Electronic money purse and fund transfer system

Claims

What I claim is:

1. An electronic money purse system using encrypted fund transfer signals comprising at least one central computer station, a variety of terminals at different locations and a multiplicity of electronically operated value storage carriers the circuit logic of which includes means for encrypting the data communicated to a terminal, the encrypting means including at least one cipher key register, a random data generator, and additional means for varying the spacing of data bits in a serial mixture of random data and transaction data wherein the data bit spacing is determined in dependence on the logic levels of selected bit positions of the cipher key register as well as on the sequentially appearing data to be transmitted from or being received in the said storage carrier.

2. An electronic money purse system using encrypted fund transfer signals as in claim 1 wherein the said data bit spacing varying means comprises a programmable counter whose parallel preset inputs are connected either to one particular selected set of parallel output positions of said cipher key register, or, to another particular selected set of parallel output positions of said cipher key register, and wherein a bistable flip flop is provided whose instant output condition is dependent on the instant parity level of at least part of said cipher key in said cipher key register in combination with at least one data bit, whereby the selection of one set of cipher key parallel bit outputs or the other set is made dependent on the status of said flip flop.

3. An electronic money purse system using encrypted fund transfer signals as in claim 2 further comprising a data buffer register and said at least one data bit is a parity bit for said cipher key register at any time said data buffer register presents data, such that said parity bit is supplied to said circuit logic with a predetermined delay.

4. An electronic money purse system using encrypted fund transfer signals as in claim 1 wherein said circuit logic includes data conversion circuits, said conversion circuits including decryption and encryption circuits which are connected to means for reactively coupling the value storage carrier to a terminal for transferring and receiving encrypted data.

5. An electronic money purse system using encrypted fund transfer signals as in claim 1, wherein said value storage carriers further comprises value register means for storing payment value units from which such units can be deducted in debiting operations, and are receptive to a signals from said terminal and said central computer whereby the said value storage carrier becomes receptive for value-crediting operations by further comprising a value-crediting circuit including a value-add access code register which, upon being correctly addressed, must produce an Enable voltage to enable said value register means to be incremented.

6. An electronic money purse system using encrypted fund transfer signals as in claim 5 in which said value-add access code register is associated with a first address register, and said terminal further comprising means for receiving the address of said address register in order to select from a set of available value-add access codes the one which matches the access code stored in said access code register of said value storage carrier.

7. An electronic money purse system using encrypted fund transfer signals as in claim 6 wherein the said value-add access code for enabling crediting operations in said value storage carrier is also used as a cipher key for encrypting transaction data associated with the said crediting operation.

8. An electronic money purse system as in claim 1 wherein the said cipher key used for debiting operations is also associated with a second address register holding the address for cipher said key in the terminal memory circuit, and wherein means are provided in the terminal unit for receiving said address code and for enabling the addressed key memory locations for the consecutive cipher/decipher operations of the transaction data.

9. An electronic money purse system in claim 3, further comprising a means for testing the state of operational effectiveness of a data transfer coupling between said value storage carrier and said terminal including a random number generator provided in said terminal, for sending and circulating a random number signal through a terminal encryption path to said value storage carrier encryption path, said carrier encryption path including a decryption circuit, to said data buffer register, and from there back through a encryption circuit to a terminal decryption circuit for comparison in a comparator circuit; and means for producing a transaction enablement signal after an uninterruptedly correct repetition of the said random number signal transfer by a preset number of times.

10. An electronic money purse system as in claim 5 wherein said value-crediting circuit further comprises a first identification means for producing a readout from memory locations in said value storage carrier to convey identification data including;

(a) a serial number of the data carrier

(b) a total number of update transactions, and

(c) particulars of the most recent update transaction; and means in said terminal and means in central computer station for holding a record of said identification data, and further means for receiving said identification data transferred from the said value storage carrier, and means in said central computer station for generating a default signal to prevent the continued use of said value storage carrier.

11. An electronic money purse system as in claim 10 wherein said terminal further comprises a relay actuatable by a signal from a central computer station for detaching an interface connection between said value storage carrier and said terminal and; means for directly communicating debiting functions between said central computer station and said value storage carrier which normally would have been carried out by said terminal, said central computer station comprises a second identification means similar to said first identification means in said terminal which will either accept the value storage carrier or emit a card capture signal said terminal to receive said card capture signal and to respond by capturing said value storage carrier.

