公开(公告)号：DE3783822T2

公开(公告)日：1993-08-19

申请号：DE3783822

申请日：1987-04-14

Applicant: IBM

Inventor： MATYAS STEPHEN MICHAEL

IPC: G09C1/00 ,  G06Q20/02 ,  G06Q20/04 ,  G06Q20/10 ,  G06Q20/14 ,  G06Q20/34 ,  G06Q20/38 ,  G06Q20/40 ,  G07F7/10 ,  H04L9/00 ,  H04L9/08 ,  H04L9/30

Abstract: A procedure is disclosed for initialising with security and integrity a large number of terminals in an EFT/POS network with cryptographic variables. Each terminal in the network is provided with a terminal identification known to the key distribution centre, the public key of the key distribution centre is stored in the cryptographic facility of each terminal. A terminal initialiser is designated for each terminal, and the terminal initialiser for each terminal is notified of two expiration times for the purposes of registering the terminal's cryptovariable with the key distribution centre. The cryptovariable is generated by the terminal using its cryptographic facility. Prior to the first expiration time, a registration request is prepared and transmitted to the key distribution centre. The registration request includes the terminal identification and the cryptovariable. When the key distribution centre receives this request, the cryptovariable is temporarily registered and that fact is acknowledged to the requesting terminal. After the expiration of the second time, the registration is complete. Provisions are also made for invalidating a terminal identification in the event that more than one registration is attempted for a given terminal identification or that the registration was not made in time. The same procedure can be used to initialise cryptovariables of users of a network. The protocol is basically the same except that a user identification is used instead of a terminal identification, and the users may be provided with a transportable media, such as a magnetic stripe card or the like, which stores the user cryptovariable and can be read by terminals in the network.

公开(公告)号：DE3783822D1

公开(公告)日：1993-03-11

申请号：DE3783822

申请日：1987-04-14

Applicant: IBM

Inventor： MATYAS STEPHEN MICHAEL

IPC: G09C1/00 ,  G06Q20/02 ,  G06Q20/04 ,  G06Q20/10 ,  G06Q20/14 ,  G06Q20/34 ,  G06Q20/38 ,  G06Q20/40 ,  G07F7/10 ,  H04L9/00 ,  H04L9/08 ,  H04L9/30

Abstract: A procedure is disclosed for initialising with security and integrity a large number of terminals in an EFT/POS network with cryptographic variables. Each terminal in the network is provided with a terminal identification known to the key distribution centre, the public key of the key distribution centre is stored in the cryptographic facility of each terminal. A terminal initialiser is designated for each terminal, and the terminal initialiser for each terminal is notified of two expiration times for the purposes of registering the terminal's cryptovariable with the key distribution centre. The cryptovariable is generated by the terminal using its cryptographic facility. Prior to the first expiration time, a registration request is prepared and transmitted to the key distribution centre. The registration request includes the terminal identification and the cryptovariable. When the key distribution centre receives this request, the cryptovariable is temporarily registered and that fact is acknowledged to the requesting terminal. After the expiration of the second time, the registration is complete. Provisions are also made for invalidating a terminal identification in the event that more than one registration is attempted for a given terminal identification or that the registration was not made in time. The same procedure can be used to initialise cryptovariables of users of a network. The protocol is basically the same except that a user identification is used instead of a terminal identification, and the users may be provided with a transportable media, such as a magnetic stripe card or the like, which stores the user cryptovariable and can be read by terminals in the network.

公开(公告)号：DE3685987T2

公开(公告)日：1993-02-04

申请号：DE3685987

申请日：1986-04-16

Applicant: IBM

Inventor： MATYAS STEPHEN MICHAEL

IPC: G07F7/10 ,  H04L9/30 ,  H04L9/00

Abstract: A technique for reducing RSA (Rivest, Shamir and Adleman algorithm) cryptovariable key from 1200 bits (400-bit public key, 400-bit secret key and 400-bit modulus) to 106 bits makes feasible the storage of the RSA algorithm parameters on current magnetic stripe cards used by the banking and finance industry. Of the 106 bits required, only 56 bits must be kept secret; the remaining 50 bits are nonsecret. These 106 bits are used to derive two 200-bit primes P and Q from which is computed the modulus N = PQ and two 400-bit keys PK (public key) and SK (secret key). In effect, a savings in storage is achieved at the expense of performing a precomputation to derive the modulus an keys each time the system is utilised for encryption/decryption. The 56-bit value plus the additional 50 bits of nonsecret data can be used to generate the RSA cryptovariables in systems where the RSA algorithm has been implemented. In another embodiment, a technique is provided for reducing the RSA cryptovariable storage of the public key PK and modulus from 800 bits to 242 bits. These 242 bits can be used at any later time to derive the 400-bit public key PK and 40--bit modulus N = PQ. The savings in storage is achieved by performing a precomputation each time the system is utilised for encryption/decryption.

