Cryptographic identification, financial transaction, and credential device
First Claim
1. A personal, portable two-part terminal and personal ID device, for electronically securely communicating between an operator having a predetermined personal ID and electronic external system having a communications interface with means for receiving and transmitting information and having data processing means, comprising:
- (a) a terminal device comprising;
(1) a display means for selectively displaying information to the operator;
(2) keyboard data entry means for entering transaction information from the operator;
(3) a personal ID device interface means for coupling the terminal device to a personal ID device, said interface means having receiving and transmitting means for transferring information between the terminal device and the personal ID device; and
(4) control means, coupled to the personal ID interface means, the keyboard data entry means, and the display means, for transmitting and receiving information through the personal ID device interface means, for displaying on the display means received information, and for receiving information from the operator through the keyboard data entry means for transmission through the personal ID device interface means to the personal ID device and for display on the display means;
(b) the personal ID device coupled to the terminal device comprising;
(1) an external system interface means for coupling the personal ID device to the communications interface of the external system, said interface means having receiving and transmitting means for transferring information between the personal ID device and the external system;
(2) a terminal interface means for coupling the personal ID device to the personal ID device interface means of the terminal device, said terminal interface means having receiving and transmitting means for transferring information between the personal ID device and the external system;
(3) data storage means for at least temporarily storing selected information encrypted using the personal ID of the operator as a key;
(4) data security means, including a random number generator means and a cryptographic key generator means, for encrypting and decrypting selected information using a selected key;
(5) processing means, coupled to the external system interface means, the terminal interface means, the data security means, and the data storage means, for controlling in a predetermined manner the exchange of information between the personal ID device and the external system through the external system interface, for controlling the exchange of information between the personal ID device and the terminal device through the terminal interface means, for receiving the operator'"'"'s personal ID through the data entry means in approval of a transaction, and for decrypting selected information from the storage means with the data security means using the personal ID as a key; and
(5) a tamper-resistant housing enclosing at least the processing means, the data security means, and data storage means.
18 Assignments
0 Petitions
Accused Products
Abstract
The invention provides a cryptographic apparatus which may be "personalized" to its owner. The apparatus may be utilized by its owner to identify himself to an external computer system, to perform various financial transactions with an external system, and to provide various kinds of credentials to an external system. The apparatus, in one embodiment, is separable into a cryptographic device, packaged in a tamper resistant housing, and a personal terminal device. The cryptographic device includes interface circuitry to permit information exchange with the external system, a memory device for storage of data necessary to allow identification of the owner, and control logic for controlling the exchange of data with the external system to identify the owner. Certain data which must be utilized to perform the identification information exchange is stored in the memory device in encrypted form. The decryption of this data requires the entry of a secret ID, known to the owner.
The personal terminal device includes a data entry capability to allow the owner to enter his secret ID. Certain embodiments of the personal terminal device include data display capability to provide transaction information to the owner. Other embodiments include memory devices and a processor to allow storage and manipulation of relatively unsecured data of the owner.
651 Citations
21 Claims
-
1. A personal, portable two-part terminal and personal ID device, for electronically securely communicating between an operator having a predetermined personal ID and electronic external system having a communications interface with means for receiving and transmitting information and having data processing means, comprising:
-
(a) a terminal device comprising; (1) a display means for selectively displaying information to the operator; (2) keyboard data entry means for entering transaction information from the operator; (3) a personal ID device interface means for coupling the terminal device to a personal ID device, said interface means having receiving and transmitting means for transferring information between the terminal device and the personal ID device; and (4) control means, coupled to the personal ID interface means, the keyboard data entry means, and the display means, for transmitting and receiving information through the personal ID device interface means, for displaying on the display means received information, and for receiving information from the operator through the keyboard data entry means for transmission through the personal ID device interface means to the personal ID device and for display on the display means; (b) the personal ID device coupled to the terminal device comprising; (1) an external system interface means for coupling the personal ID device to the communications interface of the external system, said interface means having receiving and transmitting means for transferring information between the personal ID device and the external system; (2) a terminal interface means for coupling the personal ID device to the personal ID device interface means of the terminal device, said terminal interface means having receiving and transmitting means for transferring information between the personal ID device and the external system; (3) data storage means for at least temporarily storing selected information encrypted using the personal ID of the operator as a key; (4) data security means, including a random number generator means and a cryptographic key generator means, for encrypting and decrypting selected information using a selected key; (5) processing means, coupled to the external system interface means, the terminal interface means, the data security means, and the data storage means, for controlling in a predetermined manner the exchange of information between the personal ID device and the external system through the external system interface, for controlling the exchange of information between the personal ID device and the terminal device through the terminal interface means, for receiving the operator'"'"'s personal ID through the data entry means in approval of a transaction, and for decrypting selected information from the storage means with the data security means using the personal ID as a key; and (5) a tamper-resistant housing enclosing at least the processing means, the data security means, and data storage means. - View Dependent Claims (2, 3)
