公开(公告)号：GB2270446B

公开(公告)日：1996-01-24

申请号：GB9218816

申请日：1992-09-04

Applicant: IBM UK

Inventor： HOLLOWAY CHRISTOPHER J

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/30

公开(公告)号：GB2270446A

公开(公告)日：1994-03-09

申请号：GB9218816

申请日：1992-09-04

Applicant: IBM UK

Inventor： HOLLOWAY CHRISTOPHER J

IPC: H04L9/08 ,  H04L9/32 ,  H04L9/30

Abstract: The method includes preparing a portable data processing device ("smart card") at each site having a first data record which can only be read at that site but which can be written to at any site, and a second data record which can only be written at that site but which can be read at any site, the device also containing a testable key particular to that device. Each site also creates and publishes a set of test patterns against which the authenticity of the card can be verified. Each site then creates one part of the key to be agreed upon, and a test pattern for that key part. The test pattern is written to the site's own smart card in the second data record. The cards are exchanged, and the received cards are tested for authenticity using the published test patterns. Once accepted as genuine, the test pattern for the key part of the other site is read and stored. The key part previously generated is written onto the first data record of the received card. The cards are exchanged again. The key part is read at the home site of the card. The key part is verified for authenticity against the stored test pattern which was received earlier. Each site then combines the received key part with the locally created key part and they now share a common key.

公开(公告)号：DE3479065D1

公开(公告)日：1989-08-24

申请号：DE3479065

申请日：1984-08-29

Applicant: IBM ,  IBM UK ,  IBM DEUTSCHLAND

Inventor： BRACHTL BRUNO ,  HOLLOWAY CHRISTOPHER J ,  LENNON RICHARD EDWARD ,  MATYAS STEPHEN MICHAEL ,  MEYER CARL HEINZ-WILHELM ,  OSEAS JONATHAN

IPC: G07F7/12 ,  G06Q20/08 ,  G06Q20/20 ,  G06Q20/34 ,  G06Q20/38 ,  G06Q20/40 ,  G07D9/00 ,  G07F7/10 ,  G07F19/00 ,  H04L9/02

Abstract: @ An electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data processing centres. Users of the system are issued with intelligent secure bank cards, which include a microprocessor, ROS and RAM stores. The ROS includes a personal key (KP) and an account number (PAN) stored on the card when the issuer issues it to the user. Users also have a personal identity number (PIN) which is stored or remembered separately. A transaction is initiated at a retail terminal when a card is inserted in an EFT module connected to the terminal. A request message including the PAN and a session key (KS) is transmitted to the issuers data processing centre. The issuer generates an authentication parameter (TAP) based upon its stored version of KP and PIN and a time variant parameter received from the terminal. The TAP is then returned to the terminal in a response message, and based upon an inputed ./... PIN, partial processing of the input PIN and KP on the card a derived TAP is compared with the received TAP in the terminal. A correct comparison indicating that the entered PIN is valid.The request message includes the PAN encoded under the KS and KS encoded under a cross-domain key. Message authentication codes (MAC) are attached to each message and the correct reception and regeneration of a MAC on a message including a term encoded under KS indicates that the received KS is valid and that the message originated at a valid terminal or card.