公开(公告)号：DE3479065D1

公开(公告)日：1989-08-24

申请号：DE3479065

申请日：1984-08-29

Applicant: IBM ,  IBM UK ,  IBM DEUTSCHLAND

Inventor： BRACHTL BRUNO ,  HOLLOWAY CHRISTOPHER J ,  LENNON RICHARD EDWARD ,  MATYAS STEPHEN MICHAEL ,  MEYER CARL HEINZ-WILHELM ,  OSEAS JONATHAN

IPC: G07F7/12 ,  G06Q20/08 ,  G06Q20/20 ,  G06Q20/34 ,  G06Q20/38 ,  G06Q20/40 ,  G07D9/00 ,  G07F7/10 ,  G07F19/00 ,  H04L9/02

Abstract: @ An electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data processing centres. Users of the system are issued with intelligent secure bank cards, which include a microprocessor, ROS and RAM stores. The ROS includes a personal key (KP) and an account number (PAN) stored on the card when the issuer issues it to the user. Users also have a personal identity number (PIN) which is stored or remembered separately. A transaction is initiated at a retail terminal when a card is inserted in an EFT module connected to the terminal. A request message including the PAN and a session key (KS) is transmitted to the issuers data processing centre. The issuer generates an authentication parameter (TAP) based upon its stored version of KP and PIN and a time variant parameter received from the terminal. The TAP is then returned to the terminal in a response message, and based upon an inputed ./... PIN, partial processing of the input PIN and KP on the card a derived TAP is compared with the received TAP in the terminal. A correct comparison indicating that the entered PIN is valid.The request message includes the PAN encoded under the KS and KS encoded under a cross-domain key. Message authentication codes (MAC) are attached to each message and the correct reception and regeneration of a MAC on a message including a term encoded under KS indicates that the received KS is valid and that the message originated at a valid terminal or card.

公开(公告)号：GB2146815A

公开(公告)日：1985-04-24

申请号：GB8324917

申请日：1983-09-17

Applicant: IBM

Inventor： OSEAS JONATHAN ,  BRACHTL BRUNO ,  HOLLOWAY CHRISTOPHER J ,  LENNON RICHARD EDWARD ,  MATYAS STEPHEN MICHAEL ,  MEYER CARL HEINZ-WILHELM

IPC: G06Q20/08 ,  G07F7/12 ,  G06Q20/20 ,  G06Q20/34 ,  G06Q20/38 ,  G06Q20/40 ,  G07D9/00 ,  G07F7/10 ,  G07F19/00 ,  H04L9/00

Abstract: @ An electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data processing centres. Users of the system are issued with intelligent secure bank cards, which include a microprocessor, ROS and RAM stores. The ROS includes a personal key (KP) and an account number (PAN) stored on the card when the issuer issues it to the user. Users also have a personal identity number (PIN) which is stored or remembered separately. A transaction is initiated at a retail terminal when a card is inserted in an EFT module connected to the terminal. A request message including the PAN and a session key (KS) is transmitted to the issuers data processing centre. The issuer generates an authentication parameter (TAP) based upon its stored version of KP and PIN and a time variant parameter received from the terminal. The TAP is then returned to the terminal in a response message, and based upon an inputed ./... PIN, partial processing of the input PIN and KP on the card a derived TAP is compared with the received TAP in the terminal. A correct comparison indicating that the entered PIN is valid.The request message includes the PAN encoded under the KS and KS encoded under a cross-domain key. Message authentication codes (MAC) are attached to each message and the correct reception and regeneration of a MAC on a message including a term encoded under KS indicates that the received KS is valid and that the message originated at a valid terminal or card.

公开(公告)号：DE3481739D1

公开(公告)日：1990-04-26

申请号：DE3481739

申请日：1984-08-29

Applicant: IBM DEUTSCHLAND

Inventor： BRACHTL BRUNO ,  HOLLOWAY CHRISTOPHER J ,  LENNON RICHARD EDWARD ,  MATYAS STEPHEN MICHAEL ,  MEYER CARL HEINZ-WILHELM ,  OSEAS JONATHAN

IPC: G07F7/12 ,  G06Q20/10 ,  G06Q20/34 ,  G06Q20/40 ,  G07D9/00 ,  G07F7/10 ,  H04L9/32

Abstract: An electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data processing centres. Users of the system are issued with intelligent secure bank cards, which include a microprocessor, ROS and RAM stores. The ROS includes a personal key (KP) and an account number (PAN) stored on the card when the issuer issues it to the user. Users also have a personal identity number (PIN) which is stored or remembered separately.A transaction is initiated at a retail terminal when a card is inserted in an EFT module connected to the terminal. A request message including the PAN and a session key (KS) is transmitted to the issuers data processing centre. The issuer generates an authentication parameter (TAP) based upon its stored version of KP and PIN and a time variant parameter received from the terminal. The TAP is then returned to the terminal in a response message, and based upon an imputed PIN, partial processing of the input PIN and KP on the card a derived TAP is compared with the received TAP in the terminal. A correct comparison indicating that the entered PIN is valid.The request message includes the PAN encoded under the KS and KS encoded under a cross-domain key. Message authentication codes (MAC) are attached to message and the correct reception and regeneration of a MAC on a message including a term encoded under KS indicates that the received KS is valid and that the message originated at a valid terminal or card.

