SECURE DATA ENTRY PERIPHERAL DEVICE FIELD OF THE INVENTION
The present invention relates to data entry peripheral devices such as keyboards, computer mouse pointing devices, voice recognition devices and the like, and more particularly, to an encryption system applied directly in the data entry peripheral device for insuring secure data transmission, including transactional and credit card information, and for preventing unauthorized copying and use of software programs or packages.
BACKGROUND OF THE INVENTION
The rise of the Internet data highway has dramatically increased the need for secure data transmission, to enable a tried and true basis for electronic funds and other secret data transfer and consumer purchase transactions. Credit card information, banking account numbers and other sensitive data are vulnerable to unauthorized use when placed on a data communications network, hence the need for secure transactions. The expected rise in the number of Internet transactions of this type will reach a value of $300 billion in the near future, and the electronic Internet servers and all of the associated data processing equipment need to adapt to this new approach to financial and secure data transactions.
Another related problem is presented by unauthorized copying or use of software programs or packages, which creates heavy software industry losses.
There are known methods and apparatus for providing security in data communications including data encryption techniques, also known as information integrity technology, 'fire- walls' and others. Many examples of this technology exist, such as encryption/decryption, digital signature, certificate authentication, etc. and
there are even computer keyboard-related techniques which are described, for example, in US Patents 5,748,888 to Angelo et al, and 5, 406,624 to Tulpan.
The Angelo patent discloses secure keyboard communications in a computer system. A request for private keyboard communications generates a secure system management interrupt, which directs specialized hardware to intercept and divert keyboard interrupts so that keyboard data is communicated only to a black-box security device controlling access to protected system resources, thereby protecting keyboard data from interception by malicious software.
The Tulpan patent discloses a processor unit connectable between a keyboard and a computer, which enables data to be transmitted to the computer in selected fashion, either via a transparent mode or via one of a plurality of special handling modes. In the transparent mode, the keyboard data passes without any change being made in the data, and in the special handling mode, a security program is executed while secret data inputted via the keyboard data is isolated from the computer.
As described above, a tremendous increase is expected in the number and types of data transactions requiring high levels of security for the mass market of on-line purchasers and Internet users. In order to achieve such high rates of growth in this application, the level of sophistication of the user must also increase, so that the operation of secure data transactions is a familiar and acceptable activity. In the patents listed above, the devices utilized are add-on units which may not present user-friendly approaches to achieving secure data transactions, due to complications in software and hardware installation and operation.
It would be desirable, therefore, to provide methods and apparatus which are user-friendly for enabling quick, simple and easy initiation and completion of
secure data transactions with a high degree of user confidence in the security level, and preventing unauthorized copying and use of software programs and packages.
SUMMARY OF THE INVENTION
Accordingly, it is a principal object of the present invention to overcome the disadvantages of prior art techniques used in secure data transactions, by providing a quick, simple and easy to use method of insuring a high level of security in such transactions, using a specially-designed keyboard, computer mouse, or voice recognition circuit.
In accordance with a preferred embodiment of the present invention, there is provided a secure data entry peripheral device in a computer system, said device comprising: means for at least one of entry, collection and reading of data information; controller means for encoding said data information for presentation to the computer system, and means associated with said controller for processing said encoded data information by performing thereon at least one operation amongst operations including encryption, decryption, data manipulation and non-volatile storage, said processed encoded data information providing a secure transaction when transmitted within the computer system, and when decrypted and decoded for use at a remote location.
In the preferred embodiment, the inventive secure data entry peripheral device encryption technique is integrated within the device itself, and is not carried
out separately on the computer unit or devices attached by wires or add on software
programs, so that each transmission of data from the peripheral device is already encrypted, giving it a high level of security with its initial transmission from the device.
Encryption of data on the proposed single chip microprocessor is completely secure because the 'Key board', 'Data entry' or 'Analog voice' encoding and encryption are on the same chip by storage of encryption keys and secure data in EEPROM memory. There is no external access or opportunity for external interference which could compromise the integrity of the data. This approach enables maintenance of a high security level.
The inventive device can be applied to a keyboard, computer mouse or voice recognition circuit which are used as data entry devices. Since each device utilizes an electronics board or microcontroller in its standard configuration, the encryption technique of the present invention can be applied easily and efficiently, raising the security level of the design.
The inventive device may also employ a contact or contactless Smartcard adaptor to enhance the total security of the system.