12. An electronic money purse system as in claim 1 wherein said value storage carrier includes push buttons for entering data into a memory location of said value storage carrier.

13. An electronic money purse system as in claim 12 wherein said value storage carrier includes a display window for displaying data entered via said push buttons, or the status of any selected register in said value storage carrier.

14. An electronic money purse system as in claim 1 wherein said circuit logic is placed on a single semiconductor substrate.

15. An electronic money purse system as in claim 1 wherein value storage carrier comprises memory locations for holding totals of quantities of goods for which an item code has been entered, and an updating circuit which, after each transaction, produces a new total relative to a predetermined period, and means for reading out said totals and for displaying said totals in said terminal unit.

16. An electronic money purse system as in claim 15 wherein said value storage carrier further comprises memory locations which can be loaded, via a terminal, with data relating to thresholds for various totals for goods over the said predetermined period, further comprising means for providing a percentual price increase factor which corresponds to a comparison of the actual purchase total with a threshold, and means in the terminal to calculate a modified price and to debit it from said value storage carrier in accordance with said price increase factor and means to display the said totals and the associated price increase factor.

17. An electronic money purse system comprising a multiplicity of pocket-size personal electronic value storage carriers and at least one terminal for reading out data from said storage carriers and for exchanging data between said terminal and said storage carriers both said storage carrier and said terminal comprising electronic registers and data processors which, when placed into operative relationship, work in synchronism with each other, and encryption circuits and decipher circuits for the encryption and deciphering of data, said terminal further comprising a random data generator for generating test data, means for sending said test data of a definite bit length a number of times, prior to the transfer of any transaction data, through said encryption circuit of said terminal, over an interface means to said decipher circuit of said storage carrier to recover the said test signal in clear form and for transferring it back to the terminal thorough encryption circuit of said storage carrier and said decipher circuit of said terminal for comparison with the initial test data, and means for producing a transaction circuit enable signal after an uninterrupted correct repetition of the said signal transfer by a present number of times.

18. An electronic money purse system using encrypted fund transfer signals, comprising:

at least one terminal; and

a plurality of value storage carriers, each of said carriers including means for encryption of data communicated to a terminal, said encryption means comprising at least one cipher key register for registering a cipher key and a random data generator whereby the spacing of transaction data is varied by a serial mixture of random data in accordance with logic levels of selected bit positions of said cipher key register and sequential data to be exchanged with said value storage carrier.

19. An electronic money purse system according to claim 18, wherein;

said encrypting means further comprises a programmable counter having parallel inputs connected to one or another preselected set of parallel outputs of said cipher key register, and a bistable flip-flop circuit the output status of which is dependent on the parity level of at least part of said cipher key register with at least one transaction data bit, whereby the selection of one of said preselected parallel output sets is dependent on the output status of said flip-flop circuit.

20. An electronic money purse system according to claim 19, wherein said encryption means further comprises;

a data buffer register for delaying said at least one data transaction bit to be used to check parity.

21. An electronic money purse system according to claim 18, said value storage carrier further comprises:

means for reactively coupling said value storage carrier to one of said terminals to enable exchange of encrypted data; and

said encryption means further comprises data conversion circuits connected to said coupling means for encrypting and deciphering transaction data.

22. An electronic money purse system according to claim 18, further comprising:

at least one central computer station; and,

said value storage carriers further comprises means for registering payment value units from which such units can be deducted in debiting operations and incremented in value credited operations, wherein said payment value registering means includes an access code register which, upon being addressed by said terminal or said central computer, produces an enable signal to enable said payment value registering means to be incremented.

23. An electronic money purse system according to claim 22, wherein:

said payment value registering means further comprises first address register in association with said access code register; and

said terminals further comprise means for receiving the address of said first address register in order to retrieve from a set of access codes one that matches the access code of said access code register in said value storage carrier.

24. An electronic money purse system according to claim 23 wherein:

said access code for enabling value credited operations in the payment value registering means is additionally used as the cipher key for encrypting the exchange of transaction data associated with said crediting operation.

