System and method for revaluation of stored tokens in IC cards
First Claim
1. A private terminal for carrying out at a private location a transaction consisting of alteration of a token value stored in an IC card issued to a cardholder, this token value altering transaction being carried out by using said private terminal and said IC card at said private location and also employing an operatively compatible terminal to carry out certain functions at a remote location,said IC card having a microcontroller and associated microcontroller program memory, security protected memory locations for token value data and card security data, a data communication interface, and prearranged card security programs stored in said program memory for managing security of cardholder access and security of terminal access to security protected memory locations for transaction related data reading and writing operations;
- said operatively compatible terminal at said remote location including a data communication interface and prearranged transaction security programs compatible with said prearranged card security programs;
said private terminal comprising;
means for establishing a card data link to said data communication interface in said IC card;
means responsive to said cardholder initiating a token change transaction on said private terminal for establishing a terminal data link to said operatively compatible terminal at said remote location;
means for enabling said cardholder to initiate said token value change transaction including means for accepting cardholder entry of a token change vector;
means for accepting cardholder entry of a security data item and for communicating a representation of said security data item to said IC card via said card data link to enable said card security programs to prepare and return cardholder and card authentication data items;
means for communicating prearranged messages between said IC card and said operatively compatible terminal at said remote location via said card data link and said terminal data link includingsecure authentication messages to enable said IC card and said operatively compatible terminal to execute respective terminal authentication and IC card authentication programs; and
secure transaction messages, including said token change vector, and cardholder authentication data to enable said operatively compatible terminal to verify cardholder identity and to enable said IC card and said operatively compatible terminal to execute a secure token value change transaction; and
means operative after said IC card and said operatively compatible terminal have succeeded in executing said secure token value change transaction for reading a revised token value stored in said IC card via said card data link and for communicating said revised token value to said cardholder.
4 Assignments
0 Petitions
Accused Products
Abstract
A terminal for carrying out at a private location a transaction consisting of alteration of a token value stored in an IC card issued to a cardholder via an on-line transaction session with an operatively compatible terminal at a remote location. The private terminal establishes data links with the IC card and the remote terminal and passes secure authentication and transaction messages between them via these data links, relying on the IC card and the remote terminal for message security.
292 Citations
9 Claims
-
1. A private terminal for carrying out at a private location a transaction consisting of alteration of a token value stored in an IC card issued to a cardholder, this token value altering transaction being carried out by using said private terminal and said IC card at said private location and also employing an operatively compatible terminal to carry out certain functions at a remote location,
said IC card having a microcontroller and associated microcontroller program memory, security protected memory locations for token value data and card security data, a data communication interface, and prearranged card security programs stored in said program memory for managing security of cardholder access and security of terminal access to security protected memory locations for transaction related data reading and writing operations; -
said operatively compatible terminal at said remote location including a data communication interface and prearranged transaction security programs compatible with said prearranged card security programs; said private terminal comprising; means for establishing a card data link to said data communication interface in said IC card; means responsive to said cardholder initiating a token change transaction on said private terminal for establishing a terminal data link to said operatively compatible terminal at said remote location; means for enabling said cardholder to initiate said token value change transaction including means for accepting cardholder entry of a token change vector; means for accepting cardholder entry of a security data item and for communicating a representation of said security data item to said IC card via said card data link to enable said card security programs to prepare and return cardholder and card authentication data items; means for communicating prearranged messages between said IC card and said operatively compatible terminal at said remote location via said card data link and said terminal data link including secure authentication messages to enable said IC card and said operatively compatible terminal to execute respective terminal authentication and IC card authentication programs; and secure transaction messages, including said token change vector, and cardholder authentication data to enable said operatively compatible terminal to verify cardholder identity and to enable said IC card and said operatively compatible terminal to execute a secure token value change transaction; and means operative after said IC card and said operatively compatible terminal have succeeded in executing said secure token value change transaction for reading a revised token value stored in said IC card via said card data link and for communicating said revised token value to said cardholder. - View Dependent Claims (2, 3, 4)
-
-
5. A method for carrying out, at a private location, an alteration of a token value stored in an IC card issued to a cardholder via an on-line transaction session utilizing said IC card, a private terminal at said private location, and an operatively compatible terminal at a remote location,
said IC card having a microcontroller and associated microcontroller program memory, security protected memory locations for token value data and card security data, a data communication interface, and prearranged card security programs stored in said program memory for managing security of cardholder access and security of terminal access to security protected memory locations for transaction related data reading and writing operations, including token value reading and writing operations; -
said operatively compatible terminal including prearranged transaction security programs compatible with said prearranged card security programs; said method comprising the steps of; a. establishing a card data link between said private terminal and said data communication interface in said IC card; b. accepting input of a cardholder data security item and token change vector data from said cardholder; c. communicating a cardholder data security message, including said cardholder data security item, to said IC card via said card data link to enable said card security programs to produce secure cardholder identification data; d. establishing a terminal data link between said private terminal and said operatively compatible terminal; e. communicating secure transaction messages between said IC card and said external terminal via said card data link and said terminal data link, including said token change vector data from said cardholder and said secure cardholder identification data, to enable said IC card and said external terminal to perform mutual authentication functions and to execute a secure transaction comprising writing an altered token value into one of said security protected memory locations in said IC card; f. reading said altered token value stored in said IC card via said card data link; and g. communicating said altered token value to said cardholder. - View Dependent Claims (6, 7, 8, 9)
-
Specification