公开(公告)号：DE3686659D1

公开(公告)日：1992-10-15

申请号：DE3686659

申请日：1986-01-21

Applicant: IBM

Inventor： MATYAS STEPHEN MICHAEL

IPC: G07F7/12 ,  G06Q20/40 ,  G07D1/00 ,  G07D9/00 ,  G07F7/10 ,  H04L9/32 ,  H04L9/14

Abstract: A method of offline personal identification in and to a muftiterminal data processing system, the method using an authentication tree with a one-way authentication tree function, a stored global secret key, a stored global verification value of reference, a personal identification number entered directly by the potential user and a personal key and an index position number entered via a card previously issued to the potential user, the index position number representing the tree path for the user to whom the card was issued, by calculating an authentication parameter as a function of the personal key and the personal identification number; mapping the parameter to a verification value using the index position number in the one way function to the root of the tree; comparing the verification value obtained by the mapping with the stored global verification value of reference; and enabling the system in respect of transaction execution if the comparison meets predetermined criteria.

公开(公告)号：DE2861957D1

公开(公告)日：1982-09-02

申请号：DE2861957

申请日：1978-12-05

Applicant: IBM

Inventor： EHRSAM WILLIAM FRIEDRICH ,  ELANDER ROBERT CARL ,  HOLLIS LLOYD LEE ,  LENNON RICHARD EDWARD ,  MATYAS STEPHEN MICHAEL ,  MEYER CARL HEINZ WILHELM ,  OSEAS JONATHAN ,  TUCHMAN WALTER LEONARD

IPC: H04L9/06 ,  G09C1/00 ,  H04L9/08 ,  H04L9/14 ,  H04L9/18 ,  H04L11/26 ,  H04L9/02

Abstract: This invention concerns a multiple domain data communication method and network. An embodiment of the invention provides communication security for data transmissions between different domains of a multiple domain communication network where each domain includes a host system i, j, k and its associated resources of programs and communication terminals T. The host systems and communication terminals include data security devices 11, X each having a master key 13 which permits a variety of cryptographic operations to be performed. When a host system in one domain wishes to communicate with a host system in another domain, a common session key is established at both host systems to permit cryptographic operations to be performed. This is accomplished by using a mutually agreed upon cross-domain key known by both host systems and does not require each host system to reveal its master key to the other host system. The cross domain key is enciphered under a key encrypting key designated as the sending cross domain key at the sending host system and under a different key encrypting key designated as the receiving cross domain key at the receiving host system. The sending host system creates an enciphered session key and together with the sending cross-domain key performs a transformation function to reencipher the session key under the sending cross domain key for transmission to the receiving host system. At the receiving host system, the receiving host system using the receiving cross-domain key and the received session key, performs a transformation function to reencipher the receives session key from encipherment under the sending cross domain key to encipherment under the receiving host system master key. With the common session key now available in usable form at both host systems, a communication session may be established and cryptographic operations can proceed between the domains of the two host systems.

公开(公告)号：DE2861905D1

公开(公告)日：1982-08-05

申请号：DE2861905

申请日：1978-12-05

Applicant: IBM

Inventor： LENNON RICHARD EDWARD ,  MATYAS STEPHEN MICHAEL ,  MEYER CARL HEINZ WILHELM ,  OSEAS JONATHAN ,  PRENTICE PAUL NORMAN ,  TUCHMAN WALTER LEONARD

IPC: H04K1/00 ,  G07F7/10 ,  H04L9/18 ,  H04L9/32 ,  H04L9/02

Abstract: This invention concerns a process and apparatus for the verification of cryptographic operational keys used in data communication networks. In a data communication network providing communication security for communication sessions between a first station and a second station where each station has cryptographic apparatus provided with an operational key which should be common to both stations for cryptographic operations, an operational key verification arrangement is provided in which a first number provided at the first station is operated upon in accordance with the first station operational key to obtain cryptographic data for transmission to the second station, requiring the second station to perform an operation on the first station cryptographic data in accordance with the second station operational key to obtain cryptographic data for transmission back to the first station, and in which an operation is performed at the first station in accordance with the first number and the second station cryptographic data to verify that the second station is the source of second station cryptographic data only if the operational keys are identical.

公开(公告)号：DE3883287T2

公开(公告)日：1994-03-17

申请号：DE3883287

申请日：1988-05-11

Applicant: IBM

Inventor： MATYAS STEPHEN MICHAEL ,  MEYER CARL HEINZ WILHELM ,  BRACHTL BRUNO OSWALD

IPC: G09C1/00 ,  H04L9/08 ,  H04L9/00

Abstract: A method of controlling the use of securely transmitted information in a network of stations in which each potentially cooperating station includes a cryptographic facility (10) which securely stores a master key and in which, for each transmission between a pair of stations, a cryptographic key result is provided for each station of the pair by a generating station which is either one of the pair or a station external to the pair under a cryptographic protocol common to the network, the cryptographic key results for the transmission having a random component notionally particular to the transmission, a master key variant component characteristic of the protocol and a target station component either particular to the stations individually or as a pair, wherein, in response to a generating command invoked in the generating station for establishing a controlled use secure transmission between a designated pair of stations, the generating station generates the cryptographic key result for each designated station, accesses the control value common to the system for the permitted operation for each of the stations for the particular transmission, combines the control value with the common key result or each individual key result and causes the appropriate combined key result to be established in each station of the pair for the transmission, and wherein the cryptographic facility (10) in each station is arranged, when an operating command is invoked to perform a designated operation with respect to such securely transmitted information, to automatically abort such operation unless it matches the control value.

