Counterfeit-proof identification card

We claim:

1. A system for enciphering information onto cards, each card having permanently stored thereon a serial number unique to the card, and for authenticating the cards and users of the cards, comprising:

a card initialization terminal, means for combining two out of the three members of a set consisting of user information (UI), a card issuer identification number (ID), and the serial number (SN) to obtain a checksum, and means for performing an exclusive OR operation on the checksum and a third member of the set consisting of UI, ID, and SN to obtain a composite result,

said card initialization terminal including means for storing a digital signature on the card, the digital signature comprising the result of enciphering the composite result using the private key of a public key-private key pair, and means for storing the user information, the public key of the private key-public key pair, the issuer identification number, and a personal identification number on the card, said personal identification number being a function of the serial number and a password which is not stored on the card;

a processing terminal including means for reading the stored public key, the card issuer identification number, the serial number, the digital signature, and the personal identification number, and means for allowing a user of the card to enter a password;

means for processing the stored checksum, public key, card issuer number, and serial number, and digital signature to authenticate the card,

said card authentication means including means for deciphering the digital signature using the public key stored on the card to recover the composite result, and means for performing an exclusive OR operation on the recovered composite result and one said third member of the set consisting of UI, ID and SN to recover the checksum, and means for comparing the stored checksum with a checksum computed by combining said two out of three members of the set consisting of UI, ID, and SN in order to authenticate the card; and

means for processing the stored personal identification number and the entered password to authenticate the user of the card,

said user identification means including means for computing a personal identification number which is to be compared with the stored personal identification number by computing said function of the serial number and the entered password.

2. A system as claimed in claim 1, wherein the means for combining two out of the three members of the set consisting of UI, ID, and SN comprises means for performing a one-way hash function on the user information and the issuer identification number.

3. A system as claimed in claim 1, wherein the means for performing an exclusive OR function comprises means for performing an exclusive OR function on the checksum and the serial number.

4. A system as claimed in claim 1, wherein the means for computing the personal identification number from the serial number and password includes means for enciphering the serial number using the password as a key.

5. A system for enciphering user information onto an information storage medium which prevents counterfeiting of the user information, comprising:

an initialization terminal, means for combining two out of the three members of a set consisting of the user information (UI), a card issuer identification number (ID), and the serial number (SN) to obtain a checksum, and means for performing another combining operation on the checksum and a third member of the set consisting of UI, ID, and SN to obtain a composite result,

said initialization terminal including means for storing a digital signature on the medium, the digital signature comprising the result of enciphering the composite result using the private key of a public key-private key pair, and means for storing the user information, the public key of the private key-public key pair, and the issuer identification number.

6. A system as claimed in claim 5, wherein the means for combining two out of the three members of the set consisting of UI, ID, and SN comprises means for performing a one-way hash function on the user information and the issuer identification number.

7. A system as claimed in claim 5, wherein the means for performing another combining operation on the checksum and third member comprises means for performing an exclusive OR function on the checksum and the serial number.

8. A system as claimed in claim 5, further comprising means for computing a personal identification number and storing the personal identification number on the card, said personal identification number being a function of the serial number and a password which is not stored on the card.

9. A system as claimed in claim 8, wherein the means for computing the personal identification number from the serial number and password includes means for enciphering the serial number using the password as a key.

10. A system as claimed in claim 5, wherein the information storage medium is an integrated circuit card.

11. A system for authenticating information stored on an information storage medium, said information storage medium having stored thereon an unalterable unique serial number (SN), user information (UI), an issuer identification number (ID), a public key, and a digital signature, comprising:

a processing terminal including means for reading the stored public key, the issuer identification number, the serial number, the digital signature, and the personal identification number, and

means for processing the stored checksum, public key, issuer number, and

serial number, and digital signature,

wherein said processing means includes means for deciphering the digital signature using the public key stored on the card to recover the composite result, and means for combining the recovered composite result and a third member of the set consisting of UI, ID and SN to recover the checksum, and means for authenticating the information stored on the information storage medium by comparing the stored checksum with a checksum computed by combining said two out of three members of the set consisting of UI, ID, and SN and determining said information to be authentic if said stored checksum and said computed checksum are equal.

12. A system as claimed in claim 11, wherein the means for combining two out of the three members of the set consisting of UI, ID, and SN comprises means for performing a one-way hash function on the user information and the issuer identification number.

