Description

PORTABLE PIN INPUTTER

Technical Field

[1] This invention pertains mainly to the field of applied smart-card technology. It also relates to criminology, psychological engineering, and ergonomics.

Background Art

[2] US 6,776,332 discloses, as a portable PIN inputter, a contact-type card with a built- in numeric keypad. The present invention and the invention of US 6,776,332 have in common the point that the customer in a debit transaction or credit transaction inputs the trial PIN not on a numeric keypad controlled by the merchant but rather on the customer's own portable PIN inputter.

[3] Japan 2003-206660 discloses, as a portable PIN inputter, a digital-display wristwatch with buttons and a built-in wireless transmitter. The trial PIN is input by repeatedly pressing the buttons. The invention of Japan 2003-206660 is aimed at enabling company employees, who are required to input a PIN in order to pass through a security gate set up at the entrance to a company facility, to input their trial PINs ahead of time in their wristwatches instead of inputting them in the numeric keypad provided at the gate itself, thus eliminating long lines in front of the gate at rush hour and improving the company's efficiency. The present invention and the invention of Japan 2003-206660 have in common the point that a person intending to pass through a security gate inputs the trial PIN not after she or he has arrived at the gate but rather, ahead of time, on the person's own portable PIN inputter.

[4] There is prior art in which, by using a signal from the state of rotation of a timepiece's rotatable bezel, the timepiece's mode (6 modes in all, i.e. 6 positions) can be selected (Japan H2-36395) or the Cartesian coordinates (longitude and latitude, i.e. 360 positions for each) can be input so as enable the timepiece to calculate local time (US 5,982,710). And there is prior art in which, by using a signal from the state of rotation of the rotatable bezel of an information-processing device that has been configured in the form of a wristwatch, the user can input alphanumerics and symbols (46 alternatives in all, i.e. 46 positions) so as to operate schedule management and similar applications (Japan 2001-60137, Japan 2001-67173). The present invention and these inventions have in common the use of a rotatable bezel as a means of inputting data into a timepiece or device in the form of a timepiece. Disclosure of Invention

Problem

[5] A consortium of the major payment associations for debit transactions and credit

transactions (Mastercard, Visa, and JCB) has adopted the EMV Integrated Circuit Card Payment System Specifications ( ¹ EMV 4.1', published May 2004) as a new standard for debit cards and credit cards, with the intention that integrated circuit cards will gradually replace magnetic stripe cards throughout the world. The EMV specifications abolish the user's signature or photograph as the principal means whereby a member merchant confirms the identity of the user. Furthermore, the EMV specifications take no notice of biometrics. (It may be conjectured that there are two reasons for this. First are the problems, unique to biometric systems, (a) that there is no way to change the biometric data periodically to reduce the risk of damage that might arise from data leakage and (b) that there is no way to upgrade the biometric data periodically to stay always one step ahead of criminals, whose technological strength is always growing in tandem with scientific and technological progress; these problems make it very difficult to build a system that will be robust over the long term. Second, there is the problem of consumer resistance arising from civil-liberties concerns.) Instead, the EMV specifications adopt, as the principal means whereby a member merchant confirms the identity of the user, the user's personal identification number or PIN. In short, throughout the world the market for debit transactions and credit transactions is making a transition from signature verification and photograph verification to PIN verification. This transition however brings forth new dangers and anxieties for the user.

[6] The greatest concern is a rise in 'surf and mug'. 'Surf and mug' is the following kind of crime. Step 1 : By a method such as looking over the user's shoulder ('shoulder surfing'), hidden camera, or tampering with a merchant's numeric keypad or other equipment, a criminal learns the trial PIN that the user has input. Step 2 (optional): The criminal confirms that the transaction that the user was trying to do was successful, i.e. confirms that the trial PIN is the true PIN. Step 3: By a method such as robbery ('mugging'), burglary, or 'emboss and swap' (see below), the criminal steals the card. Step 4: Using the card and PIN, the criminal buys goods and converts the goods into cash, all in an untraceable manner.

[7] Another concern is the arrival of something new, 'emboss and swap'. 'Emboss and swap' is the following kind of crime, which is made feasible by the popularization of cards that bear neither a signature nor a photograph. Step 1 : A criminal (for example a server in a restaurant or a cash register attendant), under some pretext, obtains possession of the card. Step 2: The criminal group has assembled in advance an inventory of counterfeit card blanks for all the popular brands and designs of cards. The criminal removes from inventory a blank with the design that is closest to the design of the real card, puts the blank into an embossing machine, and creates a copy of the real card by reproducing its embossed characters on the blank. Step 3: The criminal returns the copy to the user. Step 4: Employing a fake terminal, the criminal

asks the user to insert the card (actually it's the copy) and to input the PIN. The criminal group has rigged the fake terminal (a) to exhibit a reaction as though the transaction was successful, (b) to print out a fake receipt that appears at first sight to be an ordinary receipt but on closer inspection contains nothing that can be traced to the party that issued the receipt, and (c) to record the trial PIN that the user input. Step 5: The criminal returns the card (actually it's the copy) and the fake receipt to the user. Step 6: Using the card (the real card) and the trial PIN, a member of the criminal group buys goods and converts the goods into cash, all in an untraceable manner. Note: Each of the major payment associations has what it may call a neural network for the early detection and prevention of unauthorized card use, and the criminal group knows that the best way to reduce the risk of its being tracked down by such a neural network is to ensure that the data from the transaction when the card was copied (steps 1 through 5) never reach the issuer of the card. Accordingly, the criminal gang will probably use its own cash to process the transaction, 'treating' the card user to a free meal or whatever.

[8] Finally, the user must also continue to be concerned about the same matters as in the past, for example crimes that employ fake terminals or terminals that have been rigged to intercept, redirect, or illicitly record signals.

[9] In this new environment as described above, where PIN verification is becoming the principal means of confirming identity, a system that enables a user to do debit transactions and credit transactions without anxiety, in a manner that prevents crime and protects the safety of the user's own person to the maximum extent, must satisfy the following 6 conditions.

[10] Condition 1 : On the one hand, the PIN must have at least the same strength as a conventional 4-digit decimal number such as can be input from a conventional numeric keypad. On the other hand, so as to make it impossible that there should be any duplication between the PIN and any numbers that the user may have used previously for other purposes (e.g. as the PIN for an existing card or as the secret number for a guests' rental locker at a wedding reception hall or a shoppers' rental locker in the downstairs food bazaar of a department store), the PIN must be a number from a numbering system that is duodecimal or higher, i.e. the radix of the numbering system must be 12 or more.

[11] Here is why this is essential. The average user, when establishing the PIN for a new debit card or credit card, invariably regards it as a nuisance to have to think up and then memorize a brand-new number that she or he has never used before. No matter what, the user is prone to establish as the PIN for the new card the same number that she or he habitually uses as the PIN for another card or as her or his secret number for rental lockers. But as the proverb says, 'A chain is only as strong as its weakest link.' If a user carelessly uses her or his debit card or credit card PIN as, for example, the secret

number for a shoppers' rental locker in the downstairs food bazaar of a department store, the user will suffer not only the risk of economic loss from unauthorized use of the card but also, more and more in the future, the risk of injury or death from attack by a robber or burglar.

[12] The important point to bear in mind is this. No matter how prudent any one user may be in choosing her or his PIN and protecting its secrecy, it is impossible for that user to eliminate the above risks. Criminal groups develop their criminal strategies based on their observation of the typical behavior patterns of the totality of users. If a criminal group notices that a large majority of users exhibit the behavior pattern of, for example, using their own debit card or credit card PINs as the secret numbers for shoppers' rental lockers in the downstairs food bazaars of department stores, from the criminal group's point of view the strategy of somehow learning the secret number that the shopper input, following the shopper as she or he leaves the downstairs food bazaar, and attacking her or him and taking her or his cards becomes a 'paying proposition', and they will proceed with it. Whether the shopper that they happen to attack was prudent in managing her or his card PINs is irrelevant.

