CA1129028A - Method and apparatus for achieving secure password verification - Google Patents
Method and apparatus for achieving secure password verificationInfo
- Publication number
- CA1129028A CA1129028A CA362,549A CA362549A CA1129028A CA 1129028 A CA1129028 A CA 1129028A CA 362549 A CA362549 A CA 362549A CA 1129028 A CA1129028 A CA 1129028A
- Authority
- CA
- Canada
- Prior art keywords
- card
- key
- terminal
- encryption
- random word
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
- G06Q20/4097—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
- G06Q20/40975—Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/0873—Details of the card reader
- G07F7/088—Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself
- G07F7/0886—Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself the card reader being portable for interacting with a POS or ECR in realizing a payment transaction
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1016—Devices or methods for securing the PIN and other transaction-data, e.g. by encryption
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1025—Identification of user by a PIN code
Abstract
METHOD AND APPARATUS FOR ACHIEVING
SECURE PASSWORD VERIFICATION
ABSTRACT
A method and apparatus for identifying an individual holder (person) of an unalterable charge card-like device (CARD) at a utilization terminal (U/I Terminal) wherein a unique user entered key (asserted key KA) is handled in a highly secure manner. The holder of the CARD causes same to be placed in a data coupling mode with the U/I Terminal. At this point, the person enters asserted key (KA) via a keyboard associ-ated with said system. A random word is generated by at least one random word generator located in said CARD and this random word is encrypted utilizing the asserted key KA
entered by the holder at the keyboard and also encrypted under a true key KT stored in said CARD. The random word encrypted under the asserted key KA is stored in said U/I
Terminal and the random word encrypted under the true key KT
is stored in the CARD. The U/I terminal then causes the encrypted word stored in the CARD to be transferred to the U/I Terminal and the two encrypted words are compared for identity. If the comparison is true, the holder of the card has entered the correct asserted key KA into the system, and his identity is presumed to be true.
SECURE PASSWORD VERIFICATION
ABSTRACT
A method and apparatus for identifying an individual holder (person) of an unalterable charge card-like device (CARD) at a utilization terminal (U/I Terminal) wherein a unique user entered key (asserted key KA) is handled in a highly secure manner. The holder of the CARD causes same to be placed in a data coupling mode with the U/I Terminal. At this point, the person enters asserted key (KA) via a keyboard associ-ated with said system. A random word is generated by at least one random word generator located in said CARD and this random word is encrypted utilizing the asserted key KA
entered by the holder at the keyboard and also encrypted under a true key KT stored in said CARD. The random word encrypted under the asserted key KA is stored in said U/I
Terminal and the random word encrypted under the true key KT
is stored in the CARD. The U/I terminal then causes the encrypted word stored in the CARD to be transferred to the U/I Terminal and the two encrypted words are compared for identity. If the comparison is true, the holder of the card has entered the correct asserted key KA into the system, and his identity is presumed to be true.
Description
llZ9~28 MEI~HOD AND APPARATUS FOR ACHIEVING
SECURE PASSWORD VERIFICATION
Description Technical Field 5 The present invention addresses what is sometimes ~`
referred to as the "card-person pairing-problem".
This problem exists whenever-a person presents any sort of card or token, such as a credit card, debit card, i~ntification card, etc. to another entity such as a retailer, bank, access control station, computer access terminal, etc., as evidence of the right or privilege of the person presenting said card to enter into some sort of privileged relationship relative to said entity such as credit, goods, services, facility access, etc. Obviously, the question which must be satisfactorily answered is, "Is the person presenting the card--or token the person who is entitled to have same?". Thus, in essence, the problem to be solved is one of adequately identify-ing the person, based on information contained in the card. From this information the entity seeking to verify the identity of the person must determine that said identity is correct.
~11 2~:12~
It is also highly desirable in such systems, from the standpolnt of the person havin~ such a card or token, that unscrupulous business entities such as retailers or tlle like are not able to fraudulently obtain confidential information from various persons utilizLn~ such identification means, which information may be later used to obtain money, goods, etc., using said fraudulently obtained identification information.
Numerous solutions to the "card-person pairing problem" exist. Typical of these are facility access systems of various kinds wherein a machine readable token or card containin~ a number stored therein is lnserted into an appropriate instrument and concurrently an individual seeking access to the facility keys in a memorized personal iden-tification number (PIN). The individual PIN is then altered in a predetermined fashion and finally a comparison is made between the altered PIN and that read from the card. Entry is predicated upon a successful comparison thereof. U. S.
Patent No. 3,846,622 of M. R. Meyer, U. S. Patent reissue 29,057 of Enikeieff et al, and U. S.
Patent No. 3,611,293 of Constable, are typical systems.
In all of these patents both the number read from the card and also the memorized PIN of the person passes at one time or another into the control of the facili~ terminal. Thus, a sccurity leak or an intentional tap at the terminal could result in the unauthorized and fraudulent access to the associated PINs.
SECURE PASSWORD VERIFICATION
Description Technical Field 5 The present invention addresses what is sometimes ~`
referred to as the "card-person pairing-problem".
This problem exists whenever-a person presents any sort of card or token, such as a credit card, debit card, i~ntification card, etc. to another entity such as a retailer, bank, access control station, computer access terminal, etc., as evidence of the right or privilege of the person presenting said card to enter into some sort of privileged relationship relative to said entity such as credit, goods, services, facility access, etc. Obviously, the question which must be satisfactorily answered is, "Is the person presenting the card--or token the person who is entitled to have same?". Thus, in essence, the problem to be solved is one of adequately identify-ing the person, based on information contained in the card. From this information the entity seeking to verify the identity of the person must determine that said identity is correct.
~11 2~:12~
It is also highly desirable in such systems, from the standpolnt of the person havin~ such a card or token, that unscrupulous business entities such as retailers or tlle like are not able to fraudulently obtain confidential information from various persons utilizLn~ such identification means, which information may be later used to obtain money, goods, etc., using said fraudulently obtained identification information.
Numerous solutions to the "card-person pairing problem" exist. Typical of these are facility access systems of various kinds wherein a machine readable token or card containin~ a number stored therein is lnserted into an appropriate instrument and concurrently an individual seeking access to the facility keys in a memorized personal iden-tification number (PIN). The individual PIN is then altered in a predetermined fashion and finally a comparison is made between the altered PIN and that read from the card. Entry is predicated upon a successful comparison thereof. U. S.
Patent No. 3,846,622 of M. R. Meyer, U. S. Patent reissue 29,057 of Enikeieff et al, and U. S.
Patent No. 3,611,293 of Constable, are typical systems.
In all of these patents both the number read from the card and also the memorized PIN of the person passes at one time or another into the control of the facili~ terminal. Thus, a sccurity leak or an intentional tap at the terminal could result in the unauthorized and fraudulent access to the associated PINs.
2~
U. S. Patent No. 3,579,186 of Johnson and U. S.
Patent No. 3,80~,704 of Shinal both disclose systems wherein the identification criteria com-prises a person's signature and which disclose the basic combi~latiotl of a signaturc verifica~ion system incllJdin~ a credit card-like device which carries data representative of the signature dynamics of an individual. It further utilizes a reading station or facility access station wherein a'person signs his name whereby similar dynamic signal characteristics are generated and compared against those stored on the credit card-like device presented to the system.
Other personal identification systems include recognition means such as "voiceprint", or "finger-print." These are recognition and identification schemes wherein a person's fingerprint or voice-print is compared against a previously taken fingerprint or voiceprint which is stored either on a credit card-like device carried by the person or stored in a central system memory, depending upon the complexity of the comparison and other factors which will be well understood by those skilled in the art.
Many of the more sophisticated identification systems such as signature, voice, and fingerprint are rather complex in nature and conventionally require significant amounts of computational time in order to accurately analyze and compare the necessary data to effect a recognition or approval type of operation.
Similarly, most of the currently used credit banking systems req,uire entry of a PIN into the terminalj which number is then utilized in systems including encryption procedures, communication networks and a host Central Processing Unit (CPU) to provide the requisite identification.
In contrast, the present invention presents a S system in which the valid possession of a personal identification card is established when the person provides a key which is identical to a key which is electronically stored in the card. The card itself is ~imilar to that described in U. ~.
Patent No. 3,806,874 of Kurt Ehrat, entitled "Identification System for Individuals." An essentiàl feature of such a card is that it be so constructed th~t it is virtually impossible for anyone to either alter the circuitry in the card or to in any way either detect or alter the infor-mational content of said card and circuitry other than in a manner which is intended by the design of the card.
Before proceeding with a detailed description of the present invention the following definition of terms is set forth in an effort to clarify and standardize the subsequent description. This is necessary due to the many and varied types of systems which e~ist in the personal identification area which utilize many different terms, some of which are synonymous and some of which are not. In the following description the term "person" will be used whenever the person or individual holder of a credit card-like device is being referred to. As will be apparent, this person could be the customer of a store, a bank, or someone seeking to gain entrance to or use of a physical facility such as a factory or computer terminal.
.
~ YO977-071 .
2~
The credit card-like device or token will be referred to hereinafter as a "CARD" and, as will be apparent, could take on a number of different physical forms. The particular physical requi~e-ments insofar as computational circuitry, storage,etc., are set forth in detail subsequently. Such a CARD could be utllized at a bank's cash issuing terminal, a teller operated terminal, a point of sale terminal in a department store, or an identi-fication terminàl located at a physical facility.
The terminals to which such a CARD is to be pre-sented will be referred to hereinafter as a Utilization/Identification Terminal or "U/I Terminal".
Regardless of the ultimate utilization of the terminal, for the purpose of the present invention, identifica-tion of the person is the function with which the present invention is concerned.
, The type of organization having such a U/I Terminal whether it be a bank, department store, or some other commerc;al establishment will be referred to as the "utilization entity".
As will be apparent from the following description of the present invention, it is required that the person holding the CARD enter a memorized number via a keyboard into the identification system.
This number is then utilized as an encryption key as will be understood from the following descrip-tion. While the number is, in essence, a personal identification number or PIN, in view of the use of the number in the present system, it will be referred to herein as the asserted key. This asserted key is in contrast with a true key permanently stored in the CARD. Thus, the : Yo977-071 6 ~ Z ~
asserted key is memorized and must be entered by the person into the U/I Terminal. Similarly, the key stored in the CARD will be referred to sub-sequently as the true key. For convenience of reference the asserted key and the true key will be specifically called "the key KA" and "the key KT"
respectively.
Finally, in the embodiments of FIGS. 2 and 3, a personal portable terminal device is utilized by the person to interface between the CARD and U/I Terminal. As will be apparent from the subsequent description, the personal portable terminal device performs both an interface function between the CARD and the U/I Terminal and also provides a keyboard for entering the key KA into the system. In the subsequent description and in the drawings the term "XATR"
will be utilized to refer to such terminal.
In one embodiment of the invention the CARD is first placed in a XATR which is then placed in a data exchange relationship with an U/I Terminal such as a Point of Sale Terminal (POST), or the like, at the facility where the person wishes to establish his identity. The XATR is provided with a keyboard which allows the person to enter his memorized key KA into the system with minimum exposure to unauthorized copying or retention.
Such a XATR is disclosed in detail in U.S. Patent 4,277,837, issued July 7, 1981, of the present inventor, entitled "Personal Portable Terminal for Financial Transactions."
- ~2~I12~
Background Art The most relevant background art in this area known to the inventor is set forth in the previous Technical Description section. It is noted that the personal identification area is extremely active and highly developed at this time.
At the heart of most current personal identifi-cation number/credit card systems are sophisticated secure encryption systems, the best known of which is the key-controlled block cipher cryptographic system adopted by the National Bureau of Standards as a Federal Information Processing Standard entitled "Encryption ~lgorithm for Computer Data Protection". The Standard together with a com-plete technical description is containe~d in the publication, "Data Encryption Standard," Federal Information Processing Standard (FIPS), Publica-tion 46, National Bureau of Standards, U. S.
Department of Commerce, January 1977. U. S.
Patent No. 3,g58,081 specifically discloses a hardware embodiment of an encryption device which fully complies with the above identified standard.
, ~, .
Summary of the Invention It has now been found that a substantial need in the business, banking, and-financial community may be satisfied by an identification system including a unique CARD containing data storage and com-putational capabilities built into same. The card is further characterized by the fact that neither the circuitry nor any data stored therein be susceptible to alteration or unauthorized access subsequent to the manufacture or issuance thereof.
~mbedded in ~he CARD are a plurality of storage registers, a rallclom word generator and at least one key controlled block-cipher encryption device.
