`Clark
`
`(54) METHODS AND APPARATUS FOR
`SECURELY ENCRYPTING DATA IN
`CONJUNCTION WITH A PERSONAL
`COMPUTER
`
`[75]
`
`Inventor: Dereck D. Clark, Phoenix, Ariz.
`
`[73] Assignee: Innovonics, Inc., Phoenix, Ariz.
`
`(21] Appl. No.: 814,986
`
`[22] Filed:
`
`Mar. 24, 1997
`
`Related U.S. Application Data
`
`(63) Continuation-in-part of Ser. No. 609,273, Mar. 1, 1996,
`which is a continuation of Ser. No. 210,200, Mar. 18, 1994,
`Pat. No. 5,517,569.
`Int. Cl.6
`... ........................... H04K 1/00; H04L 17/02
`(51)
`(52) U.S. Cl . ................................. 380/52; 380/ 23; 380/25;
`380/49
`(58) Field of Search .................................. 380/23, 24, 25,
`380/49, 52; 705/16, 17, 18, 42, 43, 26,
`27
`
`202
`
`I lllll llllllll Ill lllll lllll lllll lllll lllll 111111111111111111111111111111111
`US005815577 A
`(11) Patent Number:
`(45) Date of Patent:
`
`5,815,577
`Sep. 29, 1998
`
`(56)
`
`References Cited
`
`U.S. PAJ'ENT DOCUMENTS
`
`4,350,844 9{1982 Sturzinger et al. ......................... 380/4
`7/1993 Johnson et al. ........................... 380/23
`5,228,084
`5,499,296
`3/1996 Micali ....................................... 380;23
`5/1996 Clark ......................................... 380/52
`5,517,569
`5,615,262
`3/1997 Guy et al. ................................... 380/4
`
`Primary Examiner- Thomas H. Tarcza
`Assistant Examiner--Pinchus M. Lrnfer
`Attorney, Agent, or Firm-Snell & Wilmer L.L.P.
`
`(57)
`
`ABSTRACT
`
`An encryption module for encrypting financial and other
`sensitive data may be conveniently interposed in series
`between a personal computer and the keyboard associated
`therewith. An application program designed to run on the PC
`is configured to prompt the user to enter bis PIN or other
`confidential data into tbe encryption module; consequently
`the confidential data need not be transmitted in an unen(cid:173)
`crypted fashion, and need not reside on the PC hard drive in
`an unencrypted form.
`
`23 Claims, 31 Drawing Sheets
`
`D
`
`0
`0
`0
`0
`
`110
`
`/
`
`218
`
`PCPOS HAROWlllRE
`UNrr
`
`204
`
`11~111111111111 1~11:. EA~
`
`206
`
`IPR2017-00430
`UNIFIED EX1005
`
`
`
`100
`
`~
`
`104
`
`106
`
`HOST NElWORK
`
`108
`
`d .
`
`rJl
`•
`~
`~ .....
`~ = .....
`
`HOST
`COMPUTER
`SYSTEM
`
`114
`
`116
`
`PC
`TERMINAL
`NO. 1
`
`1100
`PC
`110b TERMINAL
`NO. 2
`
`NETWORK
`TRANSMIT
`TEST LINE
`
`NETWORK 24 HOUR A
`RECEIVE
`DAY AUDIT
`TEST LINE OF HOST
`
`FlG. I
`
`110n
`
`PC
`TERMINAL
`NO. N
`
`PC
`TERMINAL
`NO. 3
`
`110c
`
`PC TERMINAL NE1WORK
`
`
`
`202
`
`~ •
`rJ'J. .
`
`D
`
`0
`0
`0
`0
`
`110
`
`/
`
`218
`
`PCPOS HARDWARE
`UNIT
`
`D
`1111 11111111111 111 1
`
`210
`
`FIG. 2
`
`206
`
`
`
`U.S. Patent
`
`Sep. 29, 1998
`
`Sheet 3 of 31
`
`5,815,577
`
`3"10
`
`306
`
`304
`
`300
`
`308
`
`0 0 0 0
`0 0 0 0
`
`302
`
`FIG. 3
`
`ILQ!JI
`
`,.., 506
`
`@
`
`BAHKING
`OPERATIONS
`
`/" 508
`./!!:J
`
`8IU.
`Pllfl'ING
`
`5 16
`
`'
`D
`
`FILE
`Of>tAATIONS
`
`/'518
`
`~
`
`PC SETUP
`
`~
`
`510
`I
`~m
`GROCERY
`6HOPPtNG
`
`520
`(
`
`I
`
`PCPOS
`HARDWARE
`TEST
`
`EXIT PCf)()S
`
`FIG. 5
`
`512
`\
`
`~
`
`~ p . .
`
`,.....514
`
`MM.
