MXPA00006177A

MXPA00006177A - Portable 2-way wireless financial messaging unit

Info

Publication number: MXPA00006177A
Application number: MXPA/A/2000/006177A
Authority: MX
Inventors: Walter Lee Davis; Jeff Lavell; Victoria A Leonardo; Barry W Herold
Original assignee: Motorola Inc
Priority date: 1997-12-22
Filing date: 2000-06-21
Publication date: 2001-07-09

Abstract

A portable 2-way secure financial messaging unit (906) includes a receiver (804), a selective call decoder (1004), a financial transaction processor (1014) a main processor (1006), and a transmitter (1034). A received secure financial transaction message is decoded by the selective call decoder (1004) and either passed directly to a financial transaction processor (1014) in the secure financial messaging unit or to a smart card to prevent unauthorized access to information contained in the secure financial transaction message. The portable 2-way secure financial messaging unit (906) may originate as well as receive financial transactions.

Description

TRANSMISSION UNIT OF FINANCIAL MESSAGES, WIRELESS, OF 2 SENSES, PORTABLE * Field of the Invention This invention relates generally to selective call signal transmission systems and more particularly to a selective call signal transmission system that facilitates secure financial transactions over a wireless network utilizing a wireless unit. financial message transmission, wireless, 2-way, portable.

BACKGROUND OF THE INVENTION In conventional selective call signal transmission systems, a user or originator may send a message to a subscriber unit (e.g., the selective call receiver), the message comprises an address associated with the subscriber unit , and data. The data can be in one or more forms, such as numeric digits representing a telephone number, alphanumeric characters representing a readable text message or possibly a multiple media message comprising audio and graphic information. Typically, this form of message transmission was sufficient to convey information between individuals or services related to their business, special interests, whereabouts, general time, or appointments at critical times. However, due to the growing need for the information society when a person is moving, a solution must be found that allows an individual to conduct personal or business transactions, as well as keep him informed of personal events, contacts and information. business. Considering conventional wireless systems that include both cellular and paging applications, there are significant problems that must be resolved before personal or business transactions can be implemented reliably and privately. Due to the advancement of the engineering sciences, particularly in the areas of wireless communications and computer science, it has become relatively easy to - know-it-all or intrusive "hacker" verify both the address and the data broadcasts to the receiver of selective calls. This unwanted indiscreet verification or listening has a problem for the potential users of wireless communication systems, since such personal data may be exposed to unauthorized individuals, thus creating an unnecessary risk for both parties if confidential information is issued. In addition, if the information contains clear text data that represents a personal address, serial number, personal identification number (PIN) or similar, an unscrupulous party that verifies the flow of data could have access to the individual's personal accounts or hack the address to clone an 'unauthorized communication device. Stealing the service or confidential information in this way is probably the most disheartening aspect faced by communication equipment manufacturers and service providers today and in the future. The interest in securing the data contained in issues is especially acute in the area of electronic financial transactions. Exposing for the capture the clear text data contained in a financial transaction invites, and will surely result in, the theft of funds or frauds against an individual. In this way, what is needed is a wireless message transmission system that allows an originator to communicate a secure message between a subscriber unit and the originator, and authenticate the secure message, without exposing the content or meaning of the message. Brief Description of the Invention In summary, according to the invention, there is provided a method and apparatus for sending data, comprising secure financial transactions on the equipment of the existing paging infrastructure, using paging protocols such as the FLEXMR., a brand of Motorola, Inc., POCSAG (Consultative Group of Standardization of Postal Codes), or similar. A first aspect of the invention involves realizing the equipment that implements a method for placing secure messages in an existing paging infrastructure. The existing paging infrastructure comprises a paging terminal that includes a paging encoder to process the received messages and their corresponding destination requests. "The paging terminal generates a queue for the transmission of messages of selective calling messages comprising the received messages and their corresponding selective call addresses, as determined from the corresponding destination requests. The distribution of selective call messages in the message transmission queue is handled by the paging terminal which dispatches messages to at least one base station (e.g., transmitter, antenna and receiver) to communicate between the base station and the subscriber units or pagers. A second aspect of the invention involves the inclusion of a cryptographic engine in the paging terminal to encrypt, decrypt, signal, and verify the authenticity of the messages received from both an originator and the subscriber or pager unit. A third aspect of the invention involves the subscriber unit or pager that is equipped with a special security module that can process cryptographic information contained in the selective call messages to verify its authenticity and extract the encrypted data, and return encrypted or acknowledged responses as necessary, to authenticate and confirm receipt of the secure message. A fourth aspect of the invention involves the subscriber unit or pager that is equipped with a primary and possibly a secondary apparatus for communicating both incoming and outgoing messages. The primary apparatus comprises a conventional radio frequency receiver and optionally a conventional radio frequency transmitter. The secondary apparatus comprises an optical receiver and optionally an optical transmitter. Alternatively, the secondary apparatus may further comprise one or more acoustic or other electromagnetic transducers and associated circuits that implement a uni or bidirectional communication link between the unit-of the subscriber or pager and the originator. A fifth aspect of the invention involves the subscriber unit or pager that includes a single predetermined account identifier corresponding to at least one of an electronic or cash storage card. funds, debit card, credit card or bank account. A sixth aspect of the invention involves the subscriber unit or pager that includes multiple predetermined account identifiers that correspond to at least two of the following: electronic cash or funds storage card, debit card, credit card or account Bank. A seventh aspect of the invention involves the cryptographic engine in the paging terminal and the security module in the subscriber unit or pager that accommodates a plurality of cryptographic procedures. These cryptographic procedures comprise both private and public key systems, as appropriate. One such private key system is the Data Encryption Standard (DES) that uses the ANSI X3.92 DES algorithm in CBC mode. Similarly, a first public key system is the RSA (invented by Rivest, Shamir, and Adleman), a cryptographic procedure based on one-way subexponential functions implemented using the multiplication and exponentiation of the integer n. A second public-key system uses elliptic curve technology, a cryptographic procedure based on exponential functions in a highly non-linear sense implemented over finite fields. An eighth aspect of the invention involves initiating a wireless transaction from the subscriber unit or pager, the wireless transaction is related to at least one of the electronic card of storage of cash or funds, debit card, credit card or bank account. A ninth aspect of the invention involves a personal identification number selected by the user that is programmed in the subscriber unit or pager to protect accounts or financial funds loaded in the subscriber or pager unit. A tenth aspect of the invention involves a personal identification number selected by the user that is programmed on the Smart Card via the subscriber unit or pager, thereby deactivating access to any characteristics of the protected Smart Card unless it is available. access or are reprogrammed later by the subscriber unit or pager. An eleventh aspect of the invention involves authenticating the authorized subscriber unit or pager as a communication agent for the wireless financial transaction, and selectively deactivating any financial transactions directed to accounts belonging to or controlled by the authorized pager or subscriber unit. when a financial transaction of entry or exit between an issuer and an unauthorized subscriber or pager unit is communicated, and in an alternative way, prevent transfers of funds or credit transactions that exceed a fixed predetermined limit either by an authorized user or a regulator such as a bank, a credit card issuer or similar.

BRIEF DESCRIPTION OF THE DRAWINGS FIGURE 1 is an electrical block diagram of the data transmission system for use in accordance with the preferred embodiment of the present invention.

FIGURE 2 is an electrical block diagram of a terminal for processing and transmitting message information in accordance with the preferred embodiment of the present invention. FIGURES 3-5 are timing diagrams illustrating the transmission format of the signal transmission protocol used in accordance with the preferred embodiment of the present invention. FIGURES 6 and 7 are timing diagrams illustrating the synchronization signals used in accordance with the preferred embodiment of the present invention. FIGURE 8 is an electrical block diagram of a financial message transmission unit according to the preferred embodiment of the present invention. FIGURE 9 is a diagram of a secure message transmission system in accordance with the present invention. FIGURE 10 is a high-level block diagram of a financial message transmission unit according to the preferred embodiment of the present invention. FIGURE 11 is a block diagram of message composition and encryption equipment that could be used in the premises of a financial institution to send authorizations for the transfer of secure electronic funds to financial message transmission units via a paging channel . FIGURE 12 is a functional diagram of a wireless selective signal transmission system controller that implements a secure, 1-way, 2-way message transmission system capable of transmitting signals to message transmission units financial FIGURE 13 describes the different layers of a message transmission system in a format that is similar to the stack diagram of the International Standards Organization (OSI) that is well known in the electronics industry. FIGURE 14 is a flow chart describing the typical operation of a financial message transmission unit according to the preferred embodiment of the present invention. FIGURE 15 illustrates a typical sequence associated with the request and authorization of the electronic transfer of funds or debit of funds by and from a wireless unit for transmitting financial messages.

