
`
`
`SON [SE/SE]; S-126 25 Stockholm (SE).
`(71) Applicant: TELEFONAKTIEBOLAGET L M ERICS-
`
`
`
`
`(72) Inventors: CREMIN, Patrick, Victor ; 43 Kilgobbin
`Heights, Stepaside, County Dublin (IE). CARROLL,
`Patrick, Gerard ; Richardstown House, Kildan'gin,
`Monasterevin, Co. Kildare (IE).
`
`
`
`(74) Agents: GAMSTORP, Bengt et al.; Telefonaktiebolaget
`L M Ericsson, S-126 25 Sotckholm (SE).
`
`
`
`
`
`
`
`
`(54) Title: A PORTABLE DEVICE FOR STORING AND TRANSFERRING DATA
`
`(57) Abstract
`
`1 .
`
`HlCRO BANK
`
`A portable device for storing and transferring
`funds for use in a funds transfer system. Each portable
`device (1) is card—like and comprises a memory means (7)
`for storing a monetary balance, and a plurality of ident-
`ifying characteristics of the user. Micro-computer means
`(10) in the card (1) update the balance after funds trans-
`
`fer, and randomly select some of the identifying charac-
`
`teristics to query the user. The users response is compared
`with the stored characteristics. Ultra-sonic coupling
`means (40) in the card permits coupling to another card
`(1) through a coupling terminal (2). A keyboard (30) and
`a digital display (28) permit inspection of the balance.
`The micro-computer (10) date and time stamps each
`transaction.
`
`.
`
`'
`
`~r
`
`26
`
`‘
`
`at
`
`L '
`
`35
`
`m
`
`'. n m l
`\ I
`I m 4/}
`W ’
`1
`
`"9
`
`36
`
`3‘5
`
`~58 ULYnAboulL
`univzn DDDDDDDD-
`IITLINAL rout!
`
`4 3 /
`
`‘unisronnlfl
`count 1: 1°
`
`AMEX 1003 - Page 1 of41
`
`
`
`AMEX 1003 - Page 1 of 41
`
`

`

`FOR HE PURPOSES OFHVFORMAHON ONLY
`
`Codes used to identify States party to the PCT on the front pages ofpamphlets publishing international ap-
`plimtions under the PCT.
`
`United States of America
`
`Austria
`Australia
`Belgium
`Brazil
`Central African Republic
`Congo
`Switzerland
`Cameroon
`Germany. Federal Republic of
`Denmark
`Finland
`France
`Gabon
`United Kingdom
`Hungary
`Japan
`Democratic People’s Republic of Korea
`
`AT
`. AU
`BE
`BR
`CF
`CG
`CH
`CM
`DE
`DK
`FI
`FR
`GA
`GB
`HU
`JP
`KP
`
`Liechtenstein
`Sri Lanka
`Luxembourg
`Monaco
`Madagascar
`Mauritania
`Malawi
`Netherlands
`Norway
`Romania
`Sweden
`Senegal
`Soviet Union
`Chad
`Togo
`
`AMEX 1003 - Page 2 of41
`
`‘u
`
`at
`
`AMEX 1003 - Page 2 of 41
`
`