13. A method as claimed in claim 11, wherein the step of combining said recovered composite result and said third member comprises the step of performing an exclusive OR function on the composite result and the serial number.

14. A system as claimed in claim 11, wherein the information storage medium is an integrated circuit card.

15. A system for authenticating the user of an information storage medium, said information storage medium having stored thereon an unalterable serial number and a personal identification number which is a function of the serial number and a password, comprising:

a processing terminal which includes means for reading the personal information number stored on the medium, means for reading the serial number, and means for a user of the medium to enter the password into the terminal

means for authenticating the user by by computing said function of the serial number read from the medium and the password entered by the user to obtain a computed personal identification number, and by comparing the computed personal identification number with the stored personal identification number, wherein said means for authenticating the user accepts the user as an authorized user if the computed PIN is identical to the stored PIN, and wherein said means for authenticating the user rejects the user if the computed PIN is not identical.

16. A system as claimed in claim 15, wherein the means for authenticating the user includes means for computing said function of the serial number read from the medium and the password entered by the user by enciphering the serial number read from the medium using the password entered by the user as a key.

17. A method of creating a counterfeit-proof media for identification or transaction purposes, comprising the steps of:

providing an information storage medium having a unique, unalterable serial number (SN);

providing user information (UI) to be stored on the medium;

assigning an issuer identification number (ID) to an issuer of the medium and storing the issuer identification number on the medium;

assigning a public key and a private key to the issuer and supplying the public key to the issuer for storage on the medium;

combining two out of the three members of a set consisting of UI, ID, and SN to obtain a checksum;

combining the checksum and a third of the three members of the set consisting of UI, ID, and SN to obtain a composite result;

enciphering the composite result using the private key and the enciphering key to obtain a digital signature;

storing the digital signature on the medium together with the issuer identification number and public key.

18. A method as claimed in claim 17, wherein the step of combining two out of the three members of the set consisting of UI, ID, and SN comprises the step of performing a one-way hash function on the user information and the issuer identification number.

19. A method as claimed in claim 17, wherein the step of combining the checksum and the third of the three members comprises the step of performing an exclusive OR function on the checksum and the serial number.

20. A method as claimed in claim 17, further comprising the step of storing on the medium a personal identification number which is a function of the serial number and a password.

21. A method as claimed in claim 20, wherein the step of storing the personal identification number comprises the step of enciphering the serial number using the password as the key.

22. A method as claimed in claim 17, wherein the step of providing the information storage medium comprises the step of providing an integrated circuit card.

23. A method as claimed in claim 17, wherein the step of combining two out of the three members of the set consisting of UI, ID, and SN comprises the step of performing a one-way hash function on the user information and the issuer identification number.

24. A method as claimed in claim 17, wherein the step of performing an exclusive OR function comprises the step of performing an exclusive OR function on the composite result and the serial number.

25. A method as claimed in claim 17, further comprising the steps of reading a pointer on the card and, if the pointer is not a null pointer, repeating the steps of deciphering, performing, computing, and comparing for a second information record stored on the medium and pointed to by said pointer, whereby the user information can be shared by more than one card issuer.

26. A method of authenticating an information storage medium having stored thereon a unique, unalterable serial number (SN), an issuer identification number (ID), user information (UI), a public key, and a digital signature, comprising the steps of.

deciphering the digital signature using the public key to obtain a composite result;

performing an exclusive OR operation on the composite result and a first member of the set consisting of SN, ID, and UI to obtain a recovered checksum;

computing another checksum by combining a function of the second and third members of the set consisting of SN, ID, and UI to obtain a computed checksum; and authenticating the information storage medium by comparing the computed checksum with the recovered checksum, the information storage medium being authentic if said computed checksum is equal to said recovered checksum.

27. A method as claimed in claim 26 wherein the step of computing the PIN comprises the step of encrypting the serial number stored on the card, using the password as the key.

28. A method of authenticating the user of a card on which is stored information about the user, comprising the steps of:

retrieving a serial number unique to the card;

computing a personal identification number (PIN) as a function of a password and the unique serial number;

comparing the computed PIN with a PIN stored on the card, and

if the computed PIN is identical to the stored PIN, accepting the user as the authorized user and, if the computed PIN is not identical, rejecting the user.