[13] As can be seen from the above example, for any one user to be able to do debit transactions and credit transactions without anxiety, in a manner that prevents crime and protects the safety of her or his own person to the maximum extent, it is insufficient simply for that one user to change her or his own behavior patterns. What is needed is a system-level change whereby, through incentives or compulsion, a large majority of users are caused to change their behavior patterns en masse. More specifically, what is needed is a system-level change whereby, through incentives or compulsion, a large majority of users are caused to adopt, en masse, the behavior pattern, when establishing new PINs, of thinking up and then memorizing brand-new numbers that they have never used before. And there is no way to accomplish such a system-level change otherwise than by sloughing off the old custom of using decimal- system PINs.

[14] Here is why a duodecimal or higher numbering system is essential. The intrinsic strength of a 4-digit decimal-system PIN is 10 to the 4th power minus 1 (0000 is omitted from candidacy as a PIN; hereafter the same), or 9,999. The intrinsic strength of a 4-digit unidecimal-system PIN is 11 to the 4th power minus 1, or 14,640, and if the 9,999 PIN candidates that might possibly have been used previously for other purposes are eliminated only 4,641 PIN candidates remain, which is weaker than a 4-digit decimal-system PIN. But the intrinsic strength of a 4-digit duodecimal-system PIN is 12 to the 4th power minus 1, or 20,735, and if the 9,999 PIN candidates that might possibly have been used previously for other purposes are eliminated 10,736 PIN candidates remain, which is stronger than a 4-digit decimal-system PIN. It should

be noted that, if duodecimal-system PINs are to be used, the PINs must be at least 4 digits long in order for this result to obtain.

[15] Condition 2: Input of the trial PIN must be done not on a numeric keypad controlled by the merchant but rather by means of a portable device that the user herself or himself provides and employs.

[16] This is essential because keypads controlled by merchants come in all shapes and sizes. A user cannot distinguish a real one from a fake, nor can a user know whether the keypad has been tampered with. Furthermore, the placement of the merchant's keypad may be such that it is difficult to prevent shoulder surfing, and there is the risk that a hidden camera may be hidden nearby.

[17] Condition 3: The physical operation of inputting the trial PIN must be on the one hand an operation that is at least as easy for the user to perform as inputting a number into a numeric keypad but must be on the other hand be an operation that is hard for a shoulder surfer to see or for a hidden camera to record.

[18] Condition 4: The portable device that the user employs must have a clock function.

[19] Here is why this is essential. In order to ensure the security of communication between computers or between client and server, it is necessary to prevent impersonation. The simplest technique for an impersonator is to intercept and record the signals sent during a prior communication session and then to replay the recorded signals, and, as is well known, the most effective countermeasure against this is to exchange time-sensitive cryptograms. More specifically, to protect the merchant against impersonation on the user side, the issuer or a processing company acting as agent for the issuer can confirm, by means of a time-sensitive cryptogram transmitted by the user's portable device, that it is connected in real time to the user's portable device; and, for the user to protect herself or himself against impersonation on the merchant side, the user's portable device can confirm, by means of a time-sensitive cryptogram transmitted by the issuer or a processing company acting as agent for the issuer, that it is connected in real time to the issuer or to a processing company acting as agent for the issuer. In either case, it is essential that the portable device that the user employs should have a clock function.

[20] Condition 5: The portable device that the user employs must have a means of presentation (an LCD panel, a set of audible signals, etc.), to let the user follow the stages of a communication session with a transaction terminal and the stages of a communication session via a transaction terminal with the issuer or a processing company acting as agent for the issuer. It must also have a means (buttons, etc.) of enabling the user, at each stage, to input appropriate commands.

[21] Here is why this is essential. Terminals employed by merchants come in all shapes and sizes. A user cannot distinguish a real one from a fake, nor can a user know

whether the terminal has been tampered with, and therefore a user cannot trust the information shown on the display panel of the terminal. Only when — after exchanging time-sensitive cryptograms so as to remove the risk of impersonation — the user's own portable device has received enciphered information, deciphered it, and presented it (by an LCD panel, a set of audible signals, etc.), can the user believe the information. Likewise, there is no guarantee that a command that is input into a terminal employed by a merchant will be transmitted to the system without illicit alteration of its contents. Only when the user inputs the command into her or his own portable device and uses her or his own portable device to encipher the command and transmit it in enciphered form can the user be free from anxiety.

[22] Condition 6: The portable device that the user employs must have the characteristic that the user, when going out, will carry the device by physically fastening it to her or his body or clothing. Moreover it must have the characteristic that if the user is requested to unfasten the device from her or his body or clothing the user will be psychologically indisposed to accede to the request.

[23] The reason this is essential is that it provides the best defense against crimes that involve a portable device's falling temporarily under the control of a criminal group. It is true that, as integrated circuit cards supplant magnetic stripe cards, the risk of card skimming is decreasing. Other criminal schemes that involve a portable device's falling temporarily under the control of a criminal group can be imagined, however, and new schemes will surely be developed in the future. In this regard it should be noted that, in the case where as described above the input of the trial PIN is done not on a merchant's numeric keypad but rather on the user's own portable device, it is particularly important to ensure that the device is not separated from the user's person during the period of effectiveness of the trial PIN input (which might be, for example, 3 minutes from the beginning of the input).

Solution

[24] To satisfy the above 6 conditions, the present invention employs an analog-display battery-powered timepiece as a portable PIN inputter. (1) As is characteristic of an analog-display timepiece there are 12 hour indicators on the timepiece's face, and these can be used for inputting a 4-or-more-digit duodecimal-system PIN. Thus condition 1 is satisfied. (2) Trial PIN input is done on the timepiece itself. Thus condition 2 is satisfied. (3) The physical operation of inputting the trial PIN is as follows. The timepiece is equipped with a rotatable bezel, and the bezel has a mark at one place. The mark is such that it is sufficiently recognizable from the user's distance (in the case of a Braille timepiece, sufficiently recognizable by touch) but difficult to discern from a greater distance. The timepiece is also equipped with one or more buttons. The user rotates the bezel until the mark is aligned with one of the 12 hour indicators on the

timepiece's face and then performs a button manipulation. Repeating this 4 or more times, the user inputs a 4-or-more-digit duodecimal number. In the case of a wristwatch, which is the preferred embodiment of the portable PIN inputter of the present invention, the most natural way for a user to perform these manipulations of the bezel and the button or buttons is to bring the wristwatch up close to her or his chest, just like a professional poker player, and the button or buttons are placed so as to encourage this. Thus condition 3 is satisfied. (4) Since it is a timepiece, condition 4 is satisfied. (5) The timepiece, in addition to having the usual functions of a contactless integrated circuit card (calculation function, memory function, and wireless communication function), is furnished with a means of presentation that lets the user follow the stages of a trial PIN input, the stages of a communication session with a transaction terminal, and the stages of a communication session via a transaction terminal with the issuer or a processing company acting as agent for the issuer and also with a means of enabling the user, at each stage, to input appropriate commands. Thus condition 5 is satisfied. (6) Not only a wristwatch, which is the preferred embodiment of the portable PIN inputter of the present invention and which will be fastened to the user's wrist, but also a timepiece in the form of a piece of jewelry (pendant, pin, etc.) or a pocket watch on a chain satisfies the physical and psychological aspects of condition 6. By the way, as is explained in detail later, the rotatable bezel can be made much slimmer than conventional rotatable bezels, so that, other than the requirement of roundness, equipping the timepiece with a rotatable bezel will not restrict timepiece designers very much.

Description of Drawings and Reference Signs [25] Brief Description of the Drawings :

• Fig. 1 : The wristwatch that is the preferred embodiment of the portable PIN inputter of this invention, viewed from the front.

• Fig. 2: The wristwatch of Fig. 1 as viewed from the 3 o'clock direction.

• Fig. 3: The wristwatch of Fig. 1 as viewed from the 9 o'clock direction.

