IC card and an identification system thereof

US 4,650,975 A
Filed: 08/30/1984
Issued: 03/17/1987
Est. Priority Date: 08/30/1984
Status: Expired due to Term

First Claim

Patent Images

1. An IC card having an IC circuit, which comprises:

first memory means for storing at least a plurality of personal data of a card holder;

second memory means for storing production master key (PMK) data preset at a first stage and used for checking validity of a card holder when an IC card is transferred from the first stage to a second stage, and for storing initialization personal identificaton number (IPIN) data used for checking validity of a card holder when an IC card is transferred from the second stage to a third stage;

third memory means for storing at least personal identification (PIN) data set by a card holder at the third stage for checking validity of the card holder when a future transaction is performed by the card holder by using the IC card;

interface means for controlling data which is output from the IC card and data which is input to the IC card to be compared with the data stored in at least said second and third memory means;

comparing means for comparing a PMK data input to the IC card via said interface means for checking validity of the card holder at the second stage when the IC card is transferred from the first stage to the second stage with the PMK data stored in said second memory means, and for comparing an IPIN data input to the IC card via the interface means for checking validity of a card holder when the IC card is transferred from the second stage to the card holder at the third stage with the IPIN data stored in said second memory means; and

means for permitting reading and/or writing at least one of said first to third memory means in accordance with a coincidence signal obtained from said comparing means.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A plurality of secret data for identifying IC cards is stored in a memory which is provided in an IC circuit incorporated in the IC card. When an IC card is supplied to an issuer from a manufacturer, a sealed sheet on which a production master key (PMK) data is printed is separately sent to the issuer from the manufacturer. The PMK data printed on the sealed sheet is supplied to the IC card to be compared with a PMK data stored therein. The entrance of a primary account number (PAN) data to the IC card is allowed only when a coincidence signal is obtained. An initialization personal identification number (IPIN) data is printed on a sealed sheet which is separately sent to a card holder from the issuer. At the card holder'"'"'s stage, the IPIN data and an IPIN data stored in the IC card are compared with each other. The registration of the personal identification number to the IC card may be performed only when a coincidence signal is obtained.

109 Citations

View as Search Results

51 Claims

1. An IC card having an IC circuit, which comprises:
- first memory means for storing at least a plurality of personal data of a card holder;
  
  second memory means for storing production master key (PMK) data preset at a first stage and used for checking validity of a card holder when an IC card is transferred from the first stage to a second stage, and for storing initialization personal identificaton number (IPIN) data used for checking validity of a card holder when an IC card is transferred from the second stage to a third stage;
  
  third memory means for storing at least personal identification (PIN) data set by a card holder at the third stage for checking validity of the card holder when a future transaction is performed by the card holder by using the IC card;
  
  interface means for controlling data which is output from the IC card and data which is input to the IC card to be compared with the data stored in at least said second and third memory means;
  
  comparing means for comparing a PMK data input to the IC card via said interface means for checking validity of the card holder at the second stage when the IC card is transferred from the first stage to the second stage with the PMK data stored in said second memory means, and for comparing an IPIN data input to the IC card via the interface means for checking validity of a card holder when the IC card is transferred from the second stage to the card holder at the third stage with the IPIN data stored in said second memory means; and
  
  means for permitting reading and/or writing at least one of said first to third memory means in accordance with a coincidence signal obtained from said comparing means.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 31, 32, 37)
- - 2. An IC card according to claim 1, wherein said IC circuit includes designating means for designating as data compared with the external data any one of data stored in said second and third memory means.
  - 3. An IC card according to claim 2, wherein said designating means designates the PMK data in said second memory means in an initial state, and said IC circuit includes means for allowing primary account number (PAN) data representing card issuance at the second stage to be written into said first memory means when said comparing means detects a coincidence between the external data and the PMK data stored in said second memory means, and means for changing designation by said designating means to designation of the IPIN data.
  - 4. An IC card according to claim 3, wherein said IC circuit includes means for allowing any PIN data selected by the card holder to be written into said third memory means when said comparing means detects a coincidence between the external data and the IPIN data stored in said second memory, and means for changing designation by said designating means to designation of the PIN data.
  - 5. An IC card according to claim 1, wherein said first memory means stores different types of card authentication (CA) data in units of IC cards.
  - 6. An IC card according to claim 1, wherein said IC circuit includes counting means for counting the number of succeeding noncoincidence signals from said comparing means, and means for inhibiting data read/write operation of said first, second and third memory means and invalidating a corresponding IC card when a count of said counting means has reached a predetermined number.
  - 7. An IC card according to claim 1, wherein said IC circuit includes means for decrypting externally supplied encrypted data.
  - 8. An IC card according to claim 7, wherein said first memory means stores private key (PRK) data representing a key for decryption.
  - 9. An IC card according to claim 1, wherein at least one of said first, second and third memory means comprises an EP-ROM (Erasable Programmable Read Only Memory).
  - 31. An IC card according to claim 1, wherein said first stage occurs at a manufacturer of said card, said second stage occurs at an issuer of said card, and said third stage occurs by the card holder to whom the card has been issued.
  - 32. An IC card according to claim 1, wherein said comparing means compares PIN data which is input to the IC card via the interface means for checking the card holder with the PIN data stored in said third memory means.
  - 37. An IC card according to claim 31, wherein the IPIN data is preset together with the PMK at the first stage in said second memory means.