29. A counterfeit-proof card, comprising:

an integrated circuit having means for permanently affixing thereon a serial number unique to that integrated circuit, said serial number being in machine readable form; and

information storage means included in said integrated circuit for storing a user record made up of the following information:

a digital key made up of an enciphered composite result, which in turn is the result of an exclusive OR operation performed on the serial number and a checksum, the checksum being a function of at least a portion of the user information to be stored on the card;

a digital string which includes the user information; and

a key for deciphering the digital signature to obtain the composite result, from which the checksum can be recovered by performing another exclusive OR operation on the composite result and the serial number.

30. A card as claimed in claim 29, wherein the information stored on the card further includes an issuer identification number, said issuer identification number being associated with said key to enable the key to be retrieved for use in deciphering the digital signature, and said function of the user information being a one-way hash function of the issuer identification number and the user information.

31. A card as claimed in claim 29, further comprising a second user record made up of a second digital string, a second issuer identification number, and a second digital signature.

32. A universal transaction card, comprising:

means on the card for storing a first record provided by a first issuer for a first purpose and accessible by a computer based on a first individual card issuer identification number;

means on the card for storing at least one second record provided by a different card issuer for a second purpose and accessible by a computer based on a second individual card issuer identification number, and

means on the card for storing, at least one third record containing shared information and accessible by a computer based on a pointer in each of said first and second records,

wherein each card issuer record contains user information and a digital signature for authentication of the record, and a field containing said pointer to said third record in order to permit different card issuers to share user information.

33. A card as claimed in claim 32, wherein said card further includes a single personal identification number stored thereon for user authentication, said personal identification number including an encoded password, whereby only a single password need be memorized by the user in order to use the card for any of the different purposes for which the plurality of records are provided.

Description Submit all comments and votes

BACKGROUND OF THE INVENTION

1. Field of the Invention

This invention relates to the field of cryptography, and more particularly to a system and method for preventing fraudulent use of identity and/or transaction cards by enabling authentication of both the card and its user. The system and method relate to both the use of a private key enciphered digital signature for card authentication and password protection for user authentication. In addition, the system and method provide for protection of the password and digital signature from copying through the use of a serial number unique to the card and which is used in both the card and user authentication schemes. The invention also relates to a card and user authentication system and method designed to avoid the need for sophisticated on-board processing, thus enabling the system and method of the invention to be used in connection with an inexpensive integrated circuit card, as opposed to a processor-based "smart card."

2. Description of Related Art

The present invention makes use of a public key-private key cryptosystem, mathematical techniques such as one-way hash functions, and password encryption, all of which are well-known, but not in the combination described later in the application. In addition, the invention makes use of the serial number conventionally burnt into integrated circuits by integrated circuit manufacturers.

A detailed description of public key-private key and other cryptographic systems can be found in the article entitled "Cryptography"by Meyer et al. in volume 4 of the McGraw-Hill Encyclopedia of Science and Technology, 6th Ed. (1987). Such cryptosystems are conventionally implemented through the use of organizations known as key servers which protect the private key on behalf of a requester and communicate with the requester by means of a secured communications link. The server supplies the requester with a public key which cannot be deduced from the private key but which is related to the public key to permit anyone with access to the public key to decipher the information enciphered with the private key. The security provided by such a system depends both on protection of the private key, which can be ensured in a variety of ways, and on the difficulty of deducing the private key from the public key. A number of algorithms are currently available to key servers which make the process of calculating the private key from the public key virtually impossible using presently available computing technology.

The specific problem addressed by the present invention is that of identity or transaction card security. Cards having personal dam stored thereon are used in numerous different contexts, most of which are subject to fraud by forgery or theft of the cards. Forgery and theft present different security problems. Forgery or counterfeiting of the card involves duplication of the card so that it contains data which, ideally, is personal to the unauthorized carrier of the card, making it appear as of the carrier is authorized. This problem is addressed by techniques referred to herein as card authentication techniques. User authentication techniques, in contrast, are designed to prevent an unauthorized carrier of a card from using the card when the information on the card does not belong to the carrier. User authentication techniques cannot by themselves prevent fraudulent use of a card by forgery, and in addition may be subject to mimicking by the unauthorized user of authorized user characteristics or responses (e.g., forgery of signatures, the use of disguises where the user information is in the form of an image, and theft of passwords). Theft of passwords is a particular problem in the case where the authorized user possesses a number of different cards, each with its own arbitrary password, and the user is thus forced to write down the passwords and keep them with the associated cards.