FIGURE 16 illustrates a typical sequence associated with the wireless transfer of funds or debit funds by and from a wireless unit transmitting financial messages in a secure 1-way and 2-way communication system.

DESCRIPTION OF A PREFERRED EMBODIMENT Referring to FIGURE 1, an electrical block diagram illustrates a data transmission system 100, such as a paging system, for use in accordance with the preferred embodiment of the present invention. In the data transmission system 100, messages that originate either in a telephone, such as in a system providing numeric data transmission, or from a message entry device, such as an alphanumeric data terminal, are routed through the public switched telephone network (PSTN) to a paging terminal 102 which processes the information of numeric or alphanumeric messages to transmit it by means of one or more transmitters 104 provided within the system. When multiple transmitters are used, the transmitters 104 preferably transmit the message information simultaneously to the financial message transmission units 106. The processing of the numeric and alphanumeric information by the paging terminal 102, and the protocol used for the transmission of the messages. messages is described later. Referring to FIGURE 2, an electrical block diagram illustrates the paging terminal 102 used to process and control the transmission of the message information according to the preferred embodiment of the present invention. The short messages, such as tone-only and numeric messages which can be easily entered using a Touch-Tone ™ telephone are coupled to the paging terminal 102 through a telephone interface 202 in a manner well known in the art. Larger messages, such as alphanumeric messages which require the use of a data entry device, are coupled to the paging terminal 102 through a modem 206 using any of a number of well-known modem transmission protocols. When a call is received to place a message, a controller 204 handles the processing of the message. The controller 204 is preferably a microcomputer, such as an MC680xO or equivalent, which is manufactured by Motorola Inc., and which executes several preprogrammed routines to control terminal operations such as voice prompts to direct the calling party to introduce the message, or hello protocol to allow the reception of messages from a data entry device. When a call is received, the controller 204 is referred to the information stored in the subscriber database 208 to determine how the message being received is going to be processed. The subscriber database 208 includes, but is not limited to, information such as addresses assigned to the financial message transmission unit, the type of message associated with the address, and information related to the status of the message transmission unit. financial, as active or inactive due to failure to pay the invoice. A data entry terminal 240 is provided which is coupled to the controller 204, and which is used for purposes such as input, update and deletion of information stored in the subscriber database 208, to verify the operation of the system, and to obtain information such as billing information. The subscriber database 208 also includes information such as to which transmission frame and to which transmission phase the financial message transmission unit was assigned, as will be described in more detail below. The received message is stored in an active page file 210 which stores the messages in waiting rows according to the transmission phase assigned to the financial message transmission unit. In the preferred embodiment of the present invention, four phase wait rows are provided in the active page file 210. The active page file 210 is preferably a dual gate, first-in, first-out random access memory, although it will be appreciated that other random access memory devices such as hard disk drives may also be used. Periodically, the message information stored in each of the phase wait rows is retrieved from the active page file 210 under the control of the controller 204 using timing information such as that provided by a real-time clock 214, or other source of adequate timing. The message information retrieved from each phase queue is stored by the frame number and is then organized by address, message information, and any other information required for transmission (all of which is known as information related to the message). ), and then organized into batches in frames based on the size of the message by the frame batching scheduler controller 212. The information of frames organized in batches for each phase wait queue is coupled to the message buffers of box 216 which temporarily store the organized table information in batches until a time for further processing and transmission. The tables are organized in batches in numerical sequence, so that while a current frame is being transmitted, the next frame to be transmitted is in the frame message buffer 216, and the following frame is being retrieved and organized in batches. At the appropriate time, the batch organized frame information stored in the frame message buffer 216 is transferred to the frame encoder 218, again maintaining the ratio of the phase wait row. The frame encoder 218 encodes the address and message information in address code words and message required for transmission, as will be described later. The coded message and address code words are organized in blocks and then coupled to a block interleaver 220 which preferably intersperses eight code words at a time to form interleaved information blocks for transmission in a manner well known in the art. . The interleaved code words contained in the interleaved information blocks produced by each block interleaver 220 are then serially transferred to a phase multiplexer 221, which multiplexes the message information on a bit-by-bit basis in a data stream. in series by transmission phase. The controller 204 then activates a frame synchronization generator 222 which generates the synchronization code that is transmitted at the start of each frame transmission. The synchronization code is multiplexed with address and message information under the control of the controller 204 by the serial data splicer 224, and generates therefrom a message flow, which is given an appropriate format for transmission. The message flow is then coupled to a transmitter controller 226, which under control of the controller 204 transmits the message flow on a distribution channel 228. The distribution channel 228 can be any of a number of channel types. well-known distribution devices, such as a wireline, an RF distribution channel or microwave, or a satellite distribution link. The flow of the distributed message is transferred to one or more transmitting stations 104, depending on the size of the communication system. The message flow is first transferred to a double-gate buffer 230, which temporarily stores the flow of the message before transmission. At an appropriate time determined by the timing and control circuit 232, the message flow is retrieved from the double gate buffer 230 and coupled to the input of preferably a four-level FSK modulator 234. The flow of the modulated message is then coupled to transmitter 236 for transmission via antenna 238. Referring to FIGS. 3, 4 and 5, the timing diagrams illustrate the transmission format of the signal transmission protocol used in accordance with the preferred embodiment of the present invention. This signal transmission protocol is commonly known as a Motorola ™ FLEXMR selective call signal transmission protocol. As shown in FIGURE 3, the signal transmission protocol allows the transmission of the message to financial message transmission units, such as pagers, assigned to one or more of the 128 frames that are marked as box 0 to frame 127. It will then be appreciated that the actual number of frames provided within the line Signal transmission protocol can be higher or lower than described above. The greater the number of frames used, the longer the life of the battery that can be provided to the financial message transmission units operating within the system. The smaller the number of frames used, the greater the frequency with which messages can be placed in a queue and delivered to the financial message transmission units assigned to any particular frame, thereby reducing the latency, or time required to deliver or release messages. As shown in FIGURE 4, the frames comprise a synchronization code word (sync) preferably followed by eleven blocks of message information (information blocks) which are marked as block 0 through block 10. As shown in FIG. FIGURE 5, each message information block preferably comprises eight address, control or data code words, which are marked as word 0 to word 7 for each phase. Consequently, each phase in a frame allows the transmission of up to eighty-eight words of address, control and data code. The address, control and data code words preferably comprise two sets, a first set related to a field vector comprising a short address vector, a long address vector, a first message word, and a null word, and a second set related to a message field comprising a message word and a null word. The address, control and data or message code words are preferably code words 31, 21 BCH with an even parity bit of thirty seconds added, which provides an extra bit of distance to the sets of code words. It will be appreciated that other code words, such as codewords 23,12 Golay, could also be used. Unlike the well-known POCSAG signal transmission protocol which provides address and data code words which uses the first bit of the code word to define the type of codeword, such as any of the address or data, it does not such a distinction is provided for the address and data code words in the FLEXMR signal transmission protocol used with the preferred embodiment of the present invention. Instead, the address and data code words are defined by their position within the individual frames.

- FIGURES 6 and 7 are timing diagrams illustrating the synchronization code used in accordance with the preferred embodiment of the present invention. In particular, as shown in FIGURE 6, the synchronization code preferably comprises three parts, a first synchronization code (sync 1), a frame information code word (frame info) and a second code word of synchronization (sync 2). As shown in FIGURE 7, the first synchronization codeword comprises first and third portions, marked as synchronization bit 1 and BS1, which are alternating in bit patterns 1.0 which provide the 1-bit synchronization, and second and fourth portions, marks such as "A" and its complement "A bar", which provide the synchronization of the frame. The second and fourth portions are preferably unique 32.21 BCH code words which are predefined to provide a highly reliable codeword mapping, and which are also used to indicate the bit rate of data to which the addresses are transmitted. and messages. Table 1 defines the bit rates of data that are used in sets with the signal transmission protocol.

