WO1998014915A2 - A method of assembling and programming a secure personal identification number entry device - Google Patents

A method of assembling and programming a secure personal identification number entry device Download PDF

Info

Publication number
WO1998014915A2
WO1998014915A2 PCT/CA1997/000717 CA9700717W WO9814915A2 WO 1998014915 A2 WO1998014915 A2 WO 1998014915A2 CA 9700717 W CA9700717 W CA 9700717W WO 9814915 A2 WO9814915 A2 WO 9814915A2
Authority
WO
WIPO (PCT)
Prior art keywords
personal identification
identification number
secure
financial transaction
entry device
Prior art date
Application number
PCT/CA1997/000717
Other languages
French (fr)
Other versions
WO1998014915A3 (en
Inventor
Michael Coveley
Original Assignee
Omega Digital Data Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Omega Digital Data Inc. filed Critical Omega Digital Data Inc.
Priority to AU44474/97A priority Critical patent/AU4447497A/en
Publication of WO1998014915A2 publication Critical patent/WO1998014915A2/en
Publication of WO1998014915A3 publication Critical patent/WO1998014915A3/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/403Solvency checks
    • G06Q20/4037Remote solvency checks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F19/00Complete banking systems; Coded card-freed arrangements adapted for dispensing or receiving monies or the like and posting such transactions to existing accounts, e.g. automatic teller machines
    • G07F19/20Automatic teller machines [ATMs]
    • G07F19/201Accessories of ATMs
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0873Details of the card reader
    • G07F7/088Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself
    • G07F7/0886Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself the card reader being portable for interacting with a POS or ECR in realizing a payment transaction
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code
    • G07F7/1058PIN is checked locally
    • G07F7/1066PIN data being compared to data on card

Abstract

A method of assembling and programming a secure personal identification number entry device is disclosed whereby the secure personal identification number entry device is programmed with security software including an encryption algorithm by way of an external port on the secure personal identification number entry device after the secure personal identification number device has been fully assembled.

