Abstract: A method of doing business is disclosed that transforms a biometric used by a user in a transaction. The transformation creates a distorted biometric. The distorted biometric is used to identify the user to another party without requiring the user to provide actual physical or behavioral characteristics about himself to the other party.

Abstract: In an IC card 30 is sealed an IC chip 70 provided with an exposure sensor 84. When exposure sensor 84 detects that IC card 30 has been opened, exposure sensor 84 outputs an exposure detection signal to a CPU 76. In response to the exposure detection signal, CPU 76 provides a predetermined operation, such as erasure of data in a non-volatile memory 78. As such, the data in non-volatile memory 78 cannot be obtained if IC card 30 is improperly opened to check the data in non-volatile memory 78. Thus the IC card can obtain an enhanced data security.

Abstract: The system and method store biometric information and a personal identification number (PIN) on a token having a magnetic storage medium. A biometric image is captured, biometric data is produced and a PIN is provided by an authorized user. The biometric data and PIN are stored on the magnetic storage medium of the token for subsequent use in verifying an authorized user of the token.

Abstract: Protecting content from piracy. A user computer stores a stored address. A smart card stores a smart-card address. The smart-card address matches the stored address. A seller stores content to be sold to the user. The content is encoded using the smart-card address from the smart card, as encoded content. A header is added to the encoded content, to generate header-encoded content. The header-encoded content is written on an encoded disk. The user computer detects the header from header-encoded content, as a detected header. The smart-card address is read from the smart card and verified with the stored address at the user computer. In response to a match and to the detected header, the encoded content embedded in the header-encoded content is decoded from the encoded disk.

Abstract: A system for performing minimally invasive cardiac procedures. The system includes a pair of surgical instruments that are coupled to a pair of robotic arms. The instruments have end effectors that can be manipulated to hold and suture tissue. The robotic arms are coupled to a pair of master handles by a controller. The handles can be moved by the surgeon to produce a corresponding movement of the end effectors. The movement of the handles is scaled so that the end effectors have a corresponding movement that is different, typically smaller, than the movement performed by the hands of the surgeon. The scale factor is adjustable so that the surgeon can control the resolution of the end effector movement. The movement of the end effector can be controlled by an input button, so that the end effector only moves when the button is depressed by the surgeon.

Abstract: In an IC card 30 is sealed an IC chip 70 provided with an exposure sensor 84. When exposure sensor 84 detects that IC card 30 has been opened, exposure sensor 84 outputs an exposure detection signal to a CPU 76. In response to the exposure detection signal, CPU 76 provides a predetermined operation, such as erasure of data in a non-volatile memory 78. As such, the data in non-volatile memory 78 cannot be obtained if IC card 30 is improperly opened to check the data in non-volatile memory 78. Thus the IC card can obtain an enhanced data security.

Abstract: Postal metering systems with an external communication link which allows funds to be transferred from one postal metering system to another. The external communication link is provided between the safekeeping device of a first postal metering system to the secure communication device of a second postal metering system so that funds can be transferred through the external communication link from the second metering system from its secure communication device to the safekeeping device of the first postal metering system. Furthermore, when the safekeeping device also stores secure information, secure information can be transferred from the second metering system to the first metering system in the same manner. The safekeeping device and the secure communication device are commonly known as the postal secure device (PSD) and the gatekeeper.

Abstract: A card reader module includes capabilities for receiving and decrypting an encrypted user PIN to facilitate off-line transaction authorization. In an off-line transaction, a transaction processing system need not communicate with an outside authorization network to obtain transaction authorization. Off-line transaction authorization is particularly relevant when a customer uses a secure payment device, such as a smart card. With a smart card, the transaction processing system, in cooperation with the smart card, compares a user-entered PIN, input through a keypad, with a user PIN stored on the smart card. If the input PIN matches the stored PIN, the transaction processing system authorizes the customer's transaction. Rather than including the keypad, the card reader module receives the PIN in encrypted format directly or indirectly from a separate keypad. To minimized fraud, the separate keypad encrypts the PIN before it is sent to the card reader module.