Other features and advantages of the invention will become apparent from the following drawings and description.
BRIEF DESCRIPTION OF THE DRAWINGS For a better understanding of the invention with regard to the embodiments thereof, reference is made to the accompanying drawings, in which like numerals designate corresponding elements or sections throughout, and in which:
Fig. 1 is an overall plan view of a secure computer mouse peripheral device constructed and operated in accordance with the principles of the
present invention;
Fig. 2 is an electronic block diagram of a secure computer mouse
microcontroller included in the Fig. 1 computer mouse peripheral device;
Fig. 3 is an overall view of a secure keyboard peripheral device constructed and operated in accordance with the principles of the present invention;
Fig. 4 is an electronic block diagram of a secure keyboard microcontroller included in the Fig. 3 peripheral device;
Fig. 5 is an electronic block diagram of a secure voice recognition peripheral device constructed in accordance with the principles of the present invention;
Figs. 6a-b show a flowchart describing a typical purchase transaction using the secure I/O device of the present invention; and
Fig. 7 is a flowchart of an authentication routine used in the purchase transaction of Figs. 6a-b.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
In the following description of secure data entry peripheral devices in a computer system, the term "secure" is used to describe secure devices such as 'Smart card' or 'Secure Integrated circuit' or 'Electronic coin' or other secured components.
Referring now to Fig. 1, there is shown an overall plan view of a secure computer mouse peripheral device 10 constructed and operated in accordance with the principles of the present invention. Computer mouse device 10 has a microcontroller or an independent logic system which reads optical signals and sends pulses in an asynchronous serial RS 232 format to a serial communication channel via cable 11, or via a computer mouse interface connected directly into the bus of
a computer. Thus, the following description applies to computer mouse communications either via a serial communications port or a card inserted into the
computer bus. The reference to a secure mouse includes similar devices such as a track ball or pad or any other computer pointing device in one, two or more dimensions.
Normally, data communications with the secure computer mouse 10 are performed by a service program running on the computer. The present invention enables entry of data by selection of numbers and values which are presented to the user on the computer screen. The selected numbers and values have a secret content or a monetary value, and are sent back by the secure computer mouse 10 as encrypted data after a special command is sent from the computer service program to the secure computer mouse 10, or the command is entered by an external signal like one of the mouse keys. This special command is decoded by secure computer mouse 10 and the data to which computer mouse 10 already points is encrypted directly by the microcontroller associated with the secure computer mouse 10.
Alternatively, when the program running on the computer issues a special command as follows: encrypt / decrypt data which follows the command, then this command is interpreted directly by the microcontroller associated with the secure computer mouse 10, thus giving it a high security level.
Alternatively, in order to increase the level of security the numbers and values can be entered by an optional mini-keypad 16 on computer mouse 10.
In this fashion, the encryption unit in secure computer mouse 10 is an acceptable unit to a wide cross-section of computer users. The security level of data encrypted in this fashion is the highest possible since no code or system encryption key is run on the computer service program or stored on the computer disk.
The secure computer mouse 10 can provide various levels of encryption and security. In addition to the standard computer mouse operating
software, a large number of encryption/decryption programs are provided. Those encryption decryption programs are uniform in every type of secure computer mouse 10, and includes various encryption algorithms, such as standard DES (data encryption standard) functions, 3-DES, RC2-RCn, IDEA, HASH, CAST, a dynamic exchange of system encryption keys, and public key technology such as RSA algorithms, Diffie-Hellman, etc.
Each secure computer mouse 10 has a 'member number' permanently encoded in it, which remains even if the encryption keys are changed. The permanent encoding of a private key, a public (RSA) algorithm seed, Keyl and Key2 of a 3-DES algorithm can be achieved by automatic encoding, without human intervention so that complete security is insured while keeping a user friendly environment
The 'member number' is a silicon file containing tens of characters. The 'member number' contains the default value of the encryption keys, personal identification number (PIN), attribute codes and control and rescue code. By a special procedure involving the PIN number, the user can change the DES keys and public and private keys as well.
In accordance with the invention, there are two available levels of security for secure computer mouse device 10, Level I and Level II.