Description

A METHOD OF ASSEMBLING AND PROGRAMMING A SECURE PERSONAL IDENTIFICATION NUMBER ENTRY DEVICE
TECHNICAL FIELD
The present invention relates to secure personal identification number entry devices such as point-of-sale financial transaction terminals and in particular to a method of assembling and programming a secure personal identification number entry device.
BACKGROUND ART
Financial transaction terminals to read data stored on credit, debit and/or smart cards to complete financial transactions are known. Existing terminals such as automated banking machines (ABM's) require users to walk to a central retail platform to complete a financial transaction. More recently point-of-sale debit card terminals have been developed which allow a user to enter remotely their personal identification number (PIN) into a secure PIN entry device (SPED) together with a financial transaction request after their credit, debit or smart card has been read to access their account at a financial institution and withdraw funds directly to complete the financial transaction.
In order to maintain security, multi-digit PINs are used which are known only to the users and to the financial institutions issuing the debit, credit or smart cards. When a PIN is entered into the SPED by a user, the SPED encrypts the PIN via security software before transmitting the encrypted PIN to the financial institution together with the financial transaction request. Encrypting the PIN substantially reduces the risk of the PIN becoming known to other parties.
Conventional SPEDs typically include a tamper resistant casing which is either hermetically sealed or uses one way screws so that access to the internal components of the SPED cannot be achieved without physical evidence. The security software which includes the cryptographic keys and encryption algorithms used by the SPED is stored in a secure manner using a single integrated circuit design having onboard memory. In order to maximize security, the SPED security software must be protected to inhibit access to and/or alteration of the encryption algorithms. This can be achieved by using a mask programmed device or a one-time programmable (OTP) device. Mask programmed devices provide a good solution only if the encryption algorithms and SPED system software are identical for large groups of financial institutions and card issuers. Unfortunately, the encryption algorithms used by the financial institutions and card issuers differ for each type of card and from country to country. Moreover, the encryption algorithms tend to change as each financial institution develops improvements to the encryption algorithms to improve security. These differences in SPED operating software make the use of mask programmed devices unsuitable.
In contrast, OTP devices provide greater flexibility allowing the SPED security and system software to be tailored for each specific financial institution and/or card issuer. During the manufacture of conventional SPEDs incorporating OTP devices, the OTP devices are firstly programmed with the SPED system and security software. The OTP devices are then burned with a security bit. Following this, the printed circuit board (PCB) within the SPED is populated with its internal electronic components including the programmed OTP device and the SPED is fully assembled. Following this, the SPED is tested and if the results of the tests are satisfactory, the SPED casing is permanently or hermetically sealed.
The above manufacturing process is usually performed for specific customers and in ordered quantities and only after the purchase of the components of the SPED. Component programming lead times must therefore be taken into account for the OTP device programming steps thereby increasing the SPED manufacturing process time. Accordingly, improved methods of assembling and programming SPEDs are desired.
It is therefore an object of the present invention to provide a novel method of assembling and programming a secure personal identification number entry device such as a point-of-sale financial transaction terminal. DISCLOSURE OF THE INVENTION
Broadly stated, the present invention provides a novel method of assembling and programming a secure personal identification number entry device (SPED) which allows the printed circuit board within the SPED to be populated in large batches. In one embodiment, the method includes the steps of populating a printed circuit board with the internal electronic components of the SPED including the OTP secure integrated circuit device and then assembling the SPED. Once assembled, the OTP secure integrated circuit device on the printed circuit board is programmed with the SPED system and security software by way of an external serial port on the SPED. Following this, the SPED is burned with a security bit and the SPED is tested. After testing, the SPED is permanently or hermetically sealed to inhibit access to the fully programmed OTP secure integrated circuit device within the SPED. In another embodiment, the method includes the step of programming the OTP secure integrated circuit device with the SPED system software, test function software and a security software applications interface. The SPED printed circuit board is then populated with the internal electronic components of the SPED including the OTP secure integrated circuit device and the SPED is assembled. Once assembled, the SPED is tested and then permanently or hermetically sealed. After permanently or hermetically sealing the SPED, the OTP secure integrated circuit device is programmed with the SPED security software and is then burned with the security bit by way of an external serial port.
According to one aspect of the present invention there is provided a method of assembling and programming a secure personal identification number entry device, said secure personal identification number entry device including an outer casing, input means on said casing to allow financial transaction data including a personal identification number or a password to be entered therein, a card reader accommodated by said outer casing to receive and read a credit, debit or smart card, a processor within said outer casing and in communication with said input means and card reader, said processor including a one-time programmable secure integrated circuit device to encrypt said personal identification number or password and a transmitter to transmit said financial transaction data including the encrypted personal identification number or password to a financial institution for processing, said method comprising the steps of:
