Maxim Integrated Products, Inc. v. Starbucks Corporation
Filing
1
COMPLAINT for Patent Infringement against Starbucks Corporation ( Filing fee $ 350 receipt number 0540-3389392.), filed by Maxim Integrated Products, Inc.. (Attachments: # 1 Exhibit A - U.S. Patent No. 5,940,510, # 2 Exhibit B - U.S. Patent No. 5,949,880, # 3 Exhibit C - U.S. Patent No. 6,105,013, # 4 Exhibit D - U.S. Patent No. 6,237,095, # 5 Civil Cover Sheet)(Spangler, Andrew)
EXHIBIT B
UNITED STATES PATENT NO.
5,949,880
111111
United States Patent
US005949880A
TRANSFER OF VALUABLE INFORMATION
BETWEEN A SECURE MODULE AND
ANOTHER MODULE
[75]
Appl. No.: 08/978,798
[22]
Filed:
Date of Patent:
[56]
5,003,594
5,539,825
5,546,463
5,577,121
5,621,796
5,642,419
5,671,280
3/1991
7/1996
8/1996
11/1996
4/1997
6/1997
9/1997
Shinagawa ................................
Akiyama et al. .........................
Caputo et al. ............................
Davis et al. ..............................
Davis et al. ..............................
Rosen ........................................
Rosen ........................................
380/24
380/24
380/25
380/24
380/24
380/23
380/24
Primary Examiner-Thomas H. Tarcza
Assistant Examiner-Carmen D. White
Attorney, Agent, or Firm-Jenkens & Gilchrist
Nov. 26, 1997
[57]
Related U.S. Application Data
[62]
Division of application No. 08/594,975, Jan. 31, 1996.
[51]
Int. CI. 6
[52]
U.S. CI. ................................. 380/24; 380/25; 705/39;
705/42
[58]
Field of Search .................................. 380/23,24,25;
705/39, 40, 42
........................................................
114~
References Cited
U.S. PATENT DOCUMENTS
Assignee: Dallas Semiconductor Corporation,
Dallas, Tex.
[21]
5,949,880
Sep. 7, 1999
Patent Number:
Inventors: Stephen M. Curry, Dallas; Donald W.
Loomis, Coppell; Michael L. Bolan,
Dallas, all of Tex.
[73]
[11]
[45]
[19]
Curry et ai.
[54]
1111111111111111111111111111111111111111111111111111111111111
H04L 9/00
110~
.---~~---,
.-~-----,
CREDIT CARD
READER
CASH
ACCEPTOR
ABSTRACT
The present invention relates to system, apparatus and
method for communicating valuable data from a portable
module to another module via an electronic device. More
specifically, the disclosed system, apparatus and method are
useful for enabling a user to fill a portable module with a
cash equivalent and to spend the cash equivalent at a variety
of locations. The disclosed system incorporates an
encryption/decryption method.
6 Claims, 8 Drawing Sheets
/112
AUTO~ATlC
TELLER
MACHINE
/116
PHONE
LINE
~-t--~t----------~
1
SECURE
1
PORTABLE t------III
MICROPROCESSOR
MICROPROCESSOR 1
MODULE
l'~ I :
BASED \ DEVICE
BASED \ DEVICE
1
106
L _ _ _ - \ _ _ _ _ _ _ _ _ . _ _ --.J
_
\
102
104
108
u.s.
Patent
114
112
110
CREDIT CARD
READER
AUTOK4ATIC
TELLER
MACHINE
CASH
ACCEPTOR
1-----1
106
102
I
I
116
PHONE
LINE
----------1
rI
PORTABLE
MODULE
5,949,880
Sheet 1 of 8
Sep.7,1999
I
MICROPROCESSOR
SECURE
BASED DEVICE --~MICROPROCESSOR
BASED DEVICE
I
I
I
_ _ -1
104
FIG. 1
108
u.s.
