公开(公告)号：DE3479065D1

公开(公告)日：1989-08-24

申请号：DE3479065

申请日：1984-08-29

Applicant: IBM ,  IBM UK ,  IBM DEUTSCHLAND

Inventor： BRACHTL BRUNO ,  HOLLOWAY CHRISTOPHER J ,  LENNON RICHARD EDWARD ,  MATYAS STEPHEN MICHAEL ,  MEYER CARL HEINZ-WILHELM ,  OSEAS JONATHAN

IPC: G07F7/12 ,  G06Q20/08 ,  G06Q20/20 ,  G06Q20/34 ,  G06Q20/38 ,  G06Q20/40 ,  G07D9/00 ,  G07F7/10 ,  G07F19/00 ,  H04L9/02

Abstract: @ An electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data processing centres. Users of the system are issued with intelligent secure bank cards, which include a microprocessor, ROS and RAM stores. The ROS includes a personal key (KP) and an account number (PAN) stored on the card when the issuer issues it to the user. Users also have a personal identity number (PIN) which is stored or remembered separately. A transaction is initiated at a retail terminal when a card is inserted in an EFT module connected to the terminal. A request message including the PAN and a session key (KS) is transmitted to the issuers data processing centre. The issuer generates an authentication parameter (TAP) based upon its stored version of KP and PIN and a time variant parameter received from the terminal. The TAP is then returned to the terminal in a response message, and based upon an inputed ./... PIN, partial processing of the input PIN and KP on the card a derived TAP is compared with the received TAP in the terminal. A correct comparison indicating that the entered PIN is valid.The request message includes the PAN encoded under the KS and KS encoded under a cross-domain key. Message authentication codes (MAC) are attached to each message and the correct reception and regeneration of a MAC on a message including a term encoded under KS indicates that the received KS is valid and that the message originated at a valid terminal or card.

公开(公告)号：GB2146815A

公开(公告)日：1985-04-24

申请号：GB8324917

申请日：1983-09-17

Applicant: IBM

Inventor： OSEAS JONATHAN ,  BRACHTL BRUNO ,  HOLLOWAY CHRISTOPHER J ,  LENNON RICHARD EDWARD ,  MATYAS STEPHEN MICHAEL ,  MEYER CARL HEINZ-WILHELM

IPC: G06Q20/08 ,  G07F7/12 ,  G06Q20/20 ,  G06Q20/34 ,  G06Q20/38 ,  G06Q20/40 ,  G07D9/00 ,  G07F7/10 ,  G07F19/00 ,  H04L9/00

Abstract: @ An electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data processing centres. Users of the system are issued with intelligent secure bank cards, which include a microprocessor, ROS and RAM stores. The ROS includes a personal key (KP) and an account number (PAN) stored on the card when the issuer issues it to the user. Users also have a personal identity number (PIN) which is stored or remembered separately. A transaction is initiated at a retail terminal when a card is inserted in an EFT module connected to the terminal. A request message including the PAN and a session key (KS) is transmitted to the issuers data processing centre. The issuer generates an authentication parameter (TAP) based upon its stored version of KP and PIN and a time variant parameter received from the terminal. The TAP is then returned to the terminal in a response message, and based upon an inputed ./... PIN, partial processing of the input PIN and KP on the card a derived TAP is compared with the received TAP in the terminal. A correct comparison indicating that the entered PIN is valid.The request message includes the PAN encoded under the KS and KS encoded under a cross-domain key. Message authentication codes (MAC) are attached to each message and the correct reception and regeneration of a MAC on a message including a term encoded under KS indicates that the received KS is valid and that the message originated at a valid terminal or card.