10. An IC card identification system comprising:
- an IC card incorporating an IC circuit including a memory for storing a plurality of secret data, the plurality of secret data including at least production master key (PMK) data preset at a first stage and initialization personal identification number (IPIN) data;
  
  printout means for confidentially printing out the PMK data at the first stage on a first sealed sheet, said IC card and the first sealed sheet being delivered to a card holder at a second stage;
  
  means for identifying the PMK data obtained by entering the PMK data printed on said first sealed sheet with the PMK data stored in said memory of said IC card;
  
  means for storing primary account number (PAN) data in said IC card upon detection of a coincidence between the entered PMK data and the PMK data stored in said memory and for printing out the IPIN data read out from said memory on a second sealed sheet, said IC card and the second sealed sheet being delivered to a card holder at a third stage;
  
  means for identifying IPIN data entered by the IPIN data printed on said second sealed sheet with the IPIN data stored in said memory of said IC card; and
  
  means for storing personal identification number (PIN) data which is arbitrarily selected by the card holder in the IC circuit upon detection of a coincidence between the entered IPIN data and the IPIN data stored in said memory.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 38, 39)
- - 11. A system according to claim 10, further including means for invalidating issuance of said IC card when the coincidence between the entered PMK data and the PMK data stored in said memory or between the entered IPIN data and the IPIN data stored in said memory is not established.
  - 12. A system according to claim 10, wherein at least one of the PMK data and the IPIN data which are stored in said memory is generated by using outputs from a random number generator.
  - 13. A system according to claim 10, further including a terminal which is installed at a point of sales (POS) and which includes means for inputting said PIN data by a card holder to identify said IC card presented by the card holder.
  - 14. A system according to claim 13, wherein said IC card includes means for reading PIN data input by the card holder through said terminal, said IC card including comparing means for comparing read PIN data with the pin data stored therein.
  - 15. A system according to claim 14, wherein said IC card includes means for transferring identification result data obtained by comparison in said IC card to said terminal, and said terminal includes means for producing an alarm in accordance with the identification result data transferred thereto.
  - 16. A system according to claim 14, wherein said PIN data comparing means includes retry executing means for retrying comparison operations a predetermined number of times.
  - 38. An IC card identification system according to claim 10, wherein the IPIN data is preset in the memory of the IC card.
  - 39. An IC card identification system according to claim 10, wherein said first stage is manufacturing of the IC card by a manufacturer, said second stage is issuing of the IC card by an issuer, and said third stage is possessing of the IC card by the customer.

17. An IC card identification system comprising:
- an IC card incorporating an IC circuit including a memory for storing card authentication (CA) data preset by a manufacturer and given such that different CA data are assigned in units of IC cards;
  
  a host computer for reading out the different CA data from the respective IC cards and storing all the CA data in a data base; and
  
  a terminal, connected to said host computer through a data transmission means, for identifying a presented IC card,said terminal having readout means for reading out the CA data from the presented IC card, means for encrypting predetermined transaction message data in accordance with the CA data from the presented IC card, and means for transmitting encrypted predetermined transaction message data to said host computer, and said host computer having means for decrypting the encrypted transaction message data by using the CA data stored in the data base, means for discriminating whether or not the decrypted transaction message data is the predetermined transaction message data in said terminal, and means for transmitting a discriminated result to said terminal.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 18. A system according to claim 17, wherein said terminal includes means for transmitting designation data for designating the CA data stored in the data base in said host computer prior to transmission of the encrypted transaction message data, and said host computer includes means for designating the CA data in the data base in accordance with the designation data.
  - 19. A system according to claim 17, wherein said memory of said IC card and the data base of said host computer store pairs of different CA data and corresponding primary account number (PAN) data.
  - 20. A system according to claim 19, wherein the predetermined transaction message data comprises PAN data stored in the IC card, and said host computer includes means for reading out the PAN data which is compared with the CA data used for decryption of the predetermined transmission message data and means for discriminating a coincidence between the PAN data and the decrypted transaction message data.
  - 21. A system according to claim 17, wherein encryption and decryption by the CA data is based on a DES (Data Encryption Standard).
  - 22. A system according to claim 17, wherein said terminal includes means for discriminating the discrimination result sent from said host computer, and means for producing an alarm in accordance with a discrimination by said discriminating means.
  - 23. A system according to claim 17, wherein said transmitting means in said host computer includes means for sending data obtained by encrypting the CA data in accordance with discrimination result data.
  - 24. A system according to claim 23, wherein the encryption by the CA data is based on a DES (Data Encryption Standard).
  - 25. A system according to claim 24, wherein said terminal includes means for decrypting the encrypted data from said terminal by using the CA data read out from said IC card.
  - 26. A system according to claim 23, wherein said terminal includes means for discriminating the predetermined result sent from said host computer, and means for producing an alarm indication in accordance with a discrimination by said discriminating means.