25. An electronic money purse system according to claim 18, wherein:

said encryption means further comprises a second address register, in association with said cipher key register, for storing the address code of the cipher key in said register; and,

said terminal further comprises means for receiving said address code and for enabling the cipher keys addressed in said cipher key register to effect consecutive cipher/decipher operations of transaction data.

26. An electronic money purse system according to claim 18, wherein:

said terminal further comprises a communications integrity testing circuit, including a random number generator, for sending and circulating at least one random number through encryption means of said terminal to a decryption means, a data buffer register and said encryption means of said value storage carrier back through a decryption means of said terminal for comparison in a comparator circuit, and means for producing a transaction enablement signal after an uninterrupted correct repetition of said random number a preselected number of times.

27. An electronic money purse system according to claim 22, wherein:

said payment value registering means stores and outputs identification data including a serial number identifying the particular value storage carrier, a number corresponding to the total number of update transactions and particulars of the most recent update transaction; and

said terminal and said central computer station further comprising means for storing substantially similar identification data and means for receiving identification data from said payment value registering means, and means for generating a default signal to prevent continued use of said value storage carrier in the event that the identification data does not match.

28. An electronic money purse system according to claim 27, wherein:

said terminal further comprises a relay actuatable by a signal from said central computer station for detaching a reactive coupling between said value storage carrier and said terminal so that said central computer station communicates directly with said value storage carrier to identify the value storage carrier and carry out debiting functions; and,

central computer station further comprising means to generate a capture signal to prompt means in said terminal for retaining said value storage carrier, without performing a debiting operation, in the event that the central computer station fails to identify said value storage carrier.

29. An electronic money purse system according to claim 18, wherein:

said value storage carrier further comprises data entry buttons for entering data into memory locations.

30. An electronic money purse system according to claim 29, wherein:

said value storage carrier further comprises a display window for displaying data entered via data entry buttons and/or the status of any selected register in said value storage carrier.

31. An electronic money purse system according to claim 18 wherein at least the circuitry of the encryption means is contained on a single semiconductor substrate.

32. An electronic money purse system according to claim 18, wherein:

said value storage carrier further comprises means for storing totals of quantities of goods for which an item code has been entered, a means for updating said totals after each transaction and means for reading said totals and for displaying said totals in said terminal unit.

33. An electronic money purse system according to claim 32, wherein:

said value storage carrier further comprises memory means for storing maximum purchasing thresholds on selected commodities and for providing an increased price factor when said thresholds are exceeded, means for calculating a modified price in accordance with said increased price factor and said means for displaying said totals further displaying increased price factor.

34. An electronic money purse system comprising:

a plurality of pocket-size personal electronic value storage carriers including first decipher means for deciphering encrypted transaction data, first register means for selectively storing said deciphered transaction data, first data processor means for processing said transaction data, first cipher means for encrypting processed transaction data and interface means for exchanging data with external units;

at least one terminal including second decipher means for deciphering encrypted transaction data, second register means for selectively storing transaction data, second data processor means for processing said deciphered transaction data, second cipher means for encrypting data, second interface means for exchanging data with external units, a random data generator means for generating random data strings, and means for sending test data of defined bit length a predetermined number of times, prior to exchange of transactional data, through second means, over second and first interface means to first decipher means to thereafter be sent through first cipher means, over first and second interface means to said second decipher means for comparison with initial test data, and means for generating a transaction enable signal in response to a series of accurate comparisons of exchanged test data to initial test data.

35. A value storage carrier comprising:

a decipher means for deciphering encrypted transaction data input from an external device;

arithmetic means for processing transaction data deciphered by said decipher circuit; and,

encryption means for encrypting transaction data from said arithmetic means to be output to said external device.

36. A value storage carrier according to claim 35, wherein:

said encryption means includes a random data generator for introducing random data to said transaction data and thereby encrypt said transaction data;

said decipher means including alterable memory means for storing a cipher key, said cipher key controlling the deciphering of said encrypted transaction data.

37. A value storage carrier according to claim 35, further comprising:

means for reactively coupling said value storage carrier to said external device.