公开(公告)号：DE3587072T2

公开(公告)日：1993-08-12

申请号：DE3587072

申请日：1985-11-29

Applicant: IBM

Inventor： MATYAS STEPHEN MICHAEL ,  OSEAS JONATHAN

IPC: H04L9/00 ,  G06F1/00 ,  G06F12/14 ,  G06F21/00 ,  G06F21/22 ,  G06F21/24 ,  G07F7/00 ,  G07F7/10 ,  H04L9/32

Abstract: A cryptographic method for discouraging the copying and sharing of purchased software programs allows an encrypted program to be run on only a designated computer or, alternatively, to be run on any computer but only by the user possessing a designated smart card. Each program offering sold by the software vendor is encrypted with a unique file key and then written on a diskette. A user who purchases a diskette having written thereon an encrypted program must first obtain a secret password from the software vendor. This password will allow the encrypted program to be recovered at a prescribed, designated computer having a properly implemented and initialised encryption feature. The encryption feature decrypts the file key of the program from the password, and when the encrypted program is loaded at the proper computer, the program or a portion of it is automatically decrypted and written into a protected memory from which it can only be executed and not accessed for non-execution purposes. In alternative embodiments, the user is not confined to a prescribed, designated computer but may use the program on other, different computers with a smart card provided the computers have a properly implemented and initialised encryption feature that accepts the smart card. As a further modification, the cryptographic facility may support operations that enable the user to encrypt and decrypt user generated files and/or user generated programs.

公开(公告)号：DE3685987D1

公开(公告)日：1992-08-20

申请号：DE3685987

申请日：1986-04-16

Applicant: IBM

Inventor： MATYAS STEPHEN MICHAEL

IPC: G07F7/10 ,  H04L9/30 ,  H04L9/00

Abstract: A technique for reducing RSA (Rivest, Shamir and Adleman algorithm) cryptovariable key from 1200 bits (400-bit public key, 400-bit secret key and 400-bit modulus) to 106 bits makes feasible the storage of the RSA algorithm parameters on current magnetic stripe cards used by the banking and finance industry. Of the 106 bits required, only 56 bits must be kept secret; the remaining 50 bits are nonsecret. These 106 bits are used to derive two 200-bit primes P and Q from which is computed the modulus N = PQ and two 400-bit keys PK (public key) and SK (secret key). In effect, a savings in storage is achieved at the expense of performing a precomputation to derive the modulus an keys each time the system is utilised for encryption/decryption. The 56-bit value plus the additional 50 bits of nonsecret data can be used to generate the RSA cryptovariables in systems where the RSA algorithm has been implemented. In another embodiment, a technique is provided for reducing the RSA cryptovariable storage of the public key PK and modulus from 800 bits to 242 bits. These 242 bits can be used at any later time to derive the 400-bit public key PK and 40--bit modulus N = PQ. The savings in storage is achieved by performing a precomputation each time the system is utilised for encryption/decryption.

公开(公告)号：GB2146815A

公开(公告)日：1985-04-24

申请号：GB8324917

申请日：1983-09-17

Applicant: IBM

Inventor： OSEAS JONATHAN ,  BRACHTL BRUNO ,  HOLLOWAY CHRISTOPHER J ,  LENNON RICHARD EDWARD ,  MATYAS STEPHEN MICHAEL ,  MEYER CARL HEINZ-WILHELM

IPC: G06Q20/08 ,  G07F7/12 ,  G06Q20/20 ,  G06Q20/34 ,  G06Q20/38 ,  G06Q20/40 ,  G07D9/00 ,  G07F7/10 ,  G07F19/00 ,  H04L9/00

Abstract: @ An electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data processing centres. Users of the system are issued with intelligent secure bank cards, which include a microprocessor, ROS and RAM stores. The ROS includes a personal key (KP) and an account number (PAN) stored on the card when the issuer issues it to the user. Users also have a personal identity number (PIN) which is stored or remembered separately. A transaction is initiated at a retail terminal when a card is inserted in an EFT module connected to the terminal. A request message including the PAN and a session key (KS) is transmitted to the issuers data processing centre. The issuer generates an authentication parameter (TAP) based upon its stored version of KP and PIN and a time variant parameter received from the terminal. The TAP is then returned to the terminal in a response message, and based upon an inputed ./... PIN, partial processing of the input PIN and KP on the card a derived TAP is compared with the received TAP in the terminal. A correct comparison indicating that the entered PIN is valid.The request message includes the PAN encoded under the KS and KS encoded under a cross-domain key. Message authentication codes (MAC) are attached to each message and the correct reception and regeneration of a MAC on a message including a term encoded under KS indicates that the received KS is valid and that the message originated at a valid terminal or card.