(i) populating a printed circuit board with electronic components forming said processing means including said one-time programmable secure integrated circuit device;
(ii) assembling said secure personal identification number entry device; and
(iii) programming said one-time programmable secure integrated circuit device with security software including an encryption algorithm by way of an external port on said outer casing.
According to another aspect of the present invention there is provided a secure personal identification number entry device comprising: an outer casing; input means on said outer casing to allow financial transaction data including a personal identification number or password to be entered therein; a card reader accommodated by said outer casing to receive and read a credit, debit or smart card; a processor within said outer casing and in communication with said input means and said card reader, said processor including a one-time programmable secure integrated circuit device to encrypt said personal identification number or password; a transmitter to transmit said financial transaction data including the encrypted personal identification number or password to a financial institution for processing; and an external port on said outer casing electrically connected to said processor to allow said one-time programmable secure integrated circuit device to be programmed with security software after assembly of said secure personal identification number entry device.
According to still yet another aspect of the present invention there is provided in a method for assembling and programming a secure personal identification number entry device to generate a financial transaction request from entered financial transaction data including an encrypted personal identification number or password, the improvement comprising the step of: (i) programming said secure personal identification number entry device with security software including an encryption algorithm by way of an external port on said secure personal identification number entry device after said secure personal identification number entry device has been assembled.
The present invention provides advantages in that manufacturing lead times due to programming operations are reduced while increasing security and maintaining high programming flexibility.
BRIEF DESCRIPTION OF THE DRAWING
Embodiments of the present invention will now be described more fully with reference to the accompanying drawings in which:
Figure 1 is a schematic representation of a financial transaction system; Figure 2 is a perspective view of a portable, radio frequency financial transaction terminal utilized in the financial transaction system of Figure 1 ;
Figure 3 is a top plan view of the radio frequency financial transaction terminal of Figure 2;
Figure 4 is a block diagram of the radio frequency financial transaction terminal of Figure 2; Figure 5 is a block diagram of a secure integrated circuit device forming part of the radio frequency financial transaction terminal of Figure 2;
Figure 6 is a block diagram of a central network controller forming part of the financial transaction system of Figure 1;
Figure 7 is a flow chart setting forth the steps by which the portable, radio frequency financial transaction terminal of Figure 2 is programmed and assembled; and
Figure 8 is a flow chart setting forth an alternative embodiment of the steps by which the portable radio frequency financial transaction terminal is programmed and assembled.
BEST MODE FOR CARRYING OUT THE INVENTION
Referring now to Figure 1, a financial transaction system is shown and is generally indicated to by reference numeral 10. Financial transaction system 10 includes a central network controller 12 and a plurality of secure personal identification number entry devices (SPEDs) in the form of portable, hand-held, radio frequency (RF) financial transaction terminals 14. The central network controller 12 and the RF financial transaction terminals 14 communicate via a wireless RF communications link 16. The central network controller 12 also communicates with host computers at financial institutions (not shown) either via hardwired network services (i.e. DATAPAC), an ISDN interface or alternatively a wireless communications network to provide real-time financial transaction processing with the host computers.
Each RF financial transaction terminal 14 includes a financial transaction data module 18 for collecting financial transaction data and an RF transceiver 20 for transmitting a financial transaction request to the central network controller and for receiving a financial transaction verification from the central network controller 12. The RF transceiver is in the form of an RF modem having an internal microcontroller unit (MCU) and an antenna.
Referring now to Figures 2 to 4, one of the RF financial transaction terminals 14 is better illustrated. The RF financial transaction terminal includes a portable, hand-held outer casing 30 which accommodates the various components of the financial transaction data module 18 and the RF transceiver 20. The outer casing 30 includes a top casing shell 30a and a bottom casing shell 30b secured together by one way screws 32 so that once assembled, access to the interior of the financial transaction terminal 14 cannot be achieved without physical evidence. A retractable, pistol-grip handle 34 is received in a recess 36 formed in the undersurface of the bottom casing shell 30b and is retained by a plurality of fasteners 38 in the form of screws. A rechargeable battery 40 is received by a pocket (not shown) in the bottom casing shell. A multi-pin universal serial port 42 to connect to an optional bar code reader, CCD scanner or other similar device (not shown) is also provided in the bottom casing shell 30b and is hidden by a sliding cover 44. An auxiliary secure RS- 232 serial port 94 (see Figure 4) is also provided on the side of the outer casing 30.