`

`WO 83/03018
`
`PCT/SEB3/00062
`
`A PORTABLE DEVICE FOR STORING AND TRANSFERRING DATA
`
`The present invention relates to a portable device for storing and transferring
`data, the device being of. the type comprising memory means for storing the
`data and an identifying characteristic to prevent unauthorised use of
`the
`
`device, coupling means for coupling the device to an external terminal or other
`device for transferring data, micro-computer means to update the data in the
`
`device after data transfer, means to compare an identifying characteristic
`
`entered by the user with the identifying characteristic stored in the memory
`
`means, and clock means to drive the micro-computer.
`
`Such devices are well known, and generally are in the form of a substantially
`
`10
`
`flat pocket sized card. A monetary balance or any other data may be stored in
`the device, and transferred to another device. A coupling terminal is normally
`providedfor routing the data being transferred and the two portable devices
`between which a transaction is to be made are connected into the coupling
`
`terminal. US. Patent Specifications Nos. 4,211,919, 4,102,493, 4,092,524,
`
`15
`
`4,007,355, 4,001,550 and 3,971,916 describe such devices and terminals.
`
`Unfortunately, these known devices suffer from various disadvantages, parti—
`cularly, in the field of security,both of the device and the information stored
`therein, and during transfer of the data. Furthermore, due to the fact that most
`devices need to be connected on line-or into a computer, they lack versatility.
`
`20
`
`25
`
`In particular, where security is concerned, none of the known devices are secure
`against unauthorised use. Most rely on the use of a personal
`identification
`number stored in the memory of the card, and once the correct personal
`
`identification number is proveded by the user, the card is enabled to carry out a
`
`transaction. Unfortunately, with the use of personal
`
`identification numbers,
`
`there is a limit to the security that can be provided. For example, 'in four digit
`personal identification number, which is the more common length of number,
`there are only 9,999 combinations available. Accordingly, with modern high
`powered computers,
`it
`is
`relatively easy to discover
`the correct personal
`
`identification number stored in any particular card.
`
`7)
`
`AMEX 1003 - Page 3 of41
`
`
`
`AMEX 1003 - Page 3 of 41
`
`

`

`W0 83/030 18
`
`PCT/SE83/00062
`
`Z
`
`V}U
`
`Secondly, where data is transferred from a card, it is relatively easy to tap into
`
`the line transferring the data and record the transaction. Accordingly,
`
`the
`
`transaction may be replayed an unlimited number of times, and thus in the case
`
`of funds transfer, an amount of money may be fraudulently transferred an
`
`unlimited number of times.
`
`Additionally, it is difficult to encode data being transferred in such a way that
`
`the code cannot be relatively easily broken by unauthorised people tapping into
`
`the transfer line. Attempts have been made to overcome these problems.
`
`However, so far, none of these attempts have been totally satisfactory.
`
`Accordingly, it is an object of the invention to provide a portable data storage
`
`and transfer device and associated terminal which ensures that the portable
`
`device is relatively secure against unauthorised use. It is also an object of the
`
`invention to provide a device which will prevent the fraudulent transfer of data
`
`by replaying a transaction an unlimited number of times. Furthermore, it is an
`
`object of the invention to provide a portable device which permits the data
`
`being transferred to be encoded, so that it is virtually impossible for an
`
`unauthorised person to decode the data. It is a further object of the invention to
`
`provide a portable device which can store and transfer data without being
`
`Connected on—line to a computer, and which is particularly suitable for storing
`
`and transferring monetary amounts.
`
`The invention achieves these objects and overcomes the problems of prior art
`devices by virtue of the fact that the memory means in the portable device
`
`stores a plurality of identifying characteristics and the micro-computer means
`selects at least one of the identifying characteristics and queries the user on
`
`the selected characteristics prior to data transfer.
`
`The advantage of the invention is ,that it provides a device which is relatively
`
`secure against fraudulent use. This is because the invention permits a user of
`
`the device to be queried on one or more of a number of identifying charac-
`
`teristics, and this has the further advantage that the number of characteristics
`
`on which the user is queried, may be increased or decreased, depending on, for
`
`example, the type of data being transferred. If the data being transferred is of
`
`relatively limited value and/or importance, only one or a few characteristics
`
`may be selected. However, if the data is important, or of a high value,
`
`10
`
`15
`
`20
`
`25
`
`30
`
`AMEX 1003 - Page 4 of41
`
`
`
`AMEX 1003 - Page 4 of 41
`
`

