-
-
-
公开(公告)号:DE3479065D1
公开(公告)日:1989-08-24
申请号:DE3479065
申请日:1984-08-29
Applicant: IBM , IBM UK , IBM DEUTSCHLAND
Inventor: BRACHTL BRUNO , HOLLOWAY CHRISTOPHER J , LENNON RICHARD EDWARD , MATYAS STEPHEN MICHAEL , MEYER CARL HEINZ-WILHELM , OSEAS JONATHAN
IPC: G07F7/12 , G06Q20/08 , G06Q20/20 , G06Q20/34 , G06Q20/38 , G06Q20/40 , G07D9/00 , G07F7/10 , G07F19/00 , H04L9/02
Abstract: @ An electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data processing centres. Users of the system are issued with intelligent secure bank cards, which include a microprocessor, ROS and RAM stores. The ROS includes a personal key (KP) and an account number (PAN) stored on the card when the issuer issues it to the user. Users also have a personal identity number (PIN) which is stored or remembered separately. A transaction is initiated at a retail terminal when a card is inserted in an EFT module connected to the terminal. A request message including the PAN and a session key (KS) is transmitted to the issuers data processing centre. The issuer generates an authentication parameter (TAP) based upon its stored version of KP and PIN and a time variant parameter received from the terminal. The TAP is then returned to the terminal in a response message, and based upon an inputed ./... PIN, partial processing of the input PIN and KP on the card a derived TAP is compared with the received TAP in the terminal. A correct comparison indicating that the entered PIN is valid.The request message includes the PAN encoded under the KS and KS encoded under a cross-domain key. Message authentication codes (MAC) are attached to each message and the correct reception and regeneration of a MAC on a message including a term encoded under KS indicates that the received KS is valid and that the message originated at a valid terminal or card.
-
公开(公告)号:DE3883287D1
公开(公告)日:1993-09-23
申请号:DE3883287
申请日:1988-05-11
Applicant: IBM
Abstract: A method of controlling the use of securely transmitted information in a network of stations in which each potentially cooperating station includes a cryptographic facility (10) which securely stores a master key and in which, for each transmission between a pair of stations, a cryptographic key result is provided for each station of the pair by a generating station which is either one of the pair or a station external to the pair under a cryptographic protocol common to the network, the cryptographic key results for the transmission having a random component notionally particular to the transmission, a master key variant component characteristic of the protocol and a target station component either particular to the stations individually or as a pair, wherein, in response to a generating command invoked in the generating station for establishing a controlled use secure transmission between a designated pair of stations, the generating station generates the cryptographic key result for each designated station, accesses the control value common to the system for the permitted operation for each of the stations for the particular transmission, combines the control value with the common key result or each individual key result and causes the appropriate combined key result to be established in each station of the pair for the transmission, and wherein the cryptographic facility (10) in each station is arranged, when an operating command is invoked to perform a designated operation with respect to such securely transmitted information, to automatically abort such operation unless it matches the control value.
-
公开(公告)号:DE3686659T2
公开(公告)日:1993-04-08
申请号:DE3686659
申请日:1986-01-21
Applicant: IBM
Inventor: MATYAS STEPHEN MICHAEL
Abstract: A method of offline personal identification in and to a muftiterminal data processing system, the method using an authentication tree with a one-way authentication tree function, a stored global secret key, a stored global verification value of reference, a personal identification number entered directly by the potential user and a personal key and an index position number entered via a card previously issued to the potential user, the index position number representing the tree path for the user to whom the card was issued, by calculating an authentication parameter as a function of the personal key and the personal identification number; mapping the parameter to a verification value using the index position number in the one way function to the root of the tree; comparing the verification value obtained by the mapping with the stored global verification value of reference; and enabling the system in respect of transaction execution if the comparison meets predetermined criteria.
-
Patent Agency Ranking
公开(公告)号:DE3587072D1
公开(公告)日:1993-03-18
申请号:DE3587072
申请日:1985-11-29
Applicant: IBM
Inventor: MATYAS STEPHEN MICHAEL , OSEAS JONATHAN
IPC: H04L9/00 , G06F1/00 , G06F12/14 , G06F21/00 , G06F21/22 , G06F21/24 , G07F7/00 , G07F7/10 , H04L9/32
Abstract: A cryptographic method for discouraging the copying and sharing of purchased software programs allows an encrypted program to be run on only a designated computer or, alternatively, to be run on any computer but only by the user possessing a designated smart card. Each program offering sold by the software vendor is encrypted with a unique file key and then written on a diskette. A user who purchases a diskette having written thereon an encrypted program must first obtain a secret password from the software vendor. This password will allow the encrypted program to be recovered at a prescribed, designated computer having a properly implemented and initialised encryption feature. The encryption feature decrypts the file key of the program from the password, and when the encrypted program is loaded at the proper computer, the program or a portion of it is automatically decrypted and written into a protected memory from which it can only be executed and not accessed for non-execution purposes. In alternative embodiments, the user is not confined to a prescribed, designated computer but may use the program on other, different computers with a smart card provided the computers have a properly implemented and initialised encryption feature that accepts the smart card. As a further modification, the cryptographic facility may support operations that enable the user to encrypt and decrypt user generated files and/or user generated programs.