On the top casing shell 30a is an LCD display 50 and an input keypad 52 to allow financial transaction data to be entered into the financial transaction terminal and displayed. Above the LCD display 50 is a printer 54 housing a paper roll to print receipts confirming that financial transactions have been verified and processed. A card reader 56 having a card reading slot 58 therein is housed by the outer casing 30 adjacent one end thereof. The antenna 60 forming part of the RF transceiver 20 is rotatably mounted on the outer casing 30. Details of the antenna design are described in Applicant's co-pending application entitled "Rotatable Antenna for Financial Transaction Terminal" filed on even date herewith.
Within the outer casing 30 is a motherboard on which the internal components of the financial transaction terminal are mounted. In particular, the financial transaction terminal includes a main central processing unit (CPU) module 70 which communicates with a secure module 72. The functional division of the internal components into the main CPU module 70 and the secure module 72 is chosen for security.
The main CPU module 70 includes a printer interface 74 to connect to printer 54, an RF TX-RX interface 76 to connect to RF modem 20, a card reader interface 78 to connect to card reader 56 and a bar code reader interface 80 connected to universal serial port 42. The main CPU module 70 is also equipped with a main CPU 82 connected to the interfaces allowing the CPU to control the operation of the printer, the RF modem, the card reader and the device connected to the universal serial port 42. The CPU 82 is also connected to flash memory 84 and static random access memory 86. The flash memory 84 stores start-up software incorporating a set of routines for initializing the RF financial transaction terminal 14 at power-up. The flash memory 84 also stores a system software loader comprising a routine for downloading system software into the flash memory 84. Flash memory 84 stores the system software (i.e. interrupt handlers, I/O routines, an application software loader, device drivers etc.) and an applications program area or memory space where a secure prompt table and different application programs can be downloaded (i.e. transaction verification, application specific services etc.) A photosensor 88 is also provided in the main CPU module 70 for security purposes as will be described and is connected to the secure module 72. The secure module 72 provides cryptographic services and security measures to protect the RF financial transaction terminal 14 from software tampering that could result in debit, credit or smart card PINs or passwords from being accessed. The secure module 72 contains a microcontroller unit in the form of a physically encapsulated, one-time programmable (OTP) secure integrated circuit device 90 which controls the operation of the LCD display 50, the keypad 52 and a speaker 92 by way of display, keypad and speaker interfaces 110, 108 and 112 respectively. The secure integrated circuit device 90 also controls an auxiliary secure RS-232 serial port 94 and an interface 96 to the main CPU module 70. Auxiliary secure serial port 94 allows updates to data and software used by the financial transaction terminal 14 to be downloaded. The main CPU module 70 and the secure module 72 receive power from the on-board rechargeable battery 40 in a conventional manner.
The secure integrated circuit device 90 includes a CPU 100, read only memory 102 and random access memory 104. The read only memory 102 stores system software for auxiliary secure RS-232 port control, display control, control of communications to the main CPU module 70, keypad control and speaker control functions. The random access memory 104 is used for cryptographic key and encryption algorithm storage, PIN or password storage and system software and security software working space. The secure module 72 controls the LCD display 50 in a split-screen fashion dividing the LCD display into unsecured and secure display areas. The information displayed in the secure display area is controlled solely by the secure module 72 while the information displayed in the unsecured display area is controlled by the secure module in conjunction with the main CPU module 70.
A battery backup 120 is provided to protect against inadvertent power loss and consequent loss of data stored in the static random access memory 86 and random access memory 104 in which the cryptographic keys and encryption algorithms are stored. Read only memory 104 is designed so as to prevent unauthorized reading of its contents. In addition, since the photosensor 88 is within the outer casing 30, it is typically isolated from light. However, if the integrity of the outer casing 30 is compromised and the interior of the casing is exposed to light, the photosensor 88 triggers the secure integrated circuit device 90 which in turn clears the cryptographic keys and encryption algorithms stored in the random access memory 104 to inhibit an intruder from acquiring the cryptographic keys and encryption algorithms.
Referring now to Figure 6, the central network controller 12 is better illustrated. The central network controller in this embodiment is connected to a dial- up or leased-line telephone line and is powered by a power supply connected to AC mains. The central network controller includes a CPU motherboard with a main microprocessor 132 and associated memory 134. The main microprocessor 132 is connected to an RF transceiver including an RF modem 136 and an antenna 138 for establishing the RF communications link 16 with the various financial transaction terminals 14. A network interface 140 is provided with DATAPAC 3101 and 3201 surface or other similar interfaces. An ISDN interface board may also be provided. A serial RS-232 interface 142 is included in the central network controller 12 to allow updates to data and software used by the financial transaction terminals 14 and central network controller 12 to be downloaded. A serial RS-485 interface 144 is also provided for optional connection of the central network controller 12 to a retailer's existing point-of-sale platforms
