公开(公告)号：JPH10135942A

公开(公告)日：1998-05-22

申请号：JP26837197

申请日：1997-10-01

Applicant: IBM

Inventor： HOLLOWAY CHRISTOPHER J

IPC: G06F12/00 ,  G06F1/00 ,  G06F13/00 ,  G06F21/00 ,  G09C1/00 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32

Abstract: PROBLEM TO BE SOLVED: To process a message without cipher algorithm or a permission user key by performing deciphering through an intrinsic dedicated key registered to a server computer by a public key shared with a communicating party by a user. SOLUTION: A client computer system 110, provided with a Web browser 105 and a smart card reader 120, is connected to a communication network WWW 100. Also, the WWW 100 is connected to a server computer system 130, provided with a Web server 136 connected to a key server computer 138 through a fire wall 137. Also, the web server 136 stores the WWW page 135 of a user account accessible by the browser 105 of the client 110 and the ciphered dedicated key SKu intrinsic to the user 150 is stored in the key server 138. Thus, the user 150 performs deciphering and processes the message by the public key shared with the communicating party.

公开(公告)号：DE3479065D1

公开(公告)日：1989-08-24

申请号：DE3479065

申请日：1984-08-29

Applicant: IBM ,  IBM UK ,  IBM DEUTSCHLAND

Inventor： BRACHTL BRUNO ,  HOLLOWAY CHRISTOPHER J ,  LENNON RICHARD EDWARD ,  MATYAS STEPHEN MICHAEL ,  MEYER CARL HEINZ-WILHELM ,  OSEAS JONATHAN

IPC: G07F7/12 ,  G06Q20/08 ,  G06Q20/20 ,  G06Q20/34 ,  G06Q20/38 ,  G06Q20/40 ,  G07D9/00 ,  G07F7/10 ,  G07F19/00 ,  H04L9/02

Abstract: @ An electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data processing centres. Users of the system are issued with intelligent secure bank cards, which include a microprocessor, ROS and RAM stores. The ROS includes a personal key (KP) and an account number (PAN) stored on the card when the issuer issues it to the user. Users also have a personal identity number (PIN) which is stored or remembered separately. A transaction is initiated at a retail terminal when a card is inserted in an EFT module connected to the terminal. A request message including the PAN and a session key (KS) is transmitted to the issuers data processing centre. The issuer generates an authentication parameter (TAP) based upon its stored version of KP and PIN and a time variant parameter received from the terminal. The TAP is then returned to the terminal in a response message, and based upon an inputed ./... PIN, partial processing of the input PIN and KP on the card a derived TAP is compared with the received TAP in the terminal. A correct comparison indicating that the entered PIN is valid.The request message includes the PAN encoded under the KS and KS encoded under a cross-domain key. Message authentication codes (MAC) are attached to each message and the correct reception and regeneration of a MAC on a message including a term encoded under KS indicates that the received KS is valid and that the message originated at a valid terminal or card.

公开(公告)号：DE69328334T2

公开(公告)日：2000-10-19

申请号：DE69328334

申请日：1993-09-08

Applicant: IBM

Inventor： ELANDER ROBERT C ,  HOLLOWAY CHRISTOPHER J ,  JOHNSON DONALD B ,  KELLY MICHAEL J ,  LE AN V ,  LUBOLD PAUL G ,  MATYAS STEPHEN M ,  RANDALL JAMES D ,  WILKINS JOHN D

IPC: G09C1/00 ,  H04L9/06 ,  H04L9/08

Abstract: A method and system are disclosed for the implementation of a weakened privacy channel. This is achieved through use of a weakened symmetric cryptographic algorithm called commercial data masking. The masked text is created from clear text at one system and may to transported electronically to another system where the masked text may be unmasked to produce the clear text. The reason to use the commercial data masking algorithm for data privacy is that it is exportable to organizations to which products which contain the Data Encryption Algorithm when used for data privacy are not exportable. In addition, a method and system is disclosed by which the key when used for commercial data masking may be transformed into a key that may be used with the Data Encryption Algorithm.