`OROERING
`
`6'DlTE
`lOTTER'(
`
`522
`524
`f
`l
`~ ~
`
`DtSPUlr
`TIME
`
`OETTING
`S1MTED
`
`~
`
`
`
`U.S. Patent
`
`Sep. 29, 1998
`
`Sheet 4 of 31
`
`5,815,577
`
`WINDOWS
`ACTIVE
`
`DOUBLE CLICK
`ON PC PAY ICON
`
`PASSWORD
`PROTECTION --~
`OPTION
`
`BANKING
`OPERATION
`
`YES
`
`NO
`
`BILL
`PAYING
`
`NO
`
`YES
`
`NEIGHBORHOOD YES
`SHOPPING
`
`FIG. 4
`
`(
`
`400
`
`NO
`
`DISPLAY
`TIME
`
`NO
`
`420
`
`PC PAY
`HARDWARE
`OOULE TEst
`
`YES
`
`NO
`
`NO
`
`ORDERING
`
`YES
`
`PC
`SETUP
`
`YES
`
`NO
`
`NO
`
`416
`
`STATE
`LOTIERY
`
`YES
`
`FILE
`OPERATIONS
`
`YES
`
`NO
`
`
`
`U.S. Patent
`
`Sep. 29, 1998
`
`Sheet S of 31
`
`5,815,577
`
`406
`~ 610
`
`TRANSFER
`FUNDS AT
`BANK
`
`DETERMINE
`r - ---..i WHICH BANK t--~
`ACCOUNTS
`
`612
`
`604
`
`ACCOUNT
`INQUIRY
`
`1 -
`
`-
`
`DffiRMINE
`WHICH BANK r - -- . . i
`ACCOUNTS
`
`614
`
`SMART
`CARD FUND
`TRANSFER
`
`PROMPT USER
`TO INSERT
`SMART CARD
`INTO H/W MODULE
`
`608
`
`NO
`
`EXIT TO
`. MAIN
`MENU
`
`FIG. 6
`
`
`
`U.S. Patent
`
`Sep. 29, 1998
`
`Sheet 6 of 31
`
`5,815,577
`
`706
`
`RETURN
`
`DETERMINE
`AMOUNT TO
`TRANSFER
`(PAY)
`
`YES
`
`SELECT
`METHOD OF
`PAYMENT
`
`REQUEST
`"SEND
`TRANSACTION"
`
`702
`
`NO
`
`708
`
`710
`
`FROM
`ACCOUNT
`INQUIRY
`
`712
`
`714
`
`PRINTER
`"ON-LINE"" & >---...i
`HAS PAPER
`
`PROMPT USER
`TO FIX
`PRINTER
`
`716
`
`YES
`
`PC SENDS
`REQUEST TO
`H/W MODULE
`•SWIPE MODr'
`
`SEE
`SWIPE--...
`MODE
`IN MODULE
`FLOW CHARTS
`
`CHECK If"
`PRINTER IS
`OK NOW
`
`(ATM, CREDIT) _.- 720
`CARD IS
`SWIPED
`
`Q
`
`FIG. 7
`
`
`
`U.S. Patent
`
`Sep. 29, 1998
`
`Sheet 7 of 31
`
`5,815,577
`
`PC DISPLAYS
`(ATM, CREDIT)
`CARD SWIPE
`DATA
`
`802
`
`804
`
`PC REQUEST
`USER ENTERS
`PIN(IF NECESSARY)
`
`NOTE: CURRENTLY ONLY
`NECESSARY FOR
`ATM CARDS.
`
`PC SENDS REQUEST
`TO H/W MODULE
`TO ENTER
`"SCAN MODE9
`
`L..---~ ~ sos
`
`808
`.,.--........__,,.
`
`USER ENTERS
`PIN VIA H/W
`MODULE
`
`.____
`{
`
`SEE SCAN MODE
`IN MODULE
`f"LOW CHARTS
`
`810
`
`IS THERE
`ANOTHER
`TRANSACTION
`
`YES
`
`NO
`
`812
`
`SEND •BATCI-(
`OF TRANSACTIONS
`TO HOST COMPUTER
`
`814
`
`816
`
`WMr FOR
`CONFIRMATION ~~ TRANSACTION
`REPORT
`FROM HOST
`
`818
`
`RETURN
`
`FIG. 8
`
`
`
`U.S. Patent
`
`Sep. 29, 1998
`
`Sheet 8 of 31
`
`5,815,577
`
`YES
`
`TRANSFER
`FUNDS TO
`CARDS
`
`NO
`
`DETERMINE AMOUNT
`TO TRANSFER OUT
`OF SMART CARD
`
`904
`
`DETERMINE WHERE
`TO SEND FUNDS
`
`REQUEST PIN ENTRY
`VIA H/W MODULE
`
`908
`
`PERFORM
`TRANSACTION
`
`BANKING
`OPERATIONS
`
`FIG. 9
`
`
`
`U.S. Patent
`
`Sep. 29, 1998
`
`Sheet 9 of 31
`
`5,815,577
`
`408
`
`~
`
`1002
`
`SEfUP A
`NEW BILI..
`
`NO
`
`DISPLAY
`YOUR BILLS
`
`1004
`
`1006
`
`SELECT
`A BILL TO
`PAY
`
`YES
`
`NO
`
`1008
`
`SEfUP A
`NEW BILL
`
`EXIT TO
`MAIN MENU
`
`YES
`
`FIG. JO
`
`1106
`
`ICC
`SLOT
`
`1104
`
`FIG. I I
`
`
`
`0 •
`rJ'J.
`•
`
`-1~212
`
`1206
`
`. .
`MAGNETIC
`STRIP READER
`
`.'
`
`1208
`
`INTEGRATED CIRCUIT CARD
`(o.k.o. SMART CARD)
`PORT
`
`1204
`
`KEYPAD
`
`.
`
`~ n
`::ti
`0
`C">
`0
`;z
`~
`0
`~ ::0
`
`PD4,
`PDS
`
`PB4
`
`1202
`
`R911
`
`MODE~
`
`KB CLOCK
`KB DATA
`
`FIG. 12
`
`SERIAL BUS
`
`1211
`
`P02,
`P03
`
`21~
`
`BUFFER
`ENABLE
`
`PC CLOCK
`PC DATA
`
`1222
`
`Vcc/Gnd
`
`CONTROL
`GATE
`
`1218
`
`FROM PC
`KEYBOARD
`
`: .. : :: :' : : .. ··:. · ....