Abstract: A method and a device of identification and authentication of a holder of a mobile electronic transaction device in an electronic transaction process between a transaction service provider and a transaction terminal in communication via a computer network. A transceiver is adapted for transmitting an identity of the device to the transaction terminal and receiving a challenge transaction identifier from the service provider via the transaction terminal. A data processing device is adapted for determining an authenticity of a user identification input by comparison with a reference user identification, and for performing a cryptographic transformation of the transaction identifier using a secret key only on the identification input being determined as authentic. The transceiver is also adapted for transmitting a response result of the cryptographic transformation to the service provider via the transaction terminal for validating the transaction.

Abstract: In a card charging system, especially for public transport services, a host ticket facility is operable by both credit cards usable at a card read/write device and concessionary payment cards usable at a contactless card reader, and a security and transaction device located between the card readers and the host facility stores in separate storage devices full fares and concessionary fares which the host facility is able to calculate. A card charging system, especially but not exclusively for payment of public transport fares is described, having one or more card readers and a security and transaction device connected between the card reader(s) and a host facility and for transmitting information back to a clearing center, wherein the security and transaction device includes a number of non-volatile storage devices for error counting and transmitting related performance data back to the clearing center.

Abstract: A self-authenticating document is created by providing a one-way hash value in a symbol creation process, and then using a public key to decrypt data of the self-authenticating document. Raw data to be provided with the self-authenticating document is received, and an account digital signature key is retrieved and used to sign the raw data. A non-repudiation hash value from a previously-created self-authenticating document is utilized, and the raw data and the digital signature key is combined with the hash value to create a new hash value for the self-authenticating document. The hashed data is then encrypted, and any non-encrypted fields are merged in to create a full data packet. The full data packet is used to provide a self-authenticating symbol, such as a bar code label, on the self-authenticating document. The self-authenticating code is used during a document verification step to ensure that the document is genuine.

Abstract: A heterogeneous stored-value system which offers interoperability among a number of proprietary payment card brands with differing fee structures. The system makes use of existing settlement practices and fee structures to increase the amount of commerce while imposing minimal changes. The benefits of the interoperability among different proprietary brands include reduced operating costs, since a single electronic cash pool can serve many different payment card brands. Although the electronic cash of the system is generic and is shared among the different payment card brands, the flow of electronic cash is prescribed in such a manner as to maintain an association between electronic cash (over the course of circulation) and the specific brand of payment card through which it was acquired by the customer. In this way, a transaction involving electronic cash represents a small piece of a much larger charge or debit transaction and carries its proportional share of the fees of the charge or debit transaction.

Abstract: Methods and systems for encoding encrypted monetary values onto transfer vehicles include one or more payment, encoder, and encrypter devices, and, associated with each designated receiving device such as a wireless telephone, a reader, decoder, and decrypter device for deciphering the data from the transfer vehicles, and, under appropriate conditions, for transferring the monetary values encoded and encrypted on the transfer vehicle into memory associated with the designated receiving device. Once such monetary values are transferred to the receiving device, the transfer vehicle cannot be used to transfer the same monetary value again even though the transfer vehicle is not modified during the transfer process.

Abstract: An electronic-monetary system having (1) banks or financial institutions that are coupled to a money generator device for generating and issuing to subscribing customers electronic money including electronic currency backed by demand deposits and electronic credit authorizations; (2) correspondent banks that accept and distribute the electronic money; (3) a plurality of transaction devices that are used by subscribers for storing electronic money, for performing money transactions with the on-line systems of the participating banks or for exchanging electronic money with other like transaction devices in off-line transactions; (4) teller devices, associated with the issuing and correspondent banks, for process handling and interfacing the transaction devices to the issuing and correspondent banks, and for interfacing between the issuing and correspondent banks themselves; (5) a clearing bank for balancing the electronic money accounts of the different issuing banks; (6) a data communications network for provi