Table 1 As shown in Table 1, the data bit rates are predefined for the transmission of the address and message, although it will be appreciated that more or less data bit rates may also be predefined, depending on the requirements of the system. The frame information code word is preferably a unique code word 32, 21 BCH which includes within the data portion a predetermined number of reserved bits to identify the frame number, such as 7 encoded bits to define the number from frame 0 to frame number 127. The structure of the second synchronization code is preferably similar to that of the first synchronization code described above. However, unlike the first synchronization code which is preferably transmitted at a fixed data symbol rate, such as 1600 bps (bits per second), the second synchronization code is transmitted at the data symbol rate to the which address and message are transmitted in any given frame. Accordingly, the second synchronization code allows the financial message transmission unit to obtain a "fine" bit and frame synchronization at the bit rate of frame transmission data. In summary the signal transmission protocol used. with the preferred embodiment of the present invention comprises 128 frames which include a predetermined synchronization code followed by eleven blocks of information which comprise eight words of address, control or message by phase code. The synchronization code allows the identification of the data transmission rate, and ensures the synchronization by the financial message transmission unit with the data code words transmitted at the different transmission speeds. FIGURE 8 is an electrical block diagram of the financial message transmission unit 106 in accordance with the preferred embodiment of the present invention. The heart of the financial message transmission unit 106 is a controller 816, which is preferably implemented using a low power MC68HC0x microcomputer, such as that manufactured by Motorola, Inc., or the like. The controller of the microcomputer, hereinafter referred to as the controller 816, receives and processes inputs from a number of peripheral circuits, as shown in FIGURE 8, and controls the operation and interaction of the peripheral circuits using program subroutines and control systems. programming. The smoothness of a microcomputer controller for processing and controlling functions (eg, as a function controller) is well known to those skilled in the art. The financial message transmission unit 106 is capable of receiving address, control and message information, hereinafter referred to as "data", which are modulated using preferably 2-level and 4-level frequency modulation techniques. The transmitted data is intercepted by an antenna 802 which couples them to the input of a receiving section 804. The receiving section 804 processes the received data in a manner well known in the art by providing an analog data signal recovered at the output. levels, here later called data signal recovered. The recovered data signal is coupled to an input of a threshold level extraction circuit 808, and to an input of a 4 level decoder 810. The operation of the threshold level extraction circuit 808, 4 level decoder 810, symbol synchronizer 812, binary 4-level converter 814, synchronization codeword correlator 818, and phase-timer generator (data recovery timer circuit) 826 described in the financial message transmission unit of FIGURE 8 it is better understood with reference to U.S. Patent No. 5,282,205 entitled "Data Communication Terminal Which Provides Variable Length Message Transport and Method For Same", issued to Kuznicki et al., assigned to Motorola, Inc., the teachings of which are incorporated herein by reference. Referring again to FIGURE 8, the extraction circuit of the threshold level 808 comprises two synchronized level detector circuits (not shown) which have as input the recovered data signal. Preferably, signal states of 17%, 50% and 83% are used to allow decoding of the 4-level data signals presented to the extraction circuit of the threshold level 808. When energy is initially applied to the portion receiver, as when the financial message transmission unit is turned on for the first time, a clock speed selector is preset through a control input (center sample) to select a 128X clock, ie a clock that has a frequency equivalent to 128 times the lowest data bit rate, which as described above is 1600 bps. The 128X clock is generated by the 128 j 844 relay generator, as shown in FIGURE 8, which is preferably an oscillator controlled by a crystal operating at 204.8 KHz (kilohertz). The clock generator output of 128X 844 is coupled to an input of the frequency divider 846 which divides the output frequency by two to generate a clock from 64X to 102.4 KHz. The 128X clock allows level detectors to detect asynchronously in a very short period of time the amplitude values of the peak and valley signal, and therefore generate the values of the low (Lo), average ( Avg) and high (Hi) required for decoding by modulation. After it reaches synchronization of the symbol with the synchronization signal, as will be described below, the controller 816 generates a second control signal (central sample) to allow selection of an IX symbol clock which is generated by the symbol synchronizer 812 as shown in FIGURE 8. The level decoder 810 preferably operates using the three voltage comparators and a symbol decoder. The recovered data signal is coupled to an input of the three comparators that have thresholds corresponding to the normalized signal states of 17%, 50% and 83%. The resulting system effectively recovers the demodulated 2 or 4 level FSK information signal by coupling the recovered data signal to the second input of a comparator of 83%, the second input of a 50% comparator, and the second input of a comparator of 17%. The outputs of the three comparators corresponding to the values of the low (Lo), average (Avg) and high (Hi) threshold output signal are coupled to the inputs of a symbol decoder. The symbol decoder then decodes the inputs according to Table 2.

Table 2 As shown in Table 2, when the recovered data signal (RC? N) is less than the three threshold values, the generated symbol is 00 (MSB = 0, LSB = 0). Subsequently, since each of the three threshold values were exceeded, a different symbol is generated, as shown in the previous table. The MSB output of the 4-level decoder 810 is coupled to an input of the symbol synchronizer 812 and provides a recovered data input generated by detecting the zero crossings in the recovered 4-level data signal. The positive level of the recovered data entry represents the two excursions of positive deflection of the retrieved analog data signal of 4 levels above the average threshold output signal, and the negative level represents the two excursions of negative deflection of the Analog data signal recovered 4 levels below the average threshold output signal. The symbol synchronizer 812 uses a clock of 64X to 102.4 KHz which is generated by the frequency divider 846, which is coupled to an input of a 32x speed selector (not shown). The 32X speed selector is preferably a splitter which provides selective division by 1 or 2 to generate a sample clock which is 32 times the speed of symbol transmission. A control signal (1600/3200) is coupled to a second input of the 32X speed selector, and is used to select the sample clock speed for symbol transmission rates of 1600 and 3200 symbols per second. The selected sample clock is coupled to an input of a 32X data sampler (not shown) which samples the recovered data signal (MSB) to thirty-two samples per symbol. The symbol samples are coupled to an input of a data edge detector (not shown) which generates an output pulse when the edge of the symbol is detected. The sample clock is also coupled to an input of a circuit divided by 16/32 (not shown) which is used to generate clocks of IX and 2X symbols synchronized to the recovered data signal. The circuit divided by 16/32 is preferably an ascending / descending counter. When the detector of the edge of the data detects the edge of a symbol, a pulse is generated which is disconnected cyclically by an AND gate with the current count of the circuit divided by 16/32. Concurrently, an impulse is generated by the data edge detector, which also couples to an input of the circuit divided by 16/32. When the impulse coupled to the input of the AND gate above before the generation of a count of 32 by the circuit divided by 16/32, the output generated by the AND gate causes the count of the circuit divided by 16/32 to advance a counting in response to the pulse that is coupled to the input of the deviation circuit by 16/32 of the data edge detector, and when the pulse is coupled to the input of the AND gate above after the generation of a count of 32 by the circuit divided by 16/32, the output generated by the AND gate causes the count of the circuit divided by 16/32 to be delayed by a count in response to the pulse that is coupled to the input of the circuit divided by 16/32 of the detector of the edge of the data, thus allowing synchronization of IX and 2X symbol clocks with the recovered data signal. The generated symbol clock rates are better understood from Table 3 below.