公开(公告)号：GB2146815A

公开(公告)日：1985-04-24

申请号：GB8324917

申请日：1983-09-17

Applicant: IBM

Inventor： OSEAS JONATHAN ,  BRACHTL BRUNO ,  HOLLOWAY CHRISTOPHER J ,  LENNON RICHARD EDWARD ,  MATYAS STEPHEN MICHAEL ,  MEYER CARL HEINZ-WILHELM

IPC: G06Q20/08 ,  G07F7/12 ,  G06Q20/20 ,  G06Q20/34 ,  G06Q20/38 ,  G06Q20/40 ,  G07D9/00 ,  G07F7/10 ,  G07F19/00 ,  H04L9/00

Abstract: @ An electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data processing centres. Users of the system are issued with intelligent secure bank cards, which include a microprocessor, ROS and RAM stores. The ROS includes a personal key (KP) and an account number (PAN) stored on the card when the issuer issues it to the user. Users also have a personal identity number (PIN) which is stored or remembered separately. A transaction is initiated at a retail terminal when a card is inserted in an EFT module connected to the terminal. A request message including the PAN and a session key (KS) is transmitted to the issuers data processing centre. The issuer generates an authentication parameter (TAP) based upon its stored version of KP and PIN and a time variant parameter received from the terminal. The TAP is then returned to the terminal in a response message, and based upon an inputed ./... PIN, partial processing of the input PIN and KP on the card a derived TAP is compared with the received TAP in the terminal. A correct comparison indicating that the entered PIN is valid.The request message includes the PAN encoded under the KS and KS encoded under a cross-domain key. Message authentication codes (MAC) are attached to each message and the correct reception and regeneration of a MAC on a message including a term encoded under KS indicates that the received KS is valid and that the message originated at a valid terminal or card.

公开(公告)号：CA2100234C

公开(公告)日：1999-01-19

申请号：CA2100234

申请日：1993-07-09

Applicant: IBM

Inventor： ELANDER ROBERT C ,  HOLLOWAY CHRISTOPHER J ,  JOHNSON DONALD B ,  RANDALL JAMES D ,  WILKINS JOHN D ,  KELLY MICHAEL J ,  LE AN V ,  LUBOLD PAUL G ,  MATYAS STEPHEN M

IPC: G09C1/00 ,  H04L9/06 ,  H04L9/08 ,  H04L9/30 ,  G09C5/00

Abstract: A method and system are disclosed for the implementation of a weakened privacy channel. This is achieved through use of a weakened symmetric cryptographic algorithm called commercial data masking. The masked text is created from clear text at one system and may to transported electronically to another system where the masked text may be unmasked to produce the clear text. The reason to use the commercial data masking algorithm for data privacy is that it is exportable to organizations to which products which contain the Data Encryption Algorithm when used for data privacy are not exportable. In addition, a method and system is disclosed by which the key when used for commercial data masking may be transformed into a key that may be used with the Data Encryption Algorithm.

公开(公告)号：GB2318486A

公开(公告)日：1998-04-22

申请号：GB9621601

申请日：1996-10-16

Applicant: IBM

Inventor： HOLLOWAY CHRISTOPHER J

IPC: G06F1/00 ,  G06F13/00 ,  G06F21/00 ,  G06F12/00 ,  G09C1/00 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32 ,  H04L9/30 ,  G06F12/14

Abstract: Described is a communications system in which messages may be processed using public key cryptography with a private key (SKu) unique to one or more users (150). The system comprises a server means (130) adapted for data communication with a client (110) via a network (100), the server means (130) comprising first data storage means in which is stored in a secure manner a private key for the or each user, the private key being encrypted with a key encrypting key. The server means further comprises second data storage means in which is stored applet code executable on the client. The server provides the applet code to the client via the network in response to connection of the client to the server via the network. The applet code comprises secure processing means operable, when executed in the client, to receive a message to be processed from the user, to retrieve the encrypted private key for the user from the server means via the network, to receive the key encrypting key from the user, to decrypt the private key using the key encrypting key, and to perform the public key processing for the message using the decrypted private key. The applet code and the associated keys are removed from the client on termination of the applet code.

公开(公告)号：GB2318486B

公开(公告)日：2001-03-28

申请号：GB9621601

申请日：1996-10-16

Applicant: IBM

Inventor： HOLLOWAY CHRISTOPHER J

IPC: G06F1/00 ,  G06F13/00 ,  G06F21/00 ,  G06F12/00 ,  G09C1/00 ,  H04L9/08 ,  H04L9/14 ,  H04L9/32 ,  H04L9/30 ,  G06F12/14

Abstract: Described is a communications system in which messages may be processed using public key cryptography with a private key (SKu) unique to one or more users (150). The system comprises a server means (130) adapted for data communication with a client (110) via a network (100), the server means (130) comprising first data storage means in which is stored in a secure manner a private key for the or each user, the private key being encrypted with a key encrypting key. The server means further comprises second data storage means in which is stored applet code executable on the client. The server provides the applet code to the client via the network in response to connection of the client to the server via the network. The applet code comprises secure processing means operable, when executed in the client, to receive a message to be processed from the user, to retrieve the encrypted private key for the user from the server means via the network, to receive the key encrypting key from the user, to decrypt the private key using the key encrypting key, and to perform the public key processing for the message using the decrypted private key. The applet code and the associated keys are removed from the client on termination of the applet code.