The bank or other entity issuing the CARD causes the person's true key KT to be stored within the CARD. The person memorizes this key for sub-sequent entry into a U/I Terminal, or a XATR as the key KA. A random word is produced by the system, which random word is simultaneously encrypted under the key, KT, and the key, KA, entered at a keyboard by the person. The results of the encryptions of this random word are subsequently compared to determine if the two keys are the same. If they are, the person presenting the card is considered to be properly identified. The true key, KT, permanently stored within the CARD is never available outside of the CARD, i.e., only the random word encrypted under KT is available outside of the CARD. Further, in one of the disclosed embodiments the keyboard entered key, KA, is not available to the U/I Terminal, only the random word encrypted under said key is.
Brie Description of_the Drawin~s FIG. 1 is a high level functional block diagram of a CARD U/I Terminal identi~ication system showing the significant functional components of such a system constructed in accordance with the teachings of the present invention.
FIG. 2 is a similar h`igh level functional block diagram of an alternative embodiment of the system g ..
utilizing a XATR as an interface between the person's C~RD and the U/I Terminal.
.
FIG. 3 is a functional diagram of a system con-figured similarly to that of FIG. 2 having addi-S tional functional features included for simpli~yingthe entry of the key KA (only a portion thereof need be entered) and further including an automatic protection device embedded therein.
Description of the Invention According to the broadest aspect of the present invention, a personal identification system is provided which includes the combination of a CARD
which is issuecl to a person and a U/I Terminal.
The CARD is so constructed that access to secure data stored therein is impossible. Any alteration of the functional operation of,the circuitry contained therein subsequent to manufacture or issuance is also prevented. The CARD contains at least a secure storage means for a key KT unique to the person, means for generating or obtaining a random word to be encrypted under said key, KT, a key controlled block cipher encryption device, and means for trans-ferring the encrypted random word to a U/I Terminal for subse~uent comparison. The U/I Terminal provided at the utilization entity includes the following functional components:
means for interfacing, in a data communication relationship with the person's CARD, keyboard means whereby the person whose identity is to be verified may enter his memorized key KA, lo ~ 28 means for cJenerating or othe~wise obtaining a random word which is to be encrypted by suitable encryption means located both on the CARD and also within the U/I Terminal, a key controlled block-cipher encryption device identical to that in the CARD for encrypting said random word under the key KA entered by the person vi~ the keyboard, means for comparing the result of the encryption of the random word.in the U/I Terminal with the encryption of the random word in the CARD and, means for indicating the result of the said comparison.
To summarize, the operation of the present system includes the generation of a random word either in the CARD, the U/l Terminal, or by a combination of the two, and then separate encryptions of this random word .under the two keys, KT and KA. The key, KT ' is stored in a secure storage location in the CARD
20 . and the key, KA ~ is entered by the person at a keyboard which may be located in the U/I Terminal.
In the embodiment of FIG. 1, the two encryptions occur in identical encryption devices, the first being.located in the CARD and the other in the V/I
Terminal. If both keys are the same, the encrypted random words will be identical.
It will be noted that the embodiment just des-cribed, wherein the keyboard is located within the U/I Terminal, suffers from the disadvantage, from the standpoint of the persQn's security, of 2~
actually placing the person's asserted key KA
within control of the U/I Terminal and thus, any individuals having access thereto. Thus, un-scrupulous personnel employed by the retailer, bank or other utllizing entity could, over a period of time, compile a list of valid user keys (KA) which could be used fraudulently. This shortcomin,g ' of the embodiment set forth in FIG. 1 is overcome by thé system disclosed ln FIG. 2, wherein a XATR of a type set forth in the above-identified copending appli-cation is an interface between the U/I Terminal and the CARD. The XATR in the present system provides a keyboard which is under the control of the person entering an asserted key KA. The XATR
also serves as a communication, data, and control interface between the CARD and U/I Terminal. In the embodiment'of FIG. 2 the circuit configuration of the CARD is modified so that the encryption of the random word under both the true key KT stored in the CA~D and under the key KA are both per-formed within the CARD. In this embodiment the two versions of th'e encrypted random word, are both transferred to the U/I Terminal and to a com-parison circuit located, therein, wherein an affirmative comparison indicates that the proper asserted key KA has been entered by the person.
In this latter embodiment, as is apparent, the person'gains greater security because his asserted key KA never passes into the U/I Terminal.
In all embodimentsl in order for the utilization entity to have adequate protection it should be understood that it is of greatest importance that 12 '~ ~9~2~
the CARD carried by the individual be unalterable in data content, circuit function or data paths.
Thus, for e~ample, if the person presenting the CARD
could alter the circuitry on the CARD to cause the same encry~e(l random word to be transferred to the U/I Terminal as was received from the U/I Terminal, the system would be compromised. According to a further aspect of the invention means are provided for disabling tlle C~RD in the event- of an attempted unauthorized use should the card be lost or stolen.
Circuitry is provided within the CARD to electronically disable the C~RD in the event of one or more unsuccess-ful comparison operations. The number of comparison failures necessary to cause disabling of the CARD
would be predetermined by the system designers~
In this way a number of legitimate mistakes by a person entering his key KA would be permitted.
Description of the Disclosed Embodiments In the embodiments of FIGS. 1, 2 and 3 only the significant functional units of the system are disclosed. These are the significant storage registers and functional elements such as the encryption blocKs, random word generators, and the comparison an~ catenation circuits. The gates for trans~ittinq data between registers or between registers and functional units and their operation are considered obvious to a digital circuit de-signer. Similarly, the sequential controls could comprise a syst~m clock including a number of interconnected single shot circuits or a small microprocessor having an associated micropro-grammed memory for effecting the various sequential operations required. The contro~ he ~unc-tional units within the CARD could either be accomplished by a microprocessor or a system clock physically located within the CARD wherein the operation is initiated by a single control pulse from the U/I Terminal or alternatively all of the control functions could be performed by a micro-- processor located within the U/I Terminal and transmitted to the CARD via the interface between the Card and the Terminal. In the embodiments of FIGS. 2 and 3 the XATR device functions primarily as a communication path for both data and control information.
The power for operating the circuitry within the CARD would optimally be obtained via inductive coupling between the CARD and the XATR, rather than being carried directly within the CARD.
Typical circuitry and interconnection means for such coupling are set forth in the above-identified copending application Serial No. 866,197 of the present inventor entitled, "Personal Portable Terminal for Financial Transactions".
It should be understood that the required key length for the FIPS 'Data Encryption Standard' is 56 binary bits. Such a binary key is derived from a decimal keyboard entry by decimal to binary conversion employing conversion algorithms well known in the art.
Referring now to the embodiment of the present invention as set forth in FIG. 1 of the drawings, it will be noted that all reference numerals beginning with "1" refer to circuitry located in the CARD, and all reference numerals beginning with "2" refer to circuitry located in the Utilization/Identification Terminal. It will also be noted that the line A-AI defines the interface between the person and the retailer wherein the Utilization/Identification Terminal would normally be a Point of Sale Terminal (POST). It will of course be understood that this terminal could take on a number of different forms and perform a number of different functions other than point of sale. Thus, for example, it could be a banking terminal, facilities access terminal, or the like. Regardless of the par-ticular utilization, the final occurrence of a 'compare' in block 217 of the terminal, would indicate that the person holding the CARD was a properly identified person. Similarly, a 'no compare' would indicate that an unauthorized person was attempting to use the CARD or that the person's memorized key l~ was improperly entered.
A11 of the functional blocks within FIGS. 1, 2 and 3 are labeled. Also included within each block is a statement of the particular data therein or gen~r.~ted by the system. Additionally, there is an indlcation in each of the blocks located on the CARD of the accessibility of the particular unit to the interface. Thus, the following four symbols are used in various combinations:
R: can be read W: can be written R: cannot be read W: cannot be written These symbols define and limit the interface functions which the various units perform in the ,. : ' overall system operation, and it should be clearly understood it is exceedingly important ~hat this functional integrity be maintained in order that the system be secure.
Proceeding now with a description of the operation of the system of FIG. 1, it is to be understood that this system has limited security insofar as the person is concerned since he must enter the key KA via the keyboard 201 located in the U/I
Terminal. It is also assumed in this embodiment that no XATR is available either because the system is not adapted for it or because the person does not have one. Instead, a slot or location is provided at the U/I Terminal to serve as a data interface. It is also assumed that the U/I Terminal may be rendered adequately secure to discourage unscrupulous employees from accessing and keeping a record of various individuals' keys KA.
As stated previously, communication between the CARD and the U/I Terminal could be by a number of means well known in the art. These include direct connection, as indicated, inductive coupling, or the like. It is also assumed that the circuitry within the CARD would be powered induc~ively from a power source in the U/I
Terminal, rendering the CARD less bulky.
Similarly, ~he control sequences could be performed by either a series of sequential single shot circuits or by a small micropro-cessor and control store therefor which could be located either within the CARD or in the U/I
Terminal and connected to the CARD via appro-priate control lines as will be well understood by those skilled in the art.
. 16 To proceed IIOW ~ith the description of the operation of the system, the person first places' his CARD on or ln a U/I Terminal, which in the embodiment of FIG. 1 is a retailer's Point of Sale Terminal (POST). Communication between the CARD
and the U/I Termlnal is established. First, the person enters hi,s key KA via the keyboard 201 in the U/I Te.rmlnal. At this point all activity by the person ceases.
The U/I Terminal, through an appropriate signal, designated by the arrow P.I. tperform identifi-cation), initiates,a program stored within the ' CARD to perform the following operations to establish the val.idity of the key K~ entered by the person via ~he keyboard 201.
Simultaneou~.].y~ the CARD delivers the contents of key storage register 1045, which is the true key KT to the key input of the encryption device 115, and 2) the U/I Terminal delivers the keyboard entered key KA from the k~eyboard.201, as the asserted key in-put to the ~ncryption device.215 (identical to 115~.
Next, the following operations occur simultaneously in the CARD and U/I Terminal: 1) the CARD delivers a random word from the Random Word Generator 107 to one input of e~clusive OR circuit 116 loc,ated on the CARD and to one input of the exclusive OR circuit 216 located in the U/I Terminal, and 2) Random Word Generator 207 delivers random word RW2 simultaneously as the second input to exclusive OR circuit 116 in the card and to exclusive OR circuit 216 in the U/I
Terminal. The two exclusive OR circuits 116 and 216 located on the C~RD and in the U/I ~erminal, respec-tively, deliver the same composite random word to ' 2~3 their respective encryption devices 115 and 215, as the data input. The two encryption operations are performed substantially simultaneously and the output of the encryption device 115 is stored in register 108 as the true cncrypted random word (~RWT). The output from encryption device 215 is stored in register 208 as the asserted encrypted random word (ERWA).
At this point the ERWT which is stored in register 108 in the CARD is transferred to register 209 in the U/I
Terminal and the ERWA which is stored in register 208 in the Uf l Terminal is transferred to register 109 in the CARD. It should be noted that these transfers occur in the reverse order in the preferred embodiment of the invention for reasons which will be explained subsequently, i.e., most significant bit last, least significant bit ~irst; and most significant bit first, least significant bit last. Simultaneous to the transfer operation the contents,of registers 108 and 208 are gated into compare units 117 and 217, respectively, the other inputs thereto are provided by re~isters 10~ and 209 respectively. Since the devices 115 and 215 are identical, the two encrypted outputs ERWT and ERWA will be the same provided the two keys, KT and KA, are identical. Thus,- the two compare units sirnultaneously reach 'valid' or 'invalid' decisions based on ERWT and E~WA. If a 'valid' decision is reached, the person has entered the proper key XA at the keyboard and he is properly identified for whatever transaction he wishes to consummate at the U/I Terminal.
The function of compare unit 117 is to activate disabling circuitry of the type shown in FIG. 3 which will be described later. It will be noted, however, that this is not a requirement of the most basic system.
. ~ .
.
.
~9~Z~3 While the ~isclosed embodiment of the system shown in FIG. 1 is considered the preferred embodiment, it should be noted that it would be possible to dispense with the registers 109 and 209 in the CARD
and in the U/I Terminal respectively. In this case the contents of the register 108 in the CARD would be transferred directly to compare unit 217 and similarly the contents of register 208 in U/I Terminal would be transferred directly to the compare unit 117 without temporary storage.in the registers 109 and 209.
If it is assumed that some storage capacity is present-in either the output of the encryption devices 115 and 215 or at the double inputs of the comparison units 117 and 217 the following could occur. The output of encryption device 115 could be simultaneously transferred into compare unit 117 and 217 respectively, and the output of encryption device 215 co~lld be simultaneously transferred to compare unit 217 and 117. Both of these alternate embod1ments require that the CARD be absolutely unalterable to prevent the person fraudulently retransmitting ERWA back to the U/I
Terminal and thus force a compare in compare unit 217. This.subject will be discussed later with respect to the embodiment of FIG. 2.
:.
It should be understood that in order to maintain the amount of circuitry within such a system at a minimum and, in particular, on the CARD, it is preferred that all data transfers between the CARD and the U/I Terminal occur in bit serial fashion rather than in parallel. However, since the encryption devices are key controlled block cipher UllitS, the entire key and data blocks must be submitted to same before they can proceed with the encryption. Similarly, a complete ~.2~)213 block of data is delivered to the output register of the encryptLon device. Parallel operation of the system is, of course, possible.
