`Halpern
`
`[11] Patent Number:
`[45] Date of Patent:
`
`4,906,828
`Mar. 6, 1990
`
`[54] ELECfRONIC MONEY PURSE AND FUND
`TRANSFER SYSTEM
`Inventor:
`John W. Halpern, London, England
`[75]
`[73] Assignee: Paperless Accounting, Inc.,
`Washington, D.C.
`[21] Appl. No.: 201,339
`May 31,1988
`[22] Filed:
`
`Related U.S. Application Data
`[63] Continuation of Ser. No. 470,689, Feb. 28, 1983, aban(cid:173)
`doned.
`
`[56]
`
`Int. Cl.4 ·················•···························· G06F 15/30
`[51]
`[52] u.s. Cl ..................................... 235/379; 235/380;
`235/492; 902/2; 380/24
`[58] Field of Search ............... 235/379, 380, 381, 438,
`235/492; 902/2; 380/24
`References Cited
`U.S. PATENT DOCUMENTS
`3,655,946 4/1972 Morita et al ........................ 235/380
`4,001,550 1/1977 Schatz ............................. 235/492 X
`4,271,482 6/1981 Girand ............................ 235/380 X
`4,360,727 11/1982 Lehmann ........................ 235/492 X
`4,439,670 3/1984 Basset et al ..................... 235/380 X
`4,453,074 6/1984 Weinstein ....................... 235/380 X
`4,471,216 9/1984 Herve .................................. 235/380
`
`4,473,825 9/1984 Walton ............................ 235/380 X
`4,498,000 2/1985 Decave1e et al ................ 235/492 X
`
`FOREIGN PATENT DOCUMENTS
`2102606 2/1983 United Kingdom .................. 380/24
`
`Primary Examiner-David L. Trafton
`Attorney, Agent, or Firm-Bums, Doane, Swecker &
`Mathis
`
`[57]
`ABSTRACf
`The essence of the invention is a socalled "data bit
`variable spacer generator", block 79, which contributes
`to the generation of a control output "c" from a combi(cid:173)
`natory logic circuit group 78. The logic level of "c"
`determines whether a clear data bit from the parity flip
`flop FF6 is to be sent out or a random bit from block
`RMG. The 'variable data bit generator' is controlled by
`a number of parallel bit outputs from registers SH1 and
`SH2 which hold an encryption key after being condi(cid:173)
`tioned by other logic inputs derived from key parity flip
`flops (FF1 and FF2) and clear data bit levels from block
`81. Registers SH1 and SH2 shift and recirculate when
`the 'c' output is high. Similar principles are used when
`data are decrypted. The circuit is suitable for integra(cid:173)
`tion with other functions on a single substrate chip.
`
`43 Claims, 10 Drawing Sheets
`
`x:t-----------------------------------,
`Y~----------~--------------~
`zt-----------------~---------,
`23t
`22t
`2tt
`
`I I
`II
`I
`II
`OPTIONAL IIARITHNETIC I TEST II ::::~R I
`II CIRCUIT
`I CIRCUIT 11 CIRCUIT I
`NENORY
`II
`II
`I
`- -- ~H.4s£ ols~liuTD!i .ll_ -
`__ _ A~ !_Ro.!._R-4_! !_0UITER
`
`- ~
`J
`
`20t
`
`27
`
`TEHNIKAL
`
`26
`
`20c
`
`31
`
`UNITED SERVICES AUTOMOBILE ASSOCIATION
`Exhibit 1006
`
`Page 1 of 21
`
`
`
`b
`i
`
`QC
`
`=
`~
`
`~
`
`r ~
`
`0
`
`'-----® INSTHUCTIOII
`17
`
`HEAD
`
`Ill?. 2
`
`CAHD DEBITED
`
`Ill?. I
`IIISTHUCTIOII
`HEAD
`
`PH ICE
`
`fiNAL YALUE
`
`INITIAL YALUE
`
`r .r q.l a.
`
`~ .
`/I a
`~
`~
`~
`~
`
`~
`!"
`
`~
`
`I....._ __ __,
`I CAHHIEH
`3r~r--~3-c -----.
`
`3r11~ • ~3C11
`
`HEADEH
`61 G CAHHIEH
`
`I UcK
`,:?L
`
`______ !L----,======1JJ_1 -
`
`r.rq . .z
`
`16
`
`14
`
`12
`
`TO OTHEH 'I?EADEHS'
`
`1------10
`
`CEIITHAL CONPUTEH
`
`'-
`
`---6
`'s
`---
`' 4
`3
`
`---
`
`---
`
`\
`
`-
`
`1----9
`
`~ APPAHATUS
`TEHNINAL
`
`I
`
`72
`
`---
`
`Page 2 of 21
`
`
`
`i QC
`
`r ~ e,
`
`~ =
`
`~
`~
`$"
`f .