`

`WO 83/03018
`
`l’CT/SE83/00062
`
`3
`
`then many more characteristics may be selected. For example, in the case of a
`user making a small purchase, he may be queried on only one characteristic,
`therebyhaving the advantage of saving time, for example, at a checkout in a
`store. While on the other hand, if he is making a large purchase, many more
`
`Characteristics may be selected.
`
`the micro—computer means randomly selects one or more of the
`Preferably,
`identifying characteristics. The advantage of this feature of the invention is
`that it makes it more difficult for fraudulent use of the card.
`
`In one embodiment of the invention, the number of identifying characteristics
`
`10
`
`selected by the micro-computer means
`
`is dependent on the data to be
`
`transferred.
`
`The advantage of this feature of the invention is that it permits relatively small
`and unimportant transactions to be carried out quicker than larger or more
`important transactions, thereby adding to the speed at which transactions may
`be carried out.
`
`'15
`
`Advantageously, at least one of the identifying characteristics is variable with
`time.
`
`The advantage of this feature of the invention is that it-makes it more difficult
`
`for the card to be used fraudulently.
`
`20
`
`Preferably, at least some of the identifying characteristics are characteristics
`of the user, and at least one of the variable identifying characteristics is the
`
`users 898.7
`
`The advantage of this feature of the invention is that because the charac-
`
`teristics relate to the user, they are relatively easily remembered.
`
`25
`
`In another embodiment of the invention, the micro—computer means comprises
`
`means to. date stamp each data transfer to make it a unique transaction. The
`advantage of
`this feature Of
`the invention is
`that
`it ensures that each
`transaction is a unique transaction and therefore, if repeated will be rejected
`
`because the date or time will be incorrect.
`
`
`
`AMEX 1003 - Page 5 of41
`
`AMEX 1003 - Page 5 of 41
`
`

`

`WO 83/03018
`
`PCT/SE83/00062
`
`4
`
`w _
`
`In another embodiment of the invention, the computer means comprises means
`
`to update the data in the memory means at certain pre-determinad times.
`
`The advantage of this feature of the invention is that it permits the data in the
`
`card to be updated .by other pre-determined data at predetermined times. A
`particular advantage of this feature of the invention is that when the device is
`
`=
`.
`
`used for the storage and transfer of monetary amounts, the balance in the card
`
`may be increased or decreased by cerain pre-determined amounts at certain
`
`pre-determined times, for example, where standing orders or the like are to be
`
`transferred.
`
`In a further embodiment of the invention the data stored in the memory means
`
`is a monetary balance.
`
`The advantage of this feature of the invention is that it permits the device to
`
`be used in a funds transfer system.
`
`The present
`
`invention will be more clearly understood from the following
`
`description of some preferred embodiments thereof, given by way of example
`
`only, with reference to the accompanying drawings, in which:
`
`Fig. l is a perspective view of a portable device accordingto the invention,
`
`Fig. 2 is a circuit diagram of the device of Fig. 1,
`
`Fig. 3 is a perspective view from one side of a coupling terminal, also according
`
`to the invention, for use with the portable device of Fig. 1,
`
`Fig. 4 is a plan view of the coupling terminal of Fig. 3,
`
`Fig. 5 is a circuit diagram of the coupling terminal of Fig. 3,
`
`Fig. 6 is a flow diagram illustrating the operations carried out by the terminal
`
`of Fig. 3,
`
`-
`
`.,n)
`
`Fig.7 is a circuit diagram of a coupling terminal according to another
`
`embodiment of the invention,
`
`10
`
`15
`
`20
`
`25
`
` AMEX 1003 - Page 6 of41
`
`AMEX 1003 - Page 6 of 41
`
`