In addition to the previously mentioned design alternatives wllerein registers 108, 109 and 208, 209 could be dispensed with and the two encrypted random words ER~T and ERWA forwarded directly to the compare- circuit 217, other changes could be made in the system without departing from the spirit and scope of the invention. Another possible alteration would be to dispense with the generation of the two random words RWl and RW2 and replace same with a sin~le random word generator within the CARD
or U/I Terminal which word is delivered to both lS encryption devices 115 and 215.
Referring now to FIG. 2, an alternative embodiment of the invelltion is disclosed wher~in the person has a personal portable transaction device, or XATR, at his disposal which has means for interfacing with the CARD ~l~d wi~h the U/I Terminal. In FIG. 2 it will be noted that the line A-A' again refers to the interface between the U/I Terminal and the XATR and CARD combination, i.e., the person and the RetaiIer.
The XATR is indicated by the outer dashed line to the left of the interface line A-A' and the CARD
and its circuitry are indicated. It will be seen from the figure that the XATR provides a keyboard 101 for entering the key KA which is totally within the control of the person presenting the CARD. In addition, the XATR pro~ides the communication or interface function between the CARD located therein and the U/I Terminal.
-2~3 -The operations performed by the encryption cir-- cuitry, etc., in the embodiment of FIG. 2 are essentially the same as those of FIG. 1. The principal exception to this is that the distri-bution of functions between the CARD and U/I
Terminal is different. In the embodiment of FIG. 2 the key KA, which is entered via the keyboard 101, never passes into the Terminal. Consequently, the second encryption device, shown in FIG. 2 as 114B, is located in the CARD. Again, the circuitry within the CARD may not be altered in any way by the person to whom said CARD is issued.
The operation of the system is as follows. With the CARD in position in the XATR and the XATR
appropriately connected to the U/I Terminal, a transaction initiation button is actuated. The person enters the key KA into the keyboard 101 of the XATR. KA is communicated to the encryption device 114B as the key input. Simultaneously, the key KT stored in register 1045 is gated as the key input to the encryption device 114~.
The data input to the two encryption units 114A
and 114B both located on the CARD is generated by the Random Word Generator 106. Since both encryp-tion devices are located on the CARD it is not necessary alld serves no useful security function to have two random word generators as in the embodiment of FIG. 1. The outputs from the two encryption devices 114A and 114~ are delivered to registers 108 in the CARD and 208 in the U/I
Terminal as the true encrypted random word (ERWT) and asserted encrypted random word (ERWA), respeatively.
z~
~he arrangement of FIG. 2 prevents what would be a relatively simple alteration of the XATR by a person owning same and wishing to defraud the retailer. By slightly altering the data paths within the XATR, the person could cause the output from register 208 to be delivered directly to register 209. Thus, the compare circuit 217 would always give a successful comparison regardless of what key KA the person entered at the keyboard 101.
To prevent sùch a fraudulent circuit alteration in the XATR (or even in the CARD) the following occurs: With the ERWT stored in register 108 in the CARD and the ERWA stored in register 208 in the Termin.~ e system controls cause data transfer from register 108 to register 209 to occur 'most significant bit first' and 'least significant bit last'. Simultaneously, the data transfer from register 208 to rçgister 109 occurs in the reverse order, i.e., 'most significant bit last, least significant bit first'. Thus, if a direct electrical connection were made at point ~
(as shown in FIG. 2) by the person the contents of register 208 would be delivered directly to register 209, however, the bits would be stored in register 209 in reverse order and a compare with the contents of register 208 would fail. Here again, it is reiterated that the data content and circuit configuration within the CARD itself must be unalterable so that there is no way, for example, to load register 108 with the output from encryption device 114B rather than 114A which, of course, would always force a compare.
Proceeding with the final step of the operation of the system, the contents of registers 208 and 209 2~
are compared in unit 217 and if successful the identification of the person is assumed correct and if unsuccessful either a mistake has been made, i.e., the wrong key entered, or the person is an imposter.
Additionally, a test is made in the CARD wherein the contents of registers 108 and 109 are compared by compare circuit 117, the output of this circuit being the illpUt to a CARD deactivating circuit which will be explained subsequently with respect to FIG. 3.
It should also be understood, that in the system of FIG. 2, the specific control mechanisms have not been shown as they are considered to be state of the art and could readily assume a number of different ~orms as discussed previously with reference to FIG. 1. It should,again be noted that in FIGS. 1, 2 and 3, similar reference numbers are utilized to identify similar functional units.
For example, in all three embodiments, the numeral 1045 refers to the register for storing the true key, KT. Similarly, register 108 stores the true -~
encrypted random word and register 208 stores the asserted encrypted random word.
It shbuld ~e noted that in the embodiments of FIG. 2 and FIG. 3 wherein two encryption circuits are shown, i.e., 114A and 114B, it would be possible to eliminate one of the encryption devices by providing control circuitry so that a single encr~ption device could provide both ERWT and ERWA.
:
Referring now to FIG. 3, a system similar to FIG. 2 is disclosed utilizing again an XATR as an interface unit between the CARD and the U/I Terminal. In the embodiment of FIG. 3 there are three additional enhancements to the basic system of the FI~. 2. It will be noted that the circuitry in FIG. 3 below the line D/D' is the same as in FI&. 2.
The first enhancement of FIG. 3 is the use of a special counter having a "disable CARD" output which will electronically "destroy" or "disable" a CARD which should no longer be used. Its operation will be apparent from the subsequent description of the figure. The second feature described is the division of the key into high order and low order bits so that the key KA which must be memorized by the person may be considerably shortened. The third feature involves the use of a special index (M) which may be selectively entered by the individual into a register in the CARD. This index is an offset whereby the key entered at the keyboard may be periodically changed without necessitating any change of the permanently stored key KT.
Referring now specifically to the CARD disabling feature of the embodiment of FIG. 3 it will be noted that a block is provided labeled Counter Protection having one output line labeled 'Disable CARD'. Two input lines are provided. The first is labeled "Increment" which emanates from register 104 where a quantity KTL is stored. This line produces a pulse each time register 104 is accessed. The second input from the compare block 117 marked l'Reset" resets this counter to zero.
This pFevents someone finding or stealing a card, placir.~ it in a XATR, and trying different keys KA
until the correct one is found. The counter protection circuit would be set at some predetermined count value.
This count value or threshold would allow a reasonable number of honest mistakes on the part of the person entering his lcey KA. Each time a key is entered and an identification procedure initiated, the register 104 is accessed and a pulse produced.
Subsequently, with every successful compare between the registers 108 and 109 a pulse would be produced by 117 and -the counter would be reset to zero.
However, if a predetermined number of consecutive accesses of 104 should occur without a successful comparison by 117 a 'disable CARD' would be activated by the output from the Counter Protection block which would cause some "invalid" condition to occur in the CARD. This could take on a number of different forms such as, disabling the storage area for KT so it would not be available to the system. Alternatively, a special register could be provided which would be readable by the U/I
Terminal indicating an invalid CARD wherein said register would always be read before- any identification procedure began. Other ways in which the CARD could be disabled include setting a latch which burns a fusible link, removing power fro~ the card or interrupting data flow from the CARD. This protection prevents an unauthorized holder of the CARD from presenting the CARD with different keys KA until the correct one is found.
The -second feature of the circuitry shown in FIG. 3 is the division oE the asserted key XA so that a smaller number of digits must be memorized by the person. By adding the two catenation circuits 120 and 122, and the high and low order bit storage ~.2~Z8 registers 105 and 104 respectively for the true key KT (KTH,KTL), the key which the individual must remember may be arbitrarily shortened.
The blocks labeled 111, 102 and 103 should be ignored for the following explanation, it being assumed that the keyboard input goes directly to the catenation circuit 122 as the low order bits KAL. The true key KT is divided into two parts, the low order bits KTL being stored in register 104 and the high order bits KTEI being stored in register 105. In order to make up the full KT being transferred to encryption device 114A, a low order portion of ~he key KT becomes one input to the catenation circuit 120 and the high order portion from regist~r 105 becomes the second input to the catenation circuit 120. The catenation circuit functions to order these two groups of bits into their proper sequence, i.e., int;o a single key having the a~propriate bits in the high and low order positions. Catenation circuit 122 works in exactly the same way as 120, and forms ~he full asserted ke~ KA which is provided as the key input to the encryption device 114B. Thus, KTH is utilized to make up both the full true key KT and the full asserted key KA. As will be apparent, security is provided and the size of the key which must be remembered and entered correctly via the keyboard 101 is,reduced.
Referring now to the top portion of the CARD shown in FIG. 3A,,two registers 102 and 103 and the adder circuit 111 are shown which may be utilized to provide a variable key. A,quantity M may be entered at any time by the individual and stored in register 103-via the dashed line from keyboard 101. Subsequently the asserted key which is .
,. . . ~ .
~ 2~C1 2~
entered via 101 referred to herein as KE is cnter~d directly into re(Jistor 102 in the norm.~l fashion. Additlon of the two quantities in registers 102 and 103 in the adder circuit 111 produces the partial asserted key KAL. Thus, both M
and KE are N bit data words which when added together produce the N bit key KAL~ This may be represented by the formula:
KE+M = XAL
- 10 This feature allows the person to periodically alter his asserted key KE to enhance security.
It should be understood that if the blocks 104, 105, 120, and 122 were deleted that the circuitry repre-sented by blocks 102, 103, and 111 could be used to produce the full asserted key KA.
From the above de~scription of the preferred embodi-ments of the system set forth in FIGS. 1, 2 and 3, it will be ~pparent that a number of changes in form and detail would be possible without departing from the overall teachings of the present invention, as set fortll il~ the appendcd claims.
- Industrial Applicability The presently disclosed invention has applicability for any situation where personal identification is of importance. It would have particular utility in the retail sales field where the retailer is obviously concerned that the individual seeking credit and having an apparently valid credit card is actually the person entitled to said credit card and thus to credit. Another significant area of potential commercial utilization of the invention is in the financial field and more particularly cash issuing terminals either manned or unmanned wherein a person presents the bank C~RD and, upon proper identification, cash is issued to the individual.
.
. . .-z~
The system also has potential utillzation in the facility access field wherein an individual is either seeking entry into a physical facility such as a plant or to a computer or to computer files via a terminal where it is important that the individual be properly identified prior to the granting of the desired access.
The function of the CARD is not limited to personal identification transactions ! but may well be extended to maintain records of particular business transactions. Thus, subsequent bookkeeping and electronic funds transfer operations utilizing transaction data recorded on the card are possihle.
For such a~ lic~tion~ the C~RD would be prcscnted to a banking institution where the transaction data would be transferred to the person's account. In those cases where the transaction data was not previously forwarded to the bank by the U/I
Terminal device, the CARD entered data would serve as the sole ~ookkeeping data input. Conversely, when the transaction data was previously forwarded to the bank the transaction data from the CARD
could serve as a check to protect the person and warn him of any unauthorized use of his account or mistakes by the retailer.
In all of the above situations, the presently disclosed system has the advantage of giving the person significant protection as well as providing security for the particular entity having control of the Utilization/Identification Terminal whether it be a point of sale terminal, a computer terminal, a cash issuing terminal or some sort of facility access terminal.
~ 2~2~3 As will also be apparent, the identification system disclosed herein could be combined with other personal identificaticn systems for various high securiiy applications. These might include signature verifica- -tion systems, fingerprint recognition systems,voiceprint recognition systems and the like.
In.summary, the herein disclosed identification system provides a high degree of security for both the person holding the CARD and the entity which ultimately accepts said identification at a suitable U/I Terminal. The system maintains security without recourse to a Host computer which might be subject to breakdown, communication outages, etc., and thus is capable of off-host lS operation without sacrificing reliability.
U. S. Patent No. 3,579,186 of Johnson and U. S.
Patent No. 3,80~,704 of Shinal both disclose systems wherein the identification criteria com-prises a person's signature and which disclose the basic combi~latiotl of a signaturc verifica~ion system incllJdin~ a credit card-like device which carries data representative of the signature dynamics of an individual. It further utilizes a reading station or facility access station wherein a'person signs his name whereby similar dynamic signal characteristics are generated and compared against those stored on the credit card-like device presented to the system.
Other personal identification systems include recognition means such as "voiceprint", or "finger-print." These are recognition and identification schemes wherein a person's fingerprint or voice-print is compared against a previously taken fingerprint or voiceprint which is stored either on a credit card-like device carried by the person or stored in a central system memory, depending upon the complexity of the comparison and other factors which will be well understood by those skilled in the art.