Table 3 As shown in the table above, the IX and 2X symbol clocks are generated at 1600, 3200 and 6400 bits per second and are synchronized with the recovered data signal. The 4-level binary converter 814 couples the symbol clock IX to a first clock input of a clock of a clock speed selector (not shown). A 2x symbol clock is coupled to a second clock input of a clock speed selector. Signal exit signs (MS, LSB) are coupled to inputs of an input data selector (not shown). A signal from the selector (2L / 4L) is coupled to an input of the clock speed selector and input of the input data selector selector, and provides control of the conversion of the symbol output signals as FSK data. 2 levels, or FSK data of 4 levels. When 2-level FSK data conversion (2L) is selected, only the MSB output is selected which is coupled to the input of a parallel to serial converter (not shown). The clock input of IX is selected by the clock speed selector, which results in a single binary bit stream being generated at the output of the parallel to serial converter. When 4-level FSK data conversion (4L) is selected, both LSB and MSB outputs are selected which are coupled to the inputs of the parallel to serial input converter. The 2X clock input is selected by the clock speed selector, which results in a 2-bit binary data stream being generated in series at the symbol rate of 2X, which is provided at the output of the converter in parallel to in series. Referring again to Figure 8, the serial binary data stream generated by the 4-level to serial converter 814 is coupled to the inputs of a synchronization codeword correlator 818 and a demultiplexer 820. The synchronization patterns of "A" code word predetermined are retrieved by controller 816 of a code memory 822 and coupled to a codeword correlator "A" (not shown). When the synchronization pattern receives one of the predetermined "A" codeword synchronization patterns within an acceptable margin of error, an "A" or "A-bar" output is generated and coupled to the 816 controller. "A" codeword synchronization pattern or "A-bar" particular correlated provides frame synchronization at the start of the frame ID codeword and also defines the data bit rate of the message to be followed, as described previously . The binary data stream in series is also coupled to an input of the frame code word decoder (not shown) which decodes the frame code word and provides an indication of the frame number that is currently being received by the controller 816. During synchronization acquisition, such as after the initial receiver is turned on, power is supplied to the receiver portion by the circuit around battery 848, shown in Figure 8, which allows reception of the word "A" synchronization code. , as described above, and which continues to be supplied to allow processing of the rest of the synchronization code. The controller 816 compares the frame number that is currently being received with a list of assigned frame numbers stored in the code memory 822. If the frame number received currently should differ from one of the allocated frame numbers, the controller 816 it generates a battery saving signal which is coupled to a battery saver circuit input 848, suspending the power supply to the receiving portion. The power supply will be suspended until the next frame is assigned to the receiver, at which time a battery-saving signal is generated by the controller 816 which is coupled to the battery-saver circuit 848 to allow the power supply to the portion receiver to allow reception of the assigned frame. A predetermined "C" codeword synchronization pattern is retrieved by the controller 816 of a code memory 822 and coupled to a codeword correlator "C" (not shown). When the received synchronization pattern is equal to the default codeword synchronization pattern "C" with an acceptable margin of error, an output "C" or "C-bar" is generated and coupled to the controller 816. The particular synchronized "C" or "C-bar" codeword provides a "fine" frame synchronization at the start of the portion of box data. The start of the actual data portion is established by controller 816 which generates a block initiation signal [block initiation] which is coupled to the inputs of a codeword deinterleaver 824 and a recovery timing circuit. data 826. A control signal (2L / 4L) is coupled to an input of the clock speed selector (not shown) which selects IX or 2X symbol clock inputs. The selected symbol clock is coupled to the input of a phase generator (not shown) which is preferably a synchronized voided counter which is synchronized to generate 4 phase output signals (01-04). A block start signal is also coupled to an input of the phase generator, and is used to keep the ring counter at a predetermined phase until the actual decoding of the message information begins. When the start signal of the block releases the phase generator, the generation of synchronized phases begins which are synchronized with the incoming message symbols. The outputs of the synchronized phase signal are then coupled to the inputs of a phase selector 828. During operation, the controller 816 retrieves from the code memory 822, the transmission phase number to which the transmission unit was assigned. of financial messages. The phase number is transferred to the phase selection output (selection of 0) of the controller 816 and is coupled to an input of the phase selector 828. A phase clock, corresponding to the assigned transmission phase, is provided in the output of the phase selector 828 and is coupled to the clock inputs of the demultiplexer 820, the block deinterleaver 824, and the address and data decoders 830 and 832, respectively. The demultiplexer 820 is used to select binary bits associated with the assigned transmission phase, which are then coupled to the input of the deinterleaver of blocks 824 and synchronized in the deinterleaver array on each corresponding phase clock. In a first mode, the deinterleaver uses an 8 x 32 bit array which deinterleaves 8 words of 32-bit interleaved address, control or message code, corresponding to a block of transmitted information. The deinterleaved address code words are coupled to the address correlator input 830. The controller 816 retrieves the address patterns assigned to the financial message transmission unit, and couples the patterns to the second address correlator input. When any of the deinterleaved address code words is equal to any of the address patterns assigned to the financial message transmission unit within an acceptable margin of error (e.g., the number of correlatable bit errors according to the structure of the selected code word), the message information and the corresponding information associated with the address (for example, the information represents the transmission message of selective call signals transmitted and transmitted, which was previously defined as information related to the message) is then decoded by the data decoder 832 and stored in a message store 850. After detection of an address associated with the financial message transmission unit, the message information is coupled to the decoder input of the message. data 832 which decodes the encoded message information to preferably in a BCD or ASCII format suitable for storage and subsequent presentation. Alternatively, the signal processor based on programs and programming systems can be replaced with an equivalent signal processor of the physical computing components that retrieves the address patterns assigned to the financial message transmission unit, and the information related to the message . After, or before the detection of an address associated with the financial message transmission unit, the message information and the corresponding information associated with the address can be stored directly in the message memory 850. The operation in this way allows the subsequent decoding of the actual message information, for example, encoded message information that is decoded in a BCD, ASCII, or multi-media format suitable for later presentation. However, when carrying out direct storage, the memory must be structured in such a way as to allow the high-speed, efficient placement of the message information and the corresponding information associated with the address. Additionally, to facilitate the direct storage of the message information and the corresponding information associated with the address in 3 the message memory 850, a codeword identifier 852 examines the received codeword to assign a type identifier to the codeword in response to the codeword belonging to one of a set comprising a vector field and a set comprising a message field. After determining the type identifier, a memory controller 854 operates to store the type identifier in a second region of the memory within the memory corresponding to the code memory. The structure and operation of the prior memory of the deinterleaved information memory storage device comprising the message memory 850, the code word identifier 852, and the memory controller 854, are discussed more fully in the incorporated patents later. After storage of the information related to the message, a sensitive alert signal is generated by the controller 816. The sensitive alert signal is preferably an audible alert signal, although it will be appreciated that other sensitive alert signals may be generated, such as tactile warning signs, and visual warning signs, too. The audible alert signal is coupled by the controller 816 to an alert actuator 834 which is used to drive an audible alert device, such as a horn or a transducer 836. The user can ignore the generation of the alert through the use of user input controls 838 in a manner well known in the art. The stored message information can be retrieved by the user using the user input controls 838 after which the controller 816 retrieves the message information from the memory, and provides the message information to a display driver 840 for presentation on a visual representation device 842, such as a LCD visualization device. In addition to the above description, the systems discussed above with reference to FIGURES 1, 2, 7 and 8, and the protocol discussed above with reference to FIGURES 3, 4 and 5 may be more fully understood in view of the following US Patents: No. 5,168,493 entitled "Selective Multiplexed Call System by Division of Time "granted to Nelson et al., No. 5,371,737 entitled "Selective Call Receiver to Receive a Signal 'Multiplexed Multiple Phase' granted to Nelson et al, No. 5,128,665 entitled "Selective Call Signal Transmission System" by DeLuca et al., And No. 5,325,088 entitled "Synchronized Selective Signal Transmission System" by Willard et al., All of which were granted to Motorola, Inc. , and the teachings of which are incorporated here as a reference. Referring to FIGURE 9, a diagram shows a secure message transmission system 900 according to the present invention. The paging terminal 102 or controller of the wireless selective call signaling transmission system receives information comprising a selective call message request that includes a destination identifier and a secure financial transaction message. The information is typically coupled to paging termination 102 via a Public Switched Telephone Network (PSTN) 912 which serves to carry information from a regulator 914 such as a bank, credit card issuer or the like. The PSTN 912 may be coupled to the paging terminal 102 and the controller 914 using conventional telephone lines 910 or possibly a high-speed digital network, depending on the information bandwidth required to communicate financial transactions between the controller 914 and a plurality of financial message transmission units 906. Once coupled to the paging terminal 102, to the The information is formatted as one or more "selective call messages and 922 are transferred to at least one radio frequency transmitter 904 to be broadcast to at least one financial message transmission unit 906 located in any of a number of radio zones. communication 902. The financial message transmission unit 906 may include an interface that couples unencrypted or encrypted information such as the secure financial transaction message to a conventional Smart Card 920 to effect a financial transaction., the secure financial transaction message may be decoded and stored by the financial message transmission unit 906 when the financial message transmission unit 906 includes capabilities, for example, of charging and recharging service and / or credit, such as it is located on a Smart Card 920. Two-way capability is provided by the 906 financial message transmission unit using a wire or wireless return path. By way of example, the secure financial transaction message is received by the financial message transmission unit 906 which decodes and decrypts the content of the secure financial transaction message which can represent a signal of cash value, credit, or amount of a debit This content of the message is then stored by the financial message transmission unit 906 which depends on the confirmation of receipt and a delivery or release of funds or subsequent credit authorization by the regulator. If the value of the financial transaction is high, the regulator will typically require recognition of the 906 financial message transmission unit before funds based on the received signal are activated, or before a credit or debit transaction is allowed. However, if the value of the financial transaction is low, the regulator may not require recognition of the financial message transmission unit 906 before the funds based on the received signal are activated or before a transaction is allowed. credit or debit. In the case of a low value transaction, it may only be required that the 906 financial message transmission unit reconcile its funds or credit capacity once a day or week. The secure message transmission system illustrated in FIGURE 9 allows for the return or wireless origin of secure financial transaction messages using a return or incoming channel received by distributed receiving sites 908. These sites are typically denser than broadcast sites. output 904 since the transmitter power and antenna characteristics of the financial message transmission unit 906 are significantly lower than those of a dedicated radio frequency base station and an extended area transmitter site 904. In this way , the size and weight of the 906 financial message transmission unit are kept to a minimum, producing a more ergonomic portable device with the added value function of not requiring physical connection to perform financial transactions such as bank withdrawals and deposits, payments of credit cards or purchases. Alternatively, the secure message transmission system is adapted to accommodate lower energy 906 financial message transmission unit devices that may include additional means to implement the return or origin of secure financial transaction messages using a channel back or entry accessed at a 910 sales point or a 914 bank. In those cases, the lower energy or 906 power message transmission unit could include an infrared or laser optical door, electric capacitive door or near magnetic inductive of lower power or energy, or possibly an acoustic or ultrasonic audio band transducer gate, all of which could couple signals between the lower power or energy 906 financial message transmission unit and a device such as a point of the sales terminal, automated answering machine, or similar. Various cryptographic methods are suitable for use with the present invention. The following definitions are useful for understanding the terminology associated with cryptography applied to wired or wireless communications. Certificate - Certificates are digital documents that attest to the annexation of a public key to an individual or another entity. Certificates are issued by a Certifying Authority (CA), which can be any reliable central administration that in good faith attests to the identities of those to whom it issues certificates. A certificate is created when a CA grants a public key to the user plus other identification information, attaching the user to its public key. Users present their certificate to other users to demonstrate the validity of their public keys.