`
`210
`
`1219
`
`GENERAL
`PURPOSE I/O
`PORT(e.g. FOR
`PRINTER, AND /OR
`BAR-
`CO DE READER
`
`1210
`TO PC
`KEYBOARD
`INPUT'
`
`212
`
`i.e. TO
`COMPUTER
`
`
`
`MC68HC11E9
`
`+5V
`
`1302._/
`4.7uF
`
`.1uF
`
`-
`
`voo
`
`VSS
`
`EXTAL}
`XTAL
`
`1308
`
`10M
`
`1304
`
`--
`18pf J
`
`J 18pf
`
`+5V
`
`RESET
`
`GND
`
`-
`
`1306
`
`+SV
`
`PL CLOCK
`+5V
`
`+sv
`
`RESET
`
`RESET
`
`\_1310
`
`4.7K
`
`4.7K
`
`-
`
`-
`
`XIRQ
`
`IRQ
`MOOR
`MODA
`
`VRH
`VRL
`
`PAO
`PA1
`PAj
`PA
`~A4
`AS
`PA6
`PA7
`
`PBO
`PBl
`~~j
`~~~
`
`P87
`PCO
`p 3
`PCl
`pr
`~ ~
`PCS
`PC7
`
`PDO
`PD1
`
`~~~
`~ ~
`
`~§
`
`HC
`
`-
`
`8~H~~t
`MOOEMrnNTERRUPT
`REAO/W ITE
`~E
`I C_DATA
`IC2
`~~=~8~1
`K~_ROW3
`K R0~4
`B~F- N
`I c_CLOCK
`12s_coNTROL
`IC
`·
`00
`01
`8j
`B~
`06
`07
`
`+sv
`
`RxO
`
`RS 232
`LEVEL
`PC._CLOCK lxO SHIFTER
`PC_DATA
`~H:BkOCK
`-
`ATA
`
`~~-COL UM~~
`_ CO LUM
`KP_ COLUMN3
`
`1212
`
`FIG. 13
`
`d •
`rJ1 •
`~
`.....
`~
`=
`~
`.....
`
`LED-HIT WHEN
`SYSTEM VALID.
`
`00
`~
`
`-=
`
`N
`~
`'"""
`\C
`\C
`QO
`
`P3
`
`RX
`TX
`
`INTERFACE TO
`PENTEC, BAR CODE
`READER DATA
`LOADER
`
`00
`
`~
`~
`~
`
`=-
`'"""
`'"""
`-.
`'"""
`
`¢
`
`~
`
`Ul
`QC
`
`~
`
`....
`Ul
`Ul
`....:.
`....:.
`
`~
`
`
`
`SK
`
`.-----.......-i-+-- - - KP-COLUMN1
`.------+-+----• KP _.COLUMN2
`.--- - - - - -- - - KP-COLUMN3
`
`1102
`
`QZ
`1
`GHI
`...
`PRS
`7
`
`ABC DEF
`3
`2
`
`JKL MNO
`5
`6
`
`TW ~
`8
`9
`
`KP-ROW1
`KP-ROW2
`KP-ROW3
`KP-ROW4
`
`ENTtR
`
`CANCEL
`
`0
`KEYPAD
`
`FIG. 14
`
`P1
`
`+sv
`
`1<B-+5V
`1<8-GND
`
`210
`
`'------
`
`KB-CLOCK
`
`KB..DATA
`
`+sv
`
`BUFF-EN
`
`10K
`
`1219
`
`+sv
`
`1222
`
`A
`8
`c
`
`P2
`
`PC-+SV
`PC_GND
`
`+SY
`
`-
`-
`+5V
`
`lOK
`
`212
`
`PC_CLQCK
`
`PC-DATA
`
`~ •
`~ •
`
`\J'l
`~
`'?
`N :;e
`
`I--"
`
`~ QO
`
`r:J')
`
`~
`
`=-
`~ ...
`
`I--"
`N
`~
`~
`~
`I--"
`
`KB.J)ATA
`KB-CLO Cl<
`
`74HC4066
`
`1218
`
`FIG. 15
`
`PC..OATA
`PC-CLOCK
`
`(I)
`-..
`~
`li-l
`(I)
`-..
`(I)
`......:J
`......:J
`
`
`
`. en .
`
`1206
`
`;
`
`200k
`
`+sv
`
`10K
`
`1608
`
`5K
`
`1612.
`
`LM32~
`
`1606
`
`5.0V
`
`74HC1+ ~
`ROOER INTERRUPT
`CH1 SKI. E
`
`MAGNETIC
`READER
`HEAD
`
`1614
`
`10K
`
`1602
`
`1.6µH
`
`20K
`
`+5V
`
`8.66K
`
`1604
`
`1.51V
`
`FIG. 16
`
`·90.9K
`
`
`
`+Sii__,.,
`
`160JA
`
`-
`
`CHANNEL 1
`MAGNETIC HEAD
`16038
`
`CHANNEL 2
`MAGNETIC HEAD
`
`FIG. 17
`
`1206
`
`~
`
`1.5V
`
`1.5(NOM)
`
`+sv
`
`5K
`
`1702
`
`+5V
`
`+sv
`
`p
`
`CHLSWIPE
`
`-
`1.S(NOM)
`
`+sv
`
`SK
`
`1704
`
`fl.
`
`CH2.SWIPE
`
`t.S(NOM)
`
`-
`
`~ •
`00
`•
`=
`~
`.....
`~ =
`.....
`
`(J')
`
`~ "P
`N
`~ ....
`
`l.C
`l.C
`QO
`
`~
`
`~
`
`rn =-~
`.....
`....
`Q -.
`....
`
`~
`
`01
`-..
`QC
`1-l
`01
`-..