公开(公告)号：CA1328129C

公开(公告)日：1994-03-29

申请号：CA572708

申请日：1988-07-21

Applicant: IBM

Inventor： BRACHTL BRUNO ,  COPPERSMITH DON ,  HYDEN MYRNA ,  MATYAS STEPHEN JR ,  MEYER CARL ,  OSEAS JONATHAN ,  PILPEL SHAIY ,  SCHILLING MICHAEL

IPC: H04L9/32 ,  H04L9/06

Abstract: DATA AUTHENTICATION USING MODIFICATION DETECTION CODES BASED ON A PUBLIC ONE WAY ENCRYPTION FUNCTION A cryptographic method and apparatus are disclosed which transform a message of arbitrary length into a block of fixed length (128 bits) defined modification detection code (MDC). Although there are a large number of messages which result in the same MDC, because the MDC is a many to-one function of the input, it is required that it is practically not feasible for an opponent to find them. In analyzing the methods, a distinction is made between two types of attacks, i.e., insiders (who have access to the system) and outsiders (who do not). The first method employs four encryption steps per DEA block and provides the higher degree of security. Coupling between the different DEA operations is provided by using the input keys also as data in two of the four encryption steps. In addition, there is cross coupling by interchanging half of the internal keys. Although this second coupling operation does not add to security in this scheme, it is mandatory in the second method, which employs only two encryption steps per DEA block to trade off security for performance. By providing key cross-coupling in both schemes, an identical kernel is established for both methods. This has an implementation advantage since the first method can be achieved by applying the second method twice. The MDC, when loaded into a secure device, authorizes one and only one data set to be authenticated by the MDC, whereas methods based on message authentication codes or digital signatures involving a public key algorithm authorize a plurality of data sets to be authenticated. The MDC therefore provides for greater security control.

公开(公告)号：AU565332B2

公开(公告)日：1987-09-10

申请号：AU3180384

申请日：1984-08-10

Applicant: IBM

Inventor： BRACHTL BRUNO ,  MEYER CARL HEINZ-WILHELM ,  HOLLOWAY CHRISTOPHER J ,  LENNON RICHARD EDWARD ,  MATYAS STEPHEN MICHAEL ,  OSEAS JONATHANA

IPC: G07F7/12 ,  G06Q20/10 ,  G06Q20/34 ,  G06Q20/40 ,  G07D9/00 ,  G07F7/10 ,  G06F15/21 ,  G07C11/00 ,  G06K9/00

Abstract: An electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data processing centres. Users of the system are issued with intelligent secure bank cards, which include a microprocessor, ROS and RAM stores. The ROS includes a personal key (KP) and an account number (PAN) stored on the card when the issuer issues it to the user. Users also have a personal identity number (PIN) which is stored or remembered separately.A transaction is initiated at a retail terminal when a card is inserted in an EFT module connected to the terminal. A request message including the PAN and a session key (KS) is transmitted to the issuers data processing centre. The issuer generates an authentication parameter (TAP) based upon its stored version of KP and PIN and a time variant parameter received from the terminal. The TAP is then returned to the terminal in a response message, and based upon an imputed PIN, partial processing of the input PIN and KP on the card a derived TAP is compared with the received TAP in the terminal. A correct comparison indicating that the entered PIN is valid.The request message includes the PAN encoded under the KS and KS encoded under a cross-domain key. Message authentication codes (MAC) are attached to message and the correct reception and regeneration of a MAC on a message including a term encoded under KS indicates that the received KS is valid and that the message originated at a valid terminal or card.

公开(公告)号：GB2146814A

公开(公告)日：1985-04-24

申请号：GB8324916

申请日：1983-09-17

Applicant: IBM

Inventor： OSEAS JONATHAN ,  BRACHTL BRUNO ,  HOLLOWAY CHRISTOPHER J ,  LENNON RICHARD EDWARD ,  MATYAS STEPHEN MICHAEL ,  MEYER CARL HEINZ-WILHELM

IPC: G06Q20/10 ,  G06Q20/34 ,  G07F7/12 ,  G06Q20/40 ,  G07D9/00 ,  G07F7/10 ,  H04L9/00

Abstract: An electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data processing centres. Users of the system are issued with intelligent secure bank cards, which include a microprocessor, ROS and RAM stores. The ROS includes a personal key (KP) and an account number (PAN) stored on the card when the issuer issues it to the user. Users also have a personal identity number (PIN) which is stored or remembered separately.A transaction is initiated at a retail terminal when a card is inserted in an EFT module connected to the terminal. A request message including the PAN and a session key (KS) is transmitted to the issuers data processing centre. The issuer generates an authentication parameter (TAP) based upon its stored version of KP and PIN and a time variant parameter received from the terminal. The TAP is then returned to the terminal in a response message, and based upon an imputed PIN, partial processing of the input PIN and KP on the card a derived TAP is compared with the received TAP in the terminal. A correct comparison indicating that the entered PIN is valid.The request message includes the PAN encoded under the KS and KS encoded under a cross-domain key. Message authentication codes (MAC) are attached to message and the correct reception and regeneration of a MAC on a message including a term encoded under KS indicates that the received KS is valid and that the message originated at a valid terminal or card.