公开(公告)号：AU565332B2

公开(公告)日：1987-09-10

申请号：AU3180384

申请日：1984-08-10

Applicant: IBM

Inventor： BRACHTL BRUNO ,  MEYER CARL HEINZ-WILHELM ,  HOLLOWAY CHRISTOPHER J ,  LENNON RICHARD EDWARD ,  MATYAS STEPHEN MICHAEL ,  OSEAS JONATHANA

IPC: G07F7/12 ,  G06Q20/10 ,  G06Q20/34 ,  G06Q20/40 ,  G07D9/00 ,  G07F7/10 ,  G06F15/21 ,  G07C11/00 ,  G06K9/00

Abstract: An electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data processing centres. Users of the system are issued with intelligent secure bank cards, which include a microprocessor, ROS and RAM stores. The ROS includes a personal key (KP) and an account number (PAN) stored on the card when the issuer issues it to the user. Users also have a personal identity number (PIN) which is stored or remembered separately.A transaction is initiated at a retail terminal when a card is inserted in an EFT module connected to the terminal. A request message including the PAN and a session key (KS) is transmitted to the issuers data processing centre. The issuer generates an authentication parameter (TAP) based upon its stored version of KP and PIN and a time variant parameter received from the terminal. The TAP is then returned to the terminal in a response message, and based upon an imputed PIN, partial processing of the input PIN and KP on the card a derived TAP is compared with the received TAP in the terminal. A correct comparison indicating that the entered PIN is valid.The request message includes the PAN encoded under the KS and KS encoded under a cross-domain key. Message authentication codes (MAC) are attached to message and the correct reception and regeneration of a MAC on a message including a term encoded under KS indicates that the received KS is valid and that the message originated at a valid terminal or card.

公开(公告)号：GB2146814A

公开(公告)日：1985-04-24

申请号：GB8324916

申请日：1983-09-17

Applicant: IBM

Inventor： OSEAS JONATHAN ,  BRACHTL BRUNO ,  HOLLOWAY CHRISTOPHER J ,  LENNON RICHARD EDWARD ,  MATYAS STEPHEN MICHAEL ,  MEYER CARL HEINZ-WILHELM

IPC: G06Q20/10 ,  G06Q20/34 ,  G07F7/12 ,  G06Q20/40 ,  G07D9/00 ,  G07F7/10 ,  H04L9/00

Abstract: An electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data processing centres. Users of the system are issued with intelligent secure bank cards, which include a microprocessor, ROS and RAM stores. The ROS includes a personal key (KP) and an account number (PAN) stored on the card when the issuer issues it to the user. Users also have a personal identity number (PIN) which is stored or remembered separately.A transaction is initiated at a retail terminal when a card is inserted in an EFT module connected to the terminal. A request message including the PAN and a session key (KS) is transmitted to the issuers data processing centre. The issuer generates an authentication parameter (TAP) based upon its stored version of KP and PIN and a time variant parameter received from the terminal. The TAP is then returned to the terminal in a response message, and based upon an imputed PIN, partial processing of the input PIN and KP on the card a derived TAP is compared with the received TAP in the terminal. A correct comparison indicating that the entered PIN is valid.The request message includes the PAN encoded under the KS and KS encoded under a cross-domain key. Message authentication codes (MAC) are attached to message and the correct reception and regeneration of a MAC on a message including a term encoded under KS indicates that the received KS is valid and that the message originated at a valid terminal or card.

公开(公告)号：DE2861957D1

公开(公告)日：1982-09-02

申请号：DE2861957

申请日：1978-12-05

Applicant: IBM

Inventor： EHRSAM WILLIAM FRIEDRICH ,  ELANDER ROBERT CARL ,  HOLLIS LLOYD LEE ,  LENNON RICHARD EDWARD ,  MATYAS STEPHEN MICHAEL ,  MEYER CARL HEINZ WILHELM ,  OSEAS JONATHAN ,  TUCHMAN WALTER LEONARD

IPC: H04L9/06 ,  G09C1/00 ,  H04L9/08 ,  H04L9/14 ,  H04L9/18 ,  H04L11/26 ,  H04L9/02

Abstract: This invention concerns a multiple domain data communication method and network. An embodiment of the invention provides communication security for data transmissions between different domains of a multiple domain communication network where each domain includes a host system i, j, k and its associated resources of programs and communication terminals T. The host systems and communication terminals include data security devices 11, X each having a master key 13 which permits a variety of cryptographic operations to be performed. When a host system in one domain wishes to communicate with a host system in another domain, a common session key is established at both host systems to permit cryptographic operations to be performed. This is accomplished by using a mutually agreed upon cross-domain key known by both host systems and does not require each host system to reveal its master key to the other host system. The cross domain key is enciphered under a key encrypting key designated as the sending cross domain key at the sending host system and under a different key encrypting key designated as the receiving cross domain key at the receiving host system. The sending host system creates an enciphered session key and together with the sending cross-domain key performs a transformation function to reencipher the session key under the sending cross domain key for transmission to the receiving host system. At the receiving host system, the receiving host system using the receiving cross-domain key and the received session key, performs a transformation function to reencipher the receives session key from encipherment under the sending cross domain key to encipherment under the receiving host system master key. With the common session key now available in usable form at both host systems, a communication session may be established and cryptographic operations can proceed between the domains of the two host systems.