`01
`.....:J
`.....:J
`
`
`
`U.S. Patent
`
`Sep. 29, 1998
`
`Sheet 15 of 31
`
`5,815,577
`
`SECTOR
`
`LABEL
`
`1802 I
`
`1804
`1806
`1808
`1810
`1812
`1814
`1816
`1818
`1820
`
`1822
`1824
`1826
`1828
`
`1830
`1832
`1834
`
`1836
`
`CURRENT MODE REGISTER
`
`PREVIOUS MODE REGISTER
`
`PC INTERFACE TEMPORARY BUFFER
`DATA OUTPUT BUFFER
`COMMAND REGISTER
`PIN ENTRY BUFFER
`
`ENCRYPTED PIN HOLDING AREA
`
`PERSONAL ACCOUNT NUMBER
`CHANNEL 1 CARD SWf PE DATA BUFFER
`
`CHANNEL 2 CARD SWIPE DATA BUFFER
`SWIPE TIMEOUT COUNTER
`
`SWIPE TIMER DATA
`
`SWIPE BUFFER FULL ~G
`
`CURRENT KEY POINTER
`KEY POINTER SHIFr REGISTER
`CRYPTO REGISTER
`
`KEY REGISTER
`
`FIG. 18
`
`
`
`U.S. Patent
`
`Sep. 29, 1998
`
`Sheet 16 of 31
`
`5,815,577
`
`ROM:
`
`INTERRUPT VECTORS
`
`OPERATIONAL PROGRAM
`
`I
`
`1902
`
`.-----__, $FFFF
`256 8YfES
`
`1906
`t -- - --4 $Ff00
`
`1904
`
`.__ __ ____. $FOOO
`
`FIG. 19
`
`SECTOR
`
`W3EL
`
`2004
`
`2006
`
`2008
`
`FUTURE ENCRYPTION KEYS
`
`INITIAL KEY SERIAL NUMBER
`
`ENCRYPTION COUNTER
`
`ENCRYPTION
`
`!
`
`2002
`
`FIG. 20
`
`
`
`U.S. Patent
`
`Sep. 29, 1998
`
`Sheet 17 of 31
`
`5,815,577
`
`2100
`--...
`
`2108
`
`FIG. 21
`
`2104
`
`SYSTEM REDIRECT
`
`2106
`
`TRANSPARENT
`
`2110
`
`2114
`
`SCAN
`
`SWIPE
`
`
`MODEM
`
`YES
`
`YES
`
`YES
`
`YES
`
`1c2
`
`VAUDATE
`
`BIT
`
`RElRIE.VE
`
`2118
`
`2122
`
`2126
`
`2130
`
`2134
`
`2138
`
`2142
`
`2146
`
`
`
`U.S. Patent
`
`Sep. 29, 1998
`
`Sheet 18 of 31
`
`5,815,577
`
`FIG. 22
`
`_ _ _ _ ,,...~- -~104a
`SYSTEM
`INITIALJZATION
`
`2104b
`
`• INITIAUZE CURRENT MODE
`TO TRANSPARENT MODE
`• INITIALIZE PREVIOUS MODE
`TO NO MOOE
`• INlllAUZE SYSTEM INTERRUPTS
`TO APPROPRIATE TRIGGER
`CHARACTERISTICS
`• ENABLE INTERRUPTS FROM PC
`INTERFACE BUS
`
`____ _ __._ _ _ ~o.::---~ 2106
`SYSTEM REDIRECT
`
`FIG. 24
`
`TRANSPARENT
`
`2106
`
`YES
`
`NO
`COMAND KEYBOARD TO
`CLEAR ITS INTERNAL BUFFERS.
`SET PREVIOUS MOOE
`TO TRANSPARENT MODE
`.
`. (501)
`
`2408
`
`ENABLE INTERFACE
`BETWEEN KEYBOARD
`AND PC
`
`2410
`
`
`
`U.S. Patent
`
`Sep. 29, 1998
`
`Sheet 19 of 31
`
`5,815,577
`
`PC INTERFACE
`INTERRUPT
`
`2304
`
`STORE BfT RECEIVED INTO
`PC INTERFACE TEMP BUFFER
`(SECTOR 502)
`
`NO
`
`2306
`
`YES
`
`NO
`
`STORE DATA INTO
`DATA OUTPUT BUFFER
`(503)
`
`2314
`
`2310
`
`SAVE CURRENT MODE
`INTO PREVIOUS MODE
`REGISTER
`(501)
`
`STORE DATA
`INTO COMMAND
`REGISTER
`(504)
`
`SAVE NEW MODE INTO
`CURRENT MODE REGISTER
`(500)
`
`2316
`
`2318
`
`2320
`
`RESET PC INTERRUPT
`TEMP BUFFER TO EMPlY
`.
`(502)
`
`RETURN
`
`2322 FIG. 23
`
`
`
`U.S. Patent
`
`Sep. 29, 1998
`
`Sheet 20 of 31
`
`5,815,577
`
`SCAN
`
`2114~
`
`INCTIAUZE PIN ENTRY SUFFER
`TO EMPTY(SECTOR 505)
`
`YES
`
`SYSTEM REDIRECT
`
`2104
`
`FIG. 25
`
`NO
`
`YES
`
`SEND AN
`ASTERISK
`TO PC
`
`2514
`
`YES
`SEND ENTER
`TO PC
`
`2516
`
`SEND CANCB.