38. A value storage carrier according to claim 36, wherein:

said encryption means further comprises a programmable counter electronically coupled to a control logic circuit, said logic circuit electronically coupled to the cipher key memory means.

39. A value storage carrier according to claim 35, further comprising:

means for counting the number of unsuccessful attempts to access the arithmetic means;

means for storing and outputting data corresponding to details of the latest data transaction; and,

means for storing a carrier identifying serial number.

40. A value storage carrier according to claim 35, further comprising:

means for performing debit or credit operations, and

said arithmetic means further comprises a value register for updating the total number of value units remaining after a debit or credit operation.

41. An electronic money purse system as in claim 1, wherein, said value storage carrier further comprises:

means for additionally debiting a fractional amount of an initial acquisition cost of said value storage carrier during a fund transfer operation.

42. An electronic money purse system as in claim 18, wherein, said value storage carrier further comprises:

means for additionally debiting a fractional amount of an initial acquisition cost of said value storage carrier during a fund transfer operation.

43. An electronic money purse system according to claim 32, wherein said value storage carrier further comprises:

data entry buttons for entering and accessing data stored in memory locations;

display means for displaying information data entered or accessed by said data entry buttons, wherein said means for storing totals of quantities of goods additionally stores time and date information and data stored in said means for storing totals of quantities of goods is accessed by said data entry buttons and displayed on said display means.

The invention relates to the general field of tamperproof electronic transfer of confidential data between a card-like data carrier component and a terminal. Numerous ideas have appeared in this field over the past fourteen years; examples are GB No. 1,314,021 of 1969, GB Nos. 2,057,740 and 2,075,732, U.S. Pat. Nos. 3,870,866 and 3,906,460 besides others by different authors.

Insofar as these various techniques are also applied or expected to be applied to moneyless payment transactions they were prompted by the conviction that in many a service field the traditional money as a means of value transfer is not only inefficient and loaded with overheads but increasingly often becomes an rightout impediment to the service itself. And, if a satisfactory form for an "electronic money carrier" could be found, such innovation could have healthy repercussions on the streamlining and cost reduction of numerous public and semi-public services and vending transactions.

There exist published descriptions of debit cards from which a prepaid credit can be deducted for specific purposes, and which upon exhaustion, are thrown away. Rechargable cards where also conceived and descriptions published. But none can be said to fulfill the manifold stringent requirements of an electronic container of purchase entitlements, or `money purse`.

It is the purpose of this invention, on a systematic basis to embody in a single design such features as will satisfy, among others, the following conditions:

(a) tapping the transfer links between card and terminal with fraudulent intent will not reveal any data or give any clue for deciphering data.

(b) the money purse should contain only a singleLSI chip with the lowest possible number of bonding pads so as to ensure high yield, high reliability lowest cost and lowest power consumption.

(c) the design should permit repeated updating (reloading of value data) and debiting operations; the updating should be such that terminals for debiting operations cannot in any circumstances be modified for updating functions.

(d) It should be possible to add any amount to the value of a card up to a prescribed maximum card value at e.g. Post Offices, Supermarket Supervisor offices, and from one's own home telephone.

(e) debit operations (=electronic payments) should take no more than one second.

(f) a card, when lost, can be readily returned to owner

(g) an "electronic moneypurse" or card cannot be utilized by a thief, not even a first time.

(h) any malfunction of equipment at a vending machine or at a terminal shall not affect or alter any of the card data

(i) the cipher keys shall not be hardware-based but shall be capable of being altered very frequently so as to preserve equipment and card stock validity even if any temporary fraudulent intrusion were possible.

(k) "the money-purse" shall be robust enough for many years of continued use.

(l) the system must be such that the large majority of debit transactions (electronic cash payments) shall be carried out in an off-line mode while a large majority or all the value adding operations shall be in an on-line mode.