Confidentiality The result of keeping secret information for everyone except those who are authorized to see it. Confidentiality is also known as privacy. Cryptographic Protocol - A distributed algorithm defined by a sequence of steps that precisely specify the required actions of two or more entities to achieve a specific security objective. Data Integrity - The assurance that the information has not been altered by unauthorized or unknown means. Desencripción - The process of transforming encrypted information (encrypted text) into plain text. DES (Data Encryption Standard) - A symmetric encryption encryption defined and endorsed by the United States government as an official standard. It is the most widely used or most widely known cryptosystem in the world. Diffie-Hellman - The Diffie-Hellman key agreement protocol that provided the first practical solution to the key distribution problem allowing parties to securely establish a shared secret key over an open channel. Security is based on the discrete log problem.

Firm. Digital - An ordered sequence of data which associates a message (in digital form) with the originating entity. These primitive cryptographic form is used to provide authentication, data integrity and absence of repudiation. Problem, of discrete log - The requirement to find the exponent x in the formula y = gx mod p. It is believed that the problem of discrete log is difficult and the rigid direction of a one-way function. Elliptic Curve Cryptosystem (ECC) - A public key cryptosystem based on the discrete logarithm problem on elliptic curves. The ECC provides the highest bit strength of any public key system, which allows the use of much smaller public keys compared to other systems. Encryption - The process of transforming plain text into encrypted text for confidentiality or privacy. Entity Authentication - The corroboration of the identity of an entity (for example, a person, unit of transmission of financial messages, computer terminal, Smart Card 920, etc.). Factoring - The act of dividing an integer into a set of smaller integers, which when multiplied together, form the original integer. The RSA is based on the factorization of large prime numbers. Security and Information Functions - The encryption processes and digital signatures that provide information security services. Also known as security primitives. Information and Security Services - The purpose of using information security functions. The services include privacy or confidentiality, authentication, data integrity and absence of repudiation. Key - A value in the form of a sequence of data used by information security functions to perform cryptographic calculations. Key Assignment - A technique of establishing a key in which a secret shared by two or more parties is derived as a function or information contributed by or associated with, each of these so that no party can predetermine the resulting value. Key Establishment - Any process by which a shared secret key becomes available to two or more parties, for later cryptographic use. Management or Administration of the Key - The set of processes and mechanisms that support the establishment of the key and maintenance of key relationships in progress between the parties. Key Pair - The public key and the private key of a user or entity in a public key cryptosystem. The keys in a key pair are mathematically related by a function of a rigorous sense. Key Transport - A technique of establishing a key where a party creates or otherwise obtains a secret value and transfers it securely to another party or parties. Message Authentication - Corroboration of the information source; also known as original data authentication. Message Authentication Code (MAC) - A solid function which involves a secret key, and provides original data authentication and data integration. The MAC is also known as a transaction authentication code, where a message can contain at least one transaction. Absence of Repudiation - The prevention of the denial of prior commitments or actions. The absence of repudiation is achieved using digital signatures. Private Key - In a public key system, it is that key in a key pair that is kept by the individual entity and never revealed. This is preferably included in the private key on a platform of physical computing components as a measure to keep hidden from unauthorized parties. Public Key - In a public key system, it is that key in a key pair that is made public. Public Key Cryptography - A cryptographic system that uses different keys for encryption (e) and decryption (d), where (e) and (d) are mathematically linked. It is computationally impossible to determine (d) of (e). Therefore, this system allows the distribution of the public key while maintaining the secret of the private key. The cryptography of the public key is the most important advance in the field of cryptography in the last 2000 years. RSA - A widely used public key cryptosystem, named after its inventors R. Rivest, A. Shamir, T and L. Adleman. The security of the RSA is based on the intractability of the whole factorization problem. Symmetric Key Encryption - A cryptosystem in which for each pair of associated encryption / decryption keys, (e, d), it is computationally easy to determine d knowing only e, and determine e of d. In most of the symmetric key encryption schemes e = d. Although symmetric systems are efficient for collective data encryption, they have significant key management problems. Consequently, key symmetric and public key systems are often combined in one system to take advantage of each other's benefits. __.__ c_ripc._on Asymmetric Key - A cryptosystem in which for each part key pairs of encryption / decryption are maintained with variable force, for example, a shorter key can be used in situations that require less security, while uses a longer key in situations that require greater security. As with symmetric key encryption systems, asymmetric systems have significant key handling problems. Verification - The process of confirming that a digital signature, and therefore an entity or message, is authentic. The following examples illustrate systems that can be used to implement a secure message transmission system in accordance with the present invention.