`B .....
`~ ......
`~
`~
`
`I
`I
`
`I
`I
`
`II
`II · NENfJHY
`
`II
`
`~---uo
`
`12 CIHCUIT II CIHCUIT
`
`I
`--rr ___ li _ _L __ l
`
`.
`
`II
`
`II
`
`I
`
`c
`
`23
`
`j22c
`
`j21c
`
`r.:t c:;'-1!_;
`
`VT
`
`----r---
`[J PULSE ~---ll_ ___ U ___ j
`I :;::IN II AHITIIIIETIC II fJP TlfJIIAL I
`
`c CAHH!EH
`
`24
`
`AN/J PHfJCHAN CfJUIITEH
`PIIASE /JISTH/BUTfJH
`
`20c
`
`26
`
`L
`HECT/f!EHI L--.:_
`I SIIAPEH ~CK
`
`-_j
`
`I
`
`I
`
`AN/J
`
`z~--------------------------------------------~
`
`•
`
`y
`
`X~--------------------------------------------~----,
`
`,
`
`I
`
`I
`
`I
`I CIHCU!T 11 CIHCUIT I
`II fj.{/£% I
`II
`II
`II --,-II -~
`+---+----+---+----.
`
`IIENfJHY
`fJP TlfJIIAL II AI?! TIIIIETIC I TEST
`
`II CIHCUIT
`
`I
`
`-
`
`,---~
`
`11
`
`11
`
`TEHIIIIIAL
`
`I SIIAPEH I
`
`27
`J ~
`~ -_[ _j
`IHECT!f!EH
`
`AIIIJ
`
`29
`~31
`
`20t
`
`t-----30
`
`24t
`
`EIICfJIJEH
`PHICE
`
`.
`
`* _-----------_j
`I
`
`A/1/J PHfJCHAII CfJUIITEH
`
`PIIASE /J!STH/BUTfJH
`
`Ff
`
`___ U ___ _j __ _il_ __ ~ I PULSE·
`
`Page 3 of 21
`
`
`
`~ oc
`
`i -..
`
`1-' =
`~ a,
`~ a
`
`~
`1-'
`.$1'
`~
`
`~ ~ g
`
`.......
`
`~
`~
`
`I
`I
`I
`I
`
`81
`
`80
`
`I
`
`---+:-----h
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`b I
`
`TI?AIISFEI?
`
`fliT
`
`TI?AIISFEI?
`
`fliT
`
`-----------------~~~------J
`L
`I
`2
`R
`I I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`
`-
`
`-
`
`0
`
`~------7s--------------~21c_
`
`r.tc:;_s
`
`!lANDON DATA
`
`e
`
`74
`
`CKt
`
`62
`
`f/ECISTEfl
`
`PIT
`
`k
`
`6~
`
`E
`
`LOCIC
`Clf'H[fl me
`
`L-J
`
`I
`
`CKI
`
`PI?OCI?ANNAflLE COUIITEI?
`A B C 0
`
`63
`
`77
`
`I• •pj_:lll ~~
`
`[8Jm
`
`c
`
`LOCIC
`
`/JECIPIIEI?
`
`:I30c
`I
`1
`p
`
`Page 4 of 21
`
`
`
`U.S. Patent Mar. 6, 1990
`
`Sheet 4 oflO
`
`4,906,828
`
`, ________________ / __ ,
`
`j=.t q. 4--
`
`21c
`
`a
`
`I
`I
`I
`I
`I
`I
`CKt
`I
`I
`I
`I
`I
`
`b
`
`R
`
`CK2
`
`77
`
`KEY I?HISTEI?
`K17
`K20 K 30 K3i
`
`CK2
`
`fJPT/fJ!IAL
`81/ffEI?
`
`69
`
`PC DATA INI
`I
`PCDATAOUT
`
`{c
`I
`e
`L-------~-----------~
`
`Page 5 of 21
`
`
`
`Sheet 5 oflO
`
`. 4,906,828
`
`US. Patent Mar. 6, 1990
`r .i c:;. J'
`22c
`,--------------~---------~-~
`I
`I
`1
`I
`
`i07
`
`i09
`
`I
`I
`I
`I
`I
`I
`I
`I
`I
`b
`I
`h
`I
`c~
`I
`
`104
`
`i05
`
`100
`
`c
`
`YALIJE
`I?ECISTEI?
`
`108
`
`102
`
`103
`
`SECI/1?/Tf
`CIIEC! IIIJN8EI?
`I?EC/STEI?
`
`101
`
`ll2
`
`110
`l12
`H4
`I
`L-------------------------~
`
`r :i c:::;. s
`25
`2it
`r-----------~--------~----/1
`I
`d"
`FE
`I
`1
`I
`I
`I
`I
`FEo-------.