• Fig. 4: Diagram showing the arrangement of the brushes affixed to the back side of the bezel (the brushes themselves, being behind the bezel, are not visible).

• Fig. 5: Diagram showing the arrangement of the contact pads.

• Fig. 6: A simplified embodiment of the portable PIN inputter of this invention, viewed from the front.

[26] Reference Signs:

• 21: Bezel. 22: Mark.

23: 'Yes' button (10 o'clock position).

• 24: 'No' button (8 o'clock position).

• 25 : Upper LCD panel.

• 26: Lower LCD panel.

• 27A-27F: Grounding brushes. 28A-28D: Contact pads.

• 29: Button for manual reception of signal from radio transmission station containing time data.

• 30: Recessed button, for use in manually setting the time and date.

• 31: Crown, for use in manually setting the time and date.

• 32: Upper bracket pair.

• 33: Lower bracket pair. 34: LCD panel.

Best Mode Known to the Inventor for Carrying Out the Invention [27] In the explanation above, the method of fastening the portable PIN inputter to the user's body or clothing was not limited, but the embodiment explained below takes the form of a wristwatch fastened to the user's wrist. Also, the explanation above avoided expressions implying reliance on the user's being a sighted person, but the embodiment explained below relies on the user's eyesight. [28] Furthermore, in order for the wristwatch correctly and reliably to perform exchanges of time-sensitive cryptograms, its clock function must be highly accurate and robust. Currently, the best representative of a wristwatch that combines a highly accurate and robust clock function with an affordable price is the Eco-Drive® radio- controlled watch manufactured by Citizen, and the embodiment explained below resembles an Eco-Drive® radio-controlled watch in several respects. Specifically, referring to Fig. 1 and Fig. 2, the placement of button 29, recessed button 30, and crown 31 is the same as in the currently most popular model of Eco-Drive® radio- controlled watch, and it is assumed that they have the same functions.

[29] Now, referring to Fig. 1 and Fig. 3, when the user of the wristwatch wants to input a trial PIN, the user rotates bezel 21 until mark 22, which is inscribed on bezel 21 by a means such as stamping, is aligned with one of the 12 hour indicators on the watch face, and then presses button 23. Mark 22 is such that it is sufficiently discernible from the user's distance but difficult to discern from a greater distance. Repeating this 4 or more times, the user inputs a 4-or-more-digit duodecimal number. Then, by pressing button 23 one more time, the user confirms this 4-or-more-digit duodecimal number as the trial PIN. (Since the wristwatch's program knows the number of digits in the PIN that has been established for that wristwatch, it is able to infer, when a trial PIN is being input, which digit should be the last digit. This makes it possible to adopt, as the button manipulation to be performed in the confirmation operation, the same button manipulation as was performed for inputting each of the digits.) To guard against the

trial PIN's last digit's later being surmised from the state of rotation in which bezel 21 is left at the end of the trial PIN input and confirmation operations, it is desirable that the user should, before or immediately after the confirmation operation, rotate bezel 21 so that mark 22 is no longer aligned with the hour indicator corresponding to the last digit, but in this embodiment it is assumed that there is no compulsion on the user to do this. If the user wants to cancel the trial PIN input in mid-course, she or he presses button 24. It should be noted that the average user is right-handed, and it is assumed that she or he will fasten the wristwatch to her or his left wrist and press button 23 and button 24 with her or his right forefinger. In the case of this average user, the placement of button 23 at the 10 o'clock position and button 24 at the 8 o'clock position will encourage the user to do the trial PIN input and confirmation operations by bringing the wristwatch up close to her or his chest, just like a professional poker player.

[30] To let the user know through her or his sense of touch that mark 22 is aligned with one of the 12 hour indicators on the watch face, it is desirable to provide some sort of resistance mechanism, such as a mechanism involving springs and bumps or cavities, that, every 30 degrees, imparts resistance to the rotation of bezel 21.

[31] It is assumed that upper LCD panel 25 and lower LCD panel 26 normally (i.e. when the wristwatch is being used simply as a timepiece) display calendar information. As soon as the user begins the trial PIN input operation, however, they change to a display that lets the user see the flow of the trial PIN input. More specifically, when the user rotates bezel 21 until mark 22 is aligned with the hour indicator on the watch face that corresponds to the first digit of the trial PIN and then presses button 23, the display of upper LCD panel 25 changes to a single asterisk, and as the user repeats these manipulations for the subsequent digits it changes to double asterisks, triple asterisks, etc. Then, when the number of asterisks displayed on upper LCD panel 25 reaches the number of digits in the PIN that has been established for that wristwatch and the user presses button 23 one more time, the 4-or-more-digit duodecimal number that the user has input is confirmed as the trial PIN, the wristwatch performs PIN verification (described below), and the display of upper LCD panel 25 changes to 'VALID PIN' (where the true PIN and the trial PIN match) or 'INVALID!' (where the true PIN and the trial PIN do not match).

[32] It is necessary to obtain from the state of rotation of bezel 21 a binary signal such as can be processed by the wristwatch's built-in means of calculation, and this is done as follows. As shown in Fig. 4, six brushes 27A through 27F are affixed to the back side of bezel 21, and these brushes are grounded (by means not shown in the drawing) to the wristwatch's case. Further, underneath bezel 21, four contact pads 28 A through 28D are disposed at 90-degree intervals, as shown in Fig. 5. By this contrivance, when

bezel 21 is rotated 360 degrees, contact between brush and pad occurs once every 30 degrees, at 12 positions in all.

[33] To obtain a binary signal from these 12 rotational positions at which contact occurs, each pad is coupled (by means not shown in the drawing) to a port pin of the means of calculation. When button 23 is pressed, each pad is given a small charge. The voltage of a pad that is in contact with a brush, because the brush is grounded, will be zero or an extremely small value (in binary notation, 0). But the voltage of a pad that is not in contact with a brush will be a relatively large value (in binary notation, 1). More specifically, as shown in the following table, it is possible to obtain 12 different binary signals from the 12 rotational positions, one every 30 degrees, at which contact occurs. These binary signals enter the wristwatch's built-in means of calculation by way of the port pins.

• When mark 22 is aligned with the 0 o'clock (12 o'clock) indicator, pad 28 A is in contact with brush 27 A, pad 28B is in contact with brush 27B, pad 28C is in contact with brush 27 D, and pad 28D is not in contact with a brush. The resulting binary signal is 0001.

• When mark 22 is aligned with the 1 o'clock indicator, pads 28A and 28B are not in contact with brushes, pad 28C is in contact with brush 27C, and pad 28D is in contact with brush 27E. The resulting binary signal is 1100.

• When mark 22 is aligned with the 2 o'clock indicator, pad 28A is in contact with brush 27F, and pads 28B, 28C, and 28D are not in contact with brushes. The resulting binary signal is 0111.

• When mark 22 is aligned with the 3 o'clock indicator, pad 28A is not in contact with a brush, pad 28B is in contact with brush 27 A, pad 28C is in contact with brush 27B, and pad 28D is in contact with brush 27D. The resulting binary signal is 1000.

• When mark 22 is aligned with the 4 o'clock indicator, pad 28A is in contact with brush 27E, pads 28B and 28C are not in contact with brushes, and pad 28D is in contact with brush 27C. The resulting binary signal is 0110.

• When mark 22 is aligned with the 5 o'clock indicator, pad 28A is not in contact with a brush, pad 28B is in contact with brush 27F, and pads 28C and 28D are not in contact with brushes. The resulting binary signal is 1011.

• When mark 22 is aligned with the 6 o'clock indicator, pad 28A is in contact with brush 27D, pad 28B is not in contact with a brush, pad 28C is in contact with brush 27 A, and pad 28D is in contact with brush 27B. The resulting binary signal is 0100.

• When mark 22 is aligned with the 7 o'clock indicator, pad 28A is in contact with brush 27C, pad 28B is in contact with brush 27E, and pads 28C and 28D

are not in contact with brushes. The resulting binary signal is 0011.