`

`W0 83/03018
`
`PCT/SE83/00062
`
`..5
`
`5
`
`Fig. 8 is a flow diagram for the coupling terminal of Fig. 7,
`I:
`
`Fig. 9 is a circuit diagram of a terminal according to a further embodiment of
`the invention,
`
`Fig. 10 is a flow diagram for the terminal of Fig. 9,
`
`5 Fig. 11 is a circuit diagram of a coupling terminal according to a still further
`
`embodiment of the invention,
`
`Fig. 12 is a flow diagram for the terminal of Fig. 11,
`
`Fig. 13 is a circuit diagram of a coupling terminal according to a still further
`
`embodiment of the invention,
`
`10 and
`
`Fig. 14 is a flow diagram for the terminal of Fig. 13.
`
`Referring to the drawings, and initially to Figs. 1 to 5, there is illustrated a
`
`portable device according to the invention for storing and transferring‘data
`
`according to the invention,
`
`in this case, for use in storing and transferring
`
`15 monetary funds. The device is indicated generally by the reference numeral].
`
`and is substantially card-shaped, suitable for carrying around in a person's
`
`pocket, as for example a pocket calculator. The outer dimensions of the device
`
`hereinafter referred to as the card 1 are as follows:
`
`Length
`
`20
`
`Width
`
`90 mm
`
`50 mm
`
`Thickness
`
`13 mm
`
`The card 1 is used in a funds transfer system and each person, organization or
`
`the like participating in the system, has a card 1. For example, each person has
`
`a consumer card into which his wages and/or other funds are transferred, and
`
`25 from which he may transfer funds to make purchases. Each trader, for example,
`
`has a traders card, which receives funds from the consumers card at the
`
`AMEX 1003 - Page 7 of41
`
`AMEX 1003 - Page 7 of 41
`
`

`

`W0 83/03018
`
`PCT/SE83/00062
`
`6
`
`consumers card at the point of sale. The trader may also have a separate card
`
`from which wages are paid. All cards are substantially similar and minor
`
`differences between consumer cards, traders card and organizations card and
`
`the like are described in more detail below.
`
`A coupling terminal 2 also according to the invention through which funds are
`
`transferred between the two cards 1 is also ptovided. Device receiving slots, in
`
`this case card—receiving slots 3 and 4 in the terminal accommodate two cards
`
`between which funds are to be transferred. Each trader and organization and
`
`the like, where funds are to be transferred has a coupling terminal. The
`
`terminals are substantially similar to each other with only minor variations.
`
`Such variations are merely to adapt the terminals to the specific type of funds
`transfer they are used for, and are described in more detail below.
`
`For simplicity and ease of understanding the invention,
`
`the consumer card
`
`illustrated in Figs. 1 and 2 is initially described in detail and the remaining
`
`cards are then briefly discussed. After describing the cards, a coupling
`
`terminal, for use by a trader at the point of sale is described in detail, and then
`
`the remaining coupling terminals are briefly described.
`
`CONSUMER CARD
`
`Referring now to Figs. 1 and 2, the consumer card 1 comprises a housing 5 of
`
`plastics material. A memory means in this case a 4K battery powered CMOS
`
`RAM memory7 is mounted in the housing 5. The memory? comprises a
`
`plurality of memory positions which are not illustrated. These positions store
`
`the following data:
`
`a.
`
`b.
`
`c.
`
`The monetary balance in the card.
`
`A serial number of the card.
`
`An authenticating code which is common to and recognisable. by all
`
`other cards used in the system. This code ensures that spurious cards
`
`cannot be used.
`
`‘5“
`
`M)L
`
`d.
`
`A plurality of static identifying characteristics of the card holder, in this
`
`case, for example, a personal identification number, specific identifying
`
`characteristics of the card holder, such as the colour of the holders eyes,
`
`the colour of his hair, height,weight and the like.
`
`
`
`AMEX 1003 - Page 8 of4’l
`
`10
`
`15
`
`20'
`
`25
`
`30
`
`AMEX 1003 - Page 8 of 41
`
`