`~----r------~n
`I
`i27
`._____. __ _._ ___ --;---~-4FE
`I
`?c
`I
`1
`I
`· 126
`I
`124
`I
`I 24t
`- - - - - - - - - - - - - - - - - CKl _ I_ - - - - -jl
`f--:- -
`. I
`I
`L--------------------------~
`
`R
`
`R
`
`m
`
`(10
`!?All/JON 110.
`ffH~~
`
`125
`
`1
`
`Page 6 of 21
`
`
`
`~ QC
`
`j
`
`r 0\
`
`~ =
`Sa
`
`~
`~
`$I'
`f .
`~ ;-a
`
`r'-2
`~
`
`_j
`I
`I
`I
`I
`I
`~q
`I I I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`ll
`
`155a
`
`1
`
`151
`
`PC9
`
`147
`
`165
`
`I
`I
`r---22
`I
`I
`I
`I
`b~
`I
`I c
`I
`I
`d~
`,-----------------
`r:t C=?-7
`
`132
`
`~
`
`=1
`
`--------------
`
`c
`
`!~S
`
`I
`I
`u u ~ a
`
`I
`
`I
`
`I
`
`I
`
`160
`
`161
`
`L
`I
`c!
`I
`I
`I
`I
`
`q
`
`c
`
`:br
`
`I I
`
`l
`
`/ 130
`
`L---._ 1:= I I I I I I I I
`
`169 ~
`
`I
`
`I
`
`Page 7 of 21
`
`
`
`U.S. Patent Mar. 6, 1990
`
`Sheet 7 oflO
`
`4,906,828
`
`!liSE!? T CAI?IJ
`
`IJEIJIT ()ff-LIIIE
`
`2
`
`CALCULATE TEI?NIIIAL
`1?.11. 4-TINES T/1/?t/
`CAI?IJ AIIIJ /JACK
`
`EliTE!?
`t/PIJATE -EIIAIJLE
`SECI?ET IIUNIJEI?
`
`iO
`
`IJ/SAIJLE
`CAI?IJ.
`STEP
`El?/?()1?
`C/Jt/IITEI?
`
`EliTE!?
`IIICI?ENENT
`
`I?EAIJ!Jt/T AIIIJ
`IJ/SPLAf IIEJf
`CAI?D YALt/E
`
`12
`
`13
`
`14
`
`15
`
`4
`
`I?EAIJ ()tJT
`CAI?D YALt/E
`
`IJ!SPLAf
`CAI?D YALt/E
`
`PI? ICE
`fEE
`
`5
`
`DE/liT CAI?D
`
`!J!SPLA f A NOt/liT
`IJE!Jt/CTEIJ
`
`7
`
`I?EA!J Ot/T I?ENNANT
`CAI?IJ YALt/E
`
`!JISPLAf AIID
`I?E-()ffEI? CAI?D
`
`:tt======= =======.tt
`CI?EIJI T
`ON-LINE
`·
`
`8
`
`I?EAIJ OUT fi?()N CAI?!l ITS
`SEI?IAL lit/NilE!?; LAST t/PDATE
`!JAT0 TOTAL t/PIJATE llt/NIJEH.
`
`CAPTt/I?E
`CAI?!l
`
`Page 8 of 21
`
`
`
`~ QC
`
`i ...
`~ =
`QO e,
`$!
`~
`
`~
`~
`$1'
`f .
`~ ...... g ......
`
`~
`~
`
`CHOUPS
`NENOHY
`
`ER
`COUNTEH
`r-f.-1?.-'AIJ.-'/J I.~E/l-'l?i-'01?-,
`
`140o
`
`140
`
`CIHCUIT
`E YA L UA TO/?
`139
`
`138
`
`i34
`
`138a
`
`136
`
`HEC IS TEN
`PIN NO.
`
`c
`137
`
`I
`
`136 t
`
`~~~~--14-6---r:---l
`
`c
`
`;-.t q-J
`
`-OFF UNE-,
`
`TERMINAL
`
`L ____ .:_ _____ _j
`h
`9
`1
`I
`I
`I
`I
`I
`d
`I 137
`I
`PIS
`I
`
`p
`
`149
`
`DISPLAY
`
`L........-.,---+----::-.k ------1 HECISTEH
`DUffEl?
`
`Page 9 of 21
`
`
`
`U.S. Patent Mar. 6, 1990
`
`Sheet 9 oflO
`
`4,906,828
`
`I
`\__
`
`EliTE!? Pill
`Oil CAI?IJ tfEYS
`
`/IISEI?T CAI?IJ I
`
`n
`
`IS CAI?IJ Pill
`EIIABLEIJ l
`
`110
`
`IJISPLAY.