-
-
4. For use with an external electronic system requiring receipt of identification information to identify an authorized operator before use of the system, each authorized operator having a predetermined personal ID, the external system having a communication interface with means for receiving and transmitting information, data processing means, and data storage means having stored therein a system ID and a system key, a portable personal ID device comprising:
-
(a) an interface means having receiving and transmitting means for transferring information, for coupling the personal ID device to the communications interface of the external system to permit information exchange therebetween; (b) keyboard data entry means for accepting the personal ID and transaction information from the operator; (c) display means for selectively displaying information to the operator; (d) data storage means having stored therein, and encrypted by the personal ID as a key, a predetermined system key and a predetermined personal authentication number; (e) processing means coupled to the interface means, the data entry means, the display means, and the data storage means, for receiving a first random number and the system ID from the external system, for displaying the system ID on the display means to the user for operator verification that the system is one with which the operator desires to exchange information, for receiving the operator personal ID through the data entry means in approval of the transaction, for decrypting the system key and the personal authentication number using the personal ID as a key, for generating a second random number, for encrypting the second random number using the system key as a key, for transmitting the encrypted second random number and the decrypted personal authentication number from the personal ID device to the external system, for generating a temporary cryptographic session key using a predetermined combination of the first random number, the second random number, and the system key, and for using the temporary session key to encrypt and decrypt information thereafter exchanged between the personal ID device and the external system; and (f) a tamper-resistant housing enclosing at least the processing means and data storage means.
-
-
5. A method for transmitting data in a secure manner between an authorized user and an external electronic system, the external system having data processing means, a plurality of predetermined system keys each having an associated personal authentication number, comprising the steps of:
-
(a) providing a personal ID device comprising; (1) an interface means for coupling the personal ID device to the external system to permit information exchange therebetween, (2) data storage means having stored therein data including a predetermined system key and its associated personal authentication number, (3) processing means coupled to the interface means and the data storage means, for controlling the function of the personal ID card, and (4) a tamper-resistant housing enclosing at least the processing means and data storage means; (b) connecting the personal ID device to the external system through the interface means; (c) transmitting a challenge number from the external system to the storage means of the personal ID device; (d) accessing the system key and the personal authentication number from the storage means with the processing means; (e) generating a random number in the personal ID device with the processing means; (f) encrypting the random number with the processing means, using the system key as a key; (g) transmitting the encrypted random number and the decrypted personal authentication number from the personal ID device to the external system; (h) selecting in the external system the system key having an associated personal authentication number matching the received personal authentication number; (i) decrypting and storing the random number in the external system, using the selected system key as a key; (j) generating a temporary cryptographic session key in the external system, using a predetermined combination of the challenge number, the random number, and the system key as a key; (k) generating the same temporary session key with the processing means of the personal ID device, using a predetermined combination of the challenge number, the random number, and the system key as a key; and (l) using the temporary session key to encrypt and decrypt data thereafter exchanged between the personal ID device and the external system. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
6. A method for transmitting data in a secure manner between an authorized user and an external electronic system, the external system having data processing means and a master key, comprising the steps of:
-
(a) providing a personal ID device comprising; (1) an interface means for coupling the personal ID device to the external system to permit information exchange therebetween, (2) data storage means having stored therein data including a predetermined system key and a predetermined personal authentication number, the personal authentication number comprising the system key encrypted using the master key as a key, (3) processing means coupled to the interface means and the data storage means, for controlling the function of the personal ID card, and (4) a tamper-resistant housing enclosing at least the processing means and data storage means; (b) connecting the personal ID device to the external system through the interface means; (c) transmitting a first random number from the external system to the storage means of the personal ID device; (d) accessing the system key and the personal authentication number from the storage means with the processing means; (e) generating a second random number in the personal ID device with the processing means; (f) encrypting the second random number with the processing means, using the system key as a key; (g) transmitting the encrypted second random number and the decrypted personal authentication number from the personal ID device to the external system; (h) decrypting the personal authentication number in the external system with the master key to determine the system key; (i) decrypting and storing the second random number in the external system, using the system key as a key; (j) generating a temporary cryptographic session key in the external system, using a predetermined combination of the first random number, the second random number, and the system key as a key; (k) generating the same temporary session key with the processing means of the personal ID device, using a predetermined combination of the first random number, the second random number, and the system key as a key; and (l) using the temporary session key to encrypt and decrypt data thereafter exchanged between the personal ID device and the external system. - View Dependent Claims (8)
