摘要 |
An authorization system using authorizing devices, such as smart cards. The authorizing devices of the present invention are used to authorize transactions on a computer system. The present invention is used to provide security against authorizing multiple transactions that are in a queue, the present invention comprises an authorizing device that only allows the authorization of only one transaction at a time. The authorization of only one transaction is accomplished by software which set an indicator in the volatile memory of the processing module on the authorizing device. The indicator indicates whether a transaction has been authorized or not. If the indicator indicates that one transaction has been authorized, then no further transactions can be authorized. A processing module in the authorizing device operates software which instructs the processing module to set an indicator once a transaction has been authorized. In the preferred embodiment, the indicator is an authorization bit in the volatile memory of the authorizing device. The setting of the authorization bit indicates that one signature has been made. If the authorization bit is set, no other signatures can be made during that session. Therefore if the authorizing party attempts to authorize more than one fraudulent transaction, the fraud is limited to only that transaction and no others. In order to use the authorizing device again, the authorization bit needs to be reset. The authorization bit can be reset by the use of a switch on the authorizing device.
|