Patent
i
5,949,880
Sheet 2 of 8
Sep.7,1999
ID NUMBER
210
;212
I
;204
;202
MEMORY
I
IOUTPUT BUFFERI
MEMORY
CONTROL
I
SCRATCH BAD
MEMORY
I INPUT BUFFER I
INPUT/OUTPUT
CONTROL
ICOUNTE~
~ ONE-WIRE
INTERFACE \
Y TIMER J
"'214
206
PORTABLE MODULE
208
FIG. 2
u.s.
Patent
Sep.7,1999
5,949,880
Sheet 3 of 8
UNIQUE ID NUMBER
t
/v--CLOCK
MICRO PROCESSOR
-1 4
I--
/
12 -
~
CONTROL
"MATH COPROCESSOR
18 -
/'
r--
I---'"'
-
ROM
NVRAM
"--- -1 6
f'-- r-- -2 2
"" I- --20
""'- r-- -2 4
OUTPUT BUFFER
28 -
I--'"'
30 -
I--'"'
26 -
I--'"'
32 -
I--'"'
/'
INPUT BUFFER
/
/"
T
V
ENERGY /
./
CIRCUITRY
ONE-WIRE
INTERFACE
MODULE
FIG. 3
8
e--
34
u.s.
Patent
Sep.7,1999
MICROPROCESSOR
BASED DEVICE
PORTABLE MODULE
CONTAINS:
SECURE MODULE
READ (SERIAL NUMBER,
TRANSACTION COUNTER,I--_ _ _ _----.
AND ENCRYPTED DATA)
AS DATA-ONE
_
(DID NUMBER
8 bytes)
(Unrecognizable option
byte)
Master Erase (02H)
5
Notes:
If the LSB (least significant bit) of the PIN option is clear
(i.e. PIN not required for Master Erase) then a 0 is transmitted for the Common PIN value. In general this text will
always assume a PIN is required. If no PIN has been
15 established a 0 should be transmitted as the PIN. This is true
of the common PIN and group PINS (see below). If the PIN
was correct the firmware deletes all groups (see below) and
all objects within the groups. The common PIN and common
PIN option byte are both reset to zero.
20
After everything has been erased the secure module
transmits the return packet. The CSB is as described above.
The output data length and output data fields are both set to
O.
10
25
Create Group (03H)
Transmit data
03H, Common PIN, Group name, Group PIN
Receive data
30
CSB ~ 0 if command successful, appropriate
error code otherwise
Output length ~ 1 if successful, 0 otherwise
Output data ~ Group !D if successful, 0
otherwise
35
40
45
Output data length
Output data
55
ERR INSUFFICIENT_RAM
(Incorrect common PIN)
(If group name length> 16
bytes)
(If group PIN length
> 8 bytes)
(The secure module has
been locked)
(Not enough memory for
new group)
Set Group PIN (04H)
Transmit data
04H, Group !D, old GPIN, new GPIN
Receive data
CSB ~ 0 if command successful, appropriate
60 error code otherwise
Output length ~ 0
Output data ~ 0
Master Erase (02H)
Transmit data
02H, Common PIN
ERR BAD COMMON_PIN
ERR BAD NAME_LENGTH
ERR MIAC_LOCKED
For all commands described in this section, data received
by the host will be in the form of a return packet. A return
packet has the following structure:
(0 if command successful,
error code otherwise, 1 byte)
(Command output length, 2
bytes)
(Command output, length
specified above).
Notes:
The maximum group name length is 16 bytes and the
maximum PIN length is eight bytes. If the PIN_TO_
CREATE bit is set in the common PIN option byte and the
PIN transmitted does not match the common PIN the secure
module will set the OSC to ERR_BAD COMMON_PIN.
Possible error return codes for the create group command:
ERR BAD PIN_LENGTH
50
Command status byte
Receive data
CSB = 0 if command was successful,
ERR_BAD COMMON_PIN otherwise
Output length ~ 0
Output data ~ 0
65
Notes:
The Group PIN only restricts access to objects within the
group specified by the group ID transmitted in the command
packet.