`!?EJECT
`
`YES
`
`I?EAIJ OUT
`TEST IIUIIBEI?
`AIJIJI?ESS f/?011 CAI?IJ
`
`ENABLE AIJIJI?ESSEIJ
`TEST Ill?. (=CIPHEI? tEYJ
`Ill TE/?111/IAL
`
`CAI?I?Y OUT fL(Jif
`CHAI?T STEPS 2 TO 1
`orr;;_ 8
`
`y
`""'-
`
`EliTE!? !!ITO CAI?IJ
`I?EC!STEI?S."IIflf AIJIJI?ESS
`I TEST IIUIIBEI?S
`
`!i===========/1
`
`I?EPEAT STEPS
`2 I J Of f!C. 8
`
`!?EPEA T STEPS
`8 I 9 Of fl;_ 8
`
`I?EAIJ OUT
`UP- IJATE-EIIABLE-COIJE
`AIJIJI?ESS f/?(}11 CAI?IJ
`
`SELECT AIJIJI?ESSEIJ
`COIJE Ill CEIITI?AL
`TE/?11/IIAL f(}f? TI?AIISfEI?
`
`CAI?I?Y OUT fL(}Jf
`CHAI?T STEPS I(} TO 14
`Of f!C. 8
`
`l
`
`IITI
`\
`
`TI?AIISfEI? TO CAI?IJ
`f(}l? SU8ST/TUT!OIIIIE/f
`AIJIJI?ESS AIIIJ UP-IJATE(cid:173)
`EIIABLE-COIJE NUIIBEI?S
`
`CHECK COI?I?ECT
`TI?ANSfEI?
`
`TI?ANSfEI?
`COI?I?ECT l
`
`NO
`
`I
`
`YES
`
`I EJECT CAI?IJ I
`
`Page 10 of 21
`
`
`
`U.S. Patent Mar. 6, 1990
`
`Sheet 10 of 10
`
`4,906,828
`
`134
`
`146
`
`PI?OCI?AN
`CO// liTE!?
`
`147
`
`?.t q . .l.l
`
`172
`
`139
`
`138
`CK1
`
`149
`
`171
`
`"PAr AS fO/J PAr"
`/JISA8LE CO/JIITEI?
`
`170
`
`YAL/Jf
`I?ECISTEI?
`
`155
`
`A/Jl/LIAI?f
`YAL/JE I?ECISTEI?
`
`155a
`
`180A
`
`Page 11 of 21
`
`
`
`1
`
`4,906,828
`
`2
`all the value adding operations shall be in an on-line
`mode.
`Commenting on item (a) it must be pointed out that
`there exist today several top-grade cipher systems but it
`This application is a continuation, of application Ser. 5 would be, in the opinion of the authors, difficult to make
`No. 470,689, filed Feb. 28, 1983, now abandoned.
`required card hardware compatible with requirement
`The invention relates to the general field of tamper-
`(b). A cipher circuit will be described, therefore, which,
`proof electronic transfer of confidential data between a
`it is believed, can achieved with relatively modest logic
`card-like data carrier component and a terminal. Nu-
`the same standard of imperviousness to crypto-analysis
`merous ideas have appeared in this field over the past 10 as more advanced systems such as the well-known data
`fourteen years; examples are GB No. 1,314,021 of 1969,
`encryption standard (DES). However, in the preferred
`GB Nos. 2,057,740 and 2,075,732, U.S. Pat. Nos.
`embodiment, the new circuit is not proposed to be a
`3,870,866 and 3,906,460 besides others by different au-
`separate unit but is integrated with the value transaction
`thors.
`processor on a single chip both in the "card" as also in
`Insofar as these various techniques are also applied or 15 the terminal. None of the clear data lines are accessible
`on the chip or outside with probes or the like. In other
`expected to be applied to moneyless payment transac-
`tions they were prompted by the conviction that in
`words, only ciphered data enter or leave the chip bond-
`many a service field the traditional money as a means of
`ing pads. Concei1Png condition (c) it should be ob-
`served that a very high degree of encryption safety is
`value transfer is not only inefficient and loaded with
`overheads but increasingly often becomes an rightout 20 needed to satisfy this condition but, at the same time, it
`impediment to the service itself. And, if a satisfactory
`should be obtained at only moderate cost over and
`form for an "electronic money carrier" could be found,
`above the cost of a pure debit chip. Two solutions will
`such innovation could have healthy repercussions on
`be presented; one embodiment (FIG. 4 and 7) is ex-
`the streamlining and cost reduction of numerous public
`pected to be adequate for use by many organisations.
`and semi-public services and vending transactions.