In Level I, secure computer mouse 10 enables entry of data by selection of numbers and values which are presented to the user on the computer screen. Alternatively, the data can be entered by optional mini-keypad 16 on secure computer mouse 10 and stored in an EEPROM memory/Smartcard component integrated within the device. These numbers and data values are encrypted by various methods, including, DES or 3-DES, RC2-RCn, IDEA, HASH, CAST, a dynamic exchange of
system encryption keys, and public key technology such as RSA algorithms, Diffie-Hellman, etc. There is no access to the system key which is permanently encoded in the microcontroller of secure computer mouse 10. There is also no access to the 'member number' permanently encoded in the microcontroller of secure computer mouse 10.
To obtain a secure I/O communication link from secure computer mouse 1 , a secure I/O negotiation begins with a bi-directional authentication routine. Once this is achieved, the data which is entered via the secure computer mouse 10 is then encrypted and can be sent directly or via the secure I O communication link to a service provider, at a remote location. The Level I security level is intended for purchases via the Internet, involving relatively small sums.
In the Level II security level, the secure computer mouse 10 is constructed with a 'Smartcard' interface 12, typically located on the lower section of the mouse housing. This arrangement will enable both Levels I and II to be performed. Alternatively, the construction may be one having a Smartcard component as an integral part of the secure computer mouse 10 device, using a monolithic or hybrid chip construction, as shown in Fig. 2. An encryption/decryption routine can be used which integrates the microcontroller in secure computer mouse 10, with a 'Smartcard' security (encryption/decryption) algorithm, and this integration greatly enhances the overall security of the secure computer mouse 10.
Integration of the secure computer mouse 10 microcontroller and the 'Smartcard' security (encryption/decryption) algorithm enables secure computer mouse 10 to continually adopt new security methodologies and encryption decryption
algorithms, which are provided on the 'Smartcard' 14.
The Level II security level makes it possible for banking institutions, which require a high level of security for transfer of encrypted data and files, to handle electronic transfer of large sums of money as well as transfers between them.
The advantage of using a secure computer mouse 10 for encryption of data is that it is extremely easy, since the user is accustomed to performing computer operations via the computer mouse. Thus, practically no training or explanation is needed in use of secure computer mouse 10, and the classification of computers and new models generally does not affect the operation of the secure computer mouse device 10.
If a change is to be made in the system encryption key, due to a breach in system security, this can be performed by transmission of new system encryption keys coded by a public key algorithm. It is possible to arrange a plurality of system encryption keys which can be automatically replaced on a regular basis in relation to the time of day, or the date.
The Level II security level can be applied to prevent unauthorized use of software programs or packages, by use of the secure computer mouse 10, with the addition of a Smartcard by the manufacturer of the software product. The software package serial number is encrypted onto the Smartcard, which is inserted into the Smartcard interface 12, and when decrypted, the software is enabled.
The Level II secure computer mouse 10 achieves better security in an easier fashion than the security plugs now typically used as an attachment device to a
keyboard or printer interface.
The secure computer mouse 10 may be applied in all environments,
including banks and commercial entities, so that their data processing systems have the system encryption key store in the computer mouse. In this way, the
system encryption key is not kept or stored on any disk, or in the computer memory, where it may be exposed to illegal tampering or attempts to breach security.
Referring now to Fig. 2, there is shown an electronic block diagram of a secure computer mouse microcontroller 25 included in the Fig. 1 mouse peripheral device 10. A pair of position optical encoders 20, 22 feed position information provided by the mouse trackball as input to the mouse microcontroller 25.
Microcontroller 25 can be implemented in accordance with skill of the art electronic design techniques, and comprises functional blocks including a CPU 26, flash memory or EEPROM 28 containing code and default (transport) 'member number' value. Microcontroller 25 also comprises RAM working registers 30, and EEPROM data storage memory 31 , which will hold alternate encryption keys, a software package serial number, and historical transaction buffer, which records the last 10 transactions, for example, on the EEPROM memory 31, to resolve billing disputes. Microcontroller 25 also comprises public key algorithm 32. Mouse device 10 is connected via an RS-232 connector 34 for serial communication with the host computer, or it may be connected via the mouse interface card directly to the computer bus.
As shown in Option A, a 'Smartcard' adapter 36 may be added to the system to provide for operation with system encryption keys encoded on the Smartcard 14, or with a Smartcard PIN number or Smartcard security algorithm.
In Fig. 3 there is shown an overall view of a secure keyboard peripheral device 40 constructed and operated in accordance with the principles of the present invention.