-
-
7. A method for transmitting data in a secure manner between an authorized user having a predetermined personal ID and an external electronic system, the external system having data processing means and a master key, comprising the steps of:
-
(a) providing a personal ID device comprising; (1) an interface means for coupling the personal ID device to the external system to permit information exchange therebetween, (2) data entry means for accepting the personal ID from the user, (3) display means for visually transmitting information to the user, (4) data storage means having stored therein, and encrypted by the personal ID as a key, a predetermined system key and a predetermined personal authentication number, the personal authentication number comprising the system key encrypted using the master key as a key, (5) processing means coupled to the interface means, the data entry means, the display means, and the data storage means, having encrypting and decrypting functions and a random number generating function, for controlling the function of the personal ID card, and (6) a tamper-resistant housing enclosing at least the processing means and data storage means; (b) connecting the personal ID device to the external system through the interface means; (c) transmitting a first random number and a system ID from the external system to the storage means of the personal ID device; (d) displaying the system ID to the user on the display means for user verification that the external system is one with which the user desires to exchange information; (e) entering the user'"'"'s personal ID into the processing means of the personal ID device through the data entry means; (f) decrypting the system key and the personal authentication number with the processing means, using the personal ID as a key; (g) generating a second random number in the personal ID device with the processing means; (h) encrypting the second random number with the processing means, using the system key as a key; (i) transmitting the encrypted second random number and the decrypted personal authentication number from the personal ID device to the external system; (j) decrypting the personal authentication number in the external system with the master key to determine the system key; (k) decrypting and storing the second random number in the external system, using the system key as a key; (l) generating a temporary cryptographic session key in the external system, using a predetermined combination of the first random number, the second random number, and the personal authentication number as a key; (m) generating the same temporary session key with the processing means of the personal ID device, using as a key a predetermined combination of the first random number, the second random number, and the personal authentication number; and (n) using the temporary session key to encrypt and decrypt data thereafter exchanged between the personal ID device and the external system.
-
-
15. A method for transmitting financial data in a secure manner between an authorized user and an external electronic system, the external system having data processing means, comprising the steps of:
-
(a) providing a personal ID device comprising; (1) an interface means for coupling the personal ID device to the external system to permit information exchange therebetween, (2) data storage means having stored therein data including a previous account balance, a next-check number, and an account key, (3) processing means coupled to the interface means and the data storage means, for controlling the function of the personal ID card, and (4) a tamper-resistant housing enclosing at least the processing means and data storage means; (b) connecting the personal ID device to the external system through the interface means; (c) transmitting from the external system to the personal ID device transaction information including an amount of payment required; (d) accessing the previous account balance data, the next-check number, and the account key stored in the storage means; (e) debiting the previous account balance by the transaction amount received from the external system; (f) storing the new account balance in the storage means; and (g) transmitting from the personal ID device to the external system the debit amount and the next-check number for the transaction. - View Dependent Claims (16, 17, 18)
-
-
19. A method for transmitting financial data in a secure manner between an authorized user and an external electronic system, the external system having data processing means and an account key, comprising the steps of:
-
(a) providing a personal ID device comprising; (1) an interface means for coupling the personal ID device to the external system to permit information exchange therebetween, (2) data storage means having stored therein data including a previous account balance, a next-deposit number, and an account key, (3) processing means coupled to the interface means and the data storage means, for controlling the function of the personal ID card, and (4) a tamper-resistant housing enclosing at least the processing means and data storage means; (b) connecting the personal ID device to the external system through the interface means; (c) transmitting from the external system to the personal ID device transaction information including a deposit amount, and, encrypted by the account key, a deposit number and the deposit amount; (d) accessing the previous account balance data, next-deposit number, and account key stored in the storage means; (e) decrypting the encrypted deposit number and deposit amount, as received from the external system, using the account key as a key; (f) comparing for equivalence the decrypted next-deposit number from the storage means with the decrypted deposit number, and the unencrypted deposit amount with the decrypted deposit amount from the external system; (g) crediting the previous account balance with the deposit amount received from the external system, and incrementing the next-deposit number; (h) storing the new account balance and the new next-deposit number in the storage means; and (i) transmitting the new account balance from the personal ID device to the external system for verification by the external system that the personal ID device has received the correct deposit amount.
-
-
20. The method of claim 59, wherein the external system has a system ID and transaction data, and the personal ID device further comprises display menas, coupling to the processing means, for visually transmitting information to the user, comprising the further steps of:
-
(a) transmitting the system ID and the transaction data from the external system to the personal ID device; and (b) displaying the system ID and the transaction data to the user on the display means for user verification that the system is one with which the user desires to exchange information, and that the transaction is one which the user desires to complete. - View Dependent Claims (21)
-
Specification