5,949,880
13
14
Possible error codes for the set group PIN command:
-continued
Lock Object (06H)
ERR BAD GROUP PIN
ERR BAD PIN_LENGTH
(Group PIN match
failed)
(New group PIN length
> S bytes)
Create Object (05H)
Transmit data
05H, Group ID, Group PIN, Object type, Object
attributes, Object data
Receive data
CSB ~ 0 if command successful, appropriate
error code otherwise
Output length ~ 1 if successful, 0 otherwise
Output data ~ object ID if successful, 0
otherwise
5
error code otherwise
Output length ~ 0
Output data ~ 0
10
Notes:
If the Group ID, Group PIN and Object ID are all correct,
the secure module will lock the specified object. Locking an
object is an irreversible operation.
Possible error return codes for the lock object command:
15
ERR BAD GROUP PIN
ERR GROUP LOCKED
ERR MIAC LOCKED
ERR BAD GROUP ID
20
Notes:
If the Create Object command is successful the secure
module firmware returns the object's ID within the group
specified by the Group ID. If the PIN supplied by the host
was incorrect or the group has been locked by the Lock
Group command (described below) the secure module
returns an error code in the CSB. An object creation will also
fail if the object is invalid for any reason. For example, if the
object being created is an RSA modulus (type 0) and it is
greater than 1024 bits in length. transaction script creation
will succeed if it obeys all transaction scripts rules.
Possible error return codes for the create object command:
(Incorrect group PIN)
(The group has been
locked)
ERR MIAC LOCKED
(The secure module has
been locked)
ERR INVALID_TYPE
(The object type
specified is invalid)
ERR BAD SIZE
(The objects length
was invalid)
ERR INSUFFICIENT_RAM
(Not enough memory for
new object)
Object types:
RSA modulus
0
RSA exponent
Money register
2
Transaction counter
3
Transaction script
4
Clock offset
5
Random SALT
Configuration object
7
Input data object
S
Output data object
9
Object Attributes:
Locked
00000001b
Privatized
00000010b
25
Privatize Object (07H)
Transmit data
07H, Group ID, Group PIN, Object ID
Receive data
CSB ~ 0 if successful, appropriate error code
30 otherwise
35
ERR BAD GROUP PIN
ERR GROUP LOCKED
40
45
ERR BAD GROUP PIN
ERR GROUP LOCKED
ERR BAD GROUP ID
50
(Incorrect group PIN)
(The group has already
been locked)
(The secure module has
been locked)
(Specified group does
not exist)
(Specified object does
not exist)
Make Object Destructable (OSH)
Transmit data
OSH, Group ID, Group PIN, Object ID
Receive data
CSB ~ 0 if successful, appropriate error code
60 otherwise
Lock Object (06H)
Transmit data
06H, Group ID, Group PIN, Object ID
Receive data
CSB ~ 0 if command successful, appropriate
Notes:
If the Group ID, Group PIN and Object ID were valid the
object will be privatized. Privatized objects share all the
properties of locked objects but are not readable. Privatized
objects are only modifiable through transaction scripts. Note
that locking a privatized object is legal, but has no meaning
since object privatization is a stronger operation than object
locking. Privatizing an object is an irreversible operation.
Possible error return codes for the privatize object command:
ERR MIAC LOCKED
55
Objects may also be locked and privatized after creation
by using the Lock Object and Privatize Object commands
described below.
(Incorrect group PIN)
(The group has already
been locked)
(The secure module has
been locked)
(Specified group does
not exist)
(Specified object does
not exist)
65
Notes:
If the Group ID, Group PIN and Object ID were valid the
object will be made destructable. If an object is destructable
it becomes unusable by a transaction script after the groups
destructor becomes active. If no destructor object exists
within the transaction group the destructible object attribute
5,949,880
15
16
bit has no affect. Making an object destructable is an
irreversible operation.