`TO PC
`
`NO
`
`NO
`
`STORE IN PIN
`ENTRY BUFFER
`
`2524
`
`(CANCEL)
`
`RESTORE PIN ENTRY
`BUFFER TO EMPlY
`
`
`
`U.S. Patent
`
`Sep. 29, 1998
`
`Sheet 21 of 31
`
`5,815,577
`
`2526-...._
`
`ENCRYPT
`
`GEf PIN (507) AND PIN (505)
`COMBINE PER ANSI X9.24-1992
`AND
`ENCRYPT PER ANSI X3.92-1981
`
`2602
`
`2604
`-
`
`2606
`
`STORE IN NEXT
`-.. AVAILABLE ENCRYPTED
`PIN LOCATION
`(506)
`
`SEND PIN LOCATION
`INDICATER TO PC
`
`CREATE NEW UNIQUE
`2608
`.__. KEY PER ANSI X9.24-1992
`AND STORE IN FUTURE
`ENCRYPTION KEYS AREA
`(SECTOR 700)
`
`SCAN
`
`FIG. 26
`
`
`
`U.S. Patent
`
`Sep. 29, 1998
`
`Sheet 22 of 31
`
`5,815,577
`
`SWIPE
`
`INIT SWIPE DATA INPUT
`BUFFERS TO EMPTY(508-509)
`
`2704
`
`2106
`
`SET SWIPE TIMEOUT COUNTER
`TO MAXTIME (510)
`
`DECREMENT
`COUNTER (510)
`
`YES
`
`2712
`
`NO
`
`TRANSMIT Am DATA
`IN SECTORS 508 & 509
`TO PC
`
`FIG. 27
`
`
`
`U.S. Patent
`
`Sep. 29, 1998
`
`Sheet 23 of 31
`
`5,815,577
`
`STOP TIMER, SAVE TIME
`DATA IN 511, RESET TIMER
`TO ZERO, RESTART TIMER
`
`2802
`
`FROM TIMER DATA, DETERMINE
`IF DATA REC'D w>s A • 1· OR ·o·
`AND nfEN STORE DATA IN
`NEXT BIT LOCATION IN lHE
`APPRORRIATE SWIPE fNPUT BUFFER
`(SECTOR 508 OR 509)
`
`2804
`
`NO
`
`SET BUFFER FULL MG
`TO ·ruu.·(sECTOR 512)
`
`RESET TIMEOUT COUNTER _,,-2810
`(510) TO MAXIMUM
`INTERNAL TIME
`
`2812
`
`RETURN
`
`FIG. 28
`
`
`
`U.S. Patent
`
`Sep. 29, 1998
`
`Sheet 24 of 31
`
`5,815,577
`
`2122
`~
`
`NO
`
`
`INITIALIZE PRINTER
`
`2902
`
`SYSTEM REDIRECT
`
`2906
`
`2934
`
`SEND COM.MAND TO
`PC INDICATING PRfNlER
`NOT RE'ADY
`
`2932
`
`SEND NEXT CHARACTER
`TO BE PRINTED TO
`PRINTER
`
`FIG. 29
`
`MODEM
`
`INITIAUZE MODEM i--__,3002
`2126 ~,---~====+r--__J
`
`2106
`
`FIG. 30
`
`NO
`
`TRANSMIT DATA
`TO MODEM
`
`,______,.
`
`
`
`U.S. Patent
`
`Sep. 29, 1998
`
`Sheet 25 of 31
`
`5,815,577
`
`SYSTEM REDIRECT
`
`2106
`
`SEND DATA
`TO PC
`
`FIG. 31
`
`MODEM
`INTERRUPT
`
`NO
`
`SEND ERROR
`MESSAGE TO
`PC
`
`3110
`
`YES
`
`SEND DATA TO MODEM
`If ANY IN OUTPUT
`BUFFER (503)
`
`3106
`
`SEND DATA TO
`PC
`
`3108
`
`RETURN
`
`FIG. 32
`
`
`
`U.S. Patent
`
`Sep. 29, 1998
`
`Sheet 26 of 31
`
`5,815,577
`
`2134
`..)
`
`SYSTEM REDIRECT
`
`3304
`
`2106
`
`ROO DATA AND
`SEND TO PC
`
`3306
`
`3308
`
`YES
`
`3310
`
`SEND DATA TO ----(cid:173)
`SMART CARD
`
`FIG. 33
`
`NO
`
`NO
`
`
`
`U.S. Patent
`
`Sep. 29, 1998
`
`Sheet 27 of 31
`
`5,815,577
`
`2138
`
`VALIDATE
`
`YES
`
`SYSTEM REDIRECT
`
`2106
`
`GET IOENT
`FROM PC
`
`3404
`
`YES
`
`NO
`
`DISABLE
`SYSTEM
`
`3408
`
`FIG. 34
`
`SYSTEM REDIRECT
`
`2106
`
`3504
`
`YES
`
`3502
`
`PERFORM BUILT-
`IN-TEST
`
`FIG. 35
`
`
`
`U.S. Patent
`
`Sep. 29, 1998
`
`Sheet 28 of 31
`
`5,815,577
`
`RETRIEVE
`
`2146
`
`)
`
`SYSTEM REDIRECT
`
`3604
`
`2106
`
`NO
`
`RETRIEVE ENCRYPTED DATA 3306
`FROM MEMORY (506),SEND
`TO PC.CLEAR LOCATION TO
`EMPTY
`
`. FIG. 36
`
`
`
`U.S. Patent
`
`Sep. 29, 1998
`
`Sheet 29 of 31
`
`5,815,577
`
`. - - - - - - - - - - - - ' " - - - -
`
`3702
`
`3704
`
`FIGURE l7A
`
`.------------4-~
`
`3702
`
`3706
`
`3708
`
`FIGURE 378
`
`3710
`
`FIGURE l7C
`
`3702
`
`3712
`3714
`3716
`
`
`
`U.S. Patent
`U.S. Patent
`
`Sep.29, 1998
`Sep. 29, 1998
`
`Sheet 30 of 31
`Sheet 30 of 31
`
`5,815,577
`5,815,577
`
`3810
`
`3812
`
`3814
`
`3816
`
`3818
`
`3820
`
`
`
`~--------L---,
`
`3802
`
`FIGURE 38
`FIGURE 38
`
`
`
`U.S. Patent
`
`Sep. 29, 1998
`
`Sheet 31 of 31
`
`5,815,577
`
`3906
`
`3904
`
`3908
`
`rJ902
`
`SPEAKER
`
`ACQUISITION
`INPUT
`
`DISPLAY
`
`3926
`
`3924
`
`3910
`
`3918
`
`3916
`
`3914
`
`FIGURE 39
`
`
`
`5,815,577
`
`1
`METHODS AND APPARATUS FOR
`SECURELY ENCRYPTING DATA IN
`CONJUNCTION WITH A PERSONAL
`COMPUTER
`
`CROSS-REFERENCE TO RELATED
`APPLICATIONS
`
`This application is a continuation-in-part of, and claims
`the benefit of, U.S. application Ser. No. 08/609,273, filed
`Mar. 1, 1996, which itself is a continuation of, and claims the
`benefit of, U.S. application Ser. No. 08/210,200, filed Mar.