`

`W0 83/033018
`
`PCT/SE83/00062
`
`(9)
`
`7
`e. Variable identifying characteristics of
`u
`
`his age.
`
`the card holder,
`
`for example
`
`f.
`
`g.
`
`The card holders dynamics signature, which is stored digitally.
`
`The expiry date of the card.
`
`it is envisaged that the card will store up to twenty identifying characteristics,
`
`both static and variable.
`
`A micro—computer means in this case a single chip micro-computer 10 sold
`
`under the Trade Name Sharpe Type 5M3 is mounted in the housing 5 and drives
`
`the card 1. The computeré comprises a central processing unit 12 which
`
`10
`
`manages the operations of the card. A ROM 11 having a capacity of at least 2K
`
`bytes is linked to the central processing unit 12, and contains stored programs
`to direct the operation of the computer 6. A RAM 14 is also linked to the
`
`central processing unit 12. The central processing unit 12 is linked to the
`memory 7 and randomly selects personal identifying characteristics from the
`memory to query the card holder prior
`to a transaction to establish teh
`
`authenticity of the card and the holder. A program in the ROM 11 programmes
`the central processing unit 12 to query the” card holder on varying numbers of
`personal identifying characteristics depending on the size of the transaction to
`be entered into.
`In cases of particularly large transactions,
`the central
`
`processing unit 12 requests the card holders dynamic signature. This is de-
`scribed in detail below. Means to compare a card holders response with the
`queried characteristics is provided by a programme stored in the ROM. The
`comparision is carried out in the central processing unit 12.
`
`A clock generator 15 with a speed of 32.687 KHz controls the central
`processing unit 12. The clock speed is kept as low as possible to reduce the
`power consumption of the card 1. The central processing unit 12 is connected to
`an I/O driver 16.
`
`15
`
`20
`
`25
`
`A security means, in this case a security chip 20, is mounted in the card 1 and-
`linked to the micro~computer 6. The micro chip 20 encodes and decodes data
`
`30
`
`being transferred to and from the cardl by a public key'and secret key
`
`encription technique. Such technique is described in detail by Rivest, Shamin
`and Adleman in an article entitled "A method for obtaining digital signatures
`
`and public key crypto—systems" published in Communications of ACM,
`
`
`
`AMEX 1003 - Page 9 of41
`
`AMEX 1003 - Page 9 of 41
`
`

`

`WO 83/03018
`
`PCT/SE83/00062
`
`n”
`
`((97
`
`1,133 Avenue of the Americas, New York N.Y. 10036, February 1978 at Pages
`
`120 to 126.
`
`8
`
`The security chip 20 comprises a 1K RAM 22 in which the public and secret
`
`keys of the card holder are stored inaccessibly. Each key is a 150 digit number.
`
`A ROM 23 having a stored programme directs the encription and decription
`
`computations, which are carried out in a central processing unit 24. The central
`
`processing unit 24 is linked to a RAM 22 and the ROM 23. An I/O driver 25 and a
`
`clock generator 26 are linked to, and control the central processing unit 24.
`
`For security, all data stored in the memory 7 with the exception of the balance
`
`1O
`
`and a personal identification number of the card holder is stored in encripted
`
`form. Accordingly, on being entered into the memory 7 this data is first
`
`encripted by the security chip 2!]. Furthermore, when personal identifying data
`
`is entered into the computer 10 of the card 1, this is first encripted by the
`
`security chip 20 prior to being compared with the stored data in the memory 7.
`
`15
`
`The two encripted forms of
`
`this data are then compared in the micro-
`
`computer 10.
`
`A-crystal 21 linked. to the micro-computer 710 synchroneses the operation of the
`
`computer 10.
`
`A digital display, in this case provided by an eight digit, seven segment liquid
`
`crystal display 10 is mounted in the housing 5 to permit the balance in the
`
`memory 7 to be displayed on request. The display 28 is linked to the micro-
`
`computer 10.
`
`A keyboard 30 in the housing 5 and linked to the microcomputer 10 permits
`
`instructions and data to be entered into the card. The keyboard 30 comprises
`
`ten alphanumerical keys 31, namely keys 0 to 9. Two instruction keys are also
`
`provided on the keyboard 30 namely, an instruction key 32 to instruct the card
`
`to display the balance on the display 28, a command key 33 which initiates
`
`funds transfer between two cards. When the card 1 is
`
`in a terminal,
`
`the
`
`'li
`
`rm;
`
`command key 33 is inoperable but the funds transfer command key 33 is used to
`
`initiate funds transfer, as described below. When the card is in a terminal, the
`
`commands are entered into the card by the keyboards on the terminal.
`
`20
`
`25
`
`3D
`
` AMEX 1003 - Page 10 of41
`
`AMEX 1003 - Page 10 of 41
`
`