Recently, a number of systems have been proposed which attempt to solve both the card authentication and user authentication problems by providing systems which use the card to store "digital signatures" containing encrypted user authentication information (either in the form of a password or representations of user characteristics such as signatures or fingerprints), thereby protecting the user verification information and at the same time authenticating the information by making it impossible in practice to duplicate the card using the same techniques by which the genuine card is created. User authentication is accomplished in these types of systems either by decrypting an encrypted password stored on the card, which is then compared with a password entered by the user, or by interactive comparison of a verifiable characteristic or response from the user with corresponding decrypted representations stored on the card. U.S. Pat. No. 4,995,081 (Leighton et al.), discloses, for example, a digital signature generating system involving enciphering of a concatenated password and verifiable user information for storage on the card, and authentication by showing that the digital signature was generated from the password, and authentication of the user by an interactive process involving comparison of some verifiable user characteristic or information with a representation of the characteristic or information extracted form the digital signature by means of the password. An earlier system, disclosed in U.S. Pat. No. 4,453,074 (Weinstein) involves enciphering of a password using a private key cryptosystem and storing the enciphered password on the card, with user authentication by comparing the deciphered password with a password entered by the user.

Systems of the type disclosed in the Leighton et al. and Weinstein patents share at least two major flaws addressed by the present invention: The first is that neither system prevents an existing card from being physically duplicated with the encrypted data intact, as opposed to forgery in which new cards are made with unauthorized data by recreating the encryption process through knowledge of the private key. The second is that both systems are expensive to implement, requiring sophisticated processing terminals and "smart cards" with data processing capabilities over and above that provided by the key server and conventional card initialization or transaction processing terminals.

The first flaw involves the problem that encrypted data can be copied without knowing its content, just as executing the "copy" command on a personal computer copies an application data file even without possession of an application program which can read and interpret the data file. Any binary data can be copied in this manner by simply repeating the pattern of ones and zeroes stored in the information medium which contains the data, whether that medium is an integrated circuit memory, a magnetic medium, or an optical medium.

The second flaw relates to the principle that a fraud prevention system is useless if it costs more to implement than the losses attributable to fraud. While conventional integrated circuit cards are already in widespread use in Europe and Japan, smart cards are conventionally used only as computer peripherals because of their vastly greater cost. As a result, even though systems such as those disclosed in the Leighton et al. and Weinstein patents offer increased security over conventional transaction and identification cards (despite the flaw described above that they are subject to counterfeiting by blind copying), neither system has been accepted for widespread use by issuers of transaction or identity cards because of their cost.

The present invention, in contrast, offers a card which can not be duplicated by either duplicated by either recreating the manner in which the card is encoded or by copying of already encrypted data. The invention thus provides a level of security which exceeds that provided by the Leighton et al. and Weinstein systems. At the same time, the invention is more practical to implement than the systems described in the Leighton et al. and Weinstein systems, and other similar systems, because it is capable of using inexpensive integrated circuit card technology of the type already in relatively widespread use. In addition, as will become apparent from the following description, the invention offers the possibility of further decreasing costs by allowing different issuers to use the same card, a possibility not even contemplated by previously proposed card or user authentication systems.

SUMMARY OF THE INVENTION

It is accordingly a first objective of the invention to overcome the shortcomings of prior card and user authentication systems by providing an identification and/or transaction card, and a system and method for storing data on the card, which prevents not only forgery of the card, but also duplication of the existing card by copying.

It is a second objective of the invention to provide a system and method for authenticating a card and its user which overcomes the shortcomings of prior card and user authentication systems and methods by making possible authentication of the card and card user through use of an inexpensive integrated circuit card which stores the encrypted data and provides additional password protection without the need for additional on-board or smart processing capabilities.

It is a third objective of the invention to provide a system which overcomes the shortcomings of prior card authentication systems by providing a well defined means for allowing multiple issuers to use the same card. Instead of each issuer having to produce its own secure cards, one card can serve the needs of all issuers, requiring the user to memorize only one password and not one for each card, and thereby lowering costs while at the same time reducing the chance that the cardholder will need to write down and carry the password with the card.