`25 The second embodiment (FIG. 4+9) version would be
`There exist published descriptions of debit cards from
`adequate for regional usage (i.e. a common electronic
`which a prepaid credit can be deducted for specific
`data carrier for the whole of Europe, or Nothern Amer-
`ica, or Africa etc).
`purposes, and which upon exhaustion, are tlirown
`Further features and peculiarities will become evi-
`away. Rechargable cards where also conceived and
`descriptions published. But none can be said to fulfill 30 dent from the description of the drawings FIG. 1-10 in
`the manifold stringent requirements of an electronic
`which
`container of purchase entitlements, or 'money purse'.
`FIG. 1 shows the general data transfer relationship of
`It is the purpose of this invention, on a systematic
`the system between one or more "card readers", a local
`basis to embody in a single design such features as will
`terminal, a central computer common to a multiplicity
`35 of terminals, and a card.
`satisfy, among others, the following conditions:
`(a) tapping the transfer links between card and termi-
`FIG.1a shows details of the displayed information on
`nal with fraudulent intent will not reveal any data or
`display window of FIG. 1.
`give any clue for deciphering data.
`FIG. 2 shows in more detail the data transfer relation-
`(b) the money purse should contain only a singleLSI
`ship between a card and a Terminal which incorporates
`chip with the lowest possible number of bonding pads 40 also a ."Reader" unit.
`.
`FIG. 3 shows a functional block diagram of the ci-
`so as to ensure high yield, high reliability lowest cost
`pher sections 21c or 21t in FIG. 2.
`and lowest power consumption.
`(c) the design should permit repeated updating (re-
`FIG. 4 gives, by way of example, a logic diagram of
`loading of value data) and debiting operations; the up-
`the cipher control generator circuit consistent with the
`dating should be such that terminals for debiting opera- 45 block diagram of FIG. 3.
`tions cannot in any circumstances be modified for up-
`FIG. 5 is a functional block diagram of the chip sec-
`dating functions.
`tion 22c or 22t in FIG. 2, mainly concerned with debit
`(d) It should be possible to add any amount to the
`and credit operations
`value of a card up to a prescribed maximum card value
`FIG. 6 is a sketch relating to a circuit portion in the
`at e.g. Post Offices, Supermarket Supervisor offices, 50 terminal for which there is no corresponding part in the
`card circuit; it relates to the preliminary testing of the
`and from one's own home telephone.
`(e) debit operations (=electronic payments) should
`card-terminal interface performance.
`take no more than one second.
`FIG. 7 gives an example for executing the block
`(f) a card, when lost, can be readily returned to owner
`diagram of FIG. 5
`(g) an "electronic moneypurse" or card cannot be 55
`FIG. 8 is a flow diagram of the functional and deci-
`utilized by a thief, not even a fll'St time.
`sion steps for a card employing the circuit combination
`(h) any malfunction of equipment at a vending ma-
`of FIGS. 4 and 7
`chine or at a terminal shall" not affect or alter ~y of the
`FIG. 9 shows a logic diagram of a more advanced
`card data
`card circuit wherein the card is also equipped with push
`(i) the cipher keys shall not be hardware-based but 60 buttons, foremost for the purpose of entering a Pin
`shall be capable of being altered very frequently so as to
`· number (personal identifying number of the owner).
`preserve equipment and card stock validity even if any
`FIG. 10 is a flow diagram of the functional and deci-
`temporary fraudulent intrusion were possible.
`sion steps for a card using circuit combination of FIGS.
`(k) "the money-purse" shall be robust enough for
`4 and 9.
`many years of continued use.
`FIG.ll shows a portion of the circuit shown in FIG.
`(1) the system must be such that the large majority of
`debit transactions (electronic cash payments) shall be
`carried out in an off-line mode while a large majority or
`
`FIG. 12 shows a physical embodiment of the money
`purse in accordance with the present invention.
`
`ELECI'RONIC MONEY PURSE AND FUND
`.
`TRANSFER SYSTEM
`
`65
`
`7.
`
`Page 12 of 21
`
`
`
`4,906,828
`
`4
`3
`central Computer instructs the local terminal to capture
`In FIG. 1, "C" is a data carrier token or "card" 1,
`the card and to produce an informative display. Alter-
`"R" is a token reader device 2 which, it is noted, has no
`moving parts, "T" is a terminal apparatus from which
`natively, the central computer emits a code for entry
`into the card which disables certain portions of the card
`go out several cables, 7t to 76 leading to six similar
`readers "R" which may be operated quasi-simultane- 5 making it unsuitable for further updating or further use.
`It suffices if only a small portion of all debit transactions
`ously by the so-called time sharing method. There is
`also a communication line 9 connecting a central com-
`is audited in this manner to discourage thereby any
`puter 10, say a bank computer, with a multiplicity of
`thought of fraudulent attempts against the system even
`"terminals". In the system here to be described the
`if that were practically feasible.