Keyboard 40 has a stand-alone microcontroller having an embedded code and is connected via cable 41 to a keyboard interface in the computer. In
accordance with the principles of the present invention, a standard keyboard can be replaced by a secure keyboard 40 having a high security level. Keyboard 40 features an optional magnetic card reader 42 and an optional Smartcard interface 44, operating as described further herein.
Normally, data communications with the secure keyboard 40 are performed by a service program running on the computer. The present invention enables entry via secure keyboard 40 of data containing numbers and values, which have a secret content or a monetary value, and this data is entered directly via secure keyboard 40. Thus, the data is sent already encrypted directly by the microcontroller associated with the secure keyboard 40, giving it a high security level. In this fashion, the encryption unit in secure keyboard 40 is the unit that performs keyboard encoding. The security level of data encrypted in this fashion is the highest possible since no code or system encryption key is run on the computer.
Secure keyboard 40 can provide, with a different encryption key, the decryption of data sent to it by the computer, for purposes of authentication, etc. The secure keyboard 40 can provide various levels of encryption and security. In addition to the standard keyboard operating software, an encryption program is provided. The encryption program is uniform in every type of secure keyboard 40, and these numbers and data values are encrypted by various methods, including, DES or 3-DES, RC2-RCn, IDEA, HASH, CAST, a dynamic exchange of system encryption keys, and public key technology such as RSA algorithms, Diffie-Hellman, etc. There is no access to the system key which is permanently encoded in the microcontroller of secure keyboard 40. There is also no access to the 'member number' permanently encoded in the microcontroller of secure keyboard 40.
To obtain a secure I O communication link from secure keyboard 40,
a secure I/O negotiation begins with a bi-directional authentication routine. Once. this is achieved, the data which is entered via the secure keyboard 40 is then encrypted and can be sent directly or via the secure I/O communication link to a service provider, at a remote location. Each secure keyboard 40 has a 'member number' permanently encoded in it, which remains even if the encryption keys are changed.
The permanent encoding of a private key, a public (RSA) algorithm seed, Keyl and Key2 of a 3-DES algorithm can be achieved by automatic encoding, without human intervention so that complete security is insured while keeping a user friendly environment.
The 'member number' is a silicon file containing tens of characters. The 'member number' contains the default value of the encryption keys, personal identification number (PIN), attribute codes and control and rescue codes. By a special procedure involving the PIN number, the user can change the DES keys and public and private keys as well.
In accordance with the invention, there are two available levels of security for secure keyboard device 40, Level I and Level II.
In Level I, secure keyboard 40 enables entry of data containing numbers and values, which have a secret content or a monetary value, and this data is entered directly via secure keyboard 40, and stored in an EEPROM memory/Smartcard component integrated within the device. These numbers and data values are encrypted by various methods, including, DES or 3-DES, RC2-RCn, IDEA, HASH, CAST, a dynamic exchange of system encryption keys, and public key technology such as RSA algorithms, Diffie-Hellman, etc.
The Level I security level is intended for purchases via the Internet, involving relatively small sums.
In the Level II security level, the secure keyboard 40 is constructed with a Smartcard interface 44, typically located on the side of the keyboard housing. This arrangement will enable both Levels I and II to be performed. Alternatively, the construction may be one having a Smartcard component as an integral part of the secure computer mouse 10 device, using a monolithic or hybrid chip construction, as shown in Fig. 4. An encryption routine can be used which integrates the microcontroller in secure keyboard 40, with a Smartcard security (encryption/decryption) algorithm, and this integration greatly enhances the overall security of the secure I/O encryption. Integration of the secure keyboard 40 microcontroller and the Smartcard encryption algorithm enables secure keyboard mouse 40 to continually adopt new security methodologies and encryption/decryption algorithms, which are provided on the Smartcard 14.
The Level II security level makes it possible for banking institutions, which require a high level of security for transfer of encrypted files, to handle electronic transfer of large sums of money and for transfers between them.
The advantage of using a secure keyboard 40 for encryption of data is that it is extremely easy, since the user is accustomed to performing computer operations via the keyboard. Thus, practically no training or explanation is needed in use of secure keyboard 40, and the classification of computers and new models generally does not affect the operation of the keyboard. If a change is to be made in the system encryption key, due to breach in system security, this can be performed by
transmission of new system encryption keys coded by a public key algorithm. It is
possible to arrange a plurality of system encryption keys which can be automatically replaced on a regular basis in relation to the time of day, or the date.