公开(公告)号：AU565332B2

公开(公告)日：1987-09-10

申请号：AU3180384

申请日：1984-08-10

Applicant: IBM

Inventor： BRACHTL BRUNO ,  MEYER CARL HEINZ-WILHELM ,  HOLLOWAY CHRISTOPHER J ,  LENNON RICHARD EDWARD ,  MATYAS STEPHEN MICHAEL ,  OSEAS JONATHANA

IPC: G07F7/12 ,  G06Q20/10 ,  G06Q20/34 ,  G06Q20/40 ,  G07D9/00 ,  G07F7/10 ,  G06F15/21 ,  G07C11/00 ,  G06K9/00

Abstract: An electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data processing centres. Users of the system are issued with intelligent secure bank cards, which include a microprocessor, ROS and RAM stores. The ROS includes a personal key (KP) and an account number (PAN) stored on the card when the issuer issues it to the user. Users also have a personal identity number (PIN) which is stored or remembered separately.A transaction is initiated at a retail terminal when a card is inserted in an EFT module connected to the terminal. A request message including the PAN and a session key (KS) is transmitted to the issuers data processing centre. The issuer generates an authentication parameter (TAP) based upon its stored version of KP and PIN and a time variant parameter received from the terminal. The TAP is then returned to the terminal in a response message, and based upon an imputed PIN, partial processing of the input PIN and KP on the card a derived TAP is compared with the received TAP in the terminal. A correct comparison indicating that the entered PIN is valid.The request message includes the PAN encoded under the KS and KS encoded under a cross-domain key. Message authentication codes (MAC) are attached to message and the correct reception and regeneration of a MAC on a message including a term encoded under KS indicates that the received KS is valid and that the message originated at a valid terminal or card.

公开(公告)号：GB2146814A

公开(公告)日：1985-04-24

申请号：GB8324916

申请日：1983-09-17

Applicant: IBM

Inventor： OSEAS JONATHAN ,  BRACHTL BRUNO ,  HOLLOWAY CHRISTOPHER J ,  LENNON RICHARD EDWARD ,  MATYAS STEPHEN MICHAEL ,  MEYER CARL HEINZ-WILHELM

IPC: G06Q20/10 ,  G06Q20/34 ,  G07F7/12 ,  G06Q20/40 ,  G07D9/00 ,  G07F7/10 ,  H04L9/00

Abstract: An electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data processing centres. Users of the system are issued with intelligent secure bank cards, which include a microprocessor, ROS and RAM stores. The ROS includes a personal key (KP) and an account number (PAN) stored on the card when the issuer issues it to the user. Users also have a personal identity number (PIN) which is stored or remembered separately.A transaction is initiated at a retail terminal when a card is inserted in an EFT module connected to the terminal. A request message including the PAN and a session key (KS) is transmitted to the issuers data processing centre. The issuer generates an authentication parameter (TAP) based upon its stored version of KP and PIN and a time variant parameter received from the terminal. The TAP is then returned to the terminal in a response message, and based upon an imputed PIN, partial processing of the input PIN and KP on the card a derived TAP is compared with the received TAP in the terminal. A correct comparison indicating that the entered PIN is valid.The request message includes the PAN encoded under the KS and KS encoded under a cross-domain key. Message authentication codes (MAC) are attached to message and the correct reception and regeneration of a MAC on a message including a term encoded under KS indicates that the received KS is valid and that the message originated at a valid terminal or card.

公开(公告)号：DE69328334D1

公开(公告)日：2000-05-18

申请号：DE69328334

申请日：1993-09-08

Applicant: IBM

Inventor： ELANDER ROBERT C ,  HOLLOWAY CHRISTOPHER J ,  JOHNSON DONALD B ,  KELLY MICHAEL J ,  LE AN V ,  LUBOLD PAUL G ,  MATYAS STEPHEN M ,  RANDALL JAMES D ,  WILKINS JOHN D

IPC: G09C1/00 ,  H04L9/06 ,  H04L9/08

Abstract: A method and system are disclosed for the implementation of a weakened privacy channel. This is achieved through use of a weakened symmetric cryptographic algorithm called commercial data masking. The masked text is created from clear text at one system and may to transported electronically to another system where the masked text may be unmasked to produce the clear text. The reason to use the commercial data masking algorithm for data privacy is that it is exportable to organizations to which products which contain the Data Encryption Algorithm when used for data privacy are not exportable. In addition, a method and system is disclosed by which the key when used for commercial data masking may be transformed into a key that may be used with the Data Encryption Algorithm.