27. An IC card identification system comprising:
- an IC card incorporating an IC circuit including a memory for storing first key data; and
  
  a terminal for storing second key data and for identifying an IC card presented by a card holder, the second key data being different from the first key data but having a correlation with the first key data in a one-to-one correspondence in accordance with a predetermined function,said terminal having means for encrypting predetermined test message data in accordance with the second key data and means for transmitting encrypted test message data to said IC card,said IC card having means for receiving the encrypted test message data and decrypting the message data by the first key data stored therein and means for transmitting decrypted test message data to said terminal, andsaid terminal further including means for comparing the decrypted test message data from said IC card with a predetermined self test message, and means for producing an alarm of a comparison result.
- View Dependent Claims (28, 29, 30, 40, 41)
- - 28. A system according to claim 27, wherein the first key data comprises different key data in units of issuers issuing corresponding IC cards, the first key data being identical for each issuer.
  - 29. A system according to claim 28, wherein said terminal has means for storing second key data corresponding to the different PRK data in units of issuers, and means for designating only one second key data corresponding to an IC card presented by the card holder.
  - 30. A system according to claim 27, wherein the predetermined function comprises one-way functions which depend on an encryption scheme based on an RSA-algorithm.
  - 40. A system according to claim 27, wherein said first key data is an issuer'"'"'s private key (PRK) data, and said second key data is an issuer'"'"'s public key data.
  - 41. A system according to claim 27, wherein said terminal further includes means for preventing the first key data from being read out of said terminal.

33. A method for producing an IC card having a memory means therein which is accessible by a card holder for reading and/or writing operations on said IC card, comprising the steps of:
- storing at least a plurality of personal data of a card holder;
  
  storing production master key (PMK) data preset at a first stage and used for checking validity of a card holder when an IC card is transferred from the first stage to a second stage;
  
  storing initialization personal identification number (IPIN) data used for checking validity of a card holder when an IC card is transferred from the second stage to a third stage;
  
  storing at least a personal identification number (PIN) data set by a card holder at the third stage for checking validity of the card holder when a future transaction is performed by the card holder by using the IC card;
  
  controlling data output from the IC card and data input to the IC card for comparison with data stored in said memory means;
  
  comparing a PMK data input to the IC card for checking the validity of the card holder at the second stage when the IC card is transferred from the first stage to the second stage with the PMK data stored in said memory means;
  
  comparing IPIN data input to the IC card for checking validity of a card holder when the IC card is transferred from the second stage to the card holder at the third stage with the IPIN data stored in said memory means; and
  
  permitting reading from and/or writing into said memory means in accordance with a coincidence signal obtained from said comparison step.

34. A method for providing an IC card identification comprising the steps of:
- storing in a memory carried on said IC card a plurality of secret data, the plurality of secret data including at least production master key (PMK) preset at a first stage and initialization personal identification number (IPIN) data;
  
  printing out the PMK data in the memory on a first sealed sheet at the first stage;
  
  delivering the IC card and the first sealed sheet to a card holder at a second stage;
  
  identifying the PMK data obtained by entering the PMK data printed on the first sealed sheet with the PMK data stored in the memory of said IC card;
  
  storing primary account number (PAN) data in the memory upon detection of a coincidence between the entered PMK data and the PMK data stored in said memory and for printing out the IPIN data read out from said memory onto a second sealed sheet;
  
  delivering the IC card and said second sealed sheet to a card holder at a third stage;
  
  identifying IPIN data entered by the IPIN data printed on said second sealed sheet with the IPIN data stored in said memory of said IC card; and
  
  storing personal identification number (PIN) data which is arbitrarily selected by the card holder in the memory upon detection of a coincidence between the entered IPIN data and the IPIN data stored in said memory.