Abstract: An electronic-monetary system having (1) banks or financial institutions that are coupled to a money generator device for generating and issuing to subscribing customers electronic money including electronic currency backed by demand deposits and electronic credit authorizations; (2) correspondent banks that accept and distribute the electronic money; (3) a plurality of transaction devices that are used by subscribers for storing electronic money, for performing money transactions with the on-line systems of the participating banks or for exchanging electronic money with other like transaction devices in off-line transactions; (4) teller devices, associated with the issuing and correspondent banks, for process handling and interfacing the transaction devices to the issuing and correspondent banks, and for interfacing between the issuing and correspondent banks themselves; (5) a clearing bank for balancing the electronic money accounts of the different issuing banks; (6) a data communications network for provi

Abstract: A system that allows a third party such as a postage meter manufacturer or PSD manufacturer to collate data, process the data and use this information to identify delayed mail pieces that may have been incorrectly addressed. The apparatus of this invention may be utilized by organizations or people who mail invoices, bills, letters, or other items. The foregoing is accomplished by connecting a scanner and control software to a digital postage meter or PSD that would read incoming digitally metered mail. Instead of printing an indicia the scanner would read the already existing indicia and other information on the mail piece and then extract the sender data fields that are contained in the indicia or on the mail piece. The extracted mail data would be periodically uploaded to a data center.

Abstract: A system for open electronic commerce having a customer trusted agent securely communicating with a first money module, and a merchant trusted agent securely communicating with a second money module. Both trusted agents are capable of establishing a first cryptographically secure session, and both money modules are capable of establishing a second cryptographically secure session. The merchant trusted agent transfers electronic merchandise to the customer trusted agent, and the first money module transfers electronic money to the second money module. The money modules inform their trusted agents of the successful completion of payment, and the customer may use the purchased electronic merchandise.

Abstract: A smart card that includes a descrambler for descrambling entitlement information and data provides improved access control by controlling the manner in which the entitlement information portion of the data stream is passed through the smart card. Entitlement data that is descrambled and used in the smart card for functions such as key generation is reinserted in scrambled form in the high speed output data signal from the smart card. A variable delay device is included in the smart card for controlling when scrambled entitlement data is reinserted into the data stream. Varying the delay permits establishing a desired timing relationship between the reinserted data and other data in the data stream that is output from the smart card. For example, scrambled entitlement data in the output data stream can be made to exhibit substantially the same timing relationship to other data that exists in the input data stream.

Abstract: An electronic-monetary system having (1) banks or financial institutions that are coupled to a money generator device for generating and issuing to subscribing customers electronic money including electronic currency backed by demand deposits and electronic credit authorizations; (2) correspondent banks that accept and distribute the electronic money; (3) a plurality of transaction devices that are used by subscribers for storing electronic money, for performing money transactions with the on-line systems of the participating banks or for exchanging electronic money with other like transaction devices in off-line transactions; (4) teller devices, associated with the issuing and correspondent banks, for process handling and interfacing the transaction devices to the issuing and correspondent banks, and for interfacing between the issuing and correspondent banks themselves; (5) a clearing bank for balancing the electronic money accounts of the different issuing banks; (6) a data communications network for provi

Abstract: A method using a fingerprint image as a cipher for optical encrypting and decrypting information which is presented in the form of an analogous signal. The method includes recording a Fourier hologram, the complex amplitude of the spatial grating of the hologram being a Fourier transform of the information image divided by a Fourier transform of the fingerprint image. To prepare the hologram, a full-complex spatial light modulator (SLM) may be used. The parameters of the Fourier transforms are chosen such that the optical spatial frequencies of the information image and the cipher lie in the same physical range. In another embodiment, the intensity distribution of the Fourier spectrum of the fingerprint image is captured. The cipher image is obtained by illuminating a phase-only SLM which is addressed with a function derived from this intensity distribution. The hologram may be amplitude or phase; thin, thick or volume; transparent or reflective; prepared optically or computer-generated.

