-
公开(公告)号:GB2146814A
公开(公告)日:1985-04-24
申请号:GB8324916
申请日:1983-09-17
Applicant: IBM
Inventor: OSEAS JONATHAN , BRACHTL BRUNO , HOLLOWAY CHRISTOPHER J , LENNON RICHARD EDWARD , MATYAS STEPHEN MICHAEL , MEYER CARL HEINZ-WILHELM
Abstract: An electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data processing centres. Users of the system are issued with intelligent secure bank cards, which include a microprocessor, ROS and RAM stores. The ROS includes a personal key (KP) and an account number (PAN) stored on the card when the issuer issues it to the user. Users also have a personal identity number (PIN) which is stored or remembered separately.A transaction is initiated at a retail terminal when a card is inserted in an EFT module connected to the terminal. A request message including the PAN and a session key (KS) is transmitted to the issuers data processing centre. The issuer generates an authentication parameter (TAP) based upon its stored version of KP and PIN and a time variant parameter received from the terminal. The TAP is then returned to the terminal in a response message, and based upon an imputed PIN, partial processing of the input PIN and KP on the card a derived TAP is compared with the received TAP in the terminal. A correct comparison indicating that the entered PIN is valid.The request message includes the PAN encoded under the KS and KS encoded under a cross-domain key. Message authentication codes (MAC) are attached to message and the correct reception and regeneration of a MAC on a message including a term encoded under KS indicates that the received KS is valid and that the message originated at a valid terminal or card.
-
公开(公告)号:CA1124812A
公开(公告)日:1982-06-01
申请号:CA317109
申请日:1978-11-30
Applicant: IBM
Inventor: EHRSAM WILLIAM F , ELANDER ROBERT C , HOLLIS LLOYD L , LENNON RICHARD E , MATYAS STEPHEN M , MEYER CARL H W , OSEAS JONATHAN , TUCHMAN WALTER L
Abstract: CRYPTOGRAPHIC COMMUNICATION SECURITY FOR MULTIPLE DOMAIN NETWORKS A communication security system for data transmissions between different domains of a multiple domain communication network where each domain includes a host system and its associated resources of programs and communication terminals. The host systems and communication terminals include data security devices each having a master key which permits a variety of cryptographic operations to be performed. When a host system in one domain wishes to communicate with a host system in another domain, a common session key is established at both host systems to permit cryptographic operations to be performed. This is accomplished by using a mutually agreed upon cross-domain key known by both host systems and does not require each host system to reveal its master key to the other host system. The cross domain key is enciphered under a key encrypting key designated as the sending cross domain key at the sending host system and under a different key encrypting key designated as the receiving cross domain key at the receiving host system. The sending host system creates an enciphered session key and together with the sending cross-domain key performs a transformation function to reencipher the session key under the sending cross domain key for transmission to the receiving host system. At the receiving host system, the receiving host system using the receiving cross-domain key and the received session key, performs a transformation function to reencipher the received session key from encipherment under the sending cross domain key to encipherment under the receiving host system master key. With the common session key now available in usable form at both host systems, a communication session is established and cryptographic operations can proceed between the two host systems. Ki977009
-
公开(公告)号:DE3481739D1
公开(公告)日:1990-04-26
申请号:DE3481739
申请日:1984-08-29
Applicant: IBM DEUTSCHLAND
Inventor: BRACHTL BRUNO , HOLLOWAY CHRISTOPHER J , LENNON RICHARD EDWARD , MATYAS STEPHEN MICHAEL , MEYER CARL HEINZ-WILHELM , OSEAS JONATHAN
Abstract: An electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data processing centres. Users of the system are issued with intelligent secure bank cards, which include a microprocessor, ROS and RAM stores. The ROS includes a personal key (KP) and an account number (PAN) stored on the card when the issuer issues it to the user. Users also have a personal identity number (PIN) which is stored or remembered separately.A transaction is initiated at a retail terminal when a card is inserted in an EFT module connected to the terminal. A request message including the PAN and a session key (KS) is transmitted to the issuers data processing centre. The issuer generates an authentication parameter (TAP) based upon its stored version of KP and PIN and a time variant parameter received from the terminal. The TAP is then returned to the terminal in a response message, and based upon an imputed PIN, partial processing of the input PIN and KP on the card a derived TAP is compared with the received TAP in the terminal. A correct comparison indicating that the entered PIN is valid.The request message includes the PAN encoded under the KS and KS encoded under a cross-domain key. Message authentication codes (MAC) are attached to message and the correct reception and regeneration of a MAC on a message including a term encoded under KS indicates that the received KS is valid and that the message originated at a valid terminal or card.
-
公开(公告)号:CA1119268A
公开(公告)日:1982-03-02
申请号:CA317159
申请日:1978-11-30
Applicant: IBM
Inventor: LENNON RICHARD E , MATYAS STEPHEN M , MEYER CARL H W , OSEAS JONATHAN , PRENTICE PAUL N , TUCHMAN WALTER L
Abstract: CRYPTOGRAPHIC VERIFICATION OF OPERATIONAL KEYS USED IN COMMUNICATION NETWORKS In a data communication network providing communication security for communication session between a first station and a second station where each station has cryptographic apparatus provided with an operational key which should be common to both stations for cryptographic operation, an operational key verification arrangement is provided in which a first number provided at the first station is operated upon in accordance with the first station operational key to obtain cryptographic data for transmission to the second station, requiring the second station to perform an operation on the first station cryptographic data in accordance with the second station operational key to obtain cryptographic data for transmission back to the first station and performing an operation at the first station in accordance with the first number and the second station cryptographic data to verify that the second station is the source of second station cryptographic data only if the operational keys are identical.
-
-
-
Search Results
14
records
(took 0.028 seconds)