35. A method for providing an IC card identification, comprising the steps of:
- incorporating an IC circuit including a memory into an IC card for storing card authentication (CA) data preset by a manufacturer and given such that different CA data are assigned in units of IC cards;
  
  reading out the different CA data from the respective IC cards and storing all the CA data in a data base in a host computer;
  
  reading out the CA data from the presented IC card with a terminal having readout means;
  
  encrypting a predetermined transaction message data in accordance with the CA data from the presented IC card;
  
  transmitting encrypted predetermined transaction message data to said host computer;
  
  decrypting with said host computer the encrypted transaction message data by using the CA data stored in the data base;
  
  discriminating whether or not the decrypted transaction message data is the predetermined transaction message date in said terminal; and
  
  transmitting a discriminated result to the terminal.

36. A method for providing an IC card identification, comrpising the steps of:
- incorporating into an IC card an IC circuit including a memory for storing first key data;
  
  storing the second key data in a terminal;
  
  identifying an IC card presented by a card holder to said terminal;
  
  setting the second key data to be different from the first key data but having a correlation with the first key data in a one-to-one correspondence in accordance with a predetermined function;
  
  encrypting predetermined test message data in accordance with the second key data and transmitting encrypted test message data to the IC card;
  
  receiving the encrypted test message and decrypting the message data by the first key data stored therein, and transmitting decrypted test message data to said terminal; and
  
  comparing the decrypted test message data from said IC card with a predetermined self test message; and
  
  producing an alarm of a comparison result.

42. A method for identifying an IC card, comprising the steps of:
- (a) storing production master key (PMK) data in a memory means of the IC card at a first stage to check the validity of a card holder, and then delivering the IC card to a second stage;
  
  (b) comparing, in said IC card at the second stage, the PMK data stored in said memory means with PMK data input to said IC card, and delivering the IC card to a third stage when the compared PMK data stored in the card and input to the card are identical; and
  
  (c) comparing, in said IC card at a third stage, initialization personal identification number (IPIN) data stored in the IC card with IPIN data which is input to said IC card, and storing personal identification (PIN) data in the memory means of the IC card when the compared IPIN data stored in the card and input to it are identical.
- View Dependent Claims (43, 44, 45)
- - 43. A method according to claim 42, wherein the step (a) further includes:
    - confidentially printing the PMK data stored in said memory means on a first sealed sheet, anddelivering the IC card and the first sealed sheet to the second stage.
  - 44. A method according to claim 43, wherein step (b) further includes:
    - confidentially printing the IPIN data stored in said memory means on a second sealed sheet, anddelivering the IC card and the second sealed sheet to the third stage.
  - 45. A method according to claim 42, wherein in step (a) the IPIN data is stored together with PMK data in said memory means.

46. An IC card system comprising:
- an IC card; and
  
  a terminal provided at a manufacturer for communicating with the IC card, said terminal including means for generating a signal to start a test on an internal circuit of the IC card,said IC card including testing means having a testing program for testing the internal circuit of the IC card and being responsive to the signal from said terminal for starting the test.
- View Dependent Claims (47, 48, 49, 50)
- - 47. An IC card system according to claim 46, wherein said IC card includes an initializing means for initializing said internal circuit, and the internal circuit of the initialized IC card is tested by said testing means when said signal is supplied from said terminal to said IC card.
  - 48. A system according to claim 47, wherein said terminal comprises control means for confirming that said testing means detects no abnormal test results with respect to an internal circuit, and identification data for checking the validity of an issuer is input through said terminal and is then stored in said IC card when said testing means detects no abnormal conditions of the internal circuit of said IC card.
  - 49. A system according to claim 48, wherein said identification data is PMK data.
  - 50. A system according to claim 48, wherein said terminal further includes means for printing the PMK data.

51. An IC card system comprising:
- an IC card having an IC circuit; and
  
  a terminal for transmitting data to said IC card and/or a host compoter and receiving data from said IC card and/or the host computer;
  
  said terminal including memory means for storing a flag representing whether said terminal is set in a first mode or a second mode, whereby the terminal communicates with the host computer when said flag is set in the first mode, and is inhibited from communicating with the host computer when said flag is set in the second mode;
  
  said IC card further including means for checking authenticity of at least one of said IC card and said terminal, and wherein after at least one of said IC card and terminal is found to be authentic, the data stored in said memory means is checked to confirm whether data should be transmitted between said IC card and said terminal in the first mode or the second mode.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Casio Computer Company Limited
Original Assignee
Casio Computer Company Limited
Inventors
Kitchener, Robert A.
Primary Examiner(s)
TRAFTON, DAVID

Application Number

US06/645,925
Time in Patent Office

929 Days
Field of Search

235/492, 235/380, 235/375
US Class Current

235/375
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3558   Preliminary personalisation...

G06Q 20/3672   initialising or reloading t...

G07F 7/084   Additional components relat...

G07F 7/10   together with a coded signa...

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

IC card and an identification system thereof

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

109 Citations

51 Claims

Specification

Use Cases

Quick Links

Others

IC card and an identification system thereof

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

109 Citations

51 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others