`18, 1994, now U.S. Pat. No. 5,517,569, issued May 14,
`1996.
`
`TECHNICAL FIELD
`
`The present invention relates, generally, to methods and
`apparatus for encrypting and manipulating confidential data
`and, more particularly, to techniques for transmitting
`encrypted data to a host computer from a remote personal 20
`computer.
`
`2
`industry regulations are calculated to limit the extent to
`which confidential data may be transmitted in a non(cid:173)
`encrypted form. In the context of a PC used to remotely
`effect a commercial transaction, it is possible to encrypt the
`5 confidential data at the PC and thereafter transmit the
`encrypted data to the host computer. However, presently
`known systems generally require that the confidential data
`(e.g., PIN) be entered into the computer via the keyboard
`associated with the PC, whereupon the PC's processor
`10 controls the encryption process. Thus, the data is essentially
`transmitted from the keyboard to the PC mother board over
`the physical wires connecting the keyboard to the PC box.
`Thereafter, the unencrypted data, i.e., prior to completing the
`encrypting process, necessarily resides on the mother board,
`15 for example prior to and during the encryption process. It is
`believed that sophisticated electronic "listening" devices
`could thus be employed to detect the confidential data
`between the time it is entered into the keyboard by the user
`and the time at which encryption is complete.
`A system is thus needed which overcomes the shortcom(cid:173)
`ings of the prior art.
`
`SUMMARY OF THE INVENTION
`
`BACKGROUND ART AND TECHNICAL
`PROBLEMS
`
`Systems for performing financial transactions from a
`remote location, e.g., the home, office, or retail facility, are
`becoming increasingly popular. The proliferation of per(cid:173)
`sonal computers, and particularly in conjunction with
`modems, permits a consumer to effect bill paying, retail
`purchasing, banking, and other commercial transactions 30
`remotely, thus avoiding the need to travel to attend to routine
`commercial matters.
`Presently known systems typically comprise a host com(cid:173)
`puter located at a central data processing site, which is 35
`configured to communicate with a large number of remote
`personal computers (PC). When an individual desires to
`effect a financial transaction, for example to order merchan(cid:173)
`dise and pay for the merchandise or services via a credit
`account, debit account, digital "coins" or the like, the user 40
`constructs a data link between his PC and the host computer
`via the PC's modem. Upon ordering the appropriate
`merchandise, the user may enter an account (e.g., credit
`card) number corresponding to the account to which the
`merchandise is to be charged. The purchase request is then 45
`transmitted from the PC to the host computer, whereupon the
`transaction is verified by the host computer.
`Presently known systems are limited, for example, in their
`ability to effect the real time transfers of funds, due to
`various problems associated with the transmission of 50
`encrypted data. More particularly, real time transfers of
`funds are typically effected through the use of an automatic
`teller machine (ATM). In a typical ATM transaction, the user
`enters an account number onto a keypad or, alternatively,
`inserts a bank card into the ATM whereupon the account 55
`information is "read" from the magnetic strip located on the
`back of the bank card. Thereafter, the user enters a personal
`identification number (PIN) into the keypad to enable the
`transaction. By properly entering the PIN associated with
`the bank card, the fraudulent use of such cards is greatly 60
`reduced. The extension of the aforementioned ATM para(cid:173)
`digm to home use is problematic, however, in that presently
`known systems for transmitting encrypted data (e.g., PINS)
`are unsatisfactory.
`More particularly, although techniques for encrypting 65
`PINs and other confidential data and information are gen(cid:173)
`erally well known, current banking and other financial
`
`The present invention provides methods and apparatus for
`25 transmitting encrypted data which overcomes the shortcom(cid:173)
`ings of the prior art.
`In accordance with one aspect of the present invention, a
`system for transmitting encrypted data comprises a host
`computer connected to a remote data processing device (e.g.,
`a desktop-type PC, laptop computer, or the like) which
`includes a keyboard or other suitable mechanism for enter(cid:173)
`ing confidential data into the remote device. In accordance
`with a first embodiment of the invention, the remote pro(cid:173)
`cessing device comprises a laptop PC having an integral
`alphanumeric keyboard, with an encryption module con(cid:173)
`nected to the PS/2 port of the laptop. In accordance with this
`first embodiment, the encryption module comprises a key(cid:173)
`pad or other data capture device which permits the user to
`directly enter confidential data ( e.g, PIN) into the encryption
`module. The encryption module thereafter encrypts the
`confidential data and transmits the encrypted data to the
`laptop PC, whereupon the encrypted data may be transmit(cid:173)
`ted to the host computer via modem. In this way, the data
`need not reside in the PC in an unencrypted form; moreover,
`the data is transmitted from the encryption module to the
`laptop in an encrypted form, thereby reducing the risk that
`electronic "listening" devices may intercept the unencrypted
`data.