Possible error return codes for the make object destructable command:
-continued
Lock Group (OAH)
5
ERR_BAD GROUP PIN
ERR_GROUP LOCKED
ERR_BAD GROUP ID
(Incorrect group PIN)
(The group has already
been locked)
(The secure module has
been locked)
(Specified group does
not exist)
(Specified object does
not exist)
10
error code otherwise
Output length ~ 0
Output data ~ 0
Notes:
If the group PIN provided is correct the secure module
BIOS will not allow further object creation within the
specified group. Since groups are completely self-contained
entities they may be deleted by executing the Delete Group
command (described below).
Possible error return codes for the lock group command:
15
ERR BAD GROUP PIN
ERR GROUP LOCKED
Lock Secure module (09H)
Transmit data
09H, Common PIN
Receive data
CSB = 0 if successful, appropriate error code
otherwise
Output length ~ 2 if successful, 0 otherwise
Output data = audit trail size if successful,
o otherwise
ERR MIAC LOCKED
20
ERR BAD GROUP ID
(Incorrect group PIN)
(The group has already
been locked)
(The secure module has
been locked)
(Specified group does
not exist)
25
Invoke Transaction Script (OBH)
Notes:
If the host supplied Common PIN is correct and the secure
module has not previously been locked, the command will
succeed. When the secure module is locked it will not accept
any new groups or objects. This implies that all groups are
automatically locked. The RAM not used by the system or
by groups will be used for an audit trail. There is no audit
trail until the secure module has successfully been locked!
An audit trail record is six bytes long and has the
following structure:
Group IDIObject IDIDaterrime stamp.
Once an audit trail has been established, a record of the
form shown above will be stored in the first available size
byte location every time a transaction script is executed.
Note that since the secure module must be locked before the
audit trail begins, neither the group ID nor any object ID is
subject to change. This will always allow an application
processing the audit trail to uniquely identify the transaction
script that was executed. Once the audit trail has consumed
all of its available memory, it will store new transaction
records over the oldest transaction records.
Possible error codes for the lock secure module command:
(Supplied common PIN
was incorrect)
(Secure module was
already locked)
Transmit data
OBH, Group ID, Group PIN, Object ID
Receive data
30
CSB ~ 0 if command successful, appropriate
error code otherwise
Output length ~ 1 if successful, 0 otherwise
Output data ~ estimated completion time
35
40
ERR BAD GROUP PIN
ERR BAD GROUP ID
45
50
(Incorrect group PIN)
(Specified group does
not exist)
(Script object did not
exist in group)
Read Object (OCH)
Transmit data
OCH, Group ID, Group PIN, Object ID
Receive data
CSB ~ 0 if command successful, appropriate
error code otherwise
55
Output length ~ object length if successful, 0
otherwise
Output data ~ object data if successful, 0
otherwise
60
Lock Group (OAH)
Transmit data
OAH, Group ID, Group PIN
Receive data
CSB ~ 0 if command successful, appropriate
Notes:
The time estimate returned by the secure module is in
sixteenths of a second. If an error code was returned in the
CSB, the time estimate will be O.
Possible error return codes for the execution transaction
script command:
65
Notes:
If the Group ID, Group PIN and Object ID were correct,
the secure module checks the attribute byte of the specified
object. If the object has not been privatized the secure
module will transmit the object data to the host. If the Group
PIN was invalid or the object has been privatized the secure
module will return a 0 in the output length, and data fields
of the return packet.
5,949,880
17
18
Possible error codes for the read object command:
ERR_BAD GROUP PIN
ERR_BAD GROUP ID
ERR_OBJECT_PRIVATIZED
(Incorrect group PIN)
(Specified group does
not exist)
(Object did not exist
in group)
(Object has been
privatized)
causes the automatic destruction of all objects within the
group. If the secure module has been locked the Delete
Group command will fail.