Commenting on item (a) it must be pointed out that there exist today several top-grade cipher systems but it would be, in the opinion of the authors, difficult to make required card hardware compatible with requirement (b). A cipher circuit will be described, therefore, which, it is believed, can achieved with relatively modest logic the same standard of imperviousness to crypto-analysis as more advanced systems such as the well-known data encryption standard (DES). However, in the preferred embodiment, the new circuit is not proposed to be a separate unit but is integrated with the value transaction processor on a single chip both in the "card" as also in the terminal. None of the clear data lines are accessible on the chip or outside with probes or the like. In other words, only ciphered data enter or leave the chip bonding pads. Concerning condition (c) it should be observed that a very high degree of encryption safety is needed to satisfy this condition but, at the same time, it should be obtained at only moderate cost over and above the cost of a pure debit chip. Two solutions will be presented; one embodiment (FIG. 4 and 7) is expected to be adequate for use by many organisations. The second embodiment (FIG. 4+9) version would be adequate for regional usage (i.e. a common electronic data carrier for the whole of Europe, or Nothern America, or Africa etc).

Further features and peculiarities will become evident from the description of the drawings FIG. 1-10 in which

FIG. 1 shows the general data transfer relationship of the system between one or more "card readers", a local terminal, a central computer common to a multiplicity of terminals, and a card.

FIG. 1a shows details of the displayed information on display window of FIG. 1.

FIG. 2 shows in more detail the data transfer relationship between a card and a Terminal which incorporates also a "Reader" unit.

FIG. 3 shows a functional block diagram of the cipher sections 21c or 21t in FIG. 2.

FIG. 4 gives, by way of example, a logic diagram of the cipher control generator circuit consistent with the block diagram of FIG. 3.

FIG. 5 is a functional block diagram of the chip section 22c or 22t in FIG. 2, mainly concerned with debit and credit operations

FIG. 6 is a sketch relating to a circuit portion in the terminal for which there is no corresponding part in the card circuit; it relates to the preliminary testing of the card-terminal interface performance.

FIG. 7 gives an example for executing the block diagram of FIG. 5

FIG. 8 is a flow diagram of the functional and decision steps for a card employing the circuit combination of FIGS. 4 and 7

FIG. 9 shows a logic diagram of a more advanced card circuit wherein the card is also equipped with push buttons, foremost for the purpose of entering a Pin number (personal identifying number of the owner).

FIG. 10 is a flow diagram of the functional and decision steps for a card using circuit combination of FIGS. 4 and 9.

FIG. 11 shows a portion of the circuit shown in FIG. 7.

FIG. 12 shows a physical embodiment of the money purse in accordance with the present invention.

In FIG. 1, "C" is a data carrier token or "card" 1, "R" is a token reader device 2 which, it is noted, has no moving parts, "T" is a terminal apparatus from which go out several cables, 7.sub.1 to 7.sub.6 leading to six similar readers "R" which may be operated quasi-simultaneously by the so-called time sharing method. There is also a communication line 9 connecting a central computer 10, say a bank computer, with a multiplicity of "terminals". In the system here to be described the intention is to allow the majority of all card debiting operations to be executed by virtue of the built-in security measures of a terminal (8) alone. Nevertheless, the central computer 10 retains vital functions as follows:

(a) in the nightly collection of summary cash data from terminals 8

(b) it is directly involved in all up-dating (value incrementing) operations where a value is added to the card by on-line data transfer.

(c) as a means for auditing the effectiveness of the security measures relating to debit transactions; the provision shown in FIG. 2 is introduced making a debiting terminal responsive to a command signal from the central computer.

(d) replacement of the so-called "semi-active secret check numbers" (see patent application U.S. Pat. No. 184,377 now Pat. No. 4,499,556). According to the present embodiment, these check numbers are also used for cipher control. This is further explained in conjunction with FIGS. 9 and 10.