• When mark 22 is aligned with the 8 o'clock indicator, pads 28A and 28B are not in contact with brushes, pad 28C is in contact with brush 27F, and pad 28D is not in contact with a brush. The resulting binary signal is 1101.

• When mark 22 is aligned with the 9 o'clock indicator, pad 28A is in contact with brush 27B, pad 28B is in contact with brush 27D, pad 28C is not in contact with a brush, and pad 28D is in contact with brush 27 A. The resulting binary signal is 0010.

• When mark 22 is aligned with the 10 o'clock indicator, pad 28 A is not in contact with a brush, pad 28B is in contact with brush 27C, pad 28C is in contact with brush 27E, and pad 28D is not in contact with a brush. The resulting binary signal is 1001.

• When mark 22 is aligned with the 11 o'clock indicator, pads 28 A, 28B, and 28C are not in contact with brushes, and pad 28D is in contact with brush 27F. The resulting binary signal is 1110.

[34] The reason for setting the number of pads at 4 is as follows. As can be seen from the fact that there are 8 possible 3-digit binary numbers (000 through 111) and 16 possible 4-digit binary numbers (0000 through 1111), to handle 12 different binary signals a contrivance that can handle binary numbers at least 4 digits in length is necessary. It follows that the number of pads and port pins must be at least 4 of each. Further, in view of manufacturing costs, it is more important to minimize the number of pads and port pins than to minimize the number of brushes. Accordingly, the number of pads is set at 4.

[35] The number of brushes is set at 6 for the following reason. Mathematically, there are solutions whereby, using 4 pads and only 5 brushes, 12 different binary signals can be obtained from 12 rotational positions at 30-degree intervals, but these solutions have a defect. Namely, when there are 4 pads and 5 brushes, one of the 12 rotational positions will invariably be a no-contact position (a rotational position in which no pad is in contact with a brush). But if a no-contact position is allowed to serve as one of the 12 rotational positions, the wristwatch's program must treat the binary signal from the no-contact position, 1111, as a valid input. But if 1111 is to be treated as a valid input signal, a 1111 signal that comes from the user's mistakenly pressing button 23 when bezel 21 is in an improper state of rotation (for example, when mark 22 deviates by about 15 degrees from the hour indicator corresponding to the digit that the user was trying to input) will also have to be treated as a valid input. The ineluctable conclusion is that, to obviate the risk of such input errors, the wristwatch's program must treat 1111 as an invalid input signal. From this it follows that a contrivance of 4 pads and 5 brushes cannot be used. For the above reasons, a contrivance of 4 pads and 6 brushes is

adopted.

[36] It should be noted that the conception of employing brushes and pads to obtain digital signals from the state of rotation of a bezel is not new. This conception is disclosed, for example, in the specification and drawings of the patent on a timepiece into which Cartesian coordinates can be input (US 5,982,710), which is cited above as prior art.

[37] Now, it was mentioned earlier that the wristwatch's rotatable bezel can be made much slimmer than conventional rotatable bezels, and here are the reasons for this. The first reason lies in the slimness of the front side of bezel 21, i.e. the narrowness of mark 22. Conventionally, when a rotatable bezel has been used as a means of input, symbols or marks indicating the alternatives available for selection by the user have been arranged in a ring formation on the front side of the bezel. The user rotates the bezel until the symbol or mark on the bezel corresponding to the alternative that she or he wants to select is aligned with a mark on the timepiece's face. Naturally, the bezel has had to be wide enough to make room for all these symbols and marks. But the wristwatch of the present invention reverses this. With this wristwatch, the symbols or marks indicating the alternatives available for selection by the user (the symbols or marks indicating the 12 hours, which are characteristic of an analog-display timepiece) are on the watch face, and the user rotates bezel 21 until mark 22 is aligned with the symbol or mark on the watch face corresponding to the alternative that she or he wants to select. Thus, the only thing that needs to appear on bezel 21 is mark 22, and bezel 21 needs to be merely wide enough to provide room for mark 22. The second reason lies in the slimness of the back side of bezel 21, i.e. the narrowness of brushes 27 A through 27F. Among all the means that can be imagined for obtaining digital signals from the state of rotation of a bezel, the pad-and-brush contrivance is the most simple and the most capable of realization in a narrow form. The brushes in particular can be made quite narrow, and bezel 21 needs to be merely wide enough to provide room for these narrow brushes.

[38] It should be noted that the specification of the patent on a timepiece into which

Cartesian coordinates can be input (US 5,982,710), which is cited above as prior art, also points out that the brushes in a pad-and-brush contrivance can be made quite narrow.

[39] In Fig. 5 pads 28 A through 28D are disposed at the 0 o'clock (12 o'clock) position, the 3 o'clock position, the 6 o'clock position, and the 9 o'clock position, but this has no particular significance. A timepiece designer can freely change the disposition of the pads as long as their positions relative to each other (at 90-degree intervals) stay the same. Likewise, in Fig. 4 the location of mark 22 coincides with the disposition of brush 27 A, but this too has no particular significance, and a timepiece designer can

freely change the location of mark 22 as long as the positions of the brushes relative to each other stay the same. (In either case, the binary signals obtained will differ from those shown in the table presented earlier.) It should be noted that the brush arrangement in Fig. 4 is just one example, and there are a total of 16 brush arrangements (if mirror images are included, 32 brush arrangements) that provide the functionality of generating, with 4 pads at 90-degree intervals and 6 brushes, 12 different binary signals from the 12 rotational positions, one every 30 degrees, at which contact occurs.

[40] PIN verification is comparison of the true PIN stored in the wristwatch's built-in means of memory and the trial PIN confirmed by the operation described above, and it is performed by the wristwatch's built-in means of calculation. If they do not match, not only is upper LCD panel 25 caused to display the message 'INVALID!' as mentioned above, but also the false-PIN counter stored in the means of memory is increased by 1. When the false-PIN counter reaches a standard number that has been prescribed by the issuer, for example 3, i.e. when 3 times in succession a false PIN has been confirmed as the trial PIN, some function that is essential to the use of the wristwatch as a portable PIN inputter, such as the function of sending a small charge to contact pads 28A through 28D when button 23 is pressed during trial PIN input, is suspended, and the wristwatch becomes unusable as a portable PIN inputter. (It is assumed that the issuer will determine, in light of the requirements of its system, which specific function or functions will be suspended.) Because this is such a serious result, whenever upper LCD panel 25 is caused to display the message 'INVALID!', lower LCD panel 26 is caused to display an appropriate supporting message, for example 'FALSE ONCE', 'FALSE TWICE', or 'UNUSABLE'. Whenever, before the false-PIN counter has reached the prescribed number, the result of PIN verification is that the true PIN and the trial PIN match, not only is upper LCD panel 25 caused to display the message 'VALID PIN', but also the false-PIN counter is returned to 0. After the false- PIN counter has reached the prescribed number, however, it is too late. In this case, if button 23 is pressed, upper LCD panel 25 and lower LCD panel 26 are caused to display the error message 'INPUTTER' (on upper LCD panel 25) 'UNUSABLE' (on lower LCD panel 26). If the user wishes to continue to use the wristwatch as a portable PIN inputter, the user, according to procedures specified by the issuer, must arrange with a designated agency of the issuer for the wristwatch to be reset.

[41] It is assumed that, in the particular system in which this embodiment is to be used, two kinds of numbers are ineligible to be PINs. First, numbers that can be expressed solely with the digits 0 through 9 are ineligible. The purpose of this rule is to strengthen the system by eliminating every PIN candidate that the user might possibly have used previously as a conventional decimal-system PIN. Secondly, the following two numbers are ineligible: the number that can be expressed solely with the

duodecimal digit 10 and the number that can be expressed solely with the duodecimal digit 11. In other words, the 4-or-more-digit duodecimal number that (but for this rule) could be input as a trial PIN by pressing button 23 four or more times in succession when mark 22 is aligned with the 10-o'clock hour indicator is ineligible, and the 4-or-more-digit duodecimal number that (but for this rule) could be input as a trial PIN by pressing button 23 four or more times in succession when mark 22 is aligned with the 11 -o'clock hour indicator is likewise ineligible. (The corresponding numbers from the other ten hour indicators are already ineligible because of the rule that numbers that can be expressed solely with the digits 0 through 9 are ineligible.) The purpose of this rule is to reduce the risk of unintentional input of a trial PIN.