Many of the more sophisticated identification systems such as signature, voice, and fingerprint are rather complex in nature and conventionally require significant amounts of computational time in order to accurately analyze and compare the necessary data to effect a recognition or approval type of operation.
Similarly, most of the currently used credit banking systems req,uire entry of a PIN into the terminalj which number is then utilized in systems including encryption procedures, communication networks and a host Central Processing Unit (CPU) to provide the requisite identification.
In contrast, the present invention presents a S system in which the valid possession of a personal identification card is established when the person provides a key which is identical to a key which is electronically stored in the card. The card itself is ~imilar to that described in U. ~.
Patent No. 3,806,874 of Kurt Ehrat, entitled "Identification System for Individuals." An essentiàl feature of such a card is that it be so constructed th~t it is virtually impossible for anyone to either alter the circuitry in the card or to in any way either detect or alter the infor-mational content of said card and circuitry other than in a manner which is intended by the design of the card.
Before proceeding with a detailed description of the present invention the following definition of terms is set forth in an effort to clarify and standardize the subsequent description. This is necessary due to the many and varied types of systems which e~ist in the personal identification area which utilize many different terms, some of which are synonymous and some of which are not. In the following description the term "person" will be used whenever the person or individual holder of a credit card-like device is being referred to. As will be apparent, this person could be the customer of a store, a bank, or someone seeking to gain entrance to or use of a physical facility such as a factory or computer terminal.
.
~ YO977-071 .
2~
The credit card-like device or token will be referred to hereinafter as a "CARD" and, as will be apparent, could take on a number of different physical forms. The particular physical requi~e-ments insofar as computational circuitry, storage,etc., are set forth in detail subsequently. Such a CARD could be utllized at a bank's cash issuing terminal, a teller operated terminal, a point of sale terminal in a department store, or an identi-fication terminàl located at a physical facility.
The terminals to which such a CARD is to be pre-sented will be referred to hereinafter as a Utilization/Identification Terminal or "U/I Terminal".
Regardless of the ultimate utilization of the terminal, for the purpose of the present invention, identifica-tion of the person is the function with which the present invention is concerned.
, The type of organization having such a U/I Terminal whether it be a bank, department store, or some other commerc;al establishment will be referred to as the "utilization entity".
As will be apparent from the following description of the present invention, it is required that the person holding the CARD enter a memorized number via a keyboard into the identification system.
This number is then utilized as an encryption key as will be understood from the following descrip-tion. While the number is, in essence, a personal identification number or PIN, in view of the use of the number in the present system, it will be referred to herein as the asserted key. This asserted key is in contrast with a true key permanently stored in the CARD. Thus, the : Yo977-071 6 ~ Z ~
asserted key is memorized and must be entered by the person into the U/I Terminal. Similarly, the key stored in the CARD will be referred to sub-sequently as the true key. For convenience of reference the asserted key and the true key will be specifically called "the key KA" and "the key KT"
respectively.
Finally, in the embodiments of FIGS. 2 and 3, a personal portable terminal device is utilized by the person to interface between the CARD and U/I Terminal. As will be apparent from the subsequent description, the personal portable terminal device performs both an interface function between the CARD and the U/I Terminal and also provides a keyboard for entering the key KA into the system. In the subsequent description and in the drawings the term "XATR"
will be utilized to refer to such terminal.
In one embodiment of the invention the CARD is first placed in a XATR which is then placed in a data exchange relationship with an U/I Terminal such as a Point of Sale Terminal (POST), or the like, at the facility where the person wishes to establish his identity. The XATR is provided with a keyboard which allows the person to enter his memorized key KA into the system with minimum exposure to unauthorized copying or retention.
Such a XATR is disclosed in detail in U.S. Patent 4,277,837, issued July 7, 1981, of the present inventor, entitled "Personal Portable Terminal for Financial Transactions."
- ~2~I12~
Background Art The most relevant background art in this area known to the inventor is set forth in the previous Technical Description section. It is noted that the personal identification area is extremely active and highly developed at this time.
At the heart of most current personal identifi-cation number/credit card systems are sophisticated secure encryption systems, the best known of which is the key-controlled block cipher cryptographic system adopted by the National Bureau of Standards as a Federal Information Processing Standard entitled "Encryption ~lgorithm for Computer Data Protection". The Standard together with a com-plete technical description is containe~d in the publication, "Data Encryption Standard," Federal Information Processing Standard (FIPS), Publica-tion 46, National Bureau of Standards, U. S.
Department of Commerce, January 1977. U. S.
Patent No. 3,g58,081 specifically discloses a hardware embodiment of an encryption device which fully complies with the above identified standard.
, ~, .
Summary of the Invention It has now been found that a substantial need in the business, banking, and-financial community may be satisfied by an identification system including a unique CARD containing data storage and com-putational capabilities built into same. The card is further characterized by the fact that neither the circuitry nor any data stored therein be susceptible to alteration or unauthorized access subsequent to the manufacture or issuance thereof.
~mbedded in ~he CARD are a plurality of storage registers, a rallclom word generator and at least one key controlled block-cipher encryption device.
The bank or other entity issuing the CARD causes the person's true key KT to be stored within the CARD. The person memorizes this key for sub-sequent entry into a U/I Terminal, or a XATR as the key KA. A random word is produced by the system, which random word is simultaneously encrypted under the key, KT, and the key, KA, entered at a keyboard by the person. The results of the encryptions of this random word are subsequently compared to determine if the two keys are the same. If they are, the person presenting the card is considered to be properly identified. The true key, KT, permanently stored within the CARD is never available outside of the CARD, i.e., only the random word encrypted under KT is available outside of the CARD. Further, in one of the disclosed embodiments the keyboard entered key, KA, is not available to the U/I Terminal, only the random word encrypted under said key is.
Brie Description of_the Drawin~s FIG. 1 is a high level functional block diagram of a CARD U/I Terminal identi~ication system showing the significant functional components of such a system constructed in accordance with the teachings of the present invention.
FIG. 2 is a similar h`igh level functional block diagram of an alternative embodiment of the system g ..
utilizing a XATR as an interface between the person's C~RD and the U/I Terminal.
.
FIG. 3 is a functional diagram of a system con-figured similarly to that of FIG. 2 having addi-S tional functional features included for simpli~yingthe entry of the key KA (only a portion thereof need be entered) and further including an automatic protection device embedded therein.
Description of the Invention According to the broadest aspect of the present invention, a personal identification system is provided which includes the combination of a CARD
which is issuecl to a person and a U/I Terminal.
The CARD is so constructed that access to secure data stored therein is impossible. Any alteration of the functional operation of,the circuitry contained therein subsequent to manufacture or issuance is also prevented. The CARD contains at least a secure storage means for a key KT unique to the person, means for generating or obtaining a random word to be encrypted under said key, KT, a key controlled block cipher encryption device, and means for trans-ferring the encrypted random word to a U/I Terminal for subse~uent comparison. The U/I Terminal provided at the utilization entity includes the following functional components:
means for interfacing, in a data communication relationship with the person's CARD, keyboard means whereby the person whose identity is to be verified may enter his memorized key KA, lo ~ 28 means for cJenerating or othe~wise obtaining a random word which is to be encrypted by suitable encryption means located both on the CARD and also within the U/I Terminal, a key controlled block-cipher encryption device identical to that in the CARD for encrypting said random word under the key KA entered by the person vi~ the keyboard, means for comparing the result of the encryption of the random word.in the U/I Terminal with the encryption of the random word in the CARD and, means for indicating the result of the said comparison.
To summarize, the operation of the present system includes the generation of a random word either in the CARD, the U/l Terminal, or by a combination of the two, and then separate encryptions of this random word .under the two keys, KT and KA. The key, KT ' is stored in a secure storage location in the CARD
20 . and the key, KA ~ is entered by the person at a keyboard which may be located in the U/I Terminal.
In the embodiment of FIG. 1, the two encryptions occur in identical encryption devices, the first being.located in the CARD and the other in the V/I
Terminal. If both keys are the same, the encrypted random words will be identical.
It will be noted that the embodiment just des-cribed, wherein the keyboard is located within the U/I Terminal, suffers from the disadvantage, from the standpoint of the persQn's security, of 2~
actually placing the person's asserted key KA
within control of the U/I Terminal and thus, any individuals having access thereto. Thus, un-scrupulous personnel employed by the retailer, bank or other utllizing entity could, over a period of time, compile a list of valid user keys (KA) which could be used fraudulently. This shortcomin,g ' of the embodiment set forth in FIG. 1 is overcome by thé system disclosed ln FIG. 2, wherein a XATR of a type set forth in the above-identified copending appli-cation is an interface between the U/I Terminal and the CARD. The XATR in the present system provides a keyboard which is under the control of the person entering an asserted key KA. The XATR
also serves as a communication, data, and control interface between the CARD and U/I Terminal. In the embodiment'of FIG. 2 the circuit configuration of the CARD is modified so that the encryption of the random word under both the true key KT stored in the CA~D and under the key KA are both per-formed within the CARD. In this embodiment the two versions of th'e encrypted random word, are both transferred to the U/I Terminal and to a com-parison circuit located, therein, wherein an affirmative comparison indicates that the proper asserted key KA has been entered by the person.
In this latter embodiment, as is apparent, the person'gains greater security because his asserted key KA never passes into the U/I Terminal.
In all embodimentsl in order for the utilization entity to have adequate protection it should be understood that it is of greatest importance that 12 '~ ~9~2~
the CARD carried by the individual be unalterable in data content, circuit function or data paths.
Thus, for e~ample, if the person presenting the CARD
could alter the circuitry on the CARD to cause the same encry~e(l random word to be transferred to the U/I Terminal as was received from the U/I Terminal, the system would be compromised. According to a further aspect of the invention means are provided for disabling tlle C~RD in the event- of an attempted unauthorized use should the card be lost or stolen.
Circuitry is provided within the CARD to electronically disable the C~RD in the event of one or more unsuccess-ful comparison operations. The number of comparison failures necessary to cause disabling of the CARD
would be predetermined by the system designers~
In this way a number of legitimate mistakes by a person entering his key KA would be permitted.
Description of the Disclosed Embodiments In the embodiments of FIGS. 1, 2 and 3 only the significant functional units of the system are disclosed. These are the significant storage registers and functional elements such as the encryption blocKs, random word generators, and the comparison an~ catenation circuits. The gates for trans~ittinq data between registers or between registers and functional units and their operation are considered obvious to a digital circuit de-signer. Similarly, the sequential controls could comprise a syst~m clock including a number of interconnected single shot circuits or a small microprocessor having an associated micropro-grammed memory for effecting the various sequential operations required. The contro~ he ~unc-tional units within the CARD could either be accomplished by a microprocessor or a system clock physically located within the CARD wherein the operation is initiated by a single control pulse from the U/I Terminal or alternatively all of the control functions could be performed by a micro-- processor located within the U/I Terminal and transmitted to the CARD via the interface between the Card and the Terminal. In the embodiments of FIGS. 2 and 3 the XATR device functions primarily as a communication path for both data and control information.
The power for operating the circuitry within the CARD would optimally be obtained via inductive coupling between the CARD and the XATR, rather than being carried directly within the CARD.
Typical circuitry and interconnection means for such coupling are set forth in the above-identified copending application Serial No. 866,197 of the present inventor entitled, "Personal Portable Terminal for Financial Transactions".
It should be understood that the required key length for the FIPS 'Data Encryption Standard' is 56 binary bits. Such a binary key is derived from a decimal keyboard entry by decimal to binary conversion employing conversion algorithms well known in the art.
Referring now to the embodiment of the present invention as set forth in FIG. 1 of the drawings, it will be noted that all reference numerals beginning with "1" refer to circuitry located in the CARD, and all reference numerals beginning with "2" refer to circuitry located in the Utilization/Identification Terminal. It will also be noted that the line A-AI defines the interface between the person and the retailer wherein the Utilization/Identification Terminal would normally be a Point of Sale Terminal (POST). It will of course be understood that this terminal could take on a number of different forms and perform a number of different functions other than point of sale. Thus, for example, it could be a banking terminal, facilities access terminal, or the like. Regardless of the par-ticular utilization, the final occurrence of a 'compare' in block 217 of the terminal, would indicate that the person holding the CARD was a properly identified person. Similarly, a 'no compare' would indicate that an unauthorized person was attempting to use the CARD or that the person's memorized key l~ was improperly entered.
A11 of the functional blocks within FIGS. 1, 2 and 3 are labeled. Also included within each block is a statement of the particular data therein or gen~r.~ted by the system. Additionally, there is an indlcation in each of the blocks located on the CARD of the accessibility of the particular unit to the interface. Thus, the following four symbols are used in various combinations:
R: can be read W: can be written R: cannot be read W: cannot be written These symbols define and limit the interface functions which the various units perform in the ,. : ' overall system operation, and it should be clearly understood it is exceedingly important ~hat this functional integrity be maintained in order that the system be secure.