Possible error codes for the delete group command:
5
ERR BAD CROUP PIN
ERR BAD GROUP_ID
ERR MIAC_LOCKED
10
(Incorrect group PIN)
(Specified group does
not exist)
(Secure module has
been locked)
Write Object (ODH)
Transmit data
ODH, Group ID, Group PIN, Object ID, Object
size, Object Data
Receive data
CSB = 0 if successful, appropriate error code
otherwise
Output length ~ 0
Output data ~ 0
Notes:
If the Group ID, Group PIN and Object ID were correct,
the secure module checks the attribute byte of the specified
object. If the object has not been locked or privatized the
secure module will clear the objects previous size and data
and replace it with the new object data. Note that the object
type and attribute byte are not affected.
Possible error codes for the write object command:
Get Command Status Info (10H)
15
Transmit data
10H
Receive data
CSB ~ 0
Output length ~ 6
20
Output data = secure module status structure
(see below)
25
Notes:
This operation requires no PIN and never fails. The status
structure is defined as follows:
Last command executed
Last command status
Time command received
(1 byte)
(1 byte)
(4 bytes)
30
ERR BAD GROUP PIN
ERR BAD GROUP ID
ERR BAD OBJECT ID
ERR BAD OBJECT_SIZE
ERR OBJECT_LOCKED
ERR OBJECT_PRIVATIZED
(Incorrect group PIN)
(Specified group does
not exist)
(Object did not exist
in group)
(Illegal object size
specified)
(Object has been
locked)
(Object has been
privatized)
Get Secure module Configuration Info (l1H)
35
Transmit data
11H
Receive data
CSB ~ 0
Output length ~ 4
Output data = secure module configuration
40 structure
Notes:
This operation requires no PIN and never fails. The
configuration structure is defined as follows:
Read Group Name (OEH)
Transmit data
OEH, Group ID
Receive data
CSB ~ 0
Output Length ~ length of group name
Output data ~ group name
45
Number of groups
Flag byte (see below)
Audit trail size/Free RAM
(1 byte)
(1 byte)
(2 bytes)
50
The flag byte
values:
Notes:
The group name length is a maximum of 16 bytes. All
byte values are legal in a group name.
55
IS
the bitwise-or of any of the following
00000001b (Secure module is locked)
00000010b (Common PIN required for access)
Delete Group (OFH)
Transmit data
OFH, Group ID, Group PIN
Receive data
CSB = 0 if successful, appropriate error code
otherwise
Output length ~ 0
Output data ~ 0
Notes:
If the group PIN and group ID are correct the secure
module will delete the specified group. Deleting a group
60
Read Audit Trail Info (12H)
Transmit data
12H, Common PIN
Receive data
CSB ~ 0 if command successful, appropriate
error code otherwise
65
Output length ~ audit trail structure size (5)
if successful, 0 otherwise
5,949,880
19
20
-continued
ERR BAD GROUP_ID
Read Audit Trail Info (12H)
Output data ~ audit trail info structure if
successful, 0 otherwise
ERR PAD GROUP PIN
5
Notes:
If the transmitted Common PIN is valid and the secure
module has been locked, it returns audit trail configuration
information as follows:
(2 bytes)
(2 bytes)
(1 byte)
Number of used transaction records
Number of free transaction records
A boolean specifying whether or
not the audit trail rolled
since previous read command
(Group ID does not
exist)
(Common PIN was
incorrect)
(The secure module is
not locked)
10
Read Real Time Clock (15H)
Transmit data
15H, Common PIN
Receive data
CSB ~ 0 if the common PIN matches and
15
ERR_BAD COMMON_PIN otherwise
Output length ~ 4
Output data ~ 4 most significant bytes of the
real time clock
Possible error codes for the read audit trail info command:
20
ERR BAD COMMON_PIN
ERR MIAC NOT_LOCKED
(Common PIN was
incorrect)
(Secure module is not
locked)
Notes:
This value is not adjusted with a clock offset. This
command is normally used by a service provider to compute
a clock offset during transaction group creation.
25
Read Real Time Clock Adjusted (16H)
Read Audit Trail (13H)
Transmit data
13H, Common PIN
Receive data
CSB ~ 0 if command successful, appropriate
error code otherwise
Output length ~ # of new records * 6 if
successful, 0 otherwise
Output data ~ new audit trail records
Notes:
If the transmitted common PIN is valid and the secure
module has been locked, it will transfer all new transaction
records to the host.
