Secure data interchange system erasing a card memory upon an invalid response
First Claim
1. An electronic card for use in a secure data interchange system having a terminal adapted to receive and communicate with said electronic card, said card having means for communicating with said terminal and having a memory for storing program algorithms and data therein including valid terminal verification data and valid user identification request data;
- said electronic card comprising;
means for monitoring, for a predetermined period of time, immediately following insertion of said card in said terminal, an output from said terminal for a terminal verification message and being operable to erase said memory when said terminal verification message is not received within said predetermined period of time and being responsive to said terminal verification message received within said predetermined period of time, by comparing said received terminal verification message to said stored valid terminal verification message and being operable to erase said memory when said received terminal verification message is not valid; and
means for monitoring, following receipt of a valid terminal verification message, the output from said terminal for a user identification request and being responsive to said user identification request by comparing said received user identification request to said stored valid user identification request and being operable to erase said memory when said user identification request is not valid and being operable to erase said memory when said received request is an attempt to read data from said memory before receipt of said valid user identification request.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems for interchanging information, for example, obtaining cash from a terminal by use of a portable device such as a credit card are well-known but suffer from being vulnerable to fraud. In the invention a highly secure information interchange system is achieved by utilizing an intelligent card as the portable device which verifies that the terminal is a valid one and the terminal in turn verifies that the card is valid. Unauthorized users are screened out by means of a physical characteristic scan of the user such as a fingerprint which is then compared with comparable data stored on the portable device. If an invalid terminal attempts to communicate with the card, the card erases the data and programs from its memory. All programs and data in the terminal are stored in memory which loses its contents when power is interrupted, thus improving the security of the system by making unauthorized use of a terminal very difficult. The terminal can only be brought back up by authorized personnel with their own access portable devices. Both a system and a method are claimed.
-
Citations
21 Claims
-
1. An electronic card for use in a secure data interchange system having a terminal adapted to receive and communicate with said electronic card, said card having means for communicating with said terminal and having a memory for storing program algorithms and data therein including valid terminal verification data and valid user identification request data;
- said electronic card comprising;
means for monitoring, for a predetermined period of time, immediately following insertion of said card in said terminal, an output from said terminal for a terminal verification message and being operable to erase said memory when said terminal verification message is not received within said predetermined period of time and being responsive to said terminal verification message received within said predetermined period of time, by comparing said received terminal verification message to said stored valid terminal verification message and being operable to erase said memory when said received terminal verification message is not valid; and means for monitoring, following receipt of a valid terminal verification message, the output from said terminal for a user identification request and being responsive to said user identification request by comparing said received user identification request to said stored valid user identification request and being operable to erase said memory when said user identification request is not valid and being operable to erase said memory when said received request is an attempt to read data from said memory before receipt of said valid user identification request. - View Dependent Claims (2, 3)
- said electronic card comprising;
-
4. An electronic card for use in a secure data interchange system having a terminal adapted to receive and communicate with said electronic card, said card comprising:
-
means for communicating with said terminal; memory for storing program algorithms and data therein including valid terminal verification data, valid user identification request data, and information indicative of a predetermined user of said card; means for monitoring, for a predetermined period of time, immediately following insertion of said card in said terminal, an output from said terminal for a terminal verification message and being operable to erase said memory when said terminal verification message is not received within said predetermined period of time and being responsive to said terminal verification message received within said predetermined period of time, by comparing said received terminal verification message to said stored valid terminal verification message and being operable to erase said memory when said received terminal verification message is not valid; means for monitoring, following receipt of a valid terminal verification message, the output from said terminal for a user identification request and being responsive to said user identification request by comparing said received user identification request to said stored valid user identification request and being operable to erase said memory when said user identification request is not valid identification instruction message and being operable to erase said memory when said received request is an attempt to read data from said memory before receipt of said valid user identification request; each of said means for monitoring is a microprocessor; and said means for monitoring, following receipt of a valid terminal verification message, being operable to read said predetermined user information from said memory and being operable to transmit to said terminal said predetermined user information, upon receipt of said valid user identification request. - View Dependent Claims (5, 6, 7, 8)
-
-
9. A method for providing a secure electronic card for use in a data interchange system, wherein a terminal is adapted to receive and communicate with the electronic card and wherein said card has means for communicating with said terminal and a memory for storing data and program algorithms therein including valid terminal verification data and valid user identification request data, said method comprising:
-