Proceeding now with a description of the operation of the system of FIG. 1, it is to be understood that this system has limited security insofar as the person is concerned since he must enter the key KA via the keyboard 201 located in the U/I
Terminal. It is also assumed in this embodiment that no XATR is available either because the system is not adapted for it or because the person does not have one. Instead, a slot or location is provided at the U/I Terminal to serve as a data interface. It is also assumed that the U/I Terminal may be rendered adequately secure to discourage unscrupulous employees from accessing and keeping a record of various individuals' keys KA.
As stated previously, communication between the CARD and the U/I Terminal could be by a number of means well known in the art. These include direct connection, as indicated, inductive coupling, or the like. It is also assumed that the circuitry within the CARD would be powered induc~ively from a power source in the U/I
Terminal, rendering the CARD less bulky.
Similarly, ~he control sequences could be performed by either a series of sequential single shot circuits or by a small micropro-cessor and control store therefor which could be located either within the CARD or in the U/I
Terminal and connected to the CARD via appro-priate control lines as will be well understood by those skilled in the art.
. 16 To proceed IIOW ~ith the description of the operation of the system, the person first places' his CARD on or ln a U/I Terminal, which in the embodiment of FIG. 1 is a retailer's Point of Sale Terminal (POST). Communication between the CARD
and the U/I Termlnal is established. First, the person enters hi,s key KA via the keyboard 201 in the U/I Te.rmlnal. At this point all activity by the person ceases.
The U/I Terminal, through an appropriate signal, designated by the arrow P.I. tperform identifi-cation), initiates,a program stored within the ' CARD to perform the following operations to establish the val.idity of the key K~ entered by the person via ~he keyboard 201.
Simultaneou~.].y~ the CARD delivers the contents of key storage register 1045, which is the true key KT to the key input of the encryption device 115, and 2) the U/I Terminal delivers the keyboard entered key KA from the k~eyboard.201, as the asserted key in-put to the ~ncryption device.215 (identical to 115~.
Next, the following operations occur simultaneously in the CARD and U/I Terminal: 1) the CARD delivers a random word from the Random Word Generator 107 to one input of e~clusive OR circuit 116 loc,ated on the CARD and to one input of the exclusive OR circuit 216 located in the U/I Terminal, and 2) Random Word Generator 207 delivers random word RW2 simultaneously as the second input to exclusive OR circuit 116 in the card and to exclusive OR circuit 216 in the U/I
Terminal. The two exclusive OR circuits 116 and 216 located on the C~RD and in the U/I ~erminal, respec-tively, deliver the same composite random word to ' 2~3 their respective encryption devices 115 and 215, as the data input. The two encryption operations are performed substantially simultaneously and the output of the encryption device 115 is stored in register 108 as the true cncrypted random word (~RWT). The output from encryption device 215 is stored in register 208 as the asserted encrypted random word (ERWA).
At this point the ERWT which is stored in register 108 in the CARD is transferred to register 209 in the U/I
Terminal and the ERWA which is stored in register 208 in the Uf l Terminal is transferred to register 109 in the CARD. It should be noted that these transfers occur in the reverse order in the preferred embodiment of the invention for reasons which will be explained subsequently, i.e., most significant bit last, least significant bit ~irst; and most significant bit first, least significant bit last. Simultaneous to the transfer operation the contents,of registers 108 and 208 are gated into compare units 117 and 217, respectively, the other inputs thereto are provided by re~isters 10~ and 209 respectively. Since the devices 115 and 215 are identical, the two encrypted outputs ERWT and ERWA will be the same provided the two keys, KT and KA, are identical. Thus,- the two compare units sirnultaneously reach 'valid' or 'invalid' decisions based on ERWT and E~WA. If a 'valid' decision is reached, the person has entered the proper key XA at the keyboard and he is properly identified for whatever transaction he wishes to consummate at the U/I Terminal.
The function of compare unit 117 is to activate disabling circuitry of the type shown in FIG. 3 which will be described later. It will be noted, however, that this is not a requirement of the most basic system.
. ~ .
.
.
~9~Z~3 While the ~isclosed embodiment of the system shown in FIG. 1 is considered the preferred embodiment, it should be noted that it would be possible to dispense with the registers 109 and 209 in the CARD
and in the U/I Terminal respectively. In this case the contents of the register 108 in the CARD would be transferred directly to compare unit 217 and similarly the contents of register 208 in U/I Terminal would be transferred directly to the compare unit 117 without temporary storage.in the registers 109 and 209.
If it is assumed that some storage capacity is present-in either the output of the encryption devices 115 and 215 or at the double inputs of the comparison units 117 and 217 the following could occur. The output of encryption device 115 could be simultaneously transferred into compare unit 117 and 217 respectively, and the output of encryption device 215 co~lld be simultaneously transferred to compare unit 217 and 117. Both of these alternate embod1ments require that the CARD be absolutely unalterable to prevent the person fraudulently retransmitting ERWA back to the U/I
Terminal and thus force a compare in compare unit 217. This.subject will be discussed later with respect to the embodiment of FIG. 2.
:.
It should be understood that in order to maintain the amount of circuitry within such a system at a minimum and, in particular, on the CARD, it is preferred that all data transfers between the CARD and the U/I Terminal occur in bit serial fashion rather than in parallel. However, since the encryption devices are key controlled block cipher UllitS, the entire key and data blocks must be submitted to same before they can proceed with the encryption. Similarly, a complete ~.2~)213 block of data is delivered to the output register of the encryptLon device. Parallel operation of the system is, of course, possible.
In addition to the previously mentioned design alternatives wllerein registers 108, 109 and 208, 209 could be dispensed with and the two encrypted random words ER~T and ERWA forwarded directly to the compare- circuit 217, other changes could be made in the system without departing from the spirit and scope of the invention. Another possible alteration would be to dispense with the generation of the two random words RWl and RW2 and replace same with a sin~le random word generator within the CARD
or U/I Terminal which word is delivered to both lS encryption devices 115 and 215.
Referring now to FIG. 2, an alternative embodiment of the invelltion is disclosed wher~in the person has a personal portable transaction device, or XATR, at his disposal which has means for interfacing with the CARD ~l~d wi~h the U/I Terminal. In FIG. 2 it will be noted that the line A-A' again refers to the interface between the U/I Terminal and the XATR and CARD combination, i.e., the person and the RetaiIer.
The XATR is indicated by the outer dashed line to the left of the interface line A-A' and the CARD
and its circuitry are indicated. It will be seen from the figure that the XATR provides a keyboard 101 for entering the key KA which is totally within the control of the person presenting the CARD. In addition, the XATR pro~ides the communication or interface function between the CARD located therein and the U/I Terminal.
-2~3 -The operations performed by the encryption cir-- cuitry, etc., in the embodiment of FIG. 2 are essentially the same as those of FIG. 1. The principal exception to this is that the distri-bution of functions between the CARD and U/I
Terminal is different. In the embodiment of FIG. 2 the key KA, which is entered via the keyboard 101, never passes into the Terminal. Consequently, the second encryption device, shown in FIG. 2 as 114B, is located in the CARD. Again, the circuitry within the CARD may not be altered in any way by the person to whom said CARD is issued.
The operation of the system is as follows. With the CARD in position in the XATR and the XATR
appropriately connected to the U/I Terminal, a transaction initiation button is actuated. The person enters the key KA into the keyboard 101 of the XATR. KA is communicated to the encryption device 114B as the key input. Simultaneously, the key KT stored in register 1045 is gated as the key input to the encryption device 114~.
The data input to the two encryption units 114A
and 114B both located on the CARD is generated by the Random Word Generator 106. Since both encryp-tion devices are located on the CARD it is not necessary alld serves no useful security function to have two random word generators as in the embodiment of FIG. 1. The outputs from the two encryption devices 114A and 114~ are delivered to registers 108 in the CARD and 208 in the U/I
Terminal as the true encrypted random word (ERWT) and asserted encrypted random word (ERWA), respeatively.
z~
~he arrangement of FIG. 2 prevents what would be a relatively simple alteration of the XATR by a person owning same and wishing to defraud the retailer. By slightly altering the data paths within the XATR, the person could cause the output from register 208 to be delivered directly to register 209. Thus, the compare circuit 217 would always give a successful comparison regardless of what key KA the person entered at the keyboard 101.
To prevent sùch a fraudulent circuit alteration in the XATR (or even in the CARD) the following occurs: With the ERWT stored in register 108 in the CARD and the ERWA stored in register 208 in the Termin.~ e system controls cause data transfer from register 108 to register 209 to occur 'most significant bit first' and 'least significant bit last'. Simultaneously, the data transfer from register 208 to rçgister 109 occurs in the reverse order, i.e., 'most significant bit last, least significant bit first'. Thus, if a direct electrical connection were made at point ~
(as shown in FIG. 2) by the person the contents of register 208 would be delivered directly to register 209, however, the bits would be stored in register 209 in reverse order and a compare with the contents of register 208 would fail. Here again, it is reiterated that the data content and circuit configuration within the CARD itself must be unalterable so that there is no way, for example, to load register 108 with the output from encryption device 114B rather than 114A which, of course, would always force a compare.
Proceeding with the final step of the operation of the system, the contents of registers 208 and 209 2~
are compared in unit 217 and if successful the identification of the person is assumed correct and if unsuccessful either a mistake has been made, i.e., the wrong key entered, or the person is an imposter.
Additionally, a test is made in the CARD wherein the contents of registers 108 and 109 are compared by compare circuit 117, the output of this circuit being the illpUt to a CARD deactivating circuit which will be explained subsequently with respect to FIG. 3.
It should also be understood, that in the system of FIG. 2, the specific control mechanisms have not been shown as they are considered to be state of the art and could readily assume a number of different ~orms as discussed previously with reference to FIG. 1. It should,again be noted that in FIGS. 1, 2 and 3, similar reference numbers are utilized to identify similar functional units.
For example, in all three embodiments, the numeral 1045 refers to the register for storing the true key, KT. Similarly, register 108 stores the true -~
encrypted random word and register 208 stores the asserted encrypted random word.
It shbuld ~e noted that in the embodiments of FIG. 2 and FIG. 3 wherein two encryption circuits are shown, i.e., 114A and 114B, it would be possible to eliminate one of the encryption devices by providing control circuitry so that a single encr~ption device could provide both ERWT and ERWA.
:
Referring now to FIG. 3, a system similar to FIG. 2 is disclosed utilizing again an XATR as an interface unit between the CARD and the U/I Terminal. In the embodiment of FIG. 3 there are three additional enhancements to the basic system of the FI~. 2. It will be noted that the circuitry in FIG. 3 below the line D/D' is the same as in FI&. 2.
The first enhancement of FIG. 3 is the use of a special counter having a "disable CARD" output which will electronically "destroy" or "disable" a CARD which should no longer be used. Its operation will be apparent from the subsequent description of the figure. The second feature described is the division of the key into high order and low order bits so that the key KA which must be memorized by the person may be considerably shortened. The third feature involves the use of a special index (M) which may be selectively entered by the individual into a register in the CARD. This index is an offset whereby the key entered at the keyboard may be periodically changed without necessitating any change of the permanently stored key KT.
Referring now specifically to the CARD disabling feature of the embodiment of FIG. 3 it will be noted that a block is provided labeled Counter Protection having one output line labeled 'Disable CARD'. Two input lines are provided. The first is labeled "Increment" which emanates from register 104 where a quantity KTL is stored. This line produces a pulse each time register 104 is accessed. The second input from the compare block 117 marked l'Reset" resets this counter to zero.
This pFevents someone finding or stealing a card, placir.~ it in a XATR, and trying different keys KA
until the correct one is found. The counter protection circuit would be set at some predetermined count value.
This count value or threshold would allow a reasonable number of honest mistakes on the part of the person entering his lcey KA. Each time a key is entered and an identification procedure initiated, the register 104 is accessed and a pulse produced.
Subsequently, with every successful compare between the registers 108 and 109 a pulse would be produced by 117 and -the counter would be reset to zero.
However, if a predetermined number of consecutive accesses of 104 should occur without a successful comparison by 117 a 'disable CARD' would be activated by the output from the Counter Protection block which would cause some "invalid" condition to occur in the CARD. This could take on a number of different forms such as, disabling the storage area for KT so it would not be available to the system. Alternatively, a special register could be provided which would be readable by the U/I
Terminal indicating an invalid CARD wherein said register would always be read before- any identification procedure began. Other ways in which the CARD could be disabled include setting a latch which burns a fusible link, removing power fro~ the card or interrupting data flow from the CARD. This protection prevents an unauthorized holder of the CARD from presenting the CARD with different keys KA until the correct one is found.
The -second feature of the circuitry shown in FIG. 3 is the division oE the asserted key XA so that a smaller number of digits must be memorized by the person. By adding the two catenation circuits 120 and 122, and the high and low order bit storage ~.2~Z8 registers 105 and 104 respectively for the true key KT (KTH,KTL), the key which the individual must remember may be arbitrarily shortened.