Using the ECC algorithms, a secure signature is generated with signals or parasitic information that are generated based on the following information: P is a point of generation on the curve and has an order n. H is a secure partialized algorithm such as SHA-1. M is an ordered sequence of bits to be signed by an entity A. A has a private key a and a public key Ya = aP. To generate the signature, entity A does the following: 1. Calculates e = H (M) (e is an integer) 2. Generates a random integer k 3. Calculates R = kP = (x, y) 4. Converts xa a whole. 5. Calculate r = x + e mod n. 6. Calculate s = k-ar mod n. 7. The signature is (r, s) Since R = kp is calculated independently of the message M it could be precalculated before signing M, which occurs in steps (5) and (6). In this procedure, the time for arbitrary selection of the elements and generating a random number is taken as negligible in comparison with other operations performed. Finally, the precalculus of certain functions can be performed to accelerate the calculation of kP in step (3). Any entity B can verify the signature of A (r, s) on M by performing the following steps: 1. Obtain the public key of A Ya = aP. 2. Calculate u = sP 3. Calculate V = rYa 4. Calculate u + V = (x ', y') 5. Convert x 'to an integer. 6. Calculate e '= r - x' mod n. 7. Calculate e = H (M) and verify that e '= e. The following examples illustrate the encryption using an elliptic curve encryption scheme. It is assumed that entity A has a private key a and a public key Ya = aP where P is a generation point. Entity B encrypts the ordered sequence of M bits to entity A using the following procedure: 1. B obtains the public key of A Ya 2. B generates a random integer k. 3. B calculate R = kP. 4. B calculates S = kYa = (x, y) 5. B calculates c? = m ± • fx (x) 6. B sends (R, cs ... cn) for A Where f0 (x) = SHA-1 (x ||?) and fi (x) = SHA-1 (fi_? (x) IW i > Alternatively, if RSA cryptography is used, the following definitions are relevant: n is the module. d is the private key and the public exponent for the entity A. M is an ordered sequence of bits to be signed. An RSA signature is generated by Entity A as follows: 1.. Calculate m = H (M), an integer less than n. 2. Calculate s = md mod n. 3. The signature is s. The RSA signature as described above creates digital signatures with appendix. In contrast to the ECC signature discussed above, pre-calculation is not possible when using RSA. Note that the signature requires one. exponentiation by the private exponent d. Entity B can verify the signature of A, S or M using the following procedure: 1. Obtain the public exponent of A, e and module n. 2, Calculate m * = mod n. 3. Calculate m = H (M). 4, Verify that m * = m. In the verification by the RSA, an exponentiation by the public exponent e is required. e is preferably selected to be 64 random bits. Similarly, for RSA encryption, an exponentiation with a public exponent is required and the public exponent should be at least 64 bits in length for minimum security. In view of the above discussion, the rest of the secure message transmission system is described with reference to FIGS. 10-16. Referring to FIGURE 10, the illustration shows a high level block diagram of a financial message transmission unit 906 according to the preferred embodiment of the present invention. One possible mode of a financial message transmission unit 906 is a combination of a conventional paging device and a Smart Card 920 as shown in FIGURE 10. Here, a standard Smart Card connector and mechanical slot is incorporated into the housing of the paging device, so that the Smart Card 920 can be inserted into the housing in such a way as to establish an electrical contact between the card and the electronic devices of the pager. Alternatively, the electronic devices required to implement a Smart Card 920 are moved or integrated into the paging device so that the pager functions as a true wireless Smart Card or wireless ATM. Operationally, the incoming signal is captured by the antenna 802 coupled to the receiver 804 which detects and demodulates the signal, recovering any information as discussed above with reference to FIGURE 8. Alternatively, the financial message transmission unit 906 contains a low power or energy return channel transmitter 1034, the power or power switch 1032, and the transmission antenna 1030 for responding to a query of an output channel or generating an input channel request. Instead of the portable transmitter 1034 (eg, a low power radio frequency device) and its associated components, the alternative transmission block 1036 may contain uni or bidirectional communication transducers. Examples of such transducers are optical devices such as lasers or light emitting diodes (LEDs), capacitive structures of electric field or inductive magnetic field of extremely low power (e.g., coils, transmission lines), or possibly acoustic transducers in the audio or ultrasonic interval. An input / output switch (1/0) 1002 serves to direct incoming or outgoing radio frequency energy (FR) between the FR receiver 804, the FR transmitter 1030 and a selective call decoder 1004. The decoder selective calling 1004 comprises a main processing unit 1006, and its associated random access memory (RAM) 1008, read-only memory (RAM) 1010, and universal input / output module (I /) 1012. The main function of the decoder selective calling 1004 is detecting and decoding information contained in the transmission of signals intended to be received by the financial signal transmission unit 906. Alternatively, in a 2-way implementation that includes the transmitter block of the return channel optional 1036, the selective call decoder 1004 may also function as an encoder to generate and deliver requests or messages to the 914 controller, a user or other ro online system (not shown). Additionally, the financial message transmission unit 906 comprises a decoding module or secure Intelligent Card function 1014 that serves as a second financial transaction processor. This module comprises the control logic 1016, a message entry device 1018, a security code processor 1020, a secure RAM 1022, a secure programmable read-only memory (PROM) 1024, and an input / output module ( 1/0) of Intelligent Card 1026. Certain financial groups have proposed standards to effect the security of end-to-end transactions in the terrestrial cable environment. The proposed standards for securing electronic financial transactions are based on a peer-to-peer system in which the sending party (for example, a regulator or issuer such as a bank, or VISA1 *) generates a secure transaction that understands a value of a quantity and an authentication code. The secure transaction is communicated to the requesting party via a device such as an automatic answering machine (ATM). To establish and complete a transaction, the requesting party inserts a Smart Card 920 into the ATM, enters an identification code, and requests a value to be placed on the Smart Card 920. The transaction processing system authenticates the Smart Card 920 , the financial status of the requesting party (for example, account balance, credit availability, etc.) and complete or deny the transaction. In consecuense, in view of the above requirements, the control logic 1016 operates to govern the operation of the components associated with the function module of the Intelligent Card 1014 to implement and maintain end-to-end security in a secure financial transaction message. The control logic 1016 ensures that any content associated with the secure financial transaction message is maintained in its encrypted state from a controller 914 until it is actually decrypted by the Intelligent Card function module 1014 or an associated Smart Card 920. both, the sensitive information such as a private encryption key, cash load values, credit or bank account numbers, or the like, is stored in the secure PROM 1024. Similarly, the secure ROM 1022 can store routing routines. processing that decrypts and encrypts information exchanged between the function module of the Intelligent Card 1014 and a regulator 914, merchant 916 or other Intelligent Card 920. The message entry device 1018 allows a user to initiate a request for cash charging, transaction in cash, transaction by credit card, or similar. Typically, a user may enter a request using a keyboard, a voice-activated recognition device, a touch-sensitive device (e.g., display or adapter) or other convenient data entry device. In the present invention, a user may request that information based on the requested transaction be communicated with the financial message transmission unit 906, stored in the financial message transmission unit 906 for the final transfer to the Smart Card 920, or be passed directly to the Smart Card 920. In this way, the financial message transmission unit 906 acts as a portable answering machine (ATM) that allows a user to make financial transactions without actually visiting a physical ATM. In the case where the financial message transmission unit 906 acts as a portable ATM with a source capability, the function module of the Intelligent Card 1014 operates as a second secure message generator coupled to the financial message transmission unit for create a financial transaction request Once created, a portable transmitter 1034 coupled to the secure message generator operates to transmit the financial transaction request to a selective call message processor 1104. A receiver 1204 coupled to the selective call message processor 1104 operates to receive and connect the financial transaction request to the selective call message processor 1104. In this way, the financial message transmission unit 906 can carry out financial transactions without requiring a physical connection to a landline or PSTN wireline network. With respect to the implementation of a return channel financial message transmission unit activated by radio frequency 906 as discussed herein, the invention preferably operates using Motorola's ReFlex ™ wireless two-way paging system infrastructure and protocol. which are described in detail in the following documents: US Patent Application No. 08 / 131,243, filed on October 4, 1993 by Simpson et al. and entitled "Method and Apparatus for Identifying a Transmitter in a Radio Communication System"; U.S. Patent Application No. 08 / 398,274, filed on March 3, 1995 by Ayrest et al. and entitled "Method and Apparatus for Optimizing the Synchronization of the Recipient in a Radio Communication System"; U.S. Patent No. 5,521,926 issued May 28, 1996 to Ayerst et al. and entitled "Method and Apparatus for Improved Message Action in a Fixed System Receiver"; U.S. Patent Application No. 08 / 498,212, filed July 5, 1995 by Ayrest et al. and entitled "One Way Channel Protocol to Allow Aloha Transmission of Return Channel"; and U.S. Patent Application. No. 08 / 502,399, filed July 14, 1995 by Wang et al. and entitled "A System and Method for Assigning Frequency Channels in a Two-Way Message Transmission Network", all of which were granted to the beneficiary of the present invention, and all of which are incorporated herein by reference. It should be appreciated that the use of the present invention was contemplated in other 2-way communication systems such as cellular packet data and radio systems. Certain financial groups have proposed standards to effect the security of end-to-end transactions in the land wireline environment. The proposed standards for securing electronic financial transactions are based on a peer-to-peer system in which the sending party (for example, a regulator or issuer such as a bank, or VISAMR) generates a secure transaction comprising the value of a quantity and an authentication code. The secure transaction is communicated to a requesting party via a device such as an Automatic Answering Machine (ATM). To establish a complete transaction, the requesting party inserts a 920 Smart Card into the ATM, enters an identification code, and requests a value to be placed on the Smart Card 920. The transaction processor system authenticates the Smart Card 920, the financial status of the requesting party (for example, account balance, credit availability, etc.) and complete or deny the transaction. In a broader application, the financial message transmission unit 906 can be adapted to communicate, sensitive messages or data, as well as funds transfer information, electronics, which can be transferred securely to the intended receiving device via a dedicated channel. page or similar. Referring to Figure 11, the block diagram illustrates the composition of the message and encryption equipment that could be used in the premises of the financial institution to send authorizations for transfers of electronic funds to financial message transmission units via a paging channel. or similar. Specifically, both direct branch and customer calls are received by a first financial transaction processor 1100 comprising a computer processing transaction 1102, a computer that processes and encrypts message 1104 or a selective call message processor that operates as a first secure message generator, a first secure message decoder, and a selective call message distributor, all being functions of the selective call message processor, a subscriber database 1106, and a code database security 1108. The computer processing the transaction 1102 receives requests for financial transactions and communicates them with the message processor and encryption 1104 to generate and encrypt secure financial transaction messages based on the information contained in the code database security 1108 corresponding to the applicant and type of transaction tion. The encryption and message processing computer 1104 also determines a destination identifier of the information contained in the subscriber database 1106 which allows the selective call message distributor to communicate the destination identifier and its corresponding secure financial transaction message to a selective call transmission service 904. The destination identifier may correspond to a conventional paging address, a cell phone address, or any other address that uniquely identifies a destination associated with a secure financial transaction message. The composition of the message and the encryption equipment shown in Figure 11 would typically be used in the premises of a financial institution to send secure electronic funds transfer authorizations to 906 financial message message message units (e.g. "ATM" wireless) via a conventional paging