[42] As mentioned earlier, the wristwatch's program knows the number of digits in the

PIN that has been established for that wristwatch. Therefore the program is able to recognize when an attempt is being made to input the last digit of a trial PIN. The program is also able to recognize a situation in which there is a possibility that the input of the last digit could result in an ineligible number, i.e. when all the digits input so far have been 0 through 9, when they all have been the duodecimal digit 10, or when they all have been the duodecimal digit 11. In such a case, when button 23 is pressed to input the last digit, the program analyzes the resulting number, and if it is ascertained to be ineligible the program (a) suspends the trial-PIN-confirmation function of button 23, so that, even if button 23 is pressed one more time, confirmation will not take place, PIN verification will not take place, and there will be no effect on the false-PIN counter, and (b) causes upper LCD panel 25 and lower LCD panel 26 to display the error message 'INELIGIBLE' (on upper LCD panel 25) 'NUMBER' (on lower LCD panel 26).

[43] Here is a brief illustration of the operations whereby, employing the wristwatch that is the preferred embodiment of the portable PIN inputter of the present invention, a debit transaction or credit transaction is validated. Note: This wristwatch is not the only embodiment of the portable PIN inputter of the present invention, the applicability of the present invention is not limited to systems for debit transactions and credit transactions, and validating a transaction is not the only operation that the present invention can perform. The following illustrates only one of the possible embodiments, only one of the possible areas of applicability, and only one of the possible operations. Moreover, in the area of debit transaction and credit transaction systems, it is assumed that an issuer that wishes to introduce a system that works the present invention will develop its own unique system in light of its own sundry restrictions and marketing strategies. Accordingly, the following illustration does not purport to describe a debit transaction or credit transaction system. It is intended solely to show how the various functions of the portable PIN inputter of the present invention, in one

of its embodiments, can be put to use.

[44] In this system, each wristwatch is assigned 2 pairs of keys, an offline-use pair and an online-use pair. The offline-use pair is for communication between the wristwatch and a transaction terminal, and the online-use pair is for communication via a transaction terminal between the wristwatch and the issuer or a processing company acting as agent for the issuer. The private keys (both the one for offline use and the one for online use) are stored in the wristwatch's means of memory, and the public keys (both the one for offline use and the one for online use) are under the charge of the issuer. The following are also stored in the wristwatch's means of memory: (a) the issuer's public key (in plain text) together with a hash thereof enciphered with the payment association's private key and (b) the offline-use public key enciphered with the issuer's private key. 'Payment association' means a payment association to which issuers that have introduced systems that work the present invention belong (hereafter the same). Note: With respect to the offline-use key pair and the online-use key pair, the nomenclature adopted here is to call the key that is stored on the business side the 'public key' and the key that is stored on the user side the 'private key', which is the opposite of the usual nomenclature. But, given that in this system the keys that are stored on the business side may be divulged to a large number of terminals within the system and to a large number of computers, including computers belonging to processing companies, whereas the user will not divulge to anyone the keys that are stored in her or his wristwatch, the nomenclature adopted here is appropriate.

[45] Step 1 : When the user, having been informed of the transaction amount by the merchant, wants to process the transaction as a debit transaction or as a credit transaction, the user does the trial PIN input and confirmation operations with the wristwatch. 'VALID PIN' is displayed on upper LCD panel 25, and the number of seconds remaining in the period of effectiveness of the trial PIN input is displayed on lower LCD panel 26. If it is assumed, for example, that the issuer has prescribed, as the period of effectiveness, 3 minutes from the beginning of the trial PIN input (i.e. from the first time that button 23 is pressed), a countdown of, for example, '155 SECONDS', '154 SECONDS', '153 SECONDS', etc. will appear on lower LCD panel 26.

[46] Step 2: The wristwatch transmits the following 3 data to the transaction terminal:

(a) the issuer's public key (in plain text) together with a hash thereof enciphered with the payment association's private key, (b) the offline-use public key enciphered with the issuer's private key, and (c) the user's account information (name and account number) enciphered with the offline-use private key.

[47] Step 3: The transaction terminal gets the user's account information by (a) getting the issuer's public key from the transmitted data and confirming — by (i) independently calculating the issuer's public key's hash, (ii) getting the enciphered hash from the

transmitted data and using the payment association's public key, which is stored in the transaction terminal's memory, to open the enciphered hash, and (iii) comparing the two results — that it is the issuer's true public key, (b) using the issuer's public key to get the offline-use public key, and (c) using the offline-use public key to get the user's account information. It is assumed that at this point the merchant or the merchant's 'acquirer' (the financial institution that acquires the merchant's receivables) will perform a screening procedure (a comparison with a list of stolen wristwatches, and a risk assessment considering factors such as the issuer's nationality, the transaction amount, and the kind of goods). Depending on the results of the screening, various results can be imagined — such as immediate contact with the police, denial of processing as a debit transaction or credit transaction, or denial of offline processing (i.e. the merchant demands online processing) — but here it will be assumed that the result of the screening is 'Offline Processing Is Approved'. This being the case, the transaction terminal transmits to the wristwatch (in plain text) the transaction currency and amount and a signal that has the meaning of asking for the user's permission to proceed with offline processing.

[48] Step 4: The wristwatch displays on upper LCD panel 25 the transaction currency and amount, for example, 'JPY472,500'. If the transaction currency and amount cannot fit into upper LCD panel 25, it automatically scrolls. Meanwhile, lower LCD panel 26 alternates, at one-second intervals, between displaying the countdown and displaying a message, 'OFFLINE OK?', asking for the user's permission to proceed with offline processing. The user confirms the transaction currency and amount and decides whether to permit offline processing. To permit offline processing the user presses button 23, and to reject offline processing the user presses button 24. It should be noted that the language of the messages displayed in upper LCD panel 25 and lower LCD panel 26 is the language of that wristwatch. In other words, no matter what country the user uses her or his wristwatch in, its display language does not change.

[49] Step 5 (course A): Here it will be assumed that the user rejects offline processing, i.e. presses button 24. The wristwatch transmits to the transaction terminal (in plain text) a signal that has the meaning of rejecting offline processing and demanding online processing.

[50] Step 6 (course A): It can be imagined that, if the merchant does not want to do online processing, at this point the merchant will refuse to process the transaction as a debit transaction or credit transaction, but here it will be assumed that the merchant is willing to proceed with online processing. From this point the procedures are the same as where, in step 3, the merchant denied offline processing (i.e. the merchant demanded online processing), to wit, the transaction terminal transmits to the wristwatch (in plain text) the transaction currency and amount and a signal that has the

meaning of asking for the user's permission — or reconfirming the user's demand — to proceed with online processing.

[51] Step 7 (course A): The wristwatch displays — or continues from step 4 to display — on upper LCD panel 25 the transaction currency and amount, for example, 'JPY472,500'. If the transaction currency and amount cannot fit into upper LCD panel 25, it automatically scrolls. Meanwhile, lower LCD panel 26 alternates, at one-second intervals, between displaying the countdown and displaying a message, 'ONLINE OK?', asking for the user's permission to proceed with online processing. The user confirms the transaction currency and amount and decides whether to permit online processing. To permit online processing the user presses button 23, and to reject online processing the user presses button 24. Here it will be assumed that the user permits online processing, i.e. presses (before the countdown reaches zero) button 23. When the user does so, the wristwatch transmits to the transaction terminal a cryptogram, enciphered with the online-use private key, containing the following 4 data: (a) the PIN, (b) the date and time, (c) a signal that has the meaning of demanding online processing, and (d) the currency and amount.