These and other objectives and advantages of the invention are accomplished by providing, according to a preferred embodiment of the invention a system and method of creating counterfeit-proof identification cards which involves generating a digital signature using the following elements: a.) an unalterable serial number which uniquely identifies the information storage medium on which the digital signature will be stored, b.) an issuer identification number which uniquely identifies the issuer of the card, c.) the private key of a public key-private key pair, and d.) at least part of the user information to be stored on the card. The digital signature is obtained, according to a preferred embodiment of the invention, by computing a function of the issuer identification number and the user information to obtain a checksum and then combining the checksum and the unique serial number into a composite result, the composite result being encoded using the private key of the public key-private key pair to obtain the digital signature. For example, the user information and serial number and issuer identification number are preferably combined using a one-way hashing function to obtain the checksum, the checksum and unique serial number being combined using an exclusive OR operation to obtain the composite result. The use of the exclusive OR operation to obtain the composite result is particularly advantageous because it is extremely simple to implement and yet makes it impossible to work backwards to determine the checksum unless both the composite result and the unique serial number are correct, although those skilled in the art will appreciate that use of the exclusive OR operation may be replaced by other methods of obtaining a composite result from the checksum and serial number. Since the composite result can be protected by private key enciphering algorithms which are impossible to break using currently available computing technology, and since the serial number can in practice only be placed on the card by a chip manufacturer, counterfeiting of the card provided by the preferred embodiment of the invention can truly be said to impossible for anyone not in possession of the private key and integrated circuit manufacturing capabilities.

Authentication of the card, in the preferred embodiment of the invention, begins with retrieval of the public key and the issuer's identification number stored on the card. The digital signature is deciphered using the public key to recover the composite result, and an exclusive OR operation is performed on the composite result and the unique serial number in order to extract the checksum. This extracted or recovered checksum can then be compared with a computed checksum obtained by performing the one-way hashing function on the issuer identification number and the user information, which is the way the recovered checksum was originally computed. The two checksums will match only if the user information on the card and the unique serial number are correct.

Authentication of the user in the preferred embodiment of the invention involves, on the other hand, storing a personal identification number on the card which is obtained by encoding the card's unique serial number as a function of a user password. Only the encoded serial number needs to be stored on the card since user verification can be accomplished by simply comparing the personal identification number stored on the card with a computed personal identification number obtained by again encoding the unique serial number using a password entered by the user. Unless the password and serial number used to obtain the currently computed personal identification number are the same as those used to compute the stored personal identification number, the user is rejected. The personal identification number is preferably encoded using the password as a key to encipher the serial number, although other methods could also be used to generate a personal identification number which combines both the serial number and the password, including one-way hashing functions and other irreversible functions for preventing the password from being extracted by analyzing the personal identification number stored on the card.

The card itself, according to the preferred embodiment of the invention, has stored thereon, in addition to the unique serial number, at least: a.) a data string made up of user information which depends on the purpose for which the card is to be used, such as account information for a credit or ATM card, b.) the issuer identification number, c.) the public key, d.) the above-described digital signature, and e.) the above-described personal identification number. Items a-d are preferably stored in the form of a record searchable by the issuer identification number, which provides the advantage that more than one individually authenticatable record with its own digital signature can be stored on the card and retrieved according to the stored issuer identification number in the record. According to a particularly advantageous version of this embodiment, the records can share data by providing, in association with each individual record, a pointer which calls data from another record. This feature has the advantage that, not only can different issuers share the same card, but they can do so for different purposes, the card being encoded by one card issuer, for example, for identification purposes, by another issuer for credit transactions, and a third as a debit card. The result is a truly "universal" card which provides card authentication to protect against forgery and copying, and also user authentication using a single password for all card functions.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a functional block diagram of a system constructed in accordance with the principles of a preferred embodiment of the invention.

FIG. 2 showing a method of encrypting a card illustrated the principles of a preferred embodiment of the invention.

FIG. 3a is a schematic representation of a card encrypted according to the method of the preferred embodiment of the invention.

FIG. 3b is a schematic representation of the tree structure of the information records store on the card illustrated in FIG. 3a.

FIG. 4 is a flowchart of a preferred method for authenticating a card encrypted according to the method shown in FIG. 1.

FIG. 5 is a flowchart of a preferred method for authenticating a user of the card encrypted according to the method shown in FIG. 1.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

The preferred embodiments of the invention include a system made up of equipment for storing information on an identification and/or transaction card, a method of storing information on the card, a method of authenticating the card, a method of authenticating a user of the card, and the card itself. While described separately below, it will be appreciated by those skilled in the art that the invention is also a unified whole, with each part dependent on the other.

1. Equipment Needed to Implement the Preferred System

In the preferred embodiment of the invention, as illustrated in FIG. 1, the card itself is a chipcard 1 of the type which includes an integrated circuit 2 having sufficient storage capability to store information about the user and/or an account held by the user. The user information can be in the form of an image of the user or his or her signature, an account number, name and address, and any other information conventionally associated with an identification or transaction card such as a credit card or automated teller machine (ATM) card. Details of the manner in which the items stored on the card are organized according to the preferred embodiment are shown in FIGS. 3a and 3b and described in detail below.