channel or similar. In the following examples, the transaction information is composed using standard financial computers and data structures, and the message is encrypted using the public and private keys assigned to the target device and the transaction, respectively. The keys assigned to each device, along with its paging address, are stored in the user database associated with the processing computer. After each message is encrypted, it is sent as a normal paging message to the paging system via the public telephone system. The first financial transaction processor 1100 has been discussed more fully with reference to Figure 12, which integrates the first financial transaction processor 1100 with a controller of the selective call signal transmission system, wireless. Referring to Figure 12, the illustration shows a functional diagram of a controller of the wireless selective signal transmission system that implements a one-way, two-way, secure message transmission system, combined to transmit signals to the units of transmission of financial messages. The controller of the wireless selective call signal transmission system 1200 comprises the first financial transaction processor 1100 together with a transmitter 104 and an associated antenna 904, and 2-way RF systems, at least one receiver system 1202 comprising a processor of the received signal and at least one receiving antenna 908. Preferably, several of at least one of the receiving systems 1202 can be distributed over a wide geographical area to receive the emission of low power transmissions by the message transmission units 2-way financial 906. The number of 1202 receiving systems in any given geographical area is selected to ensure adequate coverage of all incoming transmissions. As an expert in the art will appreciate, this number can vary greatly depending on the terrain, buildings, foliage and other environmental factors. The controller of the wireless selective signaling transmission system 1220 represents a closely coupled implementation of the total secure message transmission system. In practice, a regulator (e.g., a bank, credit card issuer, etc.) may not desire the responsibility of maintaining the FR infrastructure, i.e., the transmitter 104 and the associated antenna 904, and at least one receiver system 1202. Accordingly, a conventional wireless message service provider or the like would provide and maintain the RF infrastructure, and the regulator would use that RF infrastructure in a conventional manner to communicate secure financial transaction messages between the regulator and the financial message transmission units 906. As a first alternative to the above operation, the controller of the selective call signal transmission system 1200 can operate to encrypt, encode, and transmit secure financial transaction messages received from a controller, where the first financial transaction processor 1100 has generated and encrypted the mens A secure financial transaction, and the controller of the selective call signal transmission system 1200 also encrypts the secure financial transaction message, a second time. This increases the security level of an associated secure financial transaction message by encapsulating it using an unrelated second encryption. Subsequently, the financial message transmission unit 906 decodes and decrypts the doubly encrypted message, revealing the secure financial transaction message in its encrypted state, and thereby maintaining the end-to-end security required for a financial transaction. Similarly, the controller of the selective call signal transmission system 1200 receives messages originating from the financial message unit 906 and passes the message of the secure financial transaction in its encrypted state to a regulator for decryption and processing. As a second alternative to the preceding operation, the controller of the selective call signal transmission system 1200 can operate to encode and transmit secure financial transaction messages communicated between the regulator and the financial message transmission unit 906. In this case, the first financial transaction processor 1100 in the regulator has generated and encrypted the secure financial transaction message, and the controller of the selective call signal transmission system 1200 operates to associate a selective call address with the secure financial transaction message on the base of a received destination identifier, then transmits a resulting selective call message for reception by the financial message transmission unit 906. Subsequently, the financial message transmission unit 906 decodes the selective call message, revealing the Message from secure financial transaction in its encrypted state, and thereby maintaining the end-to-end security required for a financial transaction. As with the above operation, the controller of the selective call signal transmission system 1200 further operates to receive messages originating in the financial message transmission unit 906 and passes the secure financial transaction message in its encrypted state to a controller for decryption and processing. Referring to FIGURE 13, the illustration shows the different layers of the message transmission system in a format that is similar to the diagram of the International Organization Standards (OSI) stack that is well known in the electronics industry. With respect to the present invention, the network layer 1302 is a point at which financial transactions are created. These financial transactions are then communicated to a message transmission layer 1304, where appropriate selective call messages are formed to be included in a transport protocol such as the MotorolaMR or POCSAG FLEXMR. The channel signal transmission layer 1306 or the transport layer represents the point where the aforementioned low level transport protocols are implemented. Finally, the FR channel is the physical medium over which the low level transport protocol communicates the selective call messages that contain the financial transactions. Referring to FIGURE 14, the flow chart shows the typical operation of a financial message transmission unit according to the preferred embodiment of the present invention. When activated 1400, the financial message transmission unit 906 (denoted as a pager for clarity of explanation) operates "normally", that is, it waits for list status by searching for its selective call address 1404. If the transmission unit of financial messages detects your address, and in particular detects a security address 1406, for example, a specific selective call address associated with a single unique account, or one of several unique accounts, the financial message transmission unit 906 retrieves the secure financial transaction message to carry out a financial transaction. Once the financial message transmission unit 906 determines that a secure financial transaction message is received, the Smart Card function module 1014 is activated 1408 and the secure financial transaction message can be decoded 1410. The decoding as mentioned herein may represent the recovery of the secure financial transaction message of the native selective calling protocol, for example, a FLEXMR or POCSAG data or information word, or the decoding may include the step of decrypting the secure financial transaction message to retrieve its content representing a cash signal value, a credit value, a debit value, or other information related to a secure financial transaction such as a cryptographic message or cession keys. According to the content of the secure financial transaction message, the control logic 1016 and the processor 1006 operate to execute instructions 1412 pertinent to the financial transaction being executed. Referring to FIGURE 15, the illustration shows a typical sequence associated with requesting and authorizing electronic funds transfer or debit of funds by and from a wireless financial message transmission unit. A financial transfer sequence is initiated in 1500 by a customer call to your bank 1502, which identifies itself 1504 via a PIN number or other account information 1506, and requests a transfer or other financial transaction 1508 to communicate with its wireless financial message transmission unit 906. After verifying the identity of the customer 1510 and the information of the appropriate account 1512, the bank or regulator initiates a sequence of events to effect the electronic transfer of the funds, granting of credit, or Similary. In a first case, a financial transaction is approved when the financial transaction request is authenticated as originated from an authorized party and the financial transaction is permitted by a regulator 1514. Typically, regulators allow financial transactions when a party has sufficient funds as in the case of the request for a cash or debit charge, or when a party has sufficient credit available to complete a transaction. Preferably, after approval, the financial message transmission unit 906 suggests the user wait for transaction 1520 and the system begins to complete the financial transaction 1522. In a second case, the first financial transaction processor denies the conclusion of the transaction. the financial transaction based on the financial transaction request when at least one of the financial transaction requests is not authenticated as originating from an unauthorized party and the financial transaction is not permitted by a 1516 regulator. Typically, regulators deny financial transactions when a party has insufficient funds in the cash or debit request, or when a party has insufficient credit available to complete a transaction. If the regulator denies the financial transaction, the request ends 1518 and the financial message transmission unit 906 returns to normal operation. Referring to Figure 16, the illustration shows a sequence typically associated with the wireless transfer of funds or funds debit by and from the wireless financial message transmission unit in a 1-way, 2-way secure communication system. The conclusion of the financial transaction 1522 begins with the regulator or issuer looking for the destination identifier and the security code (e.g., public or private key) for a user account 1602 associated with at least one financial message transmission unit 906 The secure message transmission system then generates the secure financial transaction message which is communicated to the controller of the wireless selective signaling transmission systemwherein the selective call message processor 1104 executes a control program that receives selective call message requests comprising a destination identifier and the message transmission message secures and encapsulates the secure financial transaction message in a call message selective that includes a selective call address that corresponds to the destination identifier. This selective call message is distributed to a selective call transmission service in response to the destination identifier. The selective call transmission service transmits the selective call message to the financial message transmission unit 906 that receives the selective call message. Optionally, the financial message transmission unit 906 can send a first message suggesting the user insert a Smart Card 920 to transfer funds or the like. The bank would then wait 1606 for an appropriate time period 1608, then send a data transmission comprising information with the account number of the Smart Card 920 to be credited, the amount of the transaction, and coded information to verify that the Card Intelligent 920 to be debited is valid and not false 1620. Obviously, if the Smart Card 920 is integrated with the financial message transmission unit 906, steps 1604, 1606 and 1608 need not be performed. A bank will typically record 1612 success or failure of a transaction after its conclusion at 1614. In a financial message transmission unit 906 having two-way capability 1616, the bank can expect to receive a 1618 acknowledgment comprising a secure financial transaction message returned confirming the execution of the financial transaction. When the financial transaction is completed successfully, an optional message 1624 may be presented to the user in the financial message unit 906 before the financial message transmission unit 906 returns to its unoccupied state 1626. Alternatively, if it is not receives recognition after a predetermined delay period 1620, the bank may restart the previous financial transaction 1622. In a variation of the operation discussed with reference to Figures 14-16, the user may remain in communication during the financial transaction, and the The bank may receive an acknowledgment in non-real time that the transaction successfully concluded using an alternative path, that is, a different path to the FR return channel. This can be achieved by using a 1-way or 2-way paging device in a wired ATM machine, or by having the user remain in a telephone or other communication device during the entire transaction. Additionally, a distinctive audio alert pattern may be generated by the financial message unit 906 to signal that the financial transaction has been completed without error. Additionally, if an address that is associated with a normal message transmission function is detected, the financial message transmission unit 906 will operate as a normal paging device. However, if the detected address is associated with a secure data transmission address, the secure decoder module can be activated, the secure financial message can be decrypted, and the information contained in the message would be processed according to any of the content of the message. message or with the rules associated with the received address. One skilled in the art will appreciate that the above discussion with respect to the claimed invention does not mean that it limits the system to a particular transport protocol, wireless means, cryptographic scheme, or physical communication device. Accordingly, the claimed invention and other variations become possible due to the teachings presented here of course that only a few select ways of a secure message transmission system for communicating financial information can be implemented using the unique principles taught in the present invention. It is the previous spirit that we claim below as our invention: It is noted that in relation to this date, the best method known by the applicant to carry out the aforementioned invention, is the conventional one for the manufacture of the objects to which it refers.