The Level II security level can be applied to prevent unauthorized use of software programs or packages, by use of the secure keyboard 40, with the addition of a Smartcard by the manufacturer of the software product. The software package serial number is encrypted onto the Smartcard, which is inserted into the Smartcard interface 44, and when decrypted, the software is enabled.
The Level II secure keyboard 40 achieves better security in an easier fashion than the security plugs now typically used as an attachment device to a keyboard or printer interface.
The secure keyboard 40 may be applied in all environments, including banks and commercial entities, so that their data processing systems have the system encryption key stored in the secure keyboard 40. In this way, the system encryption key is not kept or stored on any disk, or in the computer memory, where it may be exposed to illegal tampering or attempts to breach security.
Fig. 4 is an electronic block diagram of a secure keyboard microcontroller 45 included in the secure keyboard 40 of Fig. 3. A keyboard matrix of key contacts 53 is fed as input to the keyboard microcontroller 45. Microcontroller 45 comprises functional blocks including a CPU 46, flash memory or EEPROM 48 containing code and default (transport) member number value. Microcontroller 45 also comprises RAM working registers 47, and EEPROM memory 49, with alternate encryption keys, and h'Storical transaction buffer, which records the last 10 transactions, for example, on the EEPROM memory 49, to resolve billing disputes. Microcontroller 45 also comprises public key algorithm 50. Secure keyboard 40 is
connected via cable 41 and connector 51 to the keyboard interface for communication with the host computer, or to a universal serial bus interface (USB).
As shown in Option A, a Smartcard adapter 44 may be added to the system to provide for operation with system encryption keys encoded on Smartcard 14, or with a Smartcard PIN number or Smartcard security algorithm
As shown in Option B, a magnetic card reader 42 may be added to the system to provide an easy way of using a credit card number. The magnetic card is used in security Level I or Level II transactions.
Fig. 5 is an electronic block diagram of a secure voice recognition peripheral device 60 constructed in accordance with the principles of the present invention. A secure voice recognition circuit comprises a microphone 62, and a microcontroller 61 which comprises an analog switch 64, A/D converter 66 and D/A converter 68. Microcontroller 61 comprises functional blocks including a CPU 72, a flash memory or EEPROM 74 containing code and default (transport) member number value. Microcontroller 61 also comprises RAM working registers 76, and an EEPROM data memory 78 which holds alternate encryption keys, a software package serial number, and an historical transaction buffer which records the last 10 transactions, to resolve billing disputes. Microcontroller 61 also comprises a public key algorithm 79. A voice signature can also be stored on EEPROM data memory 78.
In operation, audio input is fed from microphone 62 into A/D converter 66, under control of CPU 72, via analog switch 64. When the voice signals are compared in microcontroller 61 with the voice signature stored in EEPROM data memory 78, D/A converter 68 returns the encrypted analog signals to the analog switch 64 which sends the analog encrypted data to an optional speech recognitiion circuit located in the computer running the service program.
The voice recognition circuit enables recognition of numbers and special words by a voice recognition program which is stored in the code memory 74. The voice recognition circuit can be part of a device containing a large number of voice recognition programs, and may be operated as a stand-alone device to obtain already recognized numbers and transmit an encrypted number. The voice recognition circuit can be part of the new model of keyboards or part of speech add-on recognition cards, or part of voice recognition circuits installed on motherboard computer circuits.
As shown in Option A, a Smartcard adapter 70 may be added to the system to provide for operation with system encryption keys encoded on Smartcard 14, or with a Smartcard PIN number or Smartcard security algorithm
In order to provide each of the secure I/O peripheral devices, secure computer mouse 10, secure keyboard device 40 or secure voice recognition device
60, with security via encryption algorithms, it is first necessary to perform a secure I/O protocol which is designed to prevent the presentation of many keys in a short time period.
Generally, secure I/O peripherals have in their own microcontroller all of the necessary memory. Program code is retained in flash code memory 74, and long-term random memory is provided by an EEPROM section in microcontroller
61. The EEPROM memory is electrically erasable and changeable in accordance with the changes in the system encryption keys.
In the manufacturing process of the secure peripherals, an initial member number is written in the microcontroller by the manufacturer. For example, manufacturer A will provide a code having 8 bytes: 00000000, and manufacturer B
will provide a code having 8 bytes: 00000001, etc. for as many codes as needed Using
this encoded key, the manufacturer can check the production line and send the secure peripheral to an encryption center.