`intention is to allow the majority of all card debiting 10
`The data encryption principles are now described
`operations to be executed by virtue of the built-in secu-
`with reference to basic block diagram FIG. 3. The
`rity measures of a terminal (8) alone. Nevertheless, the
`block 130c is a logic circuit which causes binary data
`inputs received at h to be passed on to the exclusive OR
`central computer 10 retains vital functions as follows:
`(a) in the nightly collection of summary cash data
`gate 75 in nearly deciphered form. After passing that
`from terminals 8
`15 gate the data at "a" are fully deciphered. Block 130c is
`(b) it is directly involved in all up-dating (value incre-
`controlled by line "c" derived from a larger logic block
`menting) operations where a value is added to the card
`78. The same control output "c" is also applied to logic
`by on-line data transfer.
`block 137c which via another exclusive OR, 74, re-
`(c) as a means for auditing the effectiveness of the
`ceives clear data from point K and passes them on in
`security measures relating to debit transactions; the 20 ciphered form at card point h. The circuit has shift
`provision shown in FIG. 2 is introduced making a debit-
`registers 76 and 77 (marked SH1 and SH2) and could
`equally well have more than two portions. Each shift
`ing terminal responsive to a command signal from the
`central computer.
`register portion contains part of a secret check number,
`(d) replacement of the so-called "semi-active secret
`also referred to as key. A fresh key is entered regularly
`check numbers" (see patent application U.S. Pat. No. 25 at the end of a debiting operation (see also U.S. Pat. No.
`184,377 now Pat. No. 4,499,556). According to the
`184,377). Provision must be made in the circuit design
`for starting up a card by providing an access path for
`present embodiment, these check numbers are also used
`for cipher control. This is further explained in conjunc-
`loading the register with a known factory number for
`tion with FIGS. 9 and 10.-
`the initial startup cycle. This said access path is then
`FIG. 2 depicts a preferred embodiment by breaking 30 burned up while an unknown new check number is
`down the single card chip 20c in the card C into func-
`entered for immediate replacement. Thereafter, check
`numbers remain unknown and undetectable by virtue of
`tional blocks, with 21c being the cipher/decipher cir-
`cuit, 22c being the arithmetic circuit, 23c being an op-
`the cipher processes to be described. Each of the shift
`tional form of storing long-term accessory data, and 24c
`register portions SH1 and SH2 has a parity counter,
`comprising the clock phase distributor circuit and pro- 35 FF1 and FF2 respectively with parity outputs PI and
`PH.
`gram counter, etc. To repeat, all these part circuits,
`especially the first three, are embodied on a single semi-
`A programmable counter 79 contributes to the com-
`cunductor chip The block 26 covers pulse shapers and
`binatory logic circuit 78 from which the control line
`d.c. rectifier circuits. These supply power, and a four
`"c" is derived. This counter is stepped by clock phase
`phase clock respectively to the main chip. The chip 40 CK1 whenever the output at "C" is at logic level zero.
`inputs 1t and 12 carry input and output encrypted data
`The counter keeps being stepped until a predetermined
`respectively. In the terminal apparatus "T" with which
`bit output or the "Carry" output of the counter is
`the card is coupled via card coils 3c and terminal coils
`reached which feeds into the control logic 78 via output
`3t, a very similar chip 20t is placed having sections 21t,
`line 79a. A further contribution to the control logic is
`22t, 23t, and 24t. An additional section 25 is provided 45 procured by the data bits contained in data being re-
`the function of which is explained in connection with
`ceived or data being read out from the card. This is
`FIG. 6. Block 30 symbolizes a price encoder circuit
`done via one-step delay circuits 80 and 81 respectively.
`As an alternative, not shown in FIG. 3, the data entered
`which may be set permanently (for example within a
`vending machine) or as required by means of a manual
`into the data buffer register 82, may operate another flip
`key board (at a cash register). 31 is a display device to so flop for parity count and when the buffer is full, the
`parity output is applied. The logic block 137c admits
`show up the initial and fmal transaction phases. See also
`FIG. 1a. If desired a small thermal printout machine
`data bits from exlusive OR 83 altered in dependence of
`may give the user a paper receipt. An important ele-
`parity output P I or P II and passes them on to terminal
`h whenever line "c" is high, and when the same goes
`ment in the system philosophy is the relay 28 which can
`be operated from a central computer 10 to switch trans- 55 low admits only random data from the random data
`mission line 9 (FIG. 1). Line 9 is here represented by
`generator R MG.
`lines x,y,z and they replace the interface cmmections to
`The role of the programmable counter circuit block
`79 is to introduce added random data over and above
`the local terminal T in order centrally to spot-check the
`those which would appear if the cipher key number in
`conditions of various tokens. The central terminal, in
`addition to performing the normal debiting operations 60 registers 76 and 77 alone were the controlling factor.