FIG. 2 depicts a preferred embodiment by breaking down the single card chip 20c in the card C into functional blocks, with 21c being the cipher/decipher circuit, 22c being the arithmetic circuit, 23c being an optional form of storing long-term accessory data, and 24c comprising the clock phase distributor circuit and program counter, etc. To repeat, all these part circuits, especially the first three, are embodied on a single semicunductor chip The block 26 covers pulse shapers and d.c. rectifier circuits. These supply power, and a four phase clock respectively to the main chip. The chip inputs 1.sub.1 and 1.sub.2 carry input and output encrypted data respectively. In the terminal apparatus "T" with which the card is coupled via card coils 3c and terminal coils 3t, a very similar chip 20t is placed having sections 21t, 22t, 23t, and 24t. An additional section 25 is provided the function of which is explained in connection with FIG. 6. Block 30 symbolizes a price encoder circuit which may be set permanently (for example within a vending machine) or as required by means of a manual key board (at a cash register). 31 is a display device to show up the initial and final transaction phases. See also FIG. 1a. If desired a small thermal printout machine may give the user a paper receipt. An important element in the system philosophy is the relay 28 which can be operated from a central computer 10 to switch transmission line 9 (FIG. 1). Line 9 is here represented by lines x,y,z and they replace the interface connections to the local terminal T in order centrally to spot-check the conditions of various tokens. The central terminal, in addition to performing the normal debiting operations of a local terminal, is capable of fetching from the card certain additional data derived from registers 111, 113 and 114 shown in FIG. 5. These registers hold the following data: Serial number of card, total number of updating transactions performed since the card was bought, and date and amount of the last updating operation. These data are then compared with the central record at the Computer 10. If they do not agree the central Computer instructs the local terminal to capture the card and to produce an informative display. Alternatively, the central computer emits a code for entry into the card which disables certain portions of the card making it unsuitable for further updating or further use. It suffices if only a small portion of all debit transactions is audited in this manner to discourage thereby any thought of fraudulent attempts against the system even if that were practically feasible.

The data encryption principles are now described with reference to basic block diagram FIG. 3. The block 130c is a logic circuit which causes binary data inputs received at l.sub.1 to be passed on to the exclusive OR gate 75 in nearly deciphered form. After passing that gate the data at "a" are fully deciphered. Block 130c is controlled by line "c" derived from a larger logic block 78. The same control output "c" is also applied to logic block 137c which via another exclusive OR, 74, receives clear data from point K and passes them on in ciphered form at card point l.sub.2. The circuit has shift registers 76 and 77 (marked SH1 and SH2) and could equally well have more than two portions. Each shift register portion contains part of a secret check number, also referred to as key. A fresh key is entered regularly at the end of a debiting operation (see also U.S. Pat. No. 184,377). Provision must be made in the circuit design for starting up a card by providing an access path for loading the register with a known factory number for the initial startup cycle. This said access path is then burned up while an unknown new check number is entered for immediate replacement. Thereafter, check numbers remain unknown and undetectable by virtue of the cipher processes to be described. Each of the shift register portions SH1 and SH2 has a parity counter, FF1 and FF2 respectively with parity outputs PI and PII.

A programmable counter 79 contributes to the combinatory logic circuit 78 from which the control line "c" is derived. This counter is stepped by clock phase CK1 whenever the output at "C" is at logic level zero. The counter keeps being stepped until a predetermined bit output or the "Carry" output of the counter is reached which feeds into the control logic 78 via output line 79a. A further contribution to the control logic is procured by the data bits contained in data being received or data being read out from the card. This is done via one-step delay circuits 80 and 81 respectively. As an alternative, not shown in FIG. 3, the data entered into the data buffer register 82, may operate another flip flop for parity count and when the buffer is full, the parity output is applied. The logic block 137c admits data bits from exlusive OR 83 altered in dependence of parity output P I or P II and passes them on to terminal l.sub.2 whenever line "c" is high, and when the same goes low admits only random data from the random data generator R M G.

The role of the programmable counter circuit block 79 is to introduce added random data over and above those which would appear if the cipher key number in registers 76 and 77 alone were the controlling factor. For this reason this circuit element may also be called "data bit spacer generator". Its action must of course be repeated in a similar circuit block within the terminal otherwise it would be impossible to decipher the data passed in either direction. The programmable counter spacer generator is controlled by a number of bits derived from the key register but modified by data bits already transferred. Dependent on the logic in block 78, different expansion ratios may be procured; that is ratios between the number of data bits transmitted to the data bits contained in the useful data. It is not possible to determine where useful data in the data string begin and where they end. Nor is it possible to identify any particular bit or groups of bits as belonging to a certain group of data.