In the hardware configuration of the microcontroller, additional hardware is integrated which does not permit more than three authentication routines to be performed in consecutive fashion. After an attempt is made to exceed this number of routines, the system will automatically wait 3 minutes before allowing additional attempts to be made. Each authentication routine is bi-directional. Upon power-on or reset, the system will wait 3 minutes. This automatic system delay is designed to reduce the likelihood of a successful breach of security, by method involving rapid presentation of different system encryption keys.
The inventive secure I/O peripherals include all the existing encryption techniques, including, DES or 3-DES, RC2-RCn, IDEA, HASH, CAST, a dynamic exchange of system encryption keys, and public key technology such as RSA algorithms, Diffie-Hellman, etc. Use of each ofthese techniques is designed to guarantee the longevity of the system after its initiation into use. Currently, banking encryption systems utilize the DES technique, and most Smartcards do also, except for those used in satellite home communications, TV cable channels and special applications, in which the Smartcards use the Public key RSA algorithm.
The communication system implemented in the secure peripheral I/O system operates according to the following definitions:
1) Complete security for the source of money transferred and for the amount of money, credit card numbers, customer name, bank account numbers etc. transferred by the network.
2) Each provider or receiver of services has a 'member number', or certificate.
3) The 'member number', when broadcast, is always encrypted.
4) In each transaction, part of the 'member number' and the amount of the transaction will be kept secure, by the service provider.
5) The 'member number' is encoded in the secure I/O peripheral memory during the definition process performed by the system
. manager.
6) The certification authority (CA- governmental, regulatory or service manager) may obtain the 'member number and the amount of the transaction.
7) No party knows the connection between the 'member number' and the true identity of the user.
8) Blockage of user access will be done by the 'member number'.
In Figs. 6a-b there are shown flowcharts describing a typical purchase transaction using the secure I/O device of the present invention. In block 100, the computer connects to the Internet server. In block 102, the computer loads the secure I/O application program. In block 104, the computer loads the Internet surfing program. In block 106, the user enters an Internet having a virtual shopping mall.
In block 108, the user chooses the item to be purchased. In block 110, the vendor secure I/O program starts the negotiation with the user secure I/O program. The secure I/O programs complete the start of the negotiation phase in block 112 by use of an authentication routine (Fig. 7).
The authentication routine of Fig. 7 is an industry standard type, using for example, the DES encryption. The routine begins in block 90 when the service provider sends a start command to the end user which is acknowleged in block 91 . The service supplier creates a random number in block 92 , encrypts it in block 93 and transmits it to the end user via the secure I/O peripheral device of the invention. The end user secure I/O device decrypts the received random number in block 94. At this stage, the end user secure I/O device generates a new random number in block 95, and transmits the received random number and the generated random number as a packet,
encrypted by the same key. The service supplier secure I/O device decrypts the received packet in block 96, and compares the returned random number to the one it
initially generated. If it matches, then the service supplier encrypts the end user random number by the same key and transmits it back to the end user in block 97. The end user decrypts and compares the received random number in block 98 and if it matches in block 99, the authentication routine is sucessfiilly completed in block 101, and an OK is sent. If the returned random number does not match in block 96 or 99, the authentication routine fails in block 103.
In decision blocks 1 Ma-b of Fig. 6a, the completion of the authentication routine is tested, and the end user is asked to insert his credit card number in block 1 16. In block 1 18, the secure I/O device encrypts the credit card number. In block 120, the end user is asked to insert his PIN number, and then in block 122, he is asked to repeat entry of the PIN number.
In block 124, the secure I/O program checks if the PIN number is OK, and in block 126 the secure I/O program encrypts the PIN number. In block 128, the service program running on the computer transmits the encrypted number to the vendor or service supplier (SRS). In block 130, the SRS decrypts the transmitted data, and in decision block 132 the service supplier checks the end user credit card number against credit card blacklist of users whose cards are blocked. If the credit card is OK, in block 134 the service supplier transmits an encrypted receipt to the end user. Block 136 is the end of the typical transaction. Block 138 is the exit of the secure I/O program.
Having described the invention with regard to certain specific embodiments thereof, it is to be understood that the description is not meant as a limitation since further modifications may now suggest themselves to those skilled
in the art and it is intended to cover such modifications as fall within the scope of the appended claims.