`of a local terminal, is capable of fetching from the card
`For this reason this circuit element may also be called
`"data bit spacer generator''. Its action must of course be
`certain additional data derived from registers 111, 113
`and 114 shown in FIG. 5. These registers hold the fol-
`repeated in a similar circuit block within the terminal
`lowing data: Serial number of card, total number of
`otherwise it would be impossible to decipher the data
`updating transactions performed since the card was 65 passed in either direction. The programmable counter
`bought, and date and amount of the last updating opera-
`spacer generator is controlled by a number of bits de-
`tion. These data are then compared with the central
`rived from the key register but modified by data bits
`record at the Computer 10. If they do not agree the
`already transferred. Dependent on the logic in block 78,
`
`Page 13 of 21
`
`
`
`4,906,828
`
`45
`
`6
`5
`ter SH2. Whether the first or second set of program
`different expansion ratios may be procured; that is ratios
`inputs is applied depends on the Q output state of the
`between the number of data bits transmitted to the data
`bits contained in the useful data. It is not possible to
`flip flop bistable FF5.
`It will be noted that these programming inputs change
`determine where useful data in the data string begin and
`where they end. Nor is it possible to identify any partie- 5 frequently on account of the fact that the clock input to
`ular bit or groups of bits as belonging to a certain group
`the said key registers is enabled whenever "c" is high
`of data.
`and the AND gate 49 receives a clock spike in time
`The circuit of FIG. 4 provides an example for how
`phase CK2. The prog:.;am inputs to the counter do not
`the just decribed principles may be put into practice.
`change while the counter is being stepped, that is when
`The diagram is confmed to the portion which has the 10 "c" is at logic zero but is likely to be quite different
`boundary points "a", "k", "e" and "c" on the left, and
`when "c" becomes zero next time. The state of the
`"b", "h" and "c" on the right (bordering on section 22c
`bistable flip flop FFS depends on the combined history
`of FIG. 2). The data input "a" corresponds to the data
`of key bits and data bits. (as can readily be seen from the
`input terminal DIN in FIG. 1A of current patent appli-
`circuit diagram). This circumstance forces the analyser,
`cation GB No. 2057,740 and the shift registers SH1 and 15 when trying to achieve results by computerized trial
`SH2 correspond broadly to shift register S2 in the cited
`and error scanning, to go through all the possible com-
`figure. As in the cited patent application, the contents of
`binations of key bits and data bits (This assumes further
`these registers are not fixed but may be changed and
`that the analyst' hal! full knowledge of the cipher circuit
`rotated with others after each transaction, as well as
`for simulating it in a computer). Even though the clear
`completely changed over periods of weeks. This struc- 20 data bits may be known, what remains unknown is the
`ture is again used because of the Applicants' opinion
`position of the ciphered data bits within the substrate of
`that a frequently alterable security key can provide
`random bits since the counter 79 introduces quasi-ran-
`greater security against unforeseen intrusion than a
`dom spacings which again depend on the unknown
`fixed key. As already explained in the present applica-
`recirculating key bits. From this comes the uncertainty
`tion, these keys also serve as encryption keys. In theory, 25 about where the first data bit begins and the last one
`it would be possible to make the key length so great that
`ends. The scanning process must therefore cover the
`a computer would take many years to scan through all
`entire data string of random plus data bits.
`the possible number combinations. However, in a card
`The periodic changing of key numbers is a contribu-
`context, such as herein described, it is preferable to use
`tive element to security. Such changes would be initi-
`much shorter key lengths and rather to scramble them 30 ated from a single area or regionwide center, mainly
`with or dilute them in random numbers.
`during nightly hours via telephone lines when based on
`The effect of the programmable counter or data bit
`a protocol similar to that described for the card-termi-
`spacer generator is that the effective key length is in-
`nal transfer cycle. The regional center transmits a new
`creased. That means that the scanning of key combina-
`valid key number in encrypted form to a national or
`tions applied to known clear data and known (recorded) 35 local center or bank headquarter in replacement of
`ciphered data would take much longer than would
`another key number in the category of "semi-active"
`normally correspond to the scanning of key combina-
`numbers. From there, similar replacements would take
`tions alone. Assume that the scanning time is six months
`place to all locations, where money transfer terminals
`and the period for key change-over only four weeks.
`are in operation. The capability of hierarchically pass-
`Clearly, there would be no point in continuing the 40 ing down new cipher keys in ciphered form pn a contin-
`ual routine basis at irregular intervals has the conse-
`search beyond the first four weeks, and since the chance
`of fmding the key number in four weeks is poor, there
`quence of simplifying the card chip and increasing the
`would be no point in commencing the effort at all.