[52] Step 8 (course A): The transaction terminal transmits to the issuer or processing company acting as agent for the issuer a message comprising the user's account information that it got in step 3, the cryptogram that it received in step 7 (course A), and the merchant's information concerning the transaction in question (the date and time, the currency and amount, the kind of goods, etc.). The issuer or processing company acting as agent for the issuer uses the online-use public key, which is under its charge, to open the cryptogram. Here it will be assumed that (a) the PIN from the cryptogram and the PIN according to the issuer side's records, (b) the date and time from the cryptogram and the date and time from the merchant's information, (c) the date and time from the cryptogram and the date and time according to the issuer side's clock, and (d) the currency and amount from the cryptogram and the currency and amount from the merchant's information all match, and it will also be assumed that no problematic anomalies are detected by the payment association's neural network. In this case, the issuer or processing company acting as agent for the issuer provisionally accepts the transaction and assigns to it a transaction identifier.

[53] Step 9 (course A): The issuer or processing company acting as agent for the issuer transmits to the transaction terminal a cryptogram, enciphered with the online-use public key, containing the following 3 data, and the transaction terminal forwards the cryptogram to the wristwatch: (a) the date and time according to the issuer side's clock, (b) the currency and amount, and (c) the transaction identifier.

[54] Step 10 (course A): The wristwatch uses the online-use private key to open the cryptogram. Here it will be assumed that (a) the date and time from the cryptogram and

the data and time according to the wristwatch and (b) the currency and amount from the cryptogram and the currency and amount that the wristwatch received in step 6 (course A) all match. In this case, the wristwatch transmits the transaction identifier to the transaction terminal (in plain text).

[55] Step 11 (course A): The transaction terminal transmits to the wristwatch (in plain text) a signal that means that operations on the user's side have successfully concluded.

[56] Step 12 (course A): The wristwatch displays on upper LCD panel 25 and lower

LCD panel 26, for several seconds, the message ONLINE PROCESSING' (on upper LCD panel 25) 'WAS SUCCESSFUL' (on lower LCD panel 26), after which it reverts to the normal display of calendar information. This is the end of the operations on the user's side.

[57] Step 13 (course A): There remain some operations on the merchant's side — for example, the merchant may need to send the transaction identifier to its 'acquirer' or a processing company acting as agent for its acquirer, and the 'acquirer' or processing company acting as agent for the acquirer may want to communicate with the issuer or a processing company acting as agent for the issuer to confirm the transaction identifier — but it is assumed that the remaining operations are basically the same as the usual debit card and credit card settlement operations, and they are omitted here.

[58] Step 5 (course B): Here it will be assumed that the user permits offline processing, i.e. presses (before the countdown reaches zero) button 23. When the user does so, the wristwatch transmits to the transaction terminal a cryptogram, enciphered with the online-use private key, containing the following 3 data: (a) the PIN, (b) the date and time, and (c) the currency and amount.

[59] Step 6 (course B): The transaction terminal transmits to the wristwatch (in plain text) a signal that means that operations on the user's side have successfully concluded.

[60] Step 7 (course B): The wristwatch displays on upper LCD panel 25 and lower LCD panel 26, for several seconds, the message 'OFFLINE PROCESSING' (on upper LCD panel 25) 'WAS SUCCESSFUL' (on lower LCD panel 26), after which it reverts to the normal display of calendar information. This is the end of the operations on the user's side.

[61] Step 8 (course B): It is assumed that, to reduce communication expense, the merchant at the end of the day assembles the transaction data for the day and transmits them in a batch to its 'acquirer' or a processing company acting as agent for its acquirer. These data include the user's account information that the merchant got in step 3, the cryptogram that the merchant received in step 5 (course B), and the merchant's information concerning the transaction in question (the date and time, the currency and amount, the kind of goods, etc.). The data make their way, via the payment association's clearinghouse, to the issuer or processing company acting as

agent for the issuer. The issuer or processing company acting as agent for the issuer uses the online-use public key, which is under its charge, to open the cryptogram. Here it will be assumed that (a) the PIN from the cryptogram and the PIN according to the issuer side's records, (b) the date and time from the cryptogram and the date and time from the merchant's information, and (c) the currency and amount from the cryptogram and the currency and amount from the merchant's information all match, and it will also be assumed that no problematic anomalies are detected by the payment association's neural network. In this case, the issuer or processing company acting as agent for the issuer provisionally accepts the transaction and assigns to it a transaction identifier. It is assumed that the remaining operations are the same as the usual debit card and credit card settlement operations, and they are omitted here.

Simplified Mode for Carrying Out the Invention

[62] The portable PIN inputter of the present invention can be simplified in any or all of the following ways. The means of fastening to the user's body or clothing can be eliminated. The means of calculation can be simplified to eliminate the deciphering function. And the means of communication with a terminal can be simplified to perform transmission but not reception.

[63] Insofar as use of the portable PIN inputter in money transactions is concerned, each of these simplifications would entail risks for the user. Elimination of the means of fastening to the user's body or clothing would make it easier for a criminal (for example a server in a restaurant or a cash register attendant), under some pretext, to obtain possession of the portable PIN inputter during the period of effectiveness of the trial PIN input; the criminal could then use the portable PIN inputter to perform an unauthorized transaction. And elimination of the reception function and the deciphering function would destroy the user's ability to confirm that her or his portable PIN inputter is connected in real time to a legitimate remote computer within the system; this would expose the user to criminal schemes that involve impersonation. Furthermore, without the reception function it would be very difficult for the user to control, with her or his own portable PIN inputter, the amount of money to be authorized; this would expose the user to criminal schemes in which a terminal is rigged to display and print receipts reflecting the transaction that the user has authorized while it actually performs an unauthorized transaction or redirects the signals received from the portable PIN inputter to a remote terminal that performs an unauthorized transaction.

[64] Nevertheless, even in such a simplified mode, the portable PIN inputter of the present invention can be usefully employed in systems for controlling access to facilities or equipment, including systems that have attendance recording functionality. A portable PIN inputter in such a simplified mode is shown in Fig. 6. In appearance it

differs from the preferred embodiment shown in Fig. 1 in two regards. First, the watchband of Fig. 1 is replaced in Fig. 6 by upper bracket pair 32 and lower bracket pair 33. Secondly, the two LCD panels of Fig. 1 are replaced in Fig. 6 by a single LCD panel 34.

[65] Upper bracket pair 32 and lower bracket pair 33 afford a number of options regarding ways to carry the portable PIN inputter. As with an ordinary wristwatch case, each pair of brackets has a pair of holes on its inside surfaces, into which an ordinary spring-loaded pin can fit. The user can use a pair of spring-loaded pins to attach a ordinary band, belt, or bracelet, so that she or he can carry the portable PIN inputter on her or his wrist. Another option for the user is to use a single spring-loaded pin or similar device to attach a lanyard, so that she or he can carry the portable PIN inputter, either upright or upside-down, by placing the lanyard around her or his neck. Another option, of course, is for the user to carry the portable PIN inputter loose, with nothing attached to it.

[66] Now, referring to Fig. 6, when the user of the portable PIN inputter wants to input a trial PIN, the user rotates bezel 21 until mark 22, which is inscribed on bezel 21 by a means such as stamping, is aligned with one of the 12 hour indicators on the timepiece's face, and then presses button 23. Mark 22 is such that it is sufficiently discernible from the user's distance but difficult to discern from a greater distance. Repeating this 4 times, the user inputs a 4-digit duodecimal number. Then, by pressing button 23 one more time, the user confirms this 4-digit duodecimal number as the trial PIN. To guard against the trial PIN's fourth digit's later being surmised from the state of rotation in which bezel 21 is left at the end of the trial PIN input and confirmation operations, it is desirable that the user should, before or immediately after the confirmation operation, rotate bezel 21 so that mark 22 is no longer aligned with the hour indicator corresponding to the fourth digit, but in this embodiment it is assumed that there is no compulsion on the user to do this. If the user wants to cancel the trial PIN input in mid-course, she or he presses button 24.