Possible error codes for the read audit trail command:
ERR BAD COMMON_PIN
ERR MIAC NOT_LOCKED
(Common PIN was
incorrect).
secure module is not locked
Transmit data
16H, Group 10, Group PIN, 10 of offset object
Receive data
CSB ~ 0 if successful, appropriate error code
30
otherwise
Output length ~ 4 if successful, 0 otherwise
Output data ~ Real time clock + clock offset 10
35
40
Notes:
This command succeeds if the group ID and group PIN
are valid, and the object ID is the ID of a clock offset. The
secure module adds the clock offset to the current value of
the 4 most significant bytes of the RTC and returns that value
in the output data field. Note that a transaction script may be
written to perform the same task and put the result in the
output data object.
Possible error codes for the real time clock adjusted
command:
45
ERR BAD GROUP PIN
ERR BAD GROUP ID
ERR BAD OBJECT_TYPE
Read Group Audit Trail (14H)
Transmit data
14H, Group ID, Group PIN
Receive data
CSB ~ 0 if command successful, appropriate
error code otherwise
Output length ~ # or records for group * 6 if
successful, 0 otherwise
Output data ~ audit trail records for group
Notes:
This command is identical to the read audit trail
command, except that only records involving the group ID
specified in the transmit data are returned to the host. This
allows transaction groups to record track their own activities
without seeing other groups records.
Possible error codes for the read group audit trail command:
(Incorrect group PIN)
(Specified group does
not exist)
(Object ID is not a
clock offset)
50
Get Random Data (17H)
Transmit data
17H, Length (L)
Receive data
CSB ~ 0 if successful, appropriate error code
otherwise
Output length ~ L if successful, 0 otherwise
Output data ~ L bytes of random data if
60
successful
55
65
Notes:
This command provides a good source of cryptographically useful random numbers.
Possible error codes for the get random data command
are:
5,949,880
21
22
ERR_BAD_COMMON_PIN (81H)
(Requested number of bytes
> 128)
5
This error code will be returned when a command
requires a common PIN and the PIN supplied does not match
the secure module's common PIN. Initially the common PIN
is set to O.
Get Firmware Version ID (18H)
Transmit data
18H
Receive data
CSB ~ 0
Output length ~ Length of firmware version 10
string
Output data = Firmware version ID string
10
Transaction groups may have their own PIN, FIG. 6. If
this PIN has been set (by a set group PIN command) it must
be supplied to access any of the objects within the group. If
the Group PIN supplied does not match the actual group
PIN, the secure module will return the ERR BAD
GROUP_PIN error code.
15
Notes:
This command returns the firmware version ID as a Pascal
type string (length+data).
20
Get Free RAM (19H)
Transmit data
19H
Receive data
CSB ~ 0
Output length ~ 2
Output data ~ 2 byte value containing the
amount of free RAM
Notes:
If the secure module has been locked the output data bytes
will both be 0 indicating that all memory not used by
transaction groups has been reserved for the audit trail.
25
30
35
Change Group Name (lAH)
Transmit data
lAH, Group 10, Group PIN, New Group name
Receive data
CSB = 0 if successful or an appropriate error
code otherwise
Output length ~ 0
Output data ~ 0
Notes:
If the group ID specified exists in the secure module and
the PIN supplied is correct, the transaction group name is
replaced by the new group name supplied by the host. If a
group ID of 0 is supplied the PIN transmitted must be the
common PIN. If it is correct, the secure module name is
replaced by the new name supplied by the host.
Possible error codes for the change group name command:
ERR BAD GROUP PIN
ERR_BAD_GRQUP_ID
ERR BAD NAME_LENGTH
(Incorrect group PIN)
(Specified group does
not exist)
(New group name> 16 bytes)
The option byte only applies to the common PIN. When
the set common PIN command is executed the last byte the
host supplies is the option byte (described in command
section). If this byte is unrecognizable to the secure module,
it will return the ERR_BAD OPTION_BYTE error code.
