(57) A central host computer (20) is connected to a plurality of transaction card issuing
institutions (e.g. banks) 24 and to a plurality of transaction terminals (22). The
host (20) generates a master key which is distributed to all terminals (22), and generates
a plurality of secondary keys, one for each issuer (24), each secondary key being
generated by encryption of data identifying the respective issuer (24). The issuer
(24) places the data identifying itself (BIN) on each card it issues. Also authorization
information is encrypted under the respective secondary key and placed on the card.
The authorization information can include anticounterfeiting digits or a personal
identification number (PIN). When the card is applied to a transaction terminal (22),
the encrypted information is read by the terminal, and also the respective secondary
key is derived by the terminal (22) by encryption of the issuer identifying data (BIN)
under the master key. The secondary key', thus derived is used by the terminal (22)
to permit off-line analysis of the encrypted authorization information on the card
by comparison with data entered manually at the terminal (22) by the card owner, and/
or with non-encrypted data on the card.
|
|