The blocks labeled 111, 102 and 103 should be ignored for the following explanation, it being assumed that the keyboard input goes directly to the catenation circuit 122 as the low order bits KAL. The true key KT is divided into two parts, the low order bits KTL being stored in register 104 and the high order bits KTEI being stored in register 105. In order to make up the full KT being transferred to encryption device 114A, a low order portion of ~he key KT becomes one input to the catenation circuit 120 and the high order portion from regist~r 105 becomes the second input to the catenation circuit 120. The catenation circuit functions to order these two groups of bits into their proper sequence, i.e., int;o a single key having the a~propriate bits in the high and low order positions. Catenation circuit 122 works in exactly the same way as 120, and forms ~he full asserted ke~ KA which is provided as the key input to the encryption device 114B. Thus, KTH is utilized to make up both the full true key KT and the full asserted key KA. As will be apparent, security is provided and the size of the key which must be remembered and entered correctly via the keyboard 101 is,reduced.
Referring now to the top portion of the CARD shown in FIG. 3A,,two registers 102 and 103 and the adder circuit 111 are shown which may be utilized to provide a variable key. A,quantity M may be entered at any time by the individual and stored in register 103-via the dashed line from keyboard 101. Subsequently the asserted key which is .
,. . . ~ .
~ 2~C1 2~
entered via 101 referred to herein as KE is cnter~d directly into re(Jistor 102 in the norm.~l fashion. Additlon of the two quantities in registers 102 and 103 in the adder circuit 111 produces the partial asserted key KAL. Thus, both M
and KE are N bit data words which when added together produce the N bit key KAL~ This may be represented by the formula:
KE+M = XAL
- 10 This feature allows the person to periodically alter his asserted key KE to enhance security.
It should be understood that if the blocks 104, 105, 120, and 122 were deleted that the circuitry repre-sented by blocks 102, 103, and 111 could be used to produce the full asserted key KA.
From the above de~scription of the preferred embodi-ments of the system set forth in FIGS. 1, 2 and 3, it will be ~pparent that a number of changes in form and detail would be possible without departing from the overall teachings of the present invention, as set fortll il~ the appendcd claims.
- Industrial Applicability The presently disclosed invention has applicability for any situation where personal identification is of importance. It would have particular utility in the retail sales field where the retailer is obviously concerned that the individual seeking credit and having an apparently valid credit card is actually the person entitled to said credit card and thus to credit. Another significant area of potential commercial utilization of the invention is in the financial field and more particularly cash issuing terminals either manned or unmanned wherein a person presents the bank C~RD and, upon proper identification, cash is issued to the individual.
.
. . .-z~
The system also has potential utillzation in the facility access field wherein an individual is either seeking entry into a physical facility such as a plant or to a computer or to computer files via a terminal where it is important that the individual be properly identified prior to the granting of the desired access.
The function of the CARD is not limited to personal identification transactions ! but may well be extended to maintain records of particular business transactions. Thus, subsequent bookkeeping and electronic funds transfer operations utilizing transaction data recorded on the card are possihle.
For such a~ lic~tion~ the C~RD would be prcscnted to a banking institution where the transaction data would be transferred to the person's account. In those cases where the transaction data was not previously forwarded to the bank by the U/I
Terminal device, the CARD entered data would serve as the sole ~ookkeeping data input. Conversely, when the transaction data was previously forwarded to the bank the transaction data from the CARD
could serve as a check to protect the person and warn him of any unauthorized use of his account or mistakes by the retailer.
In all of the above situations, the presently disclosed system has the advantage of giving the person significant protection as well as providing security for the particular entity having control of the Utilization/Identification Terminal whether it be a point of sale terminal, a computer terminal, a cash issuing terminal or some sort of facility access terminal.
~ 2~2~3 As will also be apparent, the identification system disclosed herein could be combined with other personal identificaticn systems for various high securiiy applications. These might include signature verifica- -tion systems, fingerprint recognition systems,voiceprint recognition systems and the like.
In.summary, the herein disclosed identification system provides a high degree of security for both the person holding the CARD and the entity which ultimately accepts said identification at a suitable U/I Terminal. The system maintains security without recourse to a Host computer which might be subject to breakdown, communication outages, etc., and thus is capable of off-host lS operation without sacrificing reliability.
Claims (18)
- Claim 1 continued.
generator for supplying a data input word for encryption by said encryption means, said encryption means being operable to encrypt a random word supplied by the random word generator under the stored key, KT, and also being operable to encrypt the same random word under said secret key, KA, entered by the person at said keybaord, said encryption means utilizing identical encryption algorithms for each encyption operation, first comparison means in said Terminal for comparing the results of said first and second encryption operations and means for indicating a successful comparison. - 2. A personal identification system as forth in claim 1 wherein said encryption means in-cludes a second key-controlled block-cipher encryption device located in said U/I Terminal and identical in operation to the key-controlled block-cipher encryption device on the CARD
and wherein said keyboard is located in the U/I Terminal and, means for supplying the secret key, KA, entered by the person via said keyboard to said second crytographic device as the key input thereto. - 3. A personal identification system as set forth in claim 2 including a second random word generator located in the U/I Terminal, means for combining the outputs of the first and second random word generators to produce a resultant random word and means for supply-ing the resultant random word as the data input to both said first and second encryp-tion devices.
- 4. A personal. identification system as set forth in claim 1 including a second comparison means located in said CARD for comparing the outputs of said first and second encryption devices, counter means located in said CARD connected to the output of said second comparison means, means including said counter for recording the number of unsuccessful compares detected by said second comparison means and means actuable upon said counter reaching a predetermined value to disable the circuitry in said CARD.
- 5. A personal identification system as set forth in claim 1 wherein said combination includes a personal portable transaction device (XATR) interposed between said CARD and said U/I
Terminal in data exchange relationship with both wherein data may be transferred between said CARD and said U/I Terminal, said keyboard being located within said XATR, means for transferring the secret key KA from the key-board to the encryption means, the data transfer paths within the XATR being so configured that the keyboard entered secret key KA is never available at the data interface between the XATR and the Terminal. - 6. A personal identification system as set forth in claim 5 wherein said two keys KT and KA
are divided into at least two segments wherein both segments are necessary for successful operation of the encryption means, said system including means for storing said key KT in two parts within the CARD and means for combining said two parts to supply the full key KT to said encryption means, means for entering a portion of the secret key KA
at the Terminal and combining said entered portion with a predetermined portion of said stored key KT and supplying the result of the combination as the full key KA to said encryption means. - 7. A personal identification system as set forth in claim 5 including means in said CARD for storing an index value which when combined with a value KE subsequently entered at the keyboard produces a resultant value to be utilized as the key KA, wherein said means for combining comprises a pre-determined and fixed combinatorial circuit, and means for selectively entering a new index value into system via said keyboard.
8. A personal identification system for identi-fying an individual holder (Person) of an unalterable charge card-like device (CARD) to a Utilization Terminal (U/I Terminal), means for receiving the CARD device in a data coupling mode with said U/I Terminal, a keyboard associated with said system for receiving a unique encryption key KA to be entered by the person, at least one random word generator located in said CARD, means for obtaining a unique, random word from the random word generator, means for encrypting said random word utiliz-ing the encryption key, KA, entered by the person at the keyboard and also for encrypt-ing the same random word utilizing a true key, KT, stored in said CARD wherein said key, KT, is not accessible outside of said CARD, means for storing the random word (ERWA) encrypted under the entered key KA in said U/I Terminal and for storing the random word (ERWT) encrypted under the true key KT in the CARD, means in the U/I Terminal for causing the encrypted word (ERWT) stored in the CARD to be transferred to the U/I Terminal, - Claim 8 continued.
means for comparing the two encyrpted words ERWA and ERWT for identity, and means actuable on a successful comparison for indicating to the U/I Terminal that the person has entered the proper key KA. - 9. A personal identification system as set forth in claim 8 wherein said system includes a personal portable transaction device (XATR) interposed between the CARD and the U/I
Terminal including means within said XATR for holding the CARD in data exchange relation-ship therewith and means within said XATR
for coupling with said U/I Terminal in data exchange relationship whereby data may be directly transferred between the CARD and the U/I Terminal via the XATR and wherein said XATR contains said keyboard and means are provided for transferring the key KA entered by the person directly to the means for encrypting the random word under the key KA, said encrypting means being located within the CARD. - 10. A personal identification system as set forth in claim 9 including means for transferring the two encrypted random words ERWA and ERWT
between the U/I Terminal and the CARD simul-taneously in bit serial mode and in the opposite order of bit significance whereby any attempt to subvert the data flow path within the XATR will cause an unsuccessful comparison at the two encrypted random words by said comparison means.
11. A personal identification system including the combination of a credit card-like device (CARD) to be presented by the holder of the CARD (Person) and a Utilization Terminal (U/I
Terminal) to which the CARD is presented for the purpose of identifying the person, a data interface for the exchange of pre-determined data between the CARD and the U/I
Terminal, said CARD containing a first key-controlled block-cipher encryption device and a storage means for permanently storing a secret key KT
unique to said user, said U/I Terminal containing a keyboard at which the holder may enter a memorized secret key KA, and a second key-controlled block-cipher encryption device identical in oper-ation to the encryption device located in said CARD, said combination further including random word generation means for supplying a data input word for encryption by said two en-cryption devices, means for actuating said first encryption device to encrypt a random word supplied by the random word generation means under the stored key KT and for actuating the second encryption device to encrypt the same random word under the keyboard entered key KA, first comparison means in said Terminal, - Claim 11 continued means for transferring the encrypted random words from said first and second encryp-tion devices to said first comparison means and means for indicating a suc-cessful comparison.
- 12. A personal identification system as set forth in claim 11 wherein said random word genera-tion means comprises a first random word gen-erator located in said card and a second random word generator located in said U/I
Terminal, combinatorial circuit means for combining the outputs of said first and second random word generators to produce a third random word which is supplied to said first and second encryption devices as the data word to be encyrpted, and storage means located in the CARD and U/I Terminal for respectively storing the outputs of said first and second encryption devices. - 13. A personal identification system as set forth in claim 12 including a second comparison means located in said CARD for comparing the outputs of said first and second encryption devices, counter means in said CARD connected to the output of said second comparison means, means for incrementing the value stored in said counter whenever an unsuccessful compare is detected by said second comparison means and means actuable upon said counter reaching a predetermined value to disable the circuitry in said CARD.
- 14. A personal identification system as set forth in claim 13 including means for resetting said counter to zero whenever a successful comparison occurs in said comparison means.
15. A personal identification system including the combination of a credit card-like device (CARD) to be presented by the holder of the CARD (Person) and a Utilization Terminal (U/I
Terminal) to which the CARD is presented for the purpose of identifying said person.
said combination including a personal por-table transaction device (XATR) totally under the control of the person having a first data exchange interface for the exchange of data between said CARD and said XATR and a second data exchange interface for the transfer of data between said XATR and said U/I Terminal whereby selected data may be exchanged directly between said CARD and said U/I
Terminal via said XATR, said XATR including a keyboard at which the holder may enter a secret memorized key KA, the CARD including key-controlled block-cipher encryption means and a storage means for permanently storing a secret key KT
unique to said user, a random word generator located in said card for supplying a data input word for encryp-tion by said encryption means, means actuable upon the presentation to the Terminal of the XATR containing the CARD and the entry of the memorized key KA into the system to initiate an identification operation, - Claim 15 continued.
means including said encryption means in the CARD for encrypting a random word supplied by the random word generator under the stored key KT and means for encrypting the same random word under the key KA entered by the holder at said keyboard, first comparison means within said Terminal for comparing said two encryptions of said random word, and means for indicating a successful comparison. - 16. A personal identification system as set forth in claim 15 wherein said means for encrypting the random word under the key KT comprises a first key-controlled block-cipher encryption device and wherein the means for encrypting the randam word under the keyboard entered key KA comprises a second key-controlled block-cipher cryptographic device identical to said first device wherein the data path between the storage means for said secret key KT to said first encryption device is totally within said CARD and is not accessible from the CARD's data interface, and means for connecting the keyboard in the XATR directly to the second encryption device located within the CARD whereby the key KA is never accessible to the data interface between the XATR and the U/I Terminal.
- 17. A personal identification system as set forth in claim 16 including means in said CARD for storing an index value which when combined with a value KE subsequently entered at the keyboard produces a resultant value to be utilized as the key KA wherein said means for combining comprises a predetermined and fixed combinatorial circuit, and means for selec-tively entering a new index value into said system via said keyboard.