`In accordance with a second embodiment of the present
`invention, the encryption circuitry is integrated into a
`keyboard, mouse, or other peripheral associated with a
`desktop, laptop, or other PC, such that confidential data may
`be encrypted in the peripheral device itself, whereupon the
`confidential data is transmitted to the PC and manipulated by
`the PC in an encrypted form.
`In accordance with a third embodiment of the present
`invention, a self-contained, stand-alone transaction module
`comprises a processor having an integral data acquisition
`module (e.g., keypad) associated therewith, such that con(cid:173)
`fidential data may be entered into the keypad and encrypted
`within a single, integral unit, thus avoiding the need for
`transmission wires between a remote keypad and the encryp(cid:173)
`tion processing circuitry.
`In accordance with a further aspect of the invention, the
`encryption module may be configured to transmit and/or
`receive confidential data to and/or from a remote computer
`
`
`
`5,815,577
`
`3
`in addition to the PC. The encryption module may also be
`equipped with various peripheral devices useful in entering
`data and information, for example magnetic head card
`readers, "smart card" or integrated circuit card (ICC)
`readers, bar code readers, voice recognition devices, 5
`scanners, and the like. In this way, confidential data in
`virtually any medium may be captured by the encryption
`module and encrypted prior to transmission to the PC and/or
`subsequent processing, such that the potential for the unau(cid:173)
`thorized detection of the unencrypted data is minimized.
`
`4
`performance of host computer system 102, and an audit
`system 116 which permits the operator of system 100 to
`periodically audit the data and information resident within
`host computer 102.
`As discussed in greater detail below, various networks
`104-108 are suitably operated by independent entities which
`desire to conduct business and/or other transactions with
`various consumers through host computer 102, for example
`wherein each of respective PCs llOA-llON are conve-
`10 niently disposed within a consumer's home, office, retail
`outlet, and the like.
`In accordance with a preferred embodiment of the present
`invention, data, including confidential data, may be entered
`into one of respective PCs 110, and encrypted as discussed
`15 in greater detail below, the encrypted data thereafter being
`transmitted from the PC to host computer 102 along a
`suitable data link 118. In accordance with one aspect of the
`invention, data link 118 may comprise a transmission wire
`(e.g., a telephone line, fiber optic cable, or the like) or
`20 alternatively may comprise a wireless link, for example
`microwave, radio frequency (RF) or other suitable data
`transmission medium.
`Referring now to FIG. 2, in accordance with a preferred
`embodiment of the present invention, an exemplary PC 110
`suitably comprises a screen 202, a box 204 for housing, inter
`alia, the computing circuitry associated with PC 110, a
`keyboard 206 connected to box 204 via a connector 210, and
`a mouse 208 useful in executing interactive programs. In a
`30 first preferred embodiment of the present invention, an
`encryption module 214 may be conveniently interposed
`between keyboard 206 and box 204, for example in series
`with connector 210. In the illustrated embodiment, module
`214 suitably comprises a module connector 212 configured
`to permit easy installation of module 214. More particularly,
`a distal end 216 of connection 210 is normally plugged into
`a mating connector (not shown) on box 204 during normal
`operation of the PC. When it is desired to install module 214,
`connector end 216 may simply be detached from box 204,
`40 and a distal end 218 of connector 212 connected to box 204
`at the same site; connector end 216 of connector 210 is
`suitably connected to module 214, for example in much the
`same manner as distal end 216 would otherwise be con(cid:173)
`nected to box 204. In this way, module 214 may be conve-
`45 niently interposed between keyboard 206 and box 204
`without opening box 204, a procedure not readily acceptable
`to most computer users.
`In an alternate embodiment of the subject invention, the
`encryption circuitry and various of the peripheral devices
`50 discussed herein associated with module 214 may be con(cid:173)
`veniently incorporated into keyboard 206 during manufac(cid:173)
`ture or, retrofit, thus avoiding the need for at least the keypad
`portion of module 214.
`With momentary reference to FIG. 3, yet a further alter-
`55 native embodiment suitably comprises a self contained,
`integral module 300 including at screen 306, a computer
`304, a keyboard 302, a modem connection 308, and an
`accessory connector 310 for interfacing module 300 with
`various preferred devices, for example bar code readers,
`60 smart card readers, magnetic strip readers and the like. In
`accordance with the embodiment in FIG. 3, only those
`components necessary to effect the specific functions dis(cid:173)
`cussed need be incorporated into module 300 resulting in
`substantial cost savings over the PC embodiment shown in
`65 FIG. 2. However, it will be appreciated that, for those
`consumers who already own a PC, the embodiment illus(cid:173)
`trated in FIG. 2 may be preferable inasmuch as a conven-
`
`BRIEF DESCRIPTION OF IBE DRAWING
`FIGURES
`
`The present invention will hereinafter be described in
`conjunction with the 25 appended drawing figures, wherein
`like numerals designate like elements, and
`FIG. 1 is a schematic block diagram of a transaction
`authorization system in accordance with the present inven(cid:173)
`tion;
`FIG. 2 is a front elevation view of a PC having an
`encryption module integrated therewith;
`FIG. 3 is a schematic block diagram of an integral
`encryption module;
`FIGS. 4 and 6-10 are flow charts setting forth the opera- 25
`tion of an exemplary application program executed by the
`PC of FIG. 2 in accordance with the present invention;
`FIG. 5 is a display of various icons useful in conjunction
`with the software shown in FIG. 4;
`FIG. 11 is an alternate embodiment of the encryption
`module shown in FIG. 2;
`FIG. 12 is a schematic block diagram of the functional
`aspects of the encryption module of FIG. 2;
`FIG. 13 is a schematic circuit diagram of the processor 35
`embodied in the encryption module of FIG. 2;
`FIG. 14 is a schematic circuit diagram of the keypad
`shown in FIG. 2;
`FIG. 15 is a schematic circuit diagram of an analog switch
`used in the encryption module of the present invention;
`FIGS. 16 and 17 are schematic circuit diagrams of a
`magnetic strip reader circuit;
`FIGS. 18-20 are schematic memory maps of various
`memory sectors associated with the processor of FIG. 13;
`FIGS. 21-36, are flow chart diagrams setting forth various
`functional features of the encryption module of the present
`invention; and
`FIGS. 37-39, are block diagram schematic drawings of
`various embodiments of the present invention.