Abstract: A complete system for the purchasing of goods or information over a computer network is presented. Merchant computers on the network maintain databases of digital advertisements that are accessed by buyer computers. In response to user inquiries, buyer computers retrieve and display digital advertisements from merchant computers. A digital advertisement can further include a program that is interpreted by a buyer's computer. The buyer computers include a means for a user to purchase the product described by a digital advertisement. If a user has not specified a means of payment at the time of purchase, it can be requested after a purchase transaction is initiated. A network payment system performs payment order authorization in a network with untrusted switching, transmission, and host components. Payment orders are backed by accounts in an external financial system network, and the payment system obtains account authorizations from this external network in real-time.

Abstract: An electronic instrument is created in a computer-based method for effecting a transfer of funds from an account of a payer in a funds-holding institution to a payee. The electronic instrument includes an electronic signature of the payer, digital representations of payment instructions, the identity of the payer, the identity of the payee, and the identity of the funds-holding institution. A digital representation of a verifiable certificate by the institution of the authenticity of the instrument is appended to the instrument. This enables a party receiving the instrument, e.g., the payee or a bank, to verify the authenticity of the account or account holder. The invention may be generally applied to any financial electronic document.

Abstract: A system for determining value in a stored value transaction system has a plurality of value storing devices. A first network consolidation device is provided for receiving stored value information from at least one of the value storing transfer devices and summarizing the received stored value information to provide a first consolidated portion of the received stored value information. A first network settlement device coupled to the first network consolidation device receives the first consolidated portion and performs settlement of the first stored value transaction network in accordance with the first consolidated portion. Further network consolidation devices each have stored value information and apply a consolidated portion of their stored value information to the first network settlement device whereby a plurality of consolidated portions are applied to the first network consolidation device.

Abstract: An automatic account controller for remotely arranging for payment of debt to a vendor. The controller includes a detector for activating the portable account controller upon detection of indicia of identity of an authorized user and a selector for selecting a mode of payment to the vendor. The controller further includes a keypad for entering a payment amount, a wireless transceiver for communicating with the vendor, and a processor for executing the selected mode of payment to the vendor through the apparatus for communicating.

Abstract: A system for open electronic commerce having a customer trusted agent securely communicating with a first money module, and a merchant trusted agent securely communicating with a second money module. Both trusted agents are capable of establishing a first cryptographically secure session, and both money modules are capable of establishing a second cryptographically secure session. The merchant trusted agent transfers electronic merchandise to the customer trusted agent, and the first money module transfers electronic money to the second money module. The money modules inform their trusted agents of the successful completion of payment, and the customer may use the purchased electronic merchandise.

Abstract: A method for loading and managing a plurality of applications in a memory of a chip card, the method including: recording a chart of applications in the memory of the chip card which associates a password and a memory space with a name for i) each of the plurality of applications and ii) at least one user application on that application; recording a chart of data tables in the memory of the chip card, the chart of data tables including a plurality of records, each of the plurality of records associating a name for each of the plurality of applications with a name for at least one data table of that application; recording a chart of rights in the memory of the chip card, the chart of rights associating for each of the plurality of applications, the name for the at least one data table thereof with i) the name for each of the plurality of applications, and user applications thereof, that are capable of using the at least one data table thereof and ii) a set of rights granted to the plurality of applications, an

Abstract: In a first processing mode for a first communication request, a communication processing unit responds to a communication request signal from a communication terminal to acquire an authentication key Ka corresponding thereto from a storage, generates pieces of enciphered authentication information Xai and Xbi enciphered by the authentication key Ka of the communication terminal and an authentication key Kb of the communication processing unit, respectively, and random information Yi and transmits these pieces of information Xai, Xbi and Yi as an authentication request signal to the communication terminal. The communication terminal sends, as an authentication response signal, information Ka[Yi] obtained by enciphering the received random information Yi with the authentication key Ka, back to the communication processing unit, and at the same time, the communication terminal stores the received enciphered pieces of authentication information Xai and Xbi.

Abstract: Systems for interchanging information, for example, obtaining cash from a terminal by use of a portable device such as a credit card are well-known but suffer from being vulnerable to fraud. In the invention a highly secure information interchange system is achieved by utilizing an intelligent card as the portable device which verifies that the terminal is a valid one and the terminal in turn verifies that the card is valid. Unauthorized users are screened out by means of a physical characteristic scan of the user such as a fingerprint which is then compared with comparable data stored on the portable device. If an invalid terminal attempts to communicate with the card, the card erases the data and programs from its memory. All programs and data in the terminal are stored in memory which loses its contents when power is interrupted, thus improving the security of the system by making unauthorized use of a terminal very difficult.