Claims

CLAIMS Having described the invention as above, the content of the following claims is claimed as property:

1. A portable, 2-way financial message transmission unit, characterized in that it comprises: a receiver; a decoder of selective calls coupled to the receiver; a financial transaction processor coupled to the selective call decoder; > a main processor coupled to the financial transaction processor and the selective call decoder; and a transmitter coupled to the main processor.

2. The financial message transmission unit, secure, *. 2-way, portable, according to claim 1, characterized in that the financial transaction processor receives and decrypts a secure financial transaction message coupled to the selective call decoder.

3. The secure, portable 2-way financial message transmission unit according to claim 2, characterized in that a received secure financial transaction message is decoded by the selective call decoder and passed directly to the financial transaction processor to prevent unauthorized access to information contained in the secure financial transaction message.

The secure, portable 2-way financial message transmission unit according to claim 3, characterized in that the received secure financial transaction message is decrypted by the financial transaction processor and coupled to a secure memory that holds decrypted information of the secure financial transaction message.

5. The secure, portable 2-way financial message transmission unit according to claim 2, characterized in that the secure financial transaction message comprises a financial transaction session key.

6. The secure, portable 2-way financial message transmission unit according to claim 5, characterized in that the secure financial transaction message comprises a returned cash value.

The secure, portable 2-way financial message transmission unit according to claim 5, characterized in that the secure financial transaction message comprises a returned transfer value of funds.

8. The secure, portable 2-way financial message transmission unit according to claim 5, characterized in that the secure financial transaction message comprises a returned credit value.

9. The secure, portable 2-way financial message transmission unit according to claim 2, characterized in that a received secure financial transaction message is decoded by the selective call decoder and passed directly to a Smart Card. united to prevent unauthorized access to the information contained in the secure financial transaction message.

10. The portable, secure, 2-way financial message transmission unit according to claim 1, characterized in that it comprises: a secure message generator coupled to the financial transaction processor and the main processor.

11. The secure, portable 2-way financial message transmission unit according to claim 10, characterized in that the financial transaction processor encrypts and the secure message generator generates a secure financial transaction message that is coupled to the Main processor for transmission by the transmitter.

12. The secure, portable 2-way financial message transmission unit according to claim 11, characterized in that the secure financial transaction message comprises a financial transaction request.

13. The financial message transmission unit, secure, 2-way, portable, according to claim 11, characterized in that the secure financial transaction message comprises a cash-load request.

14. The secure, portable 2-way financial message transmission unit according to claim 11, characterized in that the secure financial transaction message comprises a request for transfer of funds.

15. The secure, portable 2-way financial message transmission unit according to claim 11, characterized in that the secure financial transaction message comprises a credit request.

16. A secure, portable 2-way financial message transmission unit characterized in that it comprises: a receiver; a decoder of selective calls coupled to the receiver; a financial transaction processor coupled to the selective call decoder, the financial transaction processor comprises: a security code processor; a non-volatile, secure, read-only memory coupled to the security code processor; a read-only memory, erasable, secure, coupled to a read-only, non-volatile, secure memory; an input / output interface coupled to the read-only, erasable, secure memory; and a control logic coupled to the security code processor, the read-only, non-volatile, secure memory, the read-only, erasable, secure memory, and the input / output interface; a main processor coupled to the financial transaction processor and the selective call decoder; and a transmitter coupled to the main processor.

17. The secure, portable 2-way financial message transmission unit according to claim 16, characterized in that it comprises: an Intelligent Card coupled to the financial transaction processor via the input / output interface.

18. The secure, portable 2-way financial message transmission unit according to claim 16, characterized in that the financial transaction processor receives and decrypts a secure financial transaction message coupled to the selective call decoder.

The secure, portable 2-way financial message transmission unit according to claim 18- characterized in that a received secure financial transaction message is decoded by the selective call decoder and passed directly to the transaction processor to prevent unauthorized access to information contained in the secure financial transaction message.

20. The secure, portable 2-way financial message transmission unit according to claim 19, characterized in that the received secure financial transaction message is decrypted by the financial transaction processor and coupled to a secure memory that retains decrypted information of the secure financial transaction message.

21. The secure, portable 2-way financial message transmission unit according to claim 18, characterized in that the secure financial transaction message comprises a financial transaction session key.

22. The secure, portable 2-way financial message transmission unit according to claim 21, characterized in that the secure financial transaction message comprises a returned cash value.

23. The portable, 2-way, secure financial message transmission unit according to claim 21, characterized in that the secure financial transaction message comprises a return value of funds returned.

24. The secure, portable 2-way financial message transmission unit according to claim 21, characterized in that the secure financial transaction message comprises a returned credit value.

25. The secure, portable 2-way financial message transmission unit according to claim 18, characterized in that a secure financial transaction message received is decoded by the selective call decoder and passed directly to a joined Smart Card. to prevent unauthorized access to the information contained in the secure financial transaction message.

26. The financial message transmission unit, secure, 2-way, portable, according to claim 16, characterized in that it comprises: a secure message generator coupled to the financial transaction processor and the main processor.

27. The secure, portable 2-way financial message transmission unit according to claim 26, characterized in that the financial transaction processor encrypts and the secure message generator generates a secure financial transaction message that is coupled to the Main processor for transmission by the transmitter.

28. The portable, 2-way, secure financial message transmission unit according to claim 27, characterized in that the secure financial transaction message comprises a financial transaction request.

29. The secure, portable 2-way financial message transmission unit according to claim 27, characterized in that the secure financial transaction message comprises a cash-load request.

30. The secure, portable 2-way financial message transmission unit according to claim 27, characterized in that the secure financial transaction message comprises a request for transfer of funds.

31. The financial, secure, 2-way, portable message transmission unit * according to claim 27, characterized in that the secure financial transaction message comprises a credit request.