When the create transaction group command is executed,
one of the data structures supplied by the host is the group's
name. The group name may not exceed 16 characters in
length. If the name supplied is longer than 16 characters, the
ERR_BAD_NAME_LENGTH error code is returned.
40
The create transaction group and create object commands
return this error code when there is not enough heap available in the secure module.
45
50
When the secure module has been locked, no groups or
objects can be created or destroyed. Any attempts to create
or delete objects will generate an ERR_MIAC_LOCKED
error code.
55
If the secure module has not been locked there is no audit
trail. If one of the audit trail commands is executed this error
code will be returned.
ERR_GROUP_LOCKED (89H)
60
ERROR CODE DEFINITIONS
This error code occurs when the secure module firmware
does not recognize the command just transmitted by the
host.
There are 2 commands which can change PIN values. The
set group PIN and the set common PIN commands. Both of
these require the new PIN as well as the old PIN. The
ERR_BAD_PIN_LENGTH error code will be returned if
the old PIN supplied was correct, but the new PIN was
greater than 8 characters in length.
Once a transaction group has been locked object creation
within that group is not possible. Also the objects attributes
and types are frozen. Any attempt to create objects or modify
their attribute or type bytes will generate an ERR
GROUP_LOCKED error code.
65
When the host sends a create object command to the
secure module, one of the parameters it supplies is an object
5,949,880
23
24
type (see command section). If the object type is not
recognized by the firmware it will return an ERR_BAD_
OBJECT_TYPE error code.
articulatable items include credit cards, rings, watches,
wallets, purses, necklaces, jewelry, ID badges, pens,
clipboards, etc.
5
When the host sends a create object command to the
secure module, one of the parameters it supplies is an object
attribute byte (see command section). If the object attribute
byte is not recognized by the firmware it will return an
ERR_BAD OBJECT_ATTR error code.
The secure module 108 preferably is a single chip "trusted
computer". By the word "trusted" it is meant that the
computer is extremely secure from tampering by unwarranted means. The secure module incorporates a numeric
10
coprocessor optimized for math intensive encryption. The
BIOS is preferably immune to alteration and specifically
designed for very secure transactions.
Each secure module can have a random "seed" generator
with the ability to create a private/public key set. The private
An ERR_BAD_SIZE error code is normally generated
15
key never leaves the secure module and is only known by the
when creating or writing an object. It will only occur when
secure module. Furthermore, discovery of the private key is
the object data supplied by the host has an invalid length.
prevented by active self-destruction upon wrongful entry
into the secure module. The secure module can be bound to
All commands that operate at the transaction group level 20 the user by a personal identification number (PIN).
require the group ID to be supplied in the command packet.
If the group ID specified does not exist in the secure module
it will generate an ERR_BAD_GROUP_ID error code.
25
All commands that operate at the object level require the
object ID to be supplied in the command packet. If the object
ID specified does not exist within the specific transaction
30
group (also specified in the command packet) the secure
module will generate an ERR_BAD OBJECT_ID error
code.
ERR_INSUFFICIENT_FUNDS (8FH)
35
If a script object that executes financial transactions is
invoked and the value of the money register is less than the
withdrawal amount requested an ERR_INSUFFICIENT_
FUNDS error code will be returned.
40
Locked objects are read only. If a write object command
is attempted and it specifies the object ID of a locked object
the secure module will return an ERR OBJECT
LOCKED error code.
Private objects are not directly readable or writable. If a
read object command or a write object command is
attempted, and it specifies the object ID of a private object,
the secure module will return an ERR OBJECT
PRIVATE error code.
45
50
55
ERR_OBJECT_DESTRUCTED (92H)
If an object is destructible and the transaction group's
destructor is active the object may not be used by a script.
If a script is invoked which uses an object which has been
destructed, an ERR_OBJECT_DESTRUCTED error code
will be returned by the secure module.