[67] To let the user know through her or his sense of touch that mark 22 is aligned with one of the 12 hour indicators on the timepiece's face, it is desirable to provide some sort of resistance mechanism, such as a mechanism involving springs and bumps or cavities, that, every 30 degrees, imparts resistance to the rotation of bezel 21.

[68] It is assumed that LCD panel 34 normally (i.e. when the portable PIN inputter is being used simply as a timepiece) displays calendar information. As soon as the user begins the trial PIN input operation, however, it changes to a display that lets the user see the flow of the trial PIN input. More specifically, when the user rotates bezel 21 until mark 22 is aligned with the hour indicator on the timepiece's face that corresponds to the first digit of the trial PIN and then presses button 23, the display of

LCD panel 34 changes to a single asterisk, and as the user repeats these manipulations for the subsequent digits it changes to double asterisks, triple asterisks, and quadruple asterisks. Then, when the display of LCD panel 34 has reached quadruple asterisks and the user presses button 23 one more time, the 4-digit duodecimal number that the user has input is confirmed as the trial PIN, the portable PIN inputter performs PIN verification (described below), and the display of LCD panel 34 changes to 'VALID PIN' (where the true PIN and the trial PIN match) or 'INVALID!' (where the true PIN and the trial PIN do not match).

[69] PIN verification is comparison of the true PIN stored in the portable PIN inputter's built-in means of memory and the trial PIN confirmed by the operation described above, and it is performed by the portable PIN inputter's built-in means of calculation. If they do not match, not only is LCD panel 34 caused to display the message 'INVALID!' as mentioned above, but also the false-PIN counter stored in the means of memory is increased by 1. When the false-PIN counter reaches a prescribed number, for example 3, i.e. when 3 times in succession a false PIN has been confirmed as the trial PIN, some function that is essential to the use of the portable PIN inputter as a portable PIN inputter (as opposed to using it simply as a timepiece), such as the function of sending a small charge to contact pads 28A through 28D when button 23 is pressed during trial PIN input, is suspended, and the portable PIN inputter becomes unusable as a portable PIN inputter. (It is assumed that the system provider will determine, in light of the requirements of its system, which specific function or functions will be suspended.) Because this is such a serious result, whenever LCD panel 34 is caused to display the message 'INVALID!', it alternates, at one-second intervals, between displaying the message 'INVALID!' and displaying an appropriate supporting message, for example 'FALSE ONCE', 'FALSE TWICE', or 'UNUSABLE'. Whenever, before the false-PIN counter has reached the prescribed number, the result of PIN verification is that the true PIN and the trial PIN match, not only is LCD panel 34 caused to display the message 'VALID PIN', but also the false-PIN counter is returned to 0. After the false-PIN counter has reached the prescribed number, however, it is too late. In this case, if button 23 is pressed, LCD panel 34 is caused to display the error message 'UNUSABLE'. If the user wishes to continue to use the portable PIN inputter as a portable PIN inputter, the user, according to procedures specified by the system provider, must arrange with a designated agency of the system provider for the portable PIN inputter to be reset.

[70] It is assumed that, in the particular system in which this embodiment is to be used, two kinds of numbers are ineligible to be PINs. First, numbers that can be expressed solely with the digits 0 through 9 are ineligible. The purpose of this rule is to strengthen the system by eliminating every PIN candidate that the user might possibly

have used previously as a conventional decimal-system PIN. Secondly, the following two numbers are ineligible: the number that can be expressed solely with the duodecimal digit 10 and the number that can be expressed solely with the duodecimal digit 11. In other words, the 4-digit duodecimal number that (but for this rule) could be input as a trial PIN by pressing button 23 four times in succession when mark 22 is aligned with the 10-o'clock hour indicator is ineligible, and the 4-digit duodecimal number that (but for this rule) could be input as a trial PIN by pressing button 23 four times in succession when mark 22 is aligned with the 11 -o'clock hour indicator is likewise ineligible. (The corresponding numbers from the other ten hour indicators are already ineligible because of the rule that numbers that can be expressed solely with the digits 0 through 9 are ineligible.) The purpose of this rule is to reduce the risk of unintentional input of a trial PIN.

[71] The portable PIN inputter's program is able to recognize a situation in which there is a possibility that the input of the fourth digit could result in an ineligible number, i.e. when all of the first three digits have been 0 through 9, when they all have been the duodecimal digit 10, or when they all have been the duodecimal digit 11. In such a case, when button 23 is pressed to input the fourth digit, the program analyzes the resulting number, and if it is ascertained to be ineligible the program (a) suspends the trial-PIN-confirmation function of button 23, so that, even if button 23 is pressed one more time, confirmation will not take place, PIN verification will not take place, and there will be no effect on the false-PIN counter, and (b) causes LCD panel 34 to display the error message 'INELIGIBLE'.

[72] Here is a brief illustration of the operations whereby, employing the embodiment shown in Fig. 6, a locked door within a building-access control system is unlocked. Note: The simplified mode of the embodiment shown in Fig. 6 is not the only simplified mode of the portable PIN inputter of the present invention, the applicability of the present invention in simplified mode is not limited to building-access control systems, and unlocking a locked door is not the only operation that the present invention in simplified mode can perform. The following illustrates only one of the possible simplified modes, only one of the possible areas of applicability, and only one of the possible operations. Moreover, in the area of access control systems, it is assumed that a system provider that wishes to introduce a system that works the present invention will develop its own unique system in light of its own sundry restrictions and marketing strategies. Accordingly, the following illustration does not purport to describe an access control system. It is intended solely to show how the various functions of the portable PIN inputter of the present invention, in one of its simplified modes, can be put to use.

[73] In this system, each portable PIN inputter is assigned one pair of keys. The private

key is stored in the portable PIN inputter's means of memory, and the public key is under the charge of the system provider. Note: The nomenclature adopted here is to call the key that is stored on the system provider side the 'public key' and the key that is stored on the user side the 'private key', which is the opposite of the usual nomenclature. But, given that in this system the key that is stored on the system provider side may be divulged to a large number of terminals and computers within the system, whereas the user will not divulge to anyone the key that is stored in her or his portable PIN inputter, the nomenclature adopted here is appropriate.

[74] Step 1 : Well before her or his expected arrival time at the locked door, the user prepares to use her or his portable PIN inputter. If the portable PIN inputter has a band, belt, or bracelet attached, the user puts the portable PIN inputter on her or his wrist. If the portable PIN inputter has a lanyard attached, the user places the lanyard around her or his neck. If the portable PIN inputter has no means of fastening to the user's body or clothing attached to it, the user takes it in her or his hand. It should be noted that at any time and place that there is a possibility of criminal attack — for example, late at night at an unguarded entrance to an apartment building — the safety of the user's person will be increased if the user does not have one of her or his hands occupied by carrying the portable PIN inputter. Accordingly, in any system where the possibility of criminal attack exists, the system provider should advise users to attach bands, belts, bracelets, lanyards, etc. to their portable PIN inputters. In this system, however, it is assumed that there is no compulsion on users to follow such advice.

[75] Step 2: Just before her or his expected arrival time at the locked door, in a safe place and in a manner that is hard for another person to observe or for a camera to record, the user does the trial PIN input and confirmation operations with the portable PIN inputter. LCD panel 34 displays the message 'VALID PIN' for several seconds, after which it displays the number of seconds remaining in the period of effectiveness of the trial PIN input. If it is assumed, for example, that the system provider has prescribed, as the period of effectiveness, 5 minutes from the beginning of the trial PIN input (i.e. from the first time that button 23 is pressed), a countdown of, for example, '272 SECONDS', '271 SECONDS', '270 SECONDS', etc. will appear.