In operation, financial transactions are carried out by bringing one of the financial transaction terminals 14 to the location of a user. Transaction data is entered into the financial transaction terminal via the input keypad 52 and displayed via LCD display 50. The user's debit, credit or smart card is read by the card reader 56 in the financial transaction terminal in the presence of the user. The user is required to enter a PIN or password via the keypad 52. The financial transaction terminal 14 does not display the entered PIN or password data or the data read by card reader 56. The secure integrated circuit device 90 encrypts the PIN or password data to inhibit the data from being accessed by unauthorized parties. Once encrypted, a financial transaction request is generated by the financial transaction terminal 14 which includes the financial transaction data i.e., the entered transaction data, read card data and encrypted PIN or password). The financial transaction request is then transmitted to the central network controller 12 by the RF modem 20 over the RF communications link 16.
The central network controller 12 in turn conveys the financial transaction request to the financial institution so that the financial transaction can be verified and processed. Once verified processed, the financial institution conveys verification data to the central network controller 12. The central network controller in turn transmits the verification data to the financial transaction terminal 14 to inform the user that the financial transaction has been verified and processed. The financial transaction terminal in turn prints a receipt confirming that the transaction has been verified and processed. Further details of the operation of the financial transaction terminals and central network controller are described in Applicant's co-pending PCT application serial No. PCT/CA96/00104 filed on February 22, 1996 and designating the United States, the content of which is incorporated herein by reference.
When manufacturing a financial transaction terminal 14, it is necessary to populate the motherboard with the internal components of the financial transaction terminal, program the main central processing unit module 70 and secure module 72, test the financial transaction terminal 14 and then permanently seal the outer casing 30 so that physical tampering with the financial transaction terminal is visible.
To reduce manufacturing costs, it is preferred that the financial transaction terminals are manufactured in large batches. In order to reduce further manufacturing costs, each financial transaction terminal is assembled and programmed in the following manner as will now be described with particular reference to Figure 7. Initially, the motherboard is populated with the internal components of the financial transaction terminal (step 200) and the financial transaction terminal is fully assembled (step 202). Once assembled, the secure integrated circuit device 90 is programmed with the operating system comprising the system software and the security software which includes the encryption algorithms and the cryptographic keys (block 204). The secure integrated circuit device 90 is then burned with a security bit (block 206). Steps 204 and 206 are performed by way of universal serial port 42, interface 80 and main CPU 82. Once the secure integrated circuit device 90 has been programmed, the financial transaction terminal is tested (step 208) and if the results of the tests are satisfactory, the outer casing 30 is permanently sealed (block 210) to inhibit access to the fully programmed secure integrated circuit device within the financial transaction terminal 14.
As those of skill in the art will appreciate, because the financial transaction terminal can be programmed with the operating system after the financial transaction terminal has been assembled, manufacturing lead times due to programming steps during assembly of the financial transaction terminal can be avoided.
Referring now to Figure 8, another method of assembling and programming each financial transaction terminal is shown. In this method, the secure integrated circuit device 90 is initially programmed with generic system software, test function software and a security software applications interface (step 300). The motherboard is then populated with the internal components of the financial transaction terminal (step 302) and the financial transaction terminal 14 is fully assembled (step 304). Once assembled, the financial transaction terminal is tested (step 306) and is then permanently sealed (step 308). After this, the secure integrated circuit device 90 is programmed with the encryption algorithms and the cryptographic keys (step 310). The secure integrated circuit device is then burned with a security bit (block 312). Steps 310 and 312 are performed by way of universal serial port 42, interface 80 and main CPU 82 to inhibit access to the fully programmed secure integrated circuit device within the financial transaction terminal. Since the secure integrated circuit device 90 is programmed with the security software after the financial transaction terminal is permanently sealed, the financial institutions can tailor the security features to their specific requirements by verifying the security code checksums, programming the secure integrated circuit device and burning the security bit, all in their own secure environments. This assembly and two-step programming approach for the financial transaction terminal reduces manufacturing lead-times to programming operations and provides for good security with excellent flexibility. Although the present invention has been described with particular reference to radio frequency financial transaction terminals, it should be apparent to those of skill in the art that the methodology used to assemble and program the financial transaction terminals is equally applicable to stand-alone secure PIN entry devices, integrated point-of-sale devices and other secure PIN entry systems. It should also be appreciated that various modifications and variations may be made to the present invention without departing from the spirit and scope thereof as defined by the appended claims.