Those skilled in the art will appreciate that the broader principles of the invention are not limited to application to chipcards, or even to cards in general, but rather may have application to storage mediums other than integrated circuit or other types of cards, including virtually any portable information storage medium capable of being provided with a unique and unalterable serial number, and of having the below-described data stored thereon. While the invention makes it possible to avoid the use of smart cards, resulting in cost savings over prior methods, the invention could also be practiced using smart cards if cost is not a problem or, for example, if the processing capabilities of the smart card are needed for some reason other than card and user authentication. Because the integrated circuit card is currently the preferred application, however, the remainder of the description shall refer to the storage medium as an integrated circuit card.

To prevent duplication of an improperly acquired obtained card, the card 1 must have a unique serial number permanently and unalterably affixed thereto, such as by burning the serial number into the chip. This serial number may, for example, be provided by the card or IC manufacturer independently of the card encoding procedure, assuring independence of the serial number, and avoiding any association between the card issuer or user and the serial number. Currently, integrated circuit manufacturers routinely place consecutive but unique serial numbers on each chip manufactured. Such serial numbers are ideal for use in the present system since only a chip manufacturer could reproduce the serial number. Permanently and unalterable affixing a serial number to a chip is in general an easy and low-cost procedure for a chip manufacturer, but is impossible for those not equipped with chip manufacturing capabilities. Those who acquired cards from a manufacturer in order to duplicate an encoded card would be unable to do so because of the different serial numbers for each card.

Aside from the serial number, the integrated circuit 2 of the preferred card 1 must simply provide sufficient memory for storing issuer information, a digital signature, an issuer identification number, a public key, and the user's personal identification number (which is to be distinguished from the user's password, as will be described below), and thus the preferred system can easily use the type of conventional IC card already in widespread use, particularly in Europe and Japan, for such purposes as "phonecards" for operating public telephones. Storing image information such as a photograph requires a higher memory, but well within the reach of conventional technology.

The preferred invention requires a conventional card initialization terminal 3 capable of writing information to the integrated circuit 2 on the card 1. In addition, the card issuer must be capable of performing a one-way hashing function on the issuer identification number and the user information to obtain a checksum, performing an exclusive OR operation on the checksum and the serial number to obtain a composite result, and the ability to encipher the serial number using the password as the key to obtain the PIN. These functions and operations can easily be performed using a general purpose computer 4, which may be either separate from or an integral part of the Card Initialization Terminal (CIT) 3.

The digital signature is preferably generated by an organization known as a key server 5. A key server is a private or public agency which generates keys and specializes in storing and keeping the private keys secure. Those skilled in the art will appreciate that the use of a key server provides additional security, but that it is also possible for the issuer to generate its own public key-private key pair. Requests to the key server and transfer of information from the key server to the card issuer are preferably carded out over a secured communications link between the key server and the issuer's GIT 3.

The apparatus 6 used to authenticate the card is referred to herein as a transaction processing terminal (TPT). The TPT can, like the GIT 3, be essentially conventional. The TPT must be capable of reading information stored on the card and must include a keypad or the like for allowing entry of a password by the card user. The mathematical functions which must be carried out by the TPT can easily be programmed into the terminal as software, and do not require substantial processing power (the card itself requires no additional processing capabilities). These mathematical functions are that the TPT must be able to decipher the digital signature using the public key stored on the card to recover the composite result (or be able to communicate the public key and digital signature to the key server or to a central location for deciphering), performing an exclusive OR operation on the composite result and serial number to obtain a first checksum, performing the one-way hash function on the issuer identification number and some or all of the user information to obtain a second checksum, and comparing the first and second checksums to authenticate the card. In addition, for the purpose of authenticating the user of the card, the TPT need to be able to compute a personal identification number for comparison with the personal identification number stored on the card by enciphering the serial number using the entered password as the key and comparing the computed personal identification number with the stored personal identification number. Once the card and user are authenticated, the TPT displays and/or uses the information on the card in conventional fashion.

2. Method of Storing Information on the Card

FIG. 2 illustrates the method by which information is stored on a transaction or identification card according to the preferred embodiment of the invention.

Initially, in step 10, the issuer requests a private-public key pair from a key server 5, described above