[76] Step 3: The user observes the locked door and its surroundings. If there are no signs of danger, the user quickly proceeds to the door and presses (before the countdown reaches zero) button 23. When the user does so, the portable PIN inputter transmits to a terminal located next to the door a message comprising (a) the identifying number of that portable PIN inputter (in plain text) and (b) a cryptogram, enciphered with the private key, containing the date and time. The portable PIN inputter transmits this message only once; if the unlocking operation is unsuccessful and the user wants to try again, she or he must return to step 2. It should be noted that, where such a simple

cryptogram is used, it might be possible for a code breaker, by intercepting and analyzing a number of messages, to discover the private key. Where this is a realistic danger, the message can be made more secure by techniques such as concatenation, padding, and randomization. In this system, however, it is assumed that the system provider has decided that such advanced techniques are not needed.

[77] Step 4: The terminal gets the portable PIN inputter's identifying number from the transmitted message and uses it to retrieve the public key from its means of memory. Using the public key, the terminal opens the cryptogram. The terminal then compares the date and time from the cryptogram and the date and time according to its own clock. Here it will be assumed that the dates and times match. In this case, the terminal transmits to the lock a signal that has the meaning of commanding it to unlock. It should be noted that these operations can be performed either by the terminal or by a remote computer within the system, but here it is assumed that they are performed by the terminal.

[78] Step 5: The user promptly passes through the unlocked door. As soon as the user has passed through, the door promptly closes and relocks.

Industrial Applicability

[79] At present, whether to process debit transactions and credit transactions offline or to process them online is a choice for the merchant to make, and frequently the merchant's choice in the matter is non-transparent to the user. But the invention of claim 1 makes the merchant's choice in the matter transparent to the user, and moreover it gives the user the power to demand online processing. As a result, a virtuous circle may be anticipated, namely, the consciousness of a large number of persons regarding the safety of debit transactions and credit transactions will be heightened, market demand for safer systems will emerge, and issuers will compete with one another to respond to such market demand.

[80] The invention of claim 1 can also be used to force online processing when a user wants to pay by a debit method or a credit method for a purchase in a transaction at an unattended transaction terminal such as a vending machine or a public telephone or to force online processing when a user wants to use an unattended transaction terminal such as a cash dispenser or an automatic teller machine, thus defeating crimes that employ unattended transaction terminals that are fake or rigged.

[81] It should be noted that the method of making a debit entry against a prepaid account is one kind of debit method. In other words, the invention of claim 1 can be used to force online processing of transactions at transaction terminals (whether attended or unattended) in prepaid systems, such as prepaid systems for pachinko parlors and amusement parks.

[82] Furthermore, at present, a blind or eyesight-impaired person, if she or he wants to

pay by debit or credit for a purchase in an attended transaction with a merchant, must rely on the merchant's transaction terminal; if she or he wants to pay by debit or credit for a purchase in a transaction at an unattended transaction terminal, must rely on the unattended transaction terminal; and, if she or he wants to use a CD or an ATM, must rely on the CD or the ATM — all of which generally lack adequate audible output or Braille output functions. But with the invention of claim 1 all the information for the user concerning processing as a debit transaction or credit transaction or usage of the CD or ATM is received by the user's own portable device, and all the manipulations on the user's side are performed on the user's own portable device. If the portable device of a blind or eyesight-impaired person is equipped with adequate audible output or Braille output functions, nothing else is needed. As a result, it may be anticipated that many blind and eyesight-impaired persons will enjoy in their lives as consumers the freedom to choose, without anxiety, among a greater diversity of methods of paying for their purchases in attended transactions with merchants and for their purchases in transactions at unattended transaction terminals, and also among a greater diversity of methods for cashing and for performing teller-type transactions.

[83] Moreover, with the invention of claim 1, because all the information for the user concerning the processing of a debit transaction or credit transaction or the usage of a CD or ATM is received by the user's own portable device and presented in a language that is understood by the user, it may be anticipated that many people will feel more confident about traveling in foreign countries.

[84] With the invention of claim 2, a user can perform, shortly before arriving at the place where a lock has been installed, the PIN input needed for unlocking the lock. For example, the resident of an apartment building with a locked but unguarded entrance, on her or his way home late at night, will be able to input the PIN ahead of time in a safe place such as inside a public transportation vehicle or facility, while walking along a public sidewalk with many passersby, or while sitting in her or his car in the apartment building's parking lot. Then she or he can proceed to the entrance and quickly unlock the lock and open the door and enter with no delay and no distractions. In a conventional building-access control system, there are delays and distractions at the entrance while the user performs PIN input or biometric authentication or while she or he fumbles through her or his handbag or wallet for the right key or card, and it is during these delays and distractions that the user is most vulnerable to criminal attack. By eliminating these delays and distractions at the entrance the invention of claim 2 reduces the time available to the criminal and enables the user to stay alert for signs of danger. As a result, a virtuous circle may be anticipated, namely, the consciousness of a large number of persons regarding the safety of building-access control systems for apartment buildings will be heightened, market demand for safer systems will emerge,

and apartment building developers and operators will compete with one another to respond to such market demand. Furthermore, it may be anticipated that these safety improvements will inure to the benefit of not only apartment building residents who are sighted but also those who are blind or have impaired eyesight.

[85] And the invention of claim 2 can be used not only in building-access control systems for apartment buildings but also in a wide variety of other systems for controlling access to facilities or equipment, including systems that have attendance recording functionality.

[86] With the invention of claim 3, within a device that is equipped with a face in the form of the face of an analog-display timepiece, a rotatable bezel, a mark on the bezel, one or more buttons, and an integrated circuit, a device that provides the functionality of generating from the state of rotation of the bezel and entering into the integrated circuit twelve different binary signals, each of which is generated when a button manipulation is performed when the bezel is at one of the twelve rotational positions at thirty-degree intervals that the bezel arrives at when it is rotated until the mark is aligned with one of the twelve hour indicators on the face, can be realized in a form that has few design restrictions, low power consumption, long useful life, and low manufacturing cost. As a result, it may be anticipated that, in addition of course to the inventions of claims 1 and 2, other timepieces or devices in the form of timepieces will be developed that incorporate various functions requiring the manual input of numerical data.

[87] With the invention of claim 4, in a system that requires a user to have a PIN that is at least 4 digits long and that allows the user to choose her or his own PIN, the scope of choice can be limited to a group of PIN candidates in which each candidate has at least the same strength as that of a conventional decimal-system PIN but from which every candidate that the user might possibly have used previously as a conventional decimal- system PIN has been eliminated. As a result, it may be anticipated that systems that use conventional decimal-system PINs and systems that work the invention of claim 4 will coexist without overlapping, that such elimination of overlapping will strengthen both kinds of systems, and that such strengthening will conduce to greater safety for users of both kinds of systems.

[88] With the invention of claim 5, in a system that works the invention of claim 4, the risk of unintentional input of a trial PIN can be reduced.

[89] With the invention of claim 6, merchants, the proprietors of unattended transaction terminals, and financial institutions will be able to offer their customers a means of paying by debit or credit for their purchases, or of using CDs or ATMs, without anxiety and in a manner that prevents crime and protects the safety of their own persons to the maximum extent. They will also be able to offer improved accessibility

to blind and eyesight-impaired persons and improved convenience to persons who prefer to use a foreign language.

[90] With the invention of claim 7, customers of online merchants and online financial institutions will be able to input their login numbers and PINs in a manner that is secure both against spy ware that logs keystrokes and against spy ware that takes screenshots. As a result, customers will be able to do business with online merchants and financial institutions via personal computers in internet cafes, copy centers, executive service salons at hotels and airports, etc., without having to worry overmuch about whether such personal computers might be infected with spy ware.

[91] For the average user, the invention of claim 7 will be most useful in a portable mode, i.e. in an embodiment as a portable reader that the user can use as a plug-in peripheral device with internet-connected personal computers anywhere in the world. But for operators of internet cafes, copy centers, executive service salons at hotels and airports, etc., the mode of a built-in personal-computer component has the advantage of obviating the risk of component theft.

[92] With the invention of claim 8, systems for controlling access to facilities or equipment, including systems that have attendance recording functionality, can be made safer without resorting to biometrics. In particular, the operators of apartment buildings will be able to deploy building-access control systems that offer greater safety to their residents' own persons.