monitoring by said card for a predetermined period of time, immediately following insertion of said card in said terminal, an output from said terminal for a terminal verification message; erasing said memory when said terminal verification message is not received within said predetermined period of time, and comparing said terminal verification message received within said predetermined period of time to said stored valid terminal verification message, and erasing said memory when said terminal verification message is not valid; monitoring by said card, following receipt of a valid terminal verification message, the output from said terminal for a user identification request from said terminal and comparing said received user identification request to said stored valid user identification request; and erasing said memory when said user identification request is not valid, and erasing said memory when said request is an attempt to read data from said memory before receipt of a valid user identification request. - View Dependent Claims (10, 11)
-
-
12. A method for providing a secure electronic card for use in a data interchange system, wherein a terminal is adapted to receive and communicate with the electronic card and wherein said card has means for communicating with said terminal and a memory for storing data and program algorithms therein including valid terminal verification data and valid user identification request data, said method comprising:
-
monitoring by said card for a predetermined period of time, immediately following insertion of said card in said terminal, an output from said terminal for a terminal verification message; erasing said memory when said terminal verification message is not received within said predetermined period of time, and comparing said terminal verification message received within said predetermined period of time to said stored valid terminal verification message, and erasing said memory when said terminal verification message is not valid; monitoring by said card, following receipt of a valid terminal verification message, the output from said terminal for a user identification request from said terminal and comparing said received user identification request to said stored valid user identification request; erasing said memory when said user identification request is not valid, and erasing said memory when said request is an attempt to read data from said memory before receipt of a valid user identification request; transmitting to said terminal a card verification message, following receipt, within said predetermined period of time, of said valid terminal identification message for verification of said card by said terminal; storing information indicative of a predetermined user of said card, in said card memory; and transmitting said predetermined user information to said terminal upon receipt of a valid user identification request, for verification by said terminal of said user.
-
-
13. A system for the secure interchange of information comprising:
-
at least one portable electronic card having a memory for storing program algorithms and data therein including valid terminal verification data and valid user identification request data; at least one terminal device adapted to receive and communicate with said portable electronic card; said card including; means for communicating with said terminal; means for monitoring, for a predetermined period of time, immediately following insertion of said card in said terminal, an output from said terminal for a terminal verification message and being operable to erase said memory when said terminal verification message is not received within said predetermined period of time, and being responsive to said terminal verification message received within said predetermined period of time, by comparing said received terminal verification message to said stored valid terminal verification message and being operable to erase said memory when said received terminal verification message is not valid; and means for monitoring, following receipt of a valid terminal verification message, the output from said terminal for a user identification request and being responsive to said user identification request by comparing said received user identification request to said stored valid user identification request and being operable to erase said memory when said user identification request is not valid and being operable to erase said memory when said received request is an attempt to read data from said memory before receipt of said valid user identification request. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. A system for the secure interchange of information comprising:
-
at least one portable electronic card having a memory for storing program algorithms and data therein including valid terminal verification data and valid user identification request data; at least one terminal device adapted to receive and communicate with said portable electronic card; said card including; means for communicating with said terminal; means for monitoring, for a predetermined period of time, immediately following insertion of said card in said terminal, an output from said terminal for a terminal verification message and being operable to erase said memory when said terminal verification message is not received within said predetermined period of time, and being responsive to said terminal verification message received within said predetermined period of time, by comparing said received terminal verification message to said stored valid terminal verification message and being operable to erase said memory when said received terminal verification message is not valid; and means for monitoring, following receipt of a valid terminal verification message, the output from said terminal for a user identification request and being responsive to said user identification request by comparing said received user identification request to said stored valid user identification request and being operable to erase said memory when said user identification request is not valid and being operable to erase said memory when said received request is an attempt to read data from said memory before receipt of said valid user identification request; means for transmitting a card output, following receipt of valid terminal verification message within said predetermined period of time, a card verification message; said terminal including; terminal memory having a valid card verification message stored therein; means for transmitting to said output said terminal verification message, upon insertion of said card in said terminal;
means for monitoring, for a second predetermined period of time a card output for receipt of a card verification message and being operable to reject said card when said card verification message is not received within said second predetermined period of time, and being responsive to said card verification message received within said second predetermined period of time by comparing said received card verification message to a stored valid card verification message, and being operable to reject said card when said received card verification message is invalid;means for reading a user identification from said user following receipt of a valid card verification message; and means for transmitting to said output a user identification request, and means for monitoring said card output for receipt of said predetermined user information and being responsive to said predetermined user information for comparing said received predetermined user information to said read user identification, and being operable to reject said card when said predetermined user information is invalid.
-
Specification