`security against encryption intrusion of the money
`transfer system. The cost of this hierarchic system is
`extremely low and contributes to a robust, low cost
`electronic card design.
`An example for the arithmetic portion of the card
`chip is given in FIG. 5 (block diagram) and FIG. 7
`(partial logic diagram). In FIG. 5, 100 is the arithmetic
`register containing the memorized values of the card.
`101 contains security numbers for comparison and the
`program counter and associated logic processors. These
`blocks may also be replaced by a microprocessor. In the
`simplifted version of FIG. 7, the block 111 of FIG. 5
`represents a counter register which carries a record of
`the sum of past updating operations (value-add opera(cid:173)
`tions) carried out with the card since its acquisition. 113
`is a register containing the unique serial number of the
`card, and register 114 contains the value by which the
`card was incremented during the last updating. The
`readout of these data is initiated by a code word trans(cid:173)
`mitted by a central computer station concerned to the
`card and entered therein in register 105 whereupon
`comparison takes place in circuit group 106 with the
`contents of register 104. If there is equality, block 104
`produces an enabling output on line 108 whereby the
`said counter 111 is incremented by 1. Thereafter the
`block 101 causes the consecutive serial readout of the
`
`CONCISE DESCRIPTION OF FIG. 4
`The cipher key is entered serially via point "a" and
`gate 37 during a program step PC, and via OR gate 38
`to the input of shift register SH1. The flip flop FF1,
`starting from a reset condition, is set and reset depen(cid:173)
`dent on changes of 'O's and 'l's and its instant state 50
`therefore represents the parity for the data bits entered.
`This is repeated for the other half of the register (SR2)
`by means of flip flop FF2. "c" is the control output
`which encrypts or decrypts data. 'c' is high when the
`bistable FF8 has a high q-output. The bistable FF8 is set 55
`at Sin three different ways (in this particular example):
`(a) If both FF1 and FF2 happen to have a high out(cid:173)
`put simultaneously
`(/3) if FF2 has a high output combined with a high or
`low incoming or out going data bit dependent on the 60
`previous state of the flip flop FFS.
`('Y) if the counter 79 is full at its output QN having
`been clocked up during 'c' =0 periods via AND gate 63.
`The number of count pulses, however, for reaching this
`output is dependent on the programming input levels at 65
`A, B, C, and D which derive from parallel bit out puts
`K2 K3 Kto and K12 of register SH1 and alternatively
`from parallel bit outputs K17, K2o, K3oand K31 of regis-
`
`Page 14 of 21
`
`
`
`4,906,828
`
`8
`units (for example cents) as debit pulses.are transmitted
`by the terminal. After the debit operation is completed
`the terminal T emits again a pulse in phase with CK3
`causing the program counter in the 'card' to advance to
`position 8. Thereafter the value readout cycle already
`described is repeated and the result is displayed in the
`terminal on display window 13 (FIG. 1a). The amount
`debited on the window below is also displayed which
`reflects the actual debit pulses transmitted as explained.
`A printout device receives the information from the
`same sources.
`THE ADDING-VALUE CYCLE (updating
`
`7
`cited three figures which are transmitted to the central
`computer installation in ciphered form. If the update(cid:173)
`enable code entered into register 105 is wrong, the fraud
`counter 107 is stepped up by one; after a few of such
`unsuccessful update attempts had been made the said 5
`counter reaches output line 109 which fmally disables
`the entire update mechanism of the card.
`FIG. 7 shows the detailed example for this circuit.
`Block 147 is the chip program counter, 155 and 155a are
`a value counter and respectively an image counter of 10
`identical build-up. Block 130 is a shift register for re-
`ceiving an up-date enable code, block 136 is a four bit
`shift register with paralell bit outputs, block 160 is a
`four-bit shift register with parallel bit-inputs. It is as-
`procedure).
`For this operation there is no circuitry provided in a
`sumed that the counter prior to a debit operation is in 15
`debit station. The card holder must go to an authorized
`position 5 and position 6 must be reached to obtain a
`mediator point such as post office, bank or licenced
`debit function. According to the present embodiment,
`the terminal emits a bit sequence equal to 1 0 1 1 which
`supermarket chec~out point. Alternatively the opera-
`tion may be done from one's own home phone. Updat-
`reaches the chip portion shown in FIG. 7 at point "b"
`and is entered via strobing gate 135 and bistable 164 into 20 ing circuitry is contained only in certain central com-
`puter banks serving certain regional areas. During a first
`the shift register input of register 136. When the entire
`code is within the register the gates 137 and 138 pro-
`phase of the add-value transaction the computer goes
`duce outputs with the consequence that gate 162 is
`through the same program steps 0-8 which are required
`disabled (because a stepping pulse is applied to program
`for the already