`

`W0 @3/03018
`
`(ll
`
`PCT/SE83/00062
`
`A battery 37 in this case, a rechargable nickel cadmium battery mounted in the
`
`card 1 powers the card through the powerconnections 38.
`
`.
`
`9
`
`Coupling means for the transfer of data between two cards through a terminal,
`is provided by an ultra—sonic coupling device 40. The ultra-sonic coupling
`device 40 is connected to the micro-computer 10 and in use, co-operates with a
`
`corresponding ultra-sonic coupling device mounted in one of the slots 3 or 4 of
`the terminal 2. The coupling means also includes a transformer powered coil 42
`for the transfer of power from a terminal 2 to charge the battery during a
`transaction and also to provide additional power as required to the various
`
`10
`
`components on the card during a transaction. The coupling coil 42 co-operates
`with a corresponding coil in one of the slots 3 or 4 in the terminal. The ultra-
`sonic coupling device 40 and the coupling coil 42 are both mounted internally in
`the card at 43, see Fig. 1. All the components in the card just described are
`inter-connected on a printed circuit board (not shown) and are encased in an
`
`15
`
`epoxy resin to prevent tampering.
`
`Other cards are provided for use in the system, for example, a card for a trader
`for use at the point of sale to receive funds from consumer cards. An official
`bank card is also provided for the banks to store funds for transfer to consumers
`cards on request. Wages payment cards are also provided. Wages payment cards
`store wages and the. value of the wage to be transferred to each employee.
`These additional cards are similar to the consumer cards just described with the
`
`exception that they each have a larger memory to store many transactions, and
`to store a black list of invalid cards. The black list is updated on an ongoing
`
`basis where the card is in a terminal which is connected on line to a central
`
`computer containing the information, or alternatively where the card is not
`connected on line, the list would be updated by a bank each time a withdrawal
`
`20
`
`25
`
`or a lodgement was being made.
`
`COUPLING TERMINAL
`
`Figs. 3 to 5 illustrate the coupling terminal 2 for coupling two cards for the
`transfer of funds between each card. In this case, the coupling terminal 2 is a
`
`30
`
`point of sales terminal and is used in a shop or store where customers puchase
`items and pay for them with their concumer card 1. The terminal 2 is in two
`
`
`
`AMEX 1003 - Page 11 of41
`
`AMEX 1003 - Page 11 of 41
`
`

`

`M
`
`yW”
`
`WO 83/03018
`
`PCT/SE83/00062
`
`1U
`
`portions, a consumer portion 39 and a traders portion 41 connected by cables
`
`44. The consumer card receiving slot 3 is provided in the portion 39 and the
`
`traders card receiving slot 4 is in the portion 41. A third card receiving slot 46
`
`in the portion 41 receives a back-up card which is a duplicate of the traders
`
`card. All transactions recorded on the traders card are duplicated on the back-
`
`up card in the event of loss or damage to the traders card.
`
`The slot 46 houses the back-up card in a portion of the terminal, which is
`
`accessible only by a bank.
`
`Two digital displays are provided, one on each portion 39 and 41, namely, a
`
`1D
`
`display 47 for the consumer and display 48 for the trader. Both displays 47 and
`
`48 are single line displays with forty upper-case alpha numerical characters.
`
`Key boards 50 ,and 51 for
`
`the consumer and the trader respectively are
`
`provided. The consumers keyboard 50 comprises ten alpha numerical keys 54, a
`
`command key 55 to cancel an entry, and a data enter key 56 to enter data into
`
`the terminal. The traders keyboard 51 also comprises ten alpha numerical
`keys 58 (U to 9), and a decimal point key 59. Five-command keys as follows are
`
`also provided on the traders keyboard 51:
`
`60 - a cancel entry key
`
`61 - a data enter key
`
`62 - a display day total key for commanding the terminal to display the
`total of the days transactions on the display 48 7
`
`63 - a display card total key for commanding the card total to be displayed
`
`64 - an end transaction key to terminate a transaction.
`
`15
`
`20
`
`Referring now to Fig. 5 a micro-computer 65 is connected to the display 47
`and 48, the keyboards 50 and 51 and the card receiving slots 2, 3 and 46 is
`
`25
`
`provided in the terminal 2. The computer 65 routes data between the cards in
`
`the terminal, the keyboards 50, and 51 and the displays 47 and 48. The micro-
`
`computer 65 comprises a micro-processor 67 to control the operations of the
`
`terminal, a ROM 68 to store the control program and other permanent data, and
`
`3U
`
`a RAM 69 to store temporary data and to input/output interface to control the
`
`«0,1
`
`terminal peripherals.
`
`Provision for an on-line link to a bank computer via a telephone line is provided
`
`in the micro-computer 65 and is illustrated by the broken line 70.
`
`h
`
`AMEX 1003 - Page 12 of41
`
`
`
`AMEX 1003 - Page 12 of 41
`
`

