摘要 |
<p>Disclosed is a multi-purpose transaction card system comprising an issuer (101), one or more cards (102), one or more terminals (103), and optionally one or more acquirers (104), communicating using a variety of cryptographic confidentiality and authentication methods. Cards authenticate messages using public-key based cryptographic without themselves performing the extensive computations usually associated with such cryptography. Integrity of complex transaction sequences and plural card storage updates are maintained, even under intentionally generated interruptions and/or modifications of data transmitted between card and terminal. Cards do not reveal any information to the terminal which is not directly necessary for the transaction or any information to which the terminal should not have access, through externally measureable aspects of its behaviour. Transaction types supported include those suitable for off-line credit cards, in which the 'open to buy' is maintained on the card.</p> |