- 18. A personal identification system as set forth in claim 16 wherein said two keys KT and KA
are divided into at least two segments wherein both segments are necessary for successful operation of the two encryption means, said system including means for storing said key KT in two parts within the CARD and means for combining said two parts to supply the full key KT to said first encryption means, means for entering a por-tion of the secret key KA at the Terminal and for combining said entered portion with a predetermined segment of said stored key KT
and supplying the result of the combination as the full key KA to said second encryption means.
1. A personal identification system including the combination of a credit card-like device (CARD) to be presented by the holder of the CARD (Person), a Utilization Terminal (U/I Terminal) to which the CARD is presented for identification purposes, and a data interface for the exchange of predetermined data between the CARD and the U/I Terminal, said CARD including means for permanently storing a secret key, KT, unique to said person, said combination further including, encryption means comprising at least one key-controlled block-cipher encryption device located in said CARD, a keyboard at which the person may enter a secret key, KA, at least one random word
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US099,797 | 1979-12-03 | ||
| US06/099,797 US4295039A (en) | 1979-12-03 | 1979-12-03 | Method and apparatus for achieving secure password verification |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA1129028A true CA1129028A (en) | 1982-08-03 |
Family
ID=22276675
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA362,549A Expired CA1129028A (en) | 1979-12-03 | 1980-10-16 | Method and apparatus for achieving secure password verification |
Country Status (6)
| Country | Link |
|---|---|
| US (1) | US4295039A (en) |
| EP (1) | EP0029894B1 (en) |
| JP (1) | JPS5911950B2 (en) |
| CA (1) | CA1129028A (en) |
| DE (1) | DE3069942D1 (en) |
| IT (1) | IT1150969B (en) |
Families Citing this family (113)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR2469760A1 (en) * | 1979-11-09 | 1981-05-22 | Cii Honeywell Bull | METHOD AND SYSTEM FOR IDENTIFYING PEOPLE REQUESTING ACCESS TO CERTAIN MEDIA |
| DE3044984A1 (en) * | 1979-11-30 | 1982-04-15 | Dassault Electronique | INTEGRATED TRANSISTOR CIRCUIT, ESPECIALLY FOR CODING |
| FR2496294B1 (en) * | 1980-12-15 | 1987-01-02 | Thomson Csf | PROTECTED DEVICE FOR AUTHENTICATING USERS OF A MESSAGE TRANSMISSION TERMINAL AND TRANSACTION SYSTEM COMPRISING SUCH DEVICES |
| FR2497617B1 (en) * | 1981-01-07 | 1989-08-18 | Transac Develop Transactions A | SECURITY METHOD AND DEVICE FOR TRIPARTITY COMMUNICATION OF CONFIDENTIAL DATA |
| US4663710A (en) * | 1981-05-15 | 1987-05-05 | The Frymaster Corporation | Intelligent cooking appliance |
| CA1176335A (en) * | 1981-06-05 | 1984-10-16 | Exide Electronics Corporation | Computer communications control |
| FR2514593B1 (en) * | 1981-10-09 | 1986-12-26 | Bull Sa | METHOD AND DEVICE FOR AUTHENTICATING THE SIGNATURE OF A SIGNED MESSAGE |
| IL64675A0 (en) * | 1981-12-30 | 1982-03-31 | Greenberg Avigdor | Data verification system |
| ATE23758T1 (en) * | 1982-02-11 | 1986-12-15 | Powell William S | METHOD AND EQUIPMENT FOR TRANSFER OF DATA. |
| FR2526977B1 (en) * | 1982-05-14 | 1988-06-10 | Cii Honeywell Bull | METHOD AND DEVICE FOR AUTHENTICATING OR CERTIFYING AT LEAST INFORMATION CONTAINED IN A MEMORY OF AN ELECTRONIC MEDIUM IN PARTICULAR REMOVABLE AND PORTABLE SUCH AS A CARD |
| FR2530053B1 (en) * | 1982-07-08 | 1986-04-25 | Bull Sa | METHOD FOR CERTIFYING THE SOURCE OF AT LEAST ONE INFORMATION RECORDED IN A MEMORY OF A FIRST ELECTRONIC DEVICE AND TRANSMITTED TO A SECOND ELECTRONIC DEVICE, AND SYSTEM FOR IMPLEMENTING SUCH A METHOD |
| DE3225754A1 (en) * | 1982-07-09 | 1984-01-12 | Hülsbeck & Fürst GmbH & Co KG, 5620 Velbert | METHOD FOR THE LOCKING EFFECTIVE INTERACTION OF A KEY-LIKE PART WITH A LOCK-LIKE PART |
| US4757468A (en) * | 1982-09-22 | 1988-07-12 | Intel Corporation | Authenticated read-only memory |
| EP0112944B1 (en) * | 1982-12-30 | 1987-03-04 | International Business Machines Corporation | Testing the validity of identification codes |
| FR2539897B1 (en) * | 1983-01-20 | 1988-12-30 | Cii Honeywell Bull | METHOD AND DEVICE FOR ENABLING THE HOLDER OF A PORTABLE OBJECT SUCH AS A CARD, TO BE ACCESSED BY THIS CARD TO AT LEAST ONE SERVICE PROVIDED BY AT LEAST ONE AUTHORIZING ORGANIZATION |
| GB8304876D0 (en) * | 1983-02-22 | 1983-03-23 | British Telecomm | Verification of electronic transactions |
| EP0118995A1 (en) * | 1983-02-22 | 1984-09-19 | BRITISH TELECOMMUNICATIONS public limited company | Generation of identification keys |
| JPS59226935A (en) * | 1983-06-01 | 1984-12-20 | アメリカン・エクスプレス・カンパニ− | Portable information card protecting apparatus |
| FR2549989B1 (en) * | 1983-07-29 | 1985-09-13 | Philips Ind Commerciale | AUTHENTICATION SYSTEM BETWEEN A CARD READER AND A PAYMENT CARD EXCHANGING INFORMATION |
| DE3336717A1 (en) * | 1983-10-08 | 1985-04-25 | Dai Nippon Printing Co., Ltd., Tokio/Tokyo | METHOD AND DEVICE FOR CONTACTLESS, ELECTROMAGNETIC TRANSFERRING OF CONTROL COMMANDS AND DATA |
| JPS6084686A (en) * | 1983-10-17 | 1985-05-14 | Toshiba Corp | Recording system of information recording medium |
| FR2557715B1 (en) * | 1983-12-30 | 1987-07-17 | Bull Sa | METHOD AND SYSTEM FOR CONFIDENTIALLY PROCESSING INFORMATION STORED ON AN OPTICALLY READING RECORD OF A PORTABLE MEDIUM |
| JPS60159992A (en) * | 1984-01-31 | 1985-08-21 | Toshiba Corp | Checking system of rightfulness of ic card |
| US4609777A (en) * | 1984-02-22 | 1986-09-02 | Gordian Systems, Inc. | Solid state key for controlling access to computer software |
| US4599489A (en) * | 1984-02-22 | 1986-07-08 | Gordian Systems, Inc. | Solid state key for controlling access to computer software |
| JPS61143872A (en) * | 1984-08-30 | 1986-07-01 | Casio Comput Co Ltd | Ic card collation system |
| US4650975A (en) * | 1984-08-30 | 1987-03-17 | Casio Computer Co., Ltd. | IC card and an identification system thereof |
| US4866666A (en) * | 1984-10-29 | 1989-09-12 | Francisco Michael H | Method for maintaining data integrity during information transmission by generating indicia representing total number of binary 1's and 0's of the data |
| JPS61109169A (en) * | 1984-10-31 | 1986-05-27 | エヌ・シー・アール・コーポレーション | Customer's information input system for pos terminal |
| US4694492A (en) * | 1984-11-09 | 1987-09-15 | Pirmasafe, Inc. | Computer communications security control system |
| US4691355A (en) * | 1984-11-09 | 1987-09-01 | Pirmasafe, Inc. | Interactive security control system for computer communications and the like |
| US5367572A (en) * | 1984-11-30 | 1994-11-22 | Weiss Kenneth P | Method and apparatus for personal identification |
| US5168520A (en) * | 1984-11-30 | 1992-12-01 | Security Dynamics Technologies, Inc. | Method and apparatus for personal identification |
| US4720860A (en) * | 1984-11-30 | 1988-01-19 | Security Dynamics Technologies, Inc. | Method and apparatus for positively identifying an individual |
| US4998279A (en) * | 1984-11-30 | 1991-03-05 | Weiss Kenneth P | Method and apparatus for personal verification utilizing nonpredictable codes and biocharacteristics |
| US4689478A (en) * | 1984-12-24 | 1987-08-25 | Ncr Corporation | System for handling transactions including a portable personal terminal |
| US4634845A (en) * | 1984-12-24 | 1987-01-06 | Ncr Corporation | Portable personal terminal for use in a system for handling transactions |
| US4650978A (en) * | 1985-01-23 | 1987-03-17 | Rmh Systems, Inc. | Off line cash card system and method |
| JPS61195459A (en) * | 1985-02-26 | 1986-08-29 | Nec Corp | Charged information receiving device |
| JPS61210488A (en) * | 1985-03-14 | 1986-09-18 | Toppan Moore Co Ltd | Ic card |
| FR2583543B1 (en) * | 1985-06-12 | 1987-09-04 | Lefevre Jean Pierre | COMPUTER SIGNING APPARATUS |
| FR2608800A2 (en) * | 1985-06-13 | 1988-06-24 | Brechet Michel | Codable and self-validating electronic control card |
| CA1270339A (en) * | 1985-06-24 | 1990-06-12 | Katsuya Nakagawa | System for determining a truth of software in an information processing apparatus |
| USRE34161E (en) * | 1985-10-04 | 1993-01-12 | Nintendo Company Limited | Memory cartridge and information processor unit using such cartridge |
| JPH074449B2 (en) * | 1985-10-04 | 1995-01-25 | 任天堂株式会社 | Cartridge for game machine and game machine using the same |
| US4799061A (en) * | 1985-11-18 | 1989-01-17 | International Business Machines Corporation | Secure component authentication system |
| USRE38419E1 (en) | 1986-05-13 | 2004-02-10 | Ncr Corporation | Computer interface device |
| FR2601795B1 (en) * | 1986-07-17 | 1988-10-07 | Bull Cp8 | METHOD FOR DIVERSIFYING A BASE KEY AND FOR AUTHENTICATING A KEY THUS DIVERSIFIED AS HAVING BEEN PREPARED FROM A PREDETERMINED BASE KEY, AND SYSTEM FOR IMPLEMENTING IT |
| WO1988001818A1 (en) * | 1986-09-02 | 1988-03-10 | Wright Christopher B | Automated transaction system using microprocessor cards |
| GB8621333D0 (en) * | 1986-09-04 | 1986-10-15 | Manitoba Telephone System | Key management system |
| US4969188A (en) * | 1987-02-17 | 1990-11-06 | Gretag Aktiengesellschaft | Process and apparatus for the protection of secret elements in a network of encrypting devices with open key management |
| ES2046222T3 (en) * | 1987-03-04 | 1994-02-01 | Siemens Nixdorf Informationssysteme Ag | DATA EXCHANGE SYSTEM WITH SEVERAL USER TERMINALS THAT CONTAIN, RESPECTIVELY, A CHIP CARD READING FACILITY. |
| DE3877984D1 (en) * | 1987-03-04 | 1993-03-18 | Siemens Nixdorf Inf Syst | DATA EXCHANGE SYSTEM. |
| JP2629184B2 (en) * | 1987-04-21 | 1997-07-09 | カシオ計算機株式会社 | IC card authentication system |
| US5140634A (en) * | 1987-09-07 | 1992-08-18 | U.S Philips Corporation | Method and apparatus for authenticating accreditations and for authenticating and signing messages |
| EP0320489A3 (en) * | 1987-12-07 | 1990-03-28 | Automations & Informat Systeme | Method to increase ic-card security, and ic-card making use of this method |
| US4992783A (en) * | 1988-04-04 | 1991-02-12 | Motorola, Inc. | Method and apparatus for controlling access to a communication system |
| US4964163A (en) * | 1988-04-04 | 1990-10-16 | Motorola, Inc. | Method and apparatus for controlling access to a communication system |
| US4935961A (en) * | 1988-07-27 | 1990-06-19 | Gargiulo Joseph L | Method and apparatus for the generation and synchronization of cryptographic keys |
| US5007085A (en) * | 1988-10-28 | 1991-04-09 | International Business Machines Corporation | Remotely sensed personal stylus |
| EP0400441B1 (en) * | 1989-05-30 | 1994-07-27 | Siemens Nixdorf Informationssysteme Aktiengesellschaft | Testing method for terminal communicating with IC-cards |
| FR2651347A1 (en) * | 1989-08-22 | 1991-03-01 | Trt Telecom Radio Electr | SINGLE NUMBER GENERATION METHOD FOR MICROCIRCUIT BOARD AND APPLICATION TO COOPERATION OF THE BOARD WITH A HOST SYSTEM. |
| US6003767A (en) * | 1989-09-06 | 1999-12-21 | Fujitsu Limited | Cashless medium for an electronic cashless system |
| US6926200B1 (en) | 1989-09-06 | 2005-08-09 | Fujitsu Limited | Electronic cashless system |
| US6003762A (en) * | 1989-09-06 | 1999-12-21 | Fujitsu Limited | Transaction terminal for an electronic cashless system |
| US5120939A (en) * | 1989-11-09 | 1992-06-09 | At&T Bell Laboratories | Databaseless security system |
| US5130519A (en) * | 1990-01-16 | 1992-07-14 | George Bush | Portable pin card |