`

`WO 83/03018
`
`PCT/SEB3/00062
`
`11
`A power supply unit 73 powered by the AC mains and a stand-by battery 74
`.drives the terminal 2 through a key switch 75. The key switch 75 is a three«»
`position switch having an/off mode 76, a transaction mode 77 in which the
`terminal is activated for a transaCtion and a test mode 78 as can be seen in
`
`Fig.5.
`
`'In the test mode,
`
`the terminal carries out a self-test on all
`
`its
`
`components. This is controlled by the computer 65.
`
`Transformer power coils (not shown) and ultra-sonic receivers and transmitters
`(also not shown) are provided in the consumer and traders card slots 3 and 4
`
`respectively to facilitate transformer power coupling and ultra-sonic coupling
`between the cards and the slots. Both the power coils and ultra-sonic receivers
`and transmitters are connected to the computer 65. Such couplings will be well
`
`known to those skilled in the art and it is not intended to describe them in
`
`further detail. As already described, when a card is entered in a respective slot, ,
`
`power is delivered through the transformer power coupling coil to charge the
`battery of the card and also to provide additional power to the card during
`transfer of the data between cards and in particular during the encription
`
`operation.
`
`The data is then transferred through the ultra-sonic coupling
`
`receivers and transmitters.
`
`An electronic pressure pad 79 to electronically monitor a dynamic signature is
`linked to the portion 39 of the terminal 2, and connected into the computer 65
`to permit
`the dynamic signature of
`the card holder
`to be read into the
`computer 65 for further transfer into the consumers card for comparision with
`the dynamic signature stored in the memory 7 of the card and/or for signing a
`transaction. Such electronic‘ pressure pads will be well known to those skilled in
`
`1D
`
`15
`
`20
`
`25
`
`the art.
`
`In use, when a card holder desires to check the balance in the memory 7 of his
`card, he enters his personal
`identification number by means of
`the alpha
`numerical keys 31 on the keyboard 30 and uses the balance key 32. The micro-
`
`30
`
`computer 10 compares the entered number with that in the memory 7. If both
`compare the balance is displayed on the display 28. Because no encription or
`decription of the personal identification number or the balance is required, only
`a small amount of power is required which is supplied by the battery 37.
`
`
`
`AMEX 1003 - Page 13 of41
`
`AMEX 1003 - Page 13 of 41
`
`