Abstract: A portable Personal Identification Card allows a cardholder to enter a PIN code into his card at a location remote from an authorization terminal. In an alternate embodiment, a PIN code may be enterd at the authorization terminal. The authorization terminal reads the cardholder's account number from the PIN card. The account number is transmitted to a central computer which uses this number to index into memory to find a personal identification number and encryption parameters. The centerl computer transmits a pseudo-random number to the PIN Card. Both the PIN Card and the central computer perform an encryption of a function of the corresponding personal indentification number and pseudo-random number to derive a CGIPIN (Computer Generated Image of the PIN). If the CGIPIN transmitted from the PIN card matches the CGIPIN of the central computer, access is authorized.

Abstract: In an IC card having an update function of transaction data, account type, supplementary amount, and valid date are input to the IC card. The IC card adds a renewal number data held therein to the input transaction data, and the data is encrypted using key data, thus generating reference confirmation data. Input confirmation data is generated using the identical encryption generation algorithm by a host system of a credit company. The input confirmation data is supplied to the IC card. A comparison means in the IC card compares the input confirmation data with the generated reference confirmation data. As a result of the comparison, if these data coincide each other, the input data is stored in the memory in the IC card as new transaction data and update processing is executed.

Abstract: The essence of the invention is a socalled "data bit variable spacer generator", block 79, which contributes to the generation of a control output "c" from a combinatory logic circuit group 78. The logic level of "c" determines whether a clear data bit from the parity flip flop FF6 is to be sent out or a random bit from block RMG. The `variable data bit generator` is controlled by a number of parallel bit outputs from registers SH1 and SH2 which hold an encryption key after being conditioned by other logic inputs derived from key parity flip flops (FF1 and FF2) and clear data bit levels from block 81. Registers SH1 and SH2 shift and recirculate when the `c` output is high. Similar principles are used when data are decrypted. The circuit is suitable for integration with other functions on a single substrate chip.

Abstract: Operating procedure and device for the electronically authorized determination of an individual matter and for obtaining, in a reliably differentiating manner which is secure against forgery, the remotely authorized, individual authentication of a transaction requiring an authentication from an authorized person. The entire system is composed of two hardware components, an AIDA box which can be a pocket calculator equipped with special function keys, and an AIDA module which is a dual processor system with insertable AIDA cards containing special chips. By putting a personal identification number into the AIDA box and through the intermediary physical action on the chip, an identification number is calculated with the aid of an algorithm and displayed. An electronic signature is calculated and displayed by putting in the information to be authenticated. After transmission over a communications system, the calculated values are checked in the AIDA module.

Abstract: A system for a data protection executing financial transactions employing cryptographic techniques. The system comprises an encoded card, which has been initially encrypted using the National Bureau of Standards Data Encryption Standard Algorithm. A subsequent encryption utilizes a private key of a public key cryptosystem is completed resulting in an account number and an uncoded identifier which are placed on the card. The encoded card may be placed in a sender unit which decrypts the public key. The user that enters a personal identifier in the sender unit. The data is transferred to a receiving unit that decrypts the transmitted data utilizing the private key which is unknown to both the user and the sender unit.

Abstract: There is described a method and an apparatus which comprises a reader for reading document characteristics, circuitry permitting the formation of a message confirming the holder identity, a computer connected to said reader and message means, said computer is so designed as to be able to perform from those data obtained by the reader and said means, and possibly from other remotely-conveyed data, a mathematical processing including one or a plurality of encipherings according to a public-key cryptography method and making use therefor but of public keys, means being provided to check with said computer, by a third party, and/or remotely with another computer, the expected match between said collected data, a non-secret number independent from the document, and identification data present unscrambled on the document, which match is disclosed by the mathematical processing.