The exemplary embodiment of the present invention is
preferably placed within a durable stainless steel, token-like
can. It is understood that an exemplary secure module can be
placed in virtually any articulatable item. Examples of
60
65
When transactions are performed by the secure module
108 certificates of authentication are created by either or
both the secure module and a system the secure module
communicates with. The certificate can contain a variety of
information. In particular, the certificate may contain:
1) who is the secure module user via a unique registration
number and a certified public key.
2) when the transaction took place via a true-time stamping of the transaction.
3) where the transaction took place via a registered secure
module interface site identification.
4) security information via uniquely serialized transactions and digital sign on message digests.
5) secure module status indicated as valid, lost, or expired.
Although a preferred embodiment of the method and
apparatus of the present invention has been illustrated in the
accompanying Drawings and described in the foregoing
Detailed Description, it will be understood that the invention
is not limited to the embodiment disclosed, but is capable of
numerous rearrangements, modifications and substitutions
without departing from the spirit of the invention as set forth
and defined by the following claims.
What is claimed is:
1. A method for electronically transferring units of
exchange between a first module and a second module,
comprising the steps of:
a. initiating communication between said first module and
an electronic device;
b. passing a first value datum from said first module to
said electronic device;
c. passing said first value datum from said electronic
device to said second module;
d. performing a mathematical calculation on said first
value datum thereby creating a second value datum;
e. passing said second value datum from said second
module to said electronic device;
f. passing said second value datum from said electronic
device to said first module;
g. storing said second value datum in said first module;
and
h. discontinuing communication between said first module and said electronic device.
5,949,880
25
2. The method of claim 1, wherein said first value datum
represents a monetary equivalent.
3. The method of claim 1, wherein said first value datum
is encrypted.
4. The method of claim 1, wherein said second value 5
datum is encrypted.
5. The method of claim 3, wherein the step of performing
a mathematical calculation comprises the steps of:
is
m. decrypting said first value datum with a public key
thereby creating a decrypted value;
26
n. performing at least one of an addition function and a
subtraction function on said decrypted value thereby
creating a value result; and
o. encrypting said value result with a private key thereby
creating said second value datum.
6. The method of claim 1, wherein the step (b) of passing
performed over at least a single conductive contact.
* * * * *
UNITED STATES PATENT AND TRADEMARK OFFICE
CERTIF'ICATE OF CORRECTION
PATENT NO.
5,949,880
DATED
Sep. 7, 1999
Curry et al.
INVENTOR(S);
Page 1 of 2
It is certified that error appears in the above-identified patent and that said letters Patent is hereby
corrected as shown below:
Column 2, line 57
Replace "electroma,gnetic"
With --electro-magnetic--
Column 5, line 15
Before "information"
Remove --is--
Column 8, line 26
Before "module"
Remove --is--
Column 12, line 47
Replace "ERR BAD PIN LENGTH"
With --ERR_BAD_PIN LENGTH--
Column 17, line 34
Replace "ERR BAD OBJECT I~'
With --ERR BAn OBJECT ID--
UNITED STATES PATENT AND TRADEMARK OFFICE
CERTIFICATE OF CORRECTION
PATENT NO.5, 949,880
Page 2 of 2
Sept 7, 1999
INVENTOR(S): Curry et al
DATED
It is certified that error appears in the above-identified patent and that said Letters Patent is hereby
corrected as shown below:
Column 20, line 6
Replace 'ERR MIAC NOT LOCKE~'
With --ERR MIAC NOT LOCKED~-
Column 20, line 48
Replace "ERR BAD OBJECT TY..PE"
With --ERR BAD OBJECT TYPE--
Column 21, line 58
Replace "ERR BAD NAME LENGTH"
With --ERR BAD NAME LENGTH--
Signed and Sealed this
Twenty-fifth Day of April, 2000
Attest:
~~
Q. TODD DICKINSON
Attesting Officer
Director of Patents and Trademarks
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?