The circuit of FIG. 4 provides an example for how the just decribed principles may be put into practice. The diagram is confined to the portion which has the boundary points "a", "k", "e" and "c" on the left, and "b", "h" and "c" on the right (bordering on section 22c of FIG. 2). The data input "a" corresponds to the data input terminal D.sub.IN in FIG. 1A of current patent application GB No. 2057,740 and the shift registers SH1 and SH2 correspond broadly to shift register S2 in the cited figure. As in the cited patent application, the contents of these registers are not fixed but may be changed and rotated with others after each transaction, as well as completely changed over periods of weeks. This structure is again used because of the Applicants' opinion that a frequently alterable security key can provide greater security against unforeseen intrusion than a fixed key. As already explained in the present application, these keys also serve as encryption keys. In theory, it would be possible to make the key length so great that a computer would take many years to scan through all the possible number combinations. However, in a card context, such as herein described, it is preferable to use much shorter key lengths and rather to scramble them with or dilute them in random numbers.

The effect of the programmable counter or data bit spacer generator is that the effective key length is increased. That means that the scanning of key combinations applied to known clear data and known (recorded) ciphered data would take much longer than would normally correspond to the scanning of key combinations alone. Assume that the scanning time is six months and the period for key change-over only four weeks. Clearly, there would be no point in continuing the search beyond the first four weeks, and since the chance of finding the key number in four weeks is poor, there would be no point in commencing the effort at all.

CONCISE DESCRIPTION OF FIG. 4

The cipher key is entered serially via point "a" and gate 37 during a program step PC, and via OR gate 38 to the input of shift register SH1. The flip flop FF1, starting from a reset condition, is set and reset dependent on changes of `0`s and `1`s and its instant state therefore represents the parity for the data bits entered. This is repeated for the other half of the register (SR2) by means of flip flop FF2. "c" is the control output which encrypts or decrypts data. `c` is high when the bistable FF8 has a high q-output. The bistable FF8 is set at S in three different ways (in this particular example):

(.alpha.) If both FF1 and FF2 happen to have a high output simultaneously

(.beta.) if FF2 has a high output combined with a high or low incoming or out going data bit dependent on the previous state of the flip flop FF5.

(.gamma.) if the counter 79 is full at its output Q.sup.N having been clocked up during `c`=0 periods via AND gate 63. The number of count pulses, however, for reaching this output is dependent on the programming input levels at A, B, C, and D which derive from parallel bit out puts K.sub.2 K.sub.3 K.sub.10 and K.sub.12 of register SH1 and alternatively from parallel bit outputs K.sub.17, K.sub.20, K.sub.30 and K.sub.31 of register SH2. Whether the first or second set of program inputs is applied depends on the Q output state of the flip flop bistable FF5.

It will be noted that these programming inputs change frequently on account of the fact that the clock input to the said key registers is enabled whenever "c" is high and the AND gate 49 receives a clock spike in time phase CK2. The program inputs to the counter do not change while the counter is being stepped, that is when "c" is at logic zero but is likely to be quite different when "c" becomes zero next time. The state of the bistable flip flop FF5 depends on the combined history of key bits and data bits. (as can readily be seen from the circuit diagram). This circumstance forces the analyser, when trying to achieve results by computerized trial and error scanning, to go through all the possible combinations of key bits and data bits (This assumes further that the analyst has full knowledge of the cipher circuit for simulating it in a computer). Even though the clear data bits may be known, what remains unknown is the position of the ciphered data bits within the substrate of random bits since the counter 79 introduces quasi-random spacings which again depend on the unknown recirculating key bits. From this comes the uncertainty about where the first data bit begins and the last one ends. The scanning process must therefore cover the entire data string of random plus data bits.

The periodic changing of key numbers is a contributive element to security. Such changes would be initiated from a single area or regionwide center, mainly during nightly hours via telephone lines when based on a protocol similar to that described for the card-terminal transfer cycle. The regional center transmits a new valid key number in encrypted form to a national or local center or bank headquarter in replacement of another key number in the category of "semi-active" numbers. From there, similar replacements would take place to all locations, where money transfer terminals are in operation. The capability of hierarchically passing down new cipher keys in ciphered form on a continual routine basis at irregular intervals has the consequence of simplifying the card chip and increasing the security against encryption intrusion of the money transfer system. The cost of this hierarchic system is extremely low and contributes to a robust, low cost electronic card design.

An example for the arithm