`

`WO 83/03018
`
`PCT/SE83/00062
`
`Referring now to Fig. 6, when it1is desired to transfer funds from the consumers
`card].
`to a traders card,
`the traders card is inserted in the sloth of the
`
`2
`
`terminal 2. Normally, this would be inserted in the morning prior to the days
`transactions and left there for the day. Prior to any transaction taking place,
`
`5
`
`the trader authenticates his card. The flow chart of Fig. 6 illustrates the steps
`carried out
`in authenticating the card.
`Firstly, on insertion the card on
`
`3
`:
`
`(m
`
`command from the terminal does a self—test. The micro—computer 10 in the
`
`traders card, randomly selects personal identification characteristics in the
`
`memory 7 of the card and queries the trader through the traders display 48 on
`
`10
`
`the terminal 2. The trader keys in the relevant responses on the key board 51
`
`by means of the alpha numerical keys 58 and the enter key 61. These are
`
`transmitted through the micro-computer 10 to the security chip 20 for encrip-
`
`tion and are then compared with the encripted data in the memory 7.
`
`If the
`
`traders responses compare with the stored data, the card is then enabled for the
`
`15 next operation, and the back-up storage card is overwritten with the contents
`
`of the traders card. If the responses do not compare, then the card is disabled.
`
`Prior to inserting the consumers card 1 into the terminal 2, the consumer, to
`
`save time, enters his personal identification number into the card by means of
`
`the keyboard 30.
`
`If this compares with the stored personal
`
`identification
`
`20 number,
`
`the card is then enabled to perform the next operation in the
`
`terminal 2.
`
`As already discussed, once the cards are inserted in the terminal 2 they are
`addressable only through the keyboards 50 and 51 of the terminal, with the
`
`exception of the transfer key 33 of the consumers card 1. On insertion of both
`
`25
`
`cards in the terminal 2, power is transferred to the cards as required by the
`
`power coupling coils.
`
`The consumer card on command from the terminal does a self-test. The serial
`
`number, authenticating code -and expiry date of the consumers card are
`
`transferred in an encripted form from the consumers card 1 to the traders card.
`
`n)n
`
`30 The computer 10 of the traders card checks that the cards serial number is not
`
`on the black list and also chechs the authenticating code and the expiry date. If
`
`there is any problem with any of these three,
`
`the card is disabled, and the
`
`transaction aborted. The computer 10 of the consumer card 1 then randomly
`
`selects personal
`
`identifying characteristics from the memory 7.
`
`The com-
`
`U! U!
`
`puter 10 queries the card holder on the selected characteristics through
`
` AMEX 1003 - Page 14 of41
`
`AMEX 1003 - Page 14 of 41
`
`

`

`WO 83/03018
`
`PCT/SE83/00062
`
`w
`
`, 13
`the display 47 on the terminal 2. The card holder enters the responses through
`the keyboard 50 and the responses are encripted in the security chip 20 and then
`compared by the computer 10 with the stored data.
`If they compare, the card
`
`is then enabled for the transaction.
`
`If the personal identifying characteristics of the response do not compare, the
`card is disabled and the transaction aborted.
`In Fig. 6, the personal identifying
`
`characteristics are referred to as personal identifying data which is abbreviated
`
`to PID.
`
`Once the comsumers card has been enabled, the trader then keys in by means of
`
`10
`
`the keyboard 51 the amount of the transaction to be transferred from the
`consumers card to the traders card. This amount
`is displayed on both the
`
`traders and consumers displays 4-7 and 48.
`
`If both consumer and trader are in
`
`15
`
`20
`
`agreement, the consumer by using the transfer key 33 on his card 1, initiates
`the transfer. Initially, the message to be transferred which includes the amount
`of money and the card serial number, is date-stamped by the computer 10. This
`message is then encripted in the security chip 20 by using the traders public
`encription key. The encription computations are_carried out in the central
`processing unit 24 of
`the security chip 20. The encripted message is then
`transferred through the micro-computer 65 of the terminal 2 to the traders
`
`card. As already explained,
`this transfer is made through the ultra-sonic
`coupling between the cards 1 and their respective slots 3 and 4. The message is
`then transferred into the security chip 20 of the traders card and decripted
`
`using the traders secret decription key. Again, the decription computations are
`carried out by the central processing unit 24 of the security chip 20 of the
`
`25
`
`traders card 1. The date stamp is checked and the decripted amount is then
`
`entered in the balance of the memory7 of the traders card and the serial
`
`number
`
`is stored.
`
`Simultaneously,
`
`the balance in the memory7 of
`
`the
`
`consumers card 1 is reduced by a corresponding amount.
`
`The encription process is explained in the following example below. Needless to
`
`30 say, this is merely an example and does not limit the invention.
`
`
`
`AMEX 1003 - Page 15 of41 1
`
`AMEX 1003 - Page 15 of 41
`
`

`

`WO 83/03018
`
`PCT/SE83/00062
`
`n W
`
`12‘
`
`EXAMPLE
`
`1 4
`
`In this example, the amount to be transferred, the serial number and