| US5263164A (en) * | 1991-01-09 | 1993-11-16 | Verifone, Inc. | Method and structure for determining transaction system hardware and software configurations |
| US5237614A (en) * | 1991-06-07 | 1993-08-17 | Security Dynamics Technologies, Inc. | Integrated network security system |
| DE4142964C2 (en) * | 1991-12-24 | 2003-05-08 | Gao Ges Automation Org | Data exchange system with verification of the device for authentication status |
| US5313639A (en) * | 1992-06-26 | 1994-05-17 | George Chao | Computer with security device for controlling access thereto |
| US5361062A (en) * | 1992-11-25 | 1994-11-01 | Security Dynamics Technologies, Inc. | Personal security system |
| DE4339460C1 (en) * | 1993-11-19 | 1995-04-06 | Siemens Ag | Method for authenticating a system part by another system part of an information transmission system according to the challenge and response principle |
| EP0706697B1 (en) * | 1994-01-27 | 1997-04-23 | SC-Info+Inno Technologie Informationen + Innovationen GmbH + Co. | Authentifying method |
| US5627355A (en) * | 1994-07-13 | 1997-05-06 | Rahman; Sam | Transaction device, equipment and method for protecting account numbers and their associated personal identification numbers |
| US5478994A (en) * | 1994-07-13 | 1995-12-26 | Rahman; Sam | Secure credit card which prevents unauthorized transactions |
| US5587575A (en) * | 1994-08-11 | 1996-12-24 | Spescom (Proprietary) Limited | Identification of vehicles including code comparison |
| EP0717337B1 (en) * | 1994-12-13 | 2001-08-01 | International Business Machines Corporation | Method and system for the secured distribution of programs |
| US5692049A (en) * | 1995-02-13 | 1997-11-25 | Eta Technologies Corporation | Personal access management system |
| US5682428A (en) * | 1995-02-13 | 1997-10-28 | Eta Technologies Corporation | Personal access management system |
| US5610980A (en) * | 1995-02-13 | 1997-03-11 | Eta Technologies Corporation | Method and apparatus for re-initializing a processing device and a storage device |
| US5696825A (en) * | 1995-02-13 | 1997-12-09 | Eta Technologies Corporation | Personal access management system |
| US5778068A (en) * | 1995-02-13 | 1998-07-07 | Eta Technologies Corporation | Personal access management system |
| US5689564A (en) * | 1995-02-13 | 1997-11-18 | Eta Technologies Corporation | Personal access management system |
| US5619574A (en) * | 1995-02-13 | 1997-04-08 | Eta Technologies Corporation | Personal access management system |
| US5694472A (en) * | 1995-02-13 | 1997-12-02 | Eta Technologies Corporation | Personal access management system |
| NL1000352C2 (en) * | 1995-05-12 | 1996-11-13 | Nederland Ptt | Electronic payment system with different units of account, electronic payment method and method for electronic payment. |
| FR2739737B1 (en) * | 1995-10-09 | 1997-11-21 | Inside Technologies | MEMORY CARD IMPROVEMENTS |
| US6071191A (en) * | 1995-11-22 | 2000-06-06 | Nintendo Co., Ltd. | Systems and methods for providing security in a video game system |
| US6190257B1 (en) | 1995-11-22 | 2001-02-20 | Nintendo Co., Ltd. | Systems and method for providing security in a video game system |
| JP2744216B2 (en) * | 1996-01-08 | 1998-04-28 | 株式会社東芝 | IC card |
| AU2802797A (en) * | 1996-04-15 | 1997-11-19 | Jerry R. Martinez | Method and apparatus for validating credit information during home delivery of order |
| US20030195848A1 (en) | 1996-06-05 | 2003-10-16 | David Felger | Method of billing a purchase made over a computer network |
| US7555458B1 (en) | 1996-06-05 | 2009-06-30 | Fraud Control System.Com Corporation | Method of billing a purchase made over a computer network |
| US8229844B2 (en) | 1996-06-05 | 2012-07-24 | Fraud Control Systems.Com Corporation | Method of billing a purchase made over a computer network |
| FR2753556B1 (en) * | 1996-09-13 | 1998-11-13 | Schlumberger Ind Sa | METHOD FOR AUTHENTICATING CARDS |
| US6268788B1 (en) | 1996-11-07 | 2001-07-31 | Litronic Inc. | Apparatus and method for providing an authentication system based on biometrics |
| US5844497A (en) * | 1996-11-07 | 1998-12-01 | Litronic, Inc. | Apparatus and method for providing an authentication system |
| US6367017B1 (en) | 1996-11-07 | 2002-04-02 | Litronic Inc. | Apparatus and method for providing and authentication system |
| FR2755809B1 (en) * | 1996-11-13 | 1999-05-28 | Thomson Multimedia Sa | METHOD FOR PROTECTING INFORMATION TRANSMITTED FROM A SECURITY ELEMENT TO A DECODER AND PROTECTION SYSTEM USING SUCH A METHOD |
| US6075860A (en) * | 1997-02-19 | 2000-06-13 | 3Com Corporation | Apparatus and method for authentication and encryption of a remote terminal over a wireless link |
| JP4006796B2 (en) | 1997-11-17 | 2007-11-14 | 株式会社日立製作所 | Personal information management method and apparatus |
| FI20000194A0 (en) * | 2000-01-31 | 2000-01-31 | Jarkko Valtanen | The method of trading |
| ATE391323T1 (en) * | 2000-02-18 | 2008-04-15 | Cypak Ab | METHOD AND DEVICE FOR IDENTIFICATION AND AUTHENTICATION |
| US7222359B2 (en) * | 2001-07-27 | 2007-05-22 | Check Point Software Technologies, Inc. | System methodology for automatic local network discovery and firewall reconfiguration for mobile computing devices |
| JP2003087238A (en) * | 2001-09-11 | 2003-03-20 | Hitachi Ltd | Security realizing system in domestic network |
| CN100337502C (en) | 2004-07-28 | 2007-09-12 | 华为技术有限公司 | Method for logic binding and verifying parts in device |
| US8914310B2 (en) * | 2009-01-29 | 2014-12-16 | A Major Difference, Inc. | Multi-functional control unit for an ionic foot bath system |
| US20110054572A1 (en) * | 2009-07-29 | 2011-03-03 | A Major Difference, Inc. | Therapeutic electrolysis device with replaceable ionizer unit |
| US20110188066A1 (en) * | 2010-01-29 | 2011-08-04 | Lars Plumer | Processor system with provision for automated control of processing parameters |
| US20110189611A1 (en) * | 2010-01-29 | 2011-08-04 | Lars Plumer | Plate recognition system for automated control of processing parameters |
| US20110189600A1 (en) | 2010-01-29 | 2011-08-04 | Lars Plumer | Method for automated control of processing parameters |
| US10694352B2 (en) | 2015-10-28 | 2020-06-23 | Activision Publishing, Inc. | System and method of using physical objects to control software access |
Family Cites Families (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US3594727A (en) * | 1968-04-16 | 1971-07-20 | Edward L Braun | Credit card banking system |
| US3764742A (en) * | 1971-12-23 | 1973-10-09 | Ibm | Cryptographic identification system |
| CA1004362A (en) * | 1972-04-11 | 1977-01-25 | Gretag Aktiengesellschaft | System for the individual identification of a plurality of individuals |
| US3906460A (en) * | 1973-01-11 | 1975-09-16 | Halpern John Wolfgang | Proximity data transfer system with tamper proof portable data token |
| US3971916A (en) * | 1974-03-25 | 1976-07-27 | Societe Internationale | Methods of data storage and data storage systems |
| FR2304965A2 (en) * | 1974-03-25 | 1976-10-15 | Innovation Ste Int | ELECTRONIC CONTROL PROCESS AND DEVICE |
| US3978320A (en) * | 1975-02-20 | 1976-08-31 | Mcbride Jr W Neil | Data control devices |
| US4023013A (en) * | 1975-12-29 | 1977-05-10 | Diebold, Incorporated | On-line verification system for identification card or the like |
| CH604285A5 (en) * | 1977-03-04 | 1978-09-15 | Landis & Gyr Ag | |
| FR2383485A1 (en) * | 1977-03-11 | 1978-10-06 | Diebold Inc | System confirming authenticity of identity card holder - reads data from card and processes secret data fed in from holder to produce signal if true owner has card |
| US4123747A (en) * | 1977-05-20 | 1978-10-31 | International Business Machines Corporation | Identity verification method and apparatus |
| FR2394131A1 (en) * | 1977-06-07 | 1979-01-05 | Cii Honeywell Bull | INFORMATION PROCESSING SYSTEM PROTECTING THE SECRET OF CONFIDENTIAL INFORMATION |
| CA1111567A (en) * | 1977-12-30 | 1981-10-27 | Paul E. Stuckert | Personal portable terminal for financial transactions |
| US4214230A (en) * | 1978-01-19 | 1980-07-22 | Rolf Blom | Personal identification system |
| FR2417141A1 (en) * | 1978-02-09 | 1979-09-07 | Travaux Indls Pour Electricite | Card reading control system - interrogates card using security code which is deciphered by card circuit, then transmits coded reply to system |
| JPS589981B2 (en) * | 1978-04-26 | 1983-02-23 | オムロン株式会社 | User identification device |
| US4234932A (en) * | 1978-09-05 | 1980-11-18 | Honeywell Information Systems Inc. | Security system for remote cash dispensers |
-
1979
- 1979-12-03 US US06/099,797 patent/US4295039A/en not_active Expired - Lifetime
-
1980
- 1980-09-19 JP JP55129395A patent/JPS5911950B2/en not_active Expired
- 1980-10-07 DE DE8080106085T patent/DE3069942D1/en not_active Expired
- 1980-10-07 EP EP80106085A patent/EP0029894B1/en not_active Expired
- 1980-10-14 IT IT25313/80A patent/IT1150969B/en active
- 1980-10-16 CA CA362,549A patent/CA1129028A/en not_active Expired
Also Published As
| Publication number | Publication date |
|---|---|
| EP0029894A2 (en) | 1981-06-10 |
| JPS5911950B2 (en) | 1984-03-19 |
| DE3069942D1 (en) | 1985-02-21 |
| EP0029894B1 (en) | 1985-01-09 |
| IT1150969B (en) | 1986-12-17 |
| IT8025313A0 (en) | 1980-10-14 |
| US4295039A (en) | 1981-10-13 |
| JPS5680769A (en) | 1981-07-02 |
| EP0029894A3 (en) | 1981-07-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA1129028A (en) | Method and apparatus for achieving secure password verification | |
| US4386266A (en) | Method for operating a transaction execution system having improved verification of personal identification | |
| US4357529A (en) | Multilevel security apparatus and method | |
| US4408203A (en) | Security system for electronic funds transfer system | |
| US5485519A (en) | Enhanced security for a secure token code | |
| US4259720A (en) | Security system for electronic funds transfer system | |
| US4652698A (en) | Method and system for providing system security in a remote terminal environment | |
| US5513261A (en) | Key management scheme for use with electronic cards | |
| EP0007002B1 (en) | Transaction terminal systems provided with potential user authentication | |
| US4890323A (en) | Data communication systems and methods | |
| US4328414A (en) | Multilevel security apparatus and method | |
| US4629872A (en) | Method and apparatus for verifying personal identification numbers and checking stored number series in identification media | |
| AU626331B2 (en) | System for collating personal identification number | |
| US4904851A (en) | Identification authenticating system | |
| JPH06501324A (en) | Smart card validation device and method | |
| JPS645783B2 (en) | ||
| US20060157553A1 (en) | Accommodating multiple users of a secure credit card | |
| JPS61139878A (en) | Safety protection module for electronic fund transfer | |
| JPS63229541A (en) | Data exchange system | |
| US20020013904A1 (en) | Remote authentication for secure system access and payment systems | |
| Schaumüller-Bichl | IC-Cards in High-Security Applications | |
| AU8545398A (en) | Method for managing a secure terminal | |
| JPH09106456A (en) | Personal identification method in card utilization, personal identification system using ic card and ic card used for the system | |
| JPS63136296A (en) | Individual identification card | |
| CA1165445A (en) | Method for operating a transaction execution system having improved verification of personal identification |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MKEX | Expiry |