`
`DETAILED DESCRIPTION OF PREFERRED
`EXEMPLARY EMBODIMENTS
`Referring now to FIG. 1, a remote transaction system 100
`suitably comprises a host computer system 102 which may
`be interfaced with one or more transaction networks, for
`example a bill paying network 104, a banking system
`network 106, and various other network systems 108, for
`example state lottery purchase networks, retail shopping
`purchase networks, mail order purchase networks, and the
`like. Remote transaction system 100 further comprises a
`plurality of remote data processing terminals llOa-llOn, for
`example a PC of the type typically used by a home con(cid:173)
`sumer. Remote transaction system 100 may also comprise
`various diagnostic and maintenance apparatus, for example
`a network transmit test system 112 and a network transmit
`receive system 114 suitably utilized to periodically test the
`
`
`
`5,815,577
`
`15
`
`20
`
`25
`
`5
`tional PC may be readily adapted in accordance with the
`present invention by incorporating module 214 into PC 110.
`Referring now to FIGS. 4--10, an exemplary remote
`transaction application program useful in accordance with
`the present invention will now be described.
`With particular reference to FIG. 4, a suitable application
`program may be executed using a (WINDOWS) format
`which presents the user with various menu selections. Those
`skilled in the art will appreciate that the user may select
`various options using keyboard 206 or mouse 208 (see FIG. 10
`2) as is known in the art. Although the subject application
`program is described herein in the context of the WIN(cid:173)
`DOWS embodiment, it will be appreciated that the subject
`invention may be implemented in the context of any con-
`venient applications environment.
`With continued reference to FIG. 4, upon activating the
`WINDOWS capability of PC 110 (step 402), the user may
`select one of a plurality of menu options 406-416, for
`example by double clicking mouse 208 (step 404). More
`particularly and with momentary reference to FIG. 5, the
`user may select banking operation 406 corresponding to icon
`506, a bill paying operation 408 represented by icon 508, a
`neighborhood shopping operation 410 represented by icon
`510, a mail ordering operation 412 represented by icon 512,
`a state lottery operation 414 represented by icon 514, a file
`operations 416 corresponding to 516, at PC setup operation
`418 corresponding to icon 518, a hardware test operation
`420 corresponding to icon 520, a display time operation 422
`corresponding to icon 522, or a tutorial operation 424
`represented by icon 524. Although the illustrated icons
`shown in FIG. 5 are useful in the context of the illustrated
`embodiment, it will be appreciated that any suitable icon or
`other mechanism for selecting various program options may
`be employed in the context of the present invention.
`Moreover, the menu options set forth in FIGS. 4 and 5 are
`merely exemplary; various combinations of the menu
`options shown in the Figures, alone or in combination with
`other menu options not set forth herein may also be
`employed in the context of the present invention.
`With continued reference to FIG. 4, tutorial operation 424
`suitably entails an explanation of the various menu options
`and an explanation of how to use the options. Display time
`option 422 suitably displays the system time in any desired
`format. Hardware test operation 420 is suitably configured 45
`to allow the user to verify the integrity of various hardware
`components and preferable devices useful in the context of
`the present invention.
`Setup operation 418 suitably permits the user to configure
`various parameters associated with the operation of the 50
`system and methods discussed herein.
`File operation 416 suitably allows the user to manipulate
`various data structures useful in the context of the present
`invention.
`Lottery operation 414 may be configured to permit the 55
`user to purchase lottery tickets for example via modem from
`his state of residence or from any other state or municipality,
`depending on the regulation governing the sale of such
`tickets.
`Mail ordering operation 412 suitably entails procedures
`for ordering merchandise from PC 110, for example from a
`mail order catalog. In this regard, module 214 (see FIG. 2)
`or, alternatively, box 204 may be suitably equipped with a
`bar code reader so that merchandise may be automatically
`selected by scanning the bar code associated with the
`merchandise. The same bar code technique may also be
`employed in the context of shopping operation 410, which
`
`6
`suitably entails procedures for permitting a user to order
`various products (e.g., grocery products) by entering the
`ordered item into PC 110.
`In accordance with the further aspect of the invention,
`5 neighborhood shopping operation 410 may be further imple(cid:173)
`mented with the use of a bar code reader in the following
`manner.
`Various consumer products are typically equipped with a
`UPC label, bar code, or other indicia representing the
`particular product. A bar code reader assembly (not shown),
`for example a hand held wand, may be suitably used by the
`consumer to enter into a memory array associated with the
`bar code reader products which the consumer desires to
`purchase, for example from a grocery store. After accumu-
`lating products which the consumer desires to purchase for
`a period of time, the product digit stored in the bar code
`reader memory may be "dumped" into an appropriate
`memo