-
公开(公告)号:AU565332B2
公开(公告)日:1987-09-10
申请号:AU3180384
申请日:1984-08-10
Applicant: IBM
Inventor: BRACHTL BRUNO , MEYER CARL HEINZ-WILHELM , HOLLOWAY CHRISTOPHER J , LENNON RICHARD EDWARD , MATYAS STEPHEN MICHAEL , OSEAS JONATHANA
IPC: G07F7/12 , G06Q20/10 , G06Q20/34 , G06Q20/40 , G07D9/00 , G07F7/10 , G06F15/21 , G07C11/00 , G06K9/00
Abstract: An electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data processing centres. Users of the system are issued with intelligent secure bank cards, which include a microprocessor, ROS and RAM stores. The ROS includes a personal key (KP) and an account number (PAN) stored on the card when the issuer issues it to the user. Users also have a personal identity number (PIN) which is stored or remembered separately.A transaction is initiated at a retail terminal when a card is inserted in an EFT module connected to the terminal. A request message including the PAN and a session key (KS) is transmitted to the issuers data processing centre. The issuer generates an authentication parameter (TAP) based upon its stored version of KP and PIN and a time variant parameter received from the terminal. The TAP is then returned to the terminal in a response message, and based upon an imputed PIN, partial processing of the input PIN and KP on the card a derived TAP is compared with the received TAP in the terminal. A correct comparison indicating that the entered PIN is valid.The request message includes the PAN encoded under the KS and KS encoded under a cross-domain key. Message authentication codes (MAC) are attached to message and the correct reception and regeneration of a MAC on a message including a term encoded under KS indicates that the received KS is valid and that the message originated at a valid terminal or card.
-
公开(公告)号:GB2146814A
公开(公告)日:1985-04-24
申请号:GB8324916
申请日:1983-09-17
Applicant: IBM
Inventor: OSEAS JONATHAN , BRACHTL BRUNO , HOLLOWAY CHRISTOPHER J , LENNON RICHARD EDWARD , MATYAS STEPHEN MICHAEL , MEYER CARL HEINZ-WILHELM
Abstract: An electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data processing centres. Users of the system are issued with intelligent secure bank cards, which include a microprocessor, ROS and RAM stores. The ROS includes a personal key (KP) and an account number (PAN) stored on the card when the issuer issues it to the user. Users also have a personal identity number (PIN) which is stored or remembered separately.A transaction is initiated at a retail terminal when a card is inserted in an EFT module connected to the terminal. A request message including the PAN and a session key (KS) is transmitted to the issuers data processing centre. The issuer generates an authentication parameter (TAP) based upon its stored version of KP and PIN and a time variant parameter received from the terminal. The TAP is then returned to the terminal in a response message, and based upon an imputed PIN, partial processing of the input PIN and KP on the card a derived TAP is compared with the received TAP in the terminal. A correct comparison indicating that the entered PIN is valid.The request message includes the PAN encoded under the KS and KS encoded under a cross-domain key. Message authentication codes (MAC) are attached to message and the correct reception and regeneration of a MAC on a message including a term encoded under KS indicates that the received KS is valid and that the message originated at a valid terminal or card.
-
-
公开(公告)号:DE2965420D1
公开(公告)日:1983-07-07
申请号:DE2965420
申请日:1979-04-05
Applicant: IBM
Inventor: MATYAS STEPHEN MICHAEL , MEYER CARL HEINZ WILHELM
IPC: G06F21/20 , G06F21/00 , G06Q20/34 , G06Q20/38 , G06Q20/40 , G07F7/10 , H04L9/00 , H04L9/32 , G07C11/00 , G06F13/00
Abstract: This invention relates to a method for authenticating the identity of a user of an information system. A data communication system operating in accordance with an embodiment of the invention includes one or more terminals operatively coupled to a host data processing system each having cryptographic apparatus for cryptographic data communications. In order to authenticate the identity of terminal users of the system, a host system initialization process is first performed to provide a table of test patterns for use during subsequent authentication processing. This is accomplished by providing terminal user identification numbers and passwords and a predetermined number at the host data processing system. A first initialization operation is performed at the host data processing system in accordance with the terminal user identification numbers and passwords to obtain terminal user authentication patterns. A second initialization operation is performed at the host data processing system in accordance with the predetermined number and the terminal user identification numbers to obtain terminal user first verification patterns. A third initialization operation is performed at the host data processing system in accordance with the terminal user authentication patterns and the terminal user first verification patterns to obtain the table of terminal user test
-
-
-
-
-
-
-
-
-
Search Results
29
records
(took 0.017 seconds)