公开(公告)号：DE2861905D1

公开(公告)日：1982-08-05

申请号：DE2861905

申请日：1978-12-05

Applicant: IBM

Inventor： LENNON RICHARD EDWARD ,  MATYAS STEPHEN MICHAEL ,  MEYER CARL HEINZ WILHELM ,  OSEAS JONATHAN ,  PRENTICE PAUL NORMAN ,  TUCHMAN WALTER LEONARD

IPC: H04K1/00 ,  G07F7/10 ,  H04L9/18 ,  H04L9/32 ,  H04L9/02

Abstract: This invention concerns a process and apparatus for the verification of cryptographic operational keys used in data communication networks. In a data communication network providing communication security for communication sessions between a first station and a second station where each station has cryptographic apparatus provided with an operational key which should be common to both stations for cryptographic operations, an operational key verification arrangement is provided in which a first number provided at the first station is operated upon in accordance with the first station operational key to obtain cryptographic data for transmission to the second station, requiring the second station to perform an operation on the first station cryptographic data in accordance with the second station operational key to obtain cryptographic data for transmission back to the first station, and in which an operation is performed at the first station in accordance with the first number and the second station cryptographic data to verify that the second station is the source of second station cryptographic data only if the operational keys are identical.

公开(公告)号：DE3481739D1

公开(公告)日：1990-04-26

申请号：DE3481739

申请日：1984-08-29

Applicant: IBM DEUTSCHLAND

Inventor： BRACHTL BRUNO ,  HOLLOWAY CHRISTOPHER J ,  LENNON RICHARD EDWARD ,  MATYAS STEPHEN MICHAEL ,  MEYER CARL HEINZ-WILHELM ,  OSEAS JONATHAN

IPC: G07F7/12 ,  G06Q20/10 ,  G06Q20/34 ,  G06Q20/40 ,  G07D9/00 ,  G07F7/10 ,  H04L9/32

Abstract: An electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data processing centres. Users of the system are issued with intelligent secure bank cards, which include a microprocessor, ROS and RAM stores. The ROS includes a personal key (KP) and an account number (PAN) stored on the card when the issuer issues it to the user. Users also have a personal identity number (PIN) which is stored or remembered separately.A transaction is initiated at a retail terminal when a card is inserted in an EFT module connected to the terminal. A request message including the PAN and a session key (KS) is transmitted to the issuers data processing centre. The issuer generates an authentication parameter (TAP) based upon its stored version of KP and PIN and a time variant parameter received from the terminal. The TAP is then returned to the terminal in a response message, and based upon an imputed PIN, partial processing of the input PIN and KP on the card a derived TAP is compared with the received TAP in the terminal. A correct comparison indicating that the entered PIN is valid.The request message includes the PAN encoded under the KS and KS encoded under a cross-domain key. Message authentication codes (MAC) are attached to message and the correct reception and regeneration of a MAC on a message including a term encoded under KS indicates that the received KS is valid and that the message originated at a valid terminal or card.

公开(公告)号：DE3277677D1

公开(公告)日：1987-12-17

申请号：DE3277677

申请日：1982-11-23

Applicant: IBM

Inventor： ELANDER ROBERT CARL ,  LENNON RICHARD EDWARD ,  MATYAS STEPHEN MICHAEL ,  MEYER CARL HEINZ WILHELM ,  SHUCK ROBERT EDWARD ,  TUCHMAN WALTER LEONARD

IPC: G09C1/00 ,  G06Q20/38 ,  G06Q20/40 ,  G07F7/10 ,  H04L9/08 ,  H04L9/32 ,  H04L9/00 ,  G06F13/00 ,  G06F15/16 ,  G06F15/30