Claims

What is claimed is:
1. A method of assembling and programming a secure personal identification number entry device, said secure personal identification number entry device including an outer casing, input means on said casing to allow financial transaction data including a personal identification numbers or a password to be entered therein, a card reader accommodated by said outer casing to receive and read a credit, debit or smart card, a processor within said outer casing and in communication with said input means and card reader, said processor including a one-time programmable secure integrated circuit device to encrypt said personal identification number or password and a transmitter to transmit said financial transaction data including the encrypted personal identification number or password to a financial institution for processing, said method comprising the steps of: (i) populating a printed circuit board with electronic components forming said processing means including said one-time programmable secure integrated circuit device;
(ii) assembling said secure personal identification number entry device; and (iii) programming said one-time programmable secure integrated circuit device with security software including an encryption algorithm by way of an external port on said outer casing.
2. The method of claim 1 further comprising the steps of testing said secure personal identification number entry device and if the results of the tests are satisfactory, permanently or hermetically sealing said outer casing.
3. The method of claim 2 wherein said testing and sealing steps are performed after step (iii).
The method of claim 2 wherein during step (iii) said one-time programmable secure integrated circuit device is also programmed with system software.
5. The method of claim 2 wherein said testing and sealing steps are performed after step (ii) and prior to step (iii).
6. The method of claim 5 wherein prior to step (i), said one-time programmable secure integrated circuit device is programmed with system software.
7. A secure personal identification number entry device comprising: an outer casing; input means on said outer casing to allow financial transaction data including a personal identification number or password to be entered therein; a card reader accommodated by said outer casing to receive and read a credit, debit or smart card; a processor within said outer casing and in communication with said input means and said card reader, said processor including a one-time programmable secure integrated circuit device to encrypt said personal identification number or password; a transmitter to transmit said financial transaction data including the encrypted personal identification number or password to a financial institution for processing; and an external port on said outer casing electrically connected to said processor to allow said one-time programmable secure integrated circuit device to be programmed with security software after assembly of said secure personal identification number entry device.
8. A secure personal identification number entry device as defined in claim 7 wherein said external port is a RS-232 serial port.
9. In a method for assembling and programming a secure personal identification number entry device to generate a financial transaction request from entered financial transaction data including an encrypted personal identification number or password, the improvement comprising the step of: (i) programming said secure personal identification number entry device with security software including an encryption algorithm by way of an external port on said secure personal identification number entry device after said secure personal identification number entry device has been assembled.
10. The method of claim 9 further comprising the step of permanently or hermetically sealing said secure personal identification number entry device after step
(i).
11. The method of claim 10 further comprising the step of permanently or hermetically sealing said secure personal identification number entry device prior to step (i).
PCT/CA1997/000717 1996-10-01 1997-09-30 A method of assembling and programming a secure personal identification number entry device WO1998014915A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU44474/97A AU4447497A (en) 1996-10-01 1997-09-30 A method of assembling and programming a secure personal identification numb er entry device

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US2778196P 1996-10-01 1996-10-01
US60/027,781 1996-10-01
US82173297A 1997-03-20 1997-03-20
US08/821,732 1997-03-20

Publications (2)

Publication Number Publication Date
WO1998014915A2 true WO1998014915A2 (en) 1998-04-09
WO1998014915A3 WO1998014915A3 (en) 1998-06-04

Family

ID=26702873

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA1997/000717 WO1998014915A2 (en) 1996-10-01 1997-09-30 A method of assembling and programming a secure personal identification number entry device

Country Status (3)

Country Link
AU (1) AU4447497A (en)
CA (1) CA2239009A1 (en)
WO (1) WO1998014915A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001092349A2 (en) * 2000-05-31 2001-12-06 @Pos.Com, Inc A secure, encrypting pin pad
US7392396B2 (en) 2002-03-07 2008-06-24 Symbol Technologies, Inc. Transaction device with noise signal encryption

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0484198A1 (en) * 1990-10-30 1992-05-06 Societe D'applications Generales D'electricite Et De Mecanique Sagem Portable payment terminals and network of such terminals
US5208446A (en) * 1991-09-19 1993-05-04 Martinez Jerry R Method and apparatus for validating credit information during home delivery of order
WO1994011849A1 (en) * 1992-11-11 1994-05-26 Telecom Finland Oy Mobile telephone systems and a method for carrying out financial transactions by means of a mobile telephone system
US5371797A (en) * 1993-01-19 1994-12-06 Bellsouth Corporation Secure electronic funds transfer from telephone or unsecured terminal
EP0456548B1 (en) * 1990-05-10 1995-06-21 Dassault Automatismes Et Telecommunications Device for treating high-security data with two operational states
WO1995020195A1 (en) * 1994-01-25 1995-07-27 Dynamic Data Systems Pty. Ltd. Funds transaction device
EP0718805A2 (en) * 1994-12-25 1996-06-26 News Datacom Ltd. Secure remote access systems

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0456548B1 (en) * 1990-05-10 1995-06-21 Dassault Automatismes Et Telecommunications Device for treating high-security data with two operational states
EP0484198A1 (en) * 1990-10-30 1992-05-06 Societe D'applications Generales D'electricite Et De Mecanique Sagem Portable payment terminals and network of such terminals
US5208446A (en) * 1991-09-19 1993-05-04 Martinez Jerry R Method and apparatus for validating credit information during home delivery of order
WO1994011849A1 (en) * 1992-11-11 1994-05-26 Telecom Finland Oy Mobile telephone systems and a method for carrying out financial transactions by means of a mobile telephone system
US5371797A (en) * 1993-01-19 1994-12-06 Bellsouth Corporation Secure electronic funds transfer from telephone or unsecured terminal
WO1995020195A1 (en) * 1994-01-25 1995-07-27 Dynamic Data Systems Pty. Ltd. Funds transaction device
EP0718805A2 (en) * 1994-12-25 1996-06-26 News Datacom Ltd. Secure remote access systems

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"PORTABLE SELF-CHECKOUT RETAIL SYSTEM" IBM TECHNICAL DISCLOSURE BULLETIN, vol. 35, no. 1A, 1 June 1992, pages 315-318, XP000308880 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001092349A2 (en) * 2000-05-31 2001-12-06 @Pos.Com, Inc A secure, encrypting pin pad
WO2001092349A3 (en) * 2000-05-31 2002-10-17 Commat A secure, encrypting pin pad
US7305565B1 (en) 2000-05-31 2007-12-04 Symbol Technologies, Inc. Secure, encrypting pin pad
US7392396B2 (en) 2002-03-07 2008-06-24 Symbol Technologies, Inc. Transaction device with noise signal encryption

Also Published As

Publication number Publication date
AU4447497A (en) 1998-04-24
WO1998014915A3 (en) 1998-06-04
CA2239009A1 (en) 1998-04-09

Similar Documents

Publication Publication Date Title
US5923759A (en) System for securely exchanging data with smart cards
KR100347878B1 (en) Fund trading device
EP0985203B1 (en) Key transformation unit for an ic card
US5036461A (en) Two-way authentication system between user's smart card and issuer-specific plug-in application modules in multi-issued transaction device
EP0190733B1 (en) Data processing system and method and pocket-size hermetically sealed electronic device
US7845567B2 (en) Contactless card reader and information processing system
US10783514B2 (en) Method and apparatus for use in personalizing identification token
US6669100B1 (en) Serviceable tamper resistant PIN entry apparatus
EP1004980A2 (en) Smart card PIN system, card, and reader
JP4763163B2 (en) Transaction terminal device
CA1326304C (en) Secure data interchange system
CN103562972A (en) Hand-held self-provisioned PIN RED communicator
EP0811210A1 (en) Free-roaming remote hand-held point-of-sale terminal
EP2071530A1 (en) Authentication device and payment system
KR20090106451A (en) Improved device and method for smart card assisted digital content purchase and storage
CN102542697A (en) POS (Point of Sale) terminal based on electronic equipment having network access function
EP2663106B1 (en) Secure near field communication solutions and circuits
EP1441303A1 (en) Information processing terminal or control method thereof
US5949378A (en) Rotatable antenna for financial transaction terminal
WO1998014915A2 (en) A method of assembling and programming a secure personal identification number entry device
WO2001082167A1 (en) Method and device for secure transactions
EP0635774B1 (en) Hand-held terminal for performing purchasing, debit, credit and drawing operations
JP2004362366A (en) Information processing terminal, its control method, and its control program
KR101140640B1 (en) Terminal Devices for Post Issuing Card Applet and Recording Medium
KR100727866B1 (en) Smart Card leader system for the one time password creation

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH HU IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH KE LS MW SD SZ UG ZW AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN

ENP Entry into the national phase

Ref document number: 2239009

Country of ref document: CA

Kind code of ref document: A

Ref document number: 2239009

Country of ref document: CA

AK Designated states

Kind code of ref document: A3

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH HU IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH KE LS MW SD SZ UG ZW AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase