EP0112944A1 - Examen de la validité de codes d'identification - Google Patents

Examen de la validité de codes d'identification Download PDF

Info

Publication number
EP0112944A1
EP0112944A1 EP82306989A EP82306989A EP0112944A1 EP 0112944 A1 EP0112944 A1 EP 0112944A1 EP 82306989 A EP82306989 A EP 82306989A EP 82306989 A EP82306989 A EP 82306989A EP 0112944 A1 EP0112944 A1 EP 0112944A1
Authority
EP
European Patent Office
Prior art keywords
authentication code
location
message authentication
data processing
valid
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
EP82306989A
Other languages
German (de)
English (en)
Other versions
EP0112944B1 (fr
Inventor
Christopher Holloway
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Priority to DE8282306989T priority Critical patent/DE3275604D1/de
Priority to EP19820306989 priority patent/EP0112944B1/fr
Priority to JP58154229A priority patent/JPS59123968A/ja
Publication of EP0112944A1 publication Critical patent/EP0112944A1/fr
Application granted granted Critical
Publication of EP0112944B1 publication Critical patent/EP0112944B1/fr
Expired legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1016Devices or methods for securing the PIN and other transaction-data, e.g. by encryption

Definitions

  • This invention relates to methods of validating identification codes entered at locations connected in a communication network and in particular to methods of validating personal identification numbers (PIN) in an electronic funds transfer at the retail point of sale (E.F.T.) system.
  • PIN personal identification numbers
  • Electronic Funds Transfer is the name given to a system of directly debiting and crediting customer and service suppliers' accounts at the instant of confirmation of a transaction.
  • the accounts are held at a bank, or credit card company's central processing system, which is connected to a dedicated network of retailers or service suppliers' data processing equipment. In this way no cash or cheque processing is required for the transaction.
  • each bank or credit card company has its own network and each customer of the bank has a credit card which can only be used on that network, such a network is described in European Patent Publication 32193.
  • European Patent Publication 32193 (IBM Corporation) describes a system in which each user and retailer has a key number - retailers key Kr and users key Kp - which is stored together with the user's identify number and retailer's business number in a data store at the host central processing unit (c.p.u.).
  • the retailer's key and the user key are used in the encryption of data sent between the retailer's transaction terminal and the host c.p.u.
  • Obviously only users or customers with their identity numbers and encryption keys stored at the host c.p.u. can make use of the system. As the number of users expands there is an optimum number beyond which the time taken to look up corresponding keys and identity numbers is unacceptable for on-line transaction processing.
  • European Patent Publication 18 129 (Motorola Inc.) describes a method of providing security of data on a communication path. Privacy and security of a dial-up data communications network are provided by means of either a user or terminal identification code together with a primary cipher key. A list of valid identification codes and primary cipher code pairs is maintained at the central processing unit. Identification code and cipher key pairs, sent to the c.p.u. are compared with the stored code pairs. A correct comparison is required before the c.p.u. will accept encoded data sent from the terminal. All data sent over the network is encrypted to prevent unauthorised access using the relevant user or terminal key.
  • UK Patent Application 2,020,513A (Atalla Technovations) describes a method and apparatus which avoids the need for transmitting user-identification information such as a personal identification number (PIN) in the clear from station to station in a network such as described in the two European Patent Publications mentioned above.
  • PIN personal identification number
  • the PIN is encoded using a randomly generated number at a user station and the encoded PIN and the random number are sent to the processing station.
  • a second PIN having generic application is encoded using the received random number and the received encoded PIN and the generic encoded PIN are compared to determine whether the received PIN is valid.
  • the EFT system made possible by the systems described in the above patent applications is limited to a single host c.p.u. holding the accounts of all users both retailers and customers.
  • PCT publication Wo 81/02655 (Marvin Sendrow) describes a multi-host, multi-user system in which the PIN is encrypted more than once at the entry terminal.
  • the data required to validate and authorise the transactions is transmitted to a host computer which access from its stored data base the data that is required to decrypt and validate the transaction, including the encrypted PIN.
  • a secret terminal master key must be maintained at each terminal. A list of these master keys is also maintained at the host computer.
  • European Patent publication 55580 (Honeywell Informations systems) seeks to avoid the necessity of transmitting PIN information in the network. This is achieved by issuing each user with a card that has encoded in the magnetic stripe the bank identification (BIN) the user's account number (ACCN) and a PIN offset number. The PIN offset is calculated from the PIN, BIN and ACCN. The user enters the PIN at a keyboard attached to the terminal, which also reads the PIN offset, BIN and ACCN from the card. The terminal then recalculates a PIN offset from the user's entered PIN, the BIN and ACCN. If the recalculated PIN offset is the same as the PIN offset read from the card then validation of the PIN is assumed.
  • This system has the disadvantages in that the card issuer is not involved in the validation and that knowing that the PIN offset is calculated from the PIN, the BIN and ACCN, anyone having illicitly the process can manufacture fraudulent cards with valid PINs.
  • a method of testing the validity of an identification code at a location connected over a communication network to a data processing centre at which valid identification codes are stored comprising the steps of:
  • An EFT network that is used by several card issuing agencies, banks, credit card companies, etc., and many retail outlets, from large department stores to single unit shops and garages many spread over a large geographical area. It is envisaged that for a country such as England then each card issuer's central processing site and each retail outlet will be connected to a telecommunication network such as the telephone network with direct lines to local exchanges. In such a system it is essential that each card issuing agency is involved in the authorisation of transactions and in the authentication of the card user's identity.
  • the number of retail point of sale locations are numbered in hundreds of thousands and there may be a hundred or more different card issuing agencies. In this situation the use of encryption keys that are known both to all cards users and to all the point of sale locations become unmanageable and it is desirable to ensure that PIN's are not transmitted through the network.
  • the essence of the present invention is to generate an authentication parameter that relates to the PIN both from the number entered at the location and the valid number stored at the host and use this authentication parameter to encode a variable which has no direct relationship with the PIN.
  • the variable can be generated at either or both the initiating location and the host processing centre.
  • the received encoded variable then called a message authentication code is compared with the locally derived encoded variable, a correct comparison indicating that the entered PIN is valid.
  • variable is generated in two parts, the first part at the location is transmitted to the central processor and the second part at the central processor, the two parts are logically combined at each location to give the complete variable.
  • variable parts are the messages sent between the two locations, this can include indexing numbers such as a personal account number (PAN) and the host identification (CIAID) and random numbers generated at each location.
  • PAN personal account number
  • CIAID host identification
  • random numbers generated at each location.
  • variable need only be a truly random number generated at the terminal and sent with index information to the host processing centre.
  • the variable is encoded using a valid authentication parameter to derive a valid message authentication code (MAC).
  • the terminal encodes the variable using the ! locally derived authentication parameter to generate a derived message authentication code, (DMAC) and the DMAC and MAC are compared. The comparison could take place at either the host processing centre or the terminal depending upon processing and security factors built into each location. If the comparison is made at the host central processing centre then the DMAC is sent as part of the message and it is not necessary to transmit the MAC to the terminal.
  • MAC message authentication code
  • Figure 1 is a block schematic of a point of sale or transaction terminal which includes a keyboard 10, a card reader 11 and display 12, which are connected to a common bus 13. Also connected to the bus 13 is a random access memory (RAM) 14, a microprocessor 15, a line adapter 16 and encryption device 17 and a read only memory (ROM) 18. The line adapter is connected to a modem 19 which is connected directly to the EFT network.
  • RAM random access memory
  • ROM read only memory
  • FIG. 2 shows a card schematically issuing agency's processing system in which a processor 20 is connected to a encryption device 21, a main working store 22 and an input output channel controller 23 through a bus 24.
  • the main work store 22 is connected to a mass backup store 25 which may be a large capacity disc store or a similar device.
  • CIA card issuing agency
  • PAN user's account number
  • CIAID agency's identity
  • PIN secret personal number
  • the CIA maintains in its data bank 25 a list of all the PANs associated with the relevant valid authentication parameters (VAPs) and of course the PANs are also used for the relevant financial information, although this aspect is not directly relevant to the present invention.
  • a transaction is initiated at the terminal when the user, or it may be a shop employee of a retail organisation, enters a card in the card reader 11.
  • the control unit 18 will detect that a card is to be read and control the transfer of the PAN and CIAID to the RAM store 14.
  • the control unit then constructs a message (message A) to be sent through the line adapter 16 and modem 19 to the appropriate host processing unit identified by the CIAID.
  • the message contains the PAN or index number and routing information. It may also contain a random number, which because it does not have to be regenerated can be a truly random number without a known seed.
  • the message A is stored in a message buffer in the RAM store 14. The random number can be generated by a special unit or in the processor 15, by standard techniques.
  • the PAN or index number is used to identify the user's PIN held in the store 25.
  • the PIN need not be stored as such, but as a valid authentication parameter (VAP) which is the combination of PIN and PAN, and other staic card data.
  • VAP valid authentication parameter
  • the other card data (generically termed a personal key) is combined with the PIN.
  • the resultant data is then used as an encipherment key to encipher the PAN to produce the VAP.
  • the processor 20 constructs a return message B, which in the preferred embodiment is regarded as the second half of the variable, as message A this may also contain a truly random number.
  • Messages A and B are then concatenated (Mess A:Mess B) by the processor 20 and the result (VAR) stored in the main store 22.
  • VAR is then encoded by the encryption device 21 using the VAP as the encryption key.
  • the result is a message authentication code (MAC).
  • MAC is then added to message B which is then transmitted to the originating terminal through the I/O channel control 23 and the EFT network.
  • the control unit will then cause an instruction to appear on the display 12 telling the card user to enter his or her PIN at the keyboard 10. If the terminal is used by the card user only for cash issuing then the card reader 11, keyboard 10 and display 12 can be close together, however if the terminal is used for point of sale transactions then the keyboard at which PINs are entered must be shielded from the retailers employees. When the user enters the PIN this is then stored in the RAM 14. The next step at the terminal is to derive a local authentication parameter (DAP). This is done by using the processor 15 to perform an exclusive or (XOR) function on the PIN and PAN. The DAP is then stored in the RAM 14.
  • DAP local authentication parameter
  • the control unit and processor 15 now perform the identical concatenation operation on message A and message B as performed by the host processor.
  • the result should be the same as VAR, the variable generated at the host processor.
  • the encryption device 17 then encrypts VAR using the previously generated LAP as the encryption key, the result is a locally generated MAC (DMAC).
  • DMAC is stored in the RAM 14 and the processor 15 then compares the received MAC with DMAC. An incorrect comparison indicates that the PIN entered locally and used to generated the LAP was not correct and the transaction is aborted.
  • the control unit 18 will cause an appropriate message to appear on the display. If the comparison is satisfactory then the entered PIN is correct and the control 18 unit will allow the transaction to proceed.
  • the transaction terminal In an EFT system it is not necessary for the transaction terminal to store the PIN.
  • the PIN need only be entered at the keyboard when the MAC is received from the host and the calculation of the DAP can be started at that point.
  • a random number can be generated by using a continuously running microsecond clock and the timed intervals between key strokes at the keyboard as seed numbers.
  • control of the operations of the transaction terminal is by microcode stored in a read only memory in the control unit.
  • the operations of the terminal could be controlled by a logic switching circuit embodied in a solid state logic device.

Landscapes

  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
  • Cash Registers Or Receiving Machines (AREA)
EP19820306989 1982-12-30 1982-12-30 Examen de la validité de codes d'identification Expired EP0112944B1 (fr)

Priority Applications (3)

Application Number Priority Date Filing Date Title
DE8282306989T DE3275604D1 (en) 1982-12-30 1982-12-30 Testing the validity of identification codes
EP19820306989 EP0112944B1 (fr) 1982-12-30 1982-12-30 Examen de la validité de codes d'identification
JP58154229A JPS59123968A (ja) 1982-12-30 1983-08-25 識別コードの妥当性試験方法

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP19820306989 EP0112944B1 (fr) 1982-12-30 1982-12-30 Examen de la validité de codes d'identification

Publications (2)

Publication Number Publication Date
EP0112944A1 true EP0112944A1 (fr) 1984-07-11
EP0112944B1 EP0112944B1 (fr) 1987-03-04

Family

ID=8189877

Family Applications (1)

Application Number Title Priority Date Filing Date
EP19820306989 Expired EP0112944B1 (fr) 1982-12-30 1982-12-30 Examen de la validité de codes d'identification

Country Status (3)

Country Link
EP (1) EP0112944B1 (fr)
JP (1) JPS59123968A (fr)
DE (1) DE3275604D1 (fr)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0168667A2 (fr) * 1984-07-19 1986-01-22 Tandem Computers Incorporated Système de transfert d'un message protégé, et procédé utilisant un code de session mis à jour
US4747050A (en) * 1983-09-17 1988-05-24 International Business Machines Corporation Transaction security system using time variant parameter
US4755940A (en) * 1983-09-17 1988-07-05 International Business Machines Corporation Transaction security system
EP0281058A2 (fr) * 1987-03-04 1988-09-07 Siemens Nixdorf Informationssysteme Aktiengesellschaft Système pour l'échange de données
GB2255664A (en) * 1991-04-09 1992-11-11 Frank Victor Haymann Credit card validation.
US5544322A (en) * 1994-05-09 1996-08-06 International Business Machines Corporation System and method for policy-based inter-realm authentication within a distributed processing system
WO1997011443A1 (fr) * 1995-09-18 1997-03-27 Telefonaktiebolaget Lm Ericsson (Publ) Procede et dispositif pour l'authentification d'utilisateur
EP1684240A1 (fr) * 2005-01-19 2006-07-26 Kabushiki Kaisha Toshiba Procédé de transfert de données de traitement dans un dispositif de traitement de feuilles
US20120216286A1 (en) * 2011-02-18 2012-08-23 Honeywell International Inc. Methods and systems for securely uploading files onto aircraft

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2020513A (en) * 1978-05-03 1979-11-14 Atalla Technovations Improved method and apparatus for securing data transmissions
EP0007002A1 (fr) * 1978-06-30 1980-01-23 International Business Machines Corporation Systèmes de terminaux de transactions avec authentification d'un utilisateur potentiel
EP0028965A1 (fr) * 1979-11-09 1981-05-20 Bull S.A. Système d'identification de personnes demandant l'accès à certains milieux
EP0029894A2 (fr) * 1979-12-03 1981-06-10 International Business Machines Corporation Système pour réaliser une vérification sûre d'un mot de passe
WO1982002446A1 (fr) * 1981-01-07 1982-07-22 Decavele Dominique Procede et dispositif de securite pour communication tripartite de donnees confidentielles

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4123747A (en) * 1977-05-20 1978-10-31 International Business Machines Corporation Identity verification method and apparatus
DE3013211A1 (de) * 1980-04-03 1981-10-08 GAO Gesellschaft für Automation und Organisation mbH, 8000 München Verfahren zur handhabung einer persoenlichen indentifikationsnummer (pin) im zusammenhang mit einer ausweiskarte
US4390968A (en) * 1980-12-30 1983-06-28 Honeywell Information Systems Inc. Automated bank transaction security system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2020513A (en) * 1978-05-03 1979-11-14 Atalla Technovations Improved method and apparatus for securing data transmissions
EP0007002A1 (fr) * 1978-06-30 1980-01-23 International Business Machines Corporation Systèmes de terminaux de transactions avec authentification d'un utilisateur potentiel
EP0028965A1 (fr) * 1979-11-09 1981-05-20 Bull S.A. Système d'identification de personnes demandant l'accès à certains milieux
EP0029894A2 (fr) * 1979-12-03 1981-06-10 International Business Machines Corporation Système pour réaliser une vérification sûre d'un mot de passe
WO1982002446A1 (fr) * 1981-01-07 1982-07-22 Decavele Dominique Procede et dispositif de securite pour communication tripartite de donnees confidentielles

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
IBM TECHNICAL DISCLOSURE BULLETIN, vol. 16, no. 8, January 1974, pages 2539-2540, New York, USA *

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4747050A (en) * 1983-09-17 1988-05-24 International Business Machines Corporation Transaction security system using time variant parameter
US4755940A (en) * 1983-09-17 1988-07-05 International Business Machines Corporation Transaction security system
EP0168667A2 (fr) * 1984-07-19 1986-01-22 Tandem Computers Incorporated Système de transfert d'un message protégé, et procédé utilisant un code de session mis à jour
EP0168667A3 (en) * 1984-07-19 1988-05-25 Atalla Corporation Secured message transfer system and method using updated session code
EP0281058A2 (fr) * 1987-03-04 1988-09-07 Siemens Nixdorf Informationssysteme Aktiengesellschaft Système pour l'échange de données
EP0281058A3 (en) * 1987-03-04 1990-04-18 Siemens Aktiengesellschaft Data exchange system
AU659448B2 (en) * 1991-04-09 1995-05-18 Frank Victor Haymann Preventing unauthorised use of a credit card
GB2255664B (en) * 1991-04-09 1994-07-06 Frank Victor Haymann Preventing unauthorised usage of a credit card
GB2255664A (en) * 1991-04-09 1992-11-11 Frank Victor Haymann Credit card validation.
US5544322A (en) * 1994-05-09 1996-08-06 International Business Machines Corporation System and method for policy-based inter-realm authentication within a distributed processing system
WO1997011443A1 (fr) * 1995-09-18 1997-03-27 Telefonaktiebolaget Lm Ericsson (Publ) Procede et dispositif pour l'authentification d'utilisateur
US5724423A (en) * 1995-09-18 1998-03-03 Telefonaktiebolaget Lm Ericsson Method and apparatus for user authentication
EP1684240A1 (fr) * 2005-01-19 2006-07-26 Kabushiki Kaisha Toshiba Procédé de transfert de données de traitement dans un dispositif de traitement de feuilles
US7921978B2 (en) 2005-01-19 2011-04-12 Kabushiki Kaisha Toshiba Processing data transfer method in sheet processing apparatus
US8469172B2 (en) 2005-01-19 2013-06-25 Kabushiki Kaisha Tosiba Processing data transfer method in sheet processing
US20120216286A1 (en) * 2011-02-18 2012-08-23 Honeywell International Inc. Methods and systems for securely uploading files onto aircraft
US9602509B2 (en) 2011-02-18 2017-03-21 Honeywell International Inc. Methods and systems for securely uploading files onto aircraft

Also Published As

Publication number Publication date
JPH049355B2 (fr) 1992-02-19
JPS59123968A (ja) 1984-07-17
DE3275604D1 (en) 1987-04-09
EP0112944B1 (fr) 1987-03-04

Similar Documents

Publication Publication Date Title
US4747050A (en) Transaction security system using time variant parameter
EP0137999B1 (fr) Systèmes à points de vente et aux systèmes électroniques de transfert de fonds
EP0032193B1 (fr) Appareil de communication
EP0047285B1 (fr) Systeme d'authentification d'usager et dispositifs dans des reseaux de transactions en direct
US4386266A (en) Method for operating a transaction execution system having improved verification of personal identification
JP3145268B2 (ja) 端末認証方法
US9940621B2 (en) Method and system using candidate dynamic data elements
EP2605204B1 (fr) Procédé et système pour générer une valeur de vérification dynamique
EP0007002A1 (fr) Systèmes de terminaux de transactions avec authentification d'un utilisateur potentiel
EP0064779A2 (fr) Méthode et système pour l'identification mutuelle chiffrée entre stations de communication de données et stations pour l'utilisation de cette méthode et système
EP0385400A2 (fr) Appareil et méthode à plusieurs niveaux de sécurité avec clef personnelle
US20130036027A1 (en) Method and device for generating a single-use financial account number
US20090150294A1 (en) Systems and methods for authenticating financial transactions involving financial cards
EP0287720A1 (fr) Administration de clés cryptographiques
EP1746535A1 (fr) Suite de transaction sécurisée
EP0148960B1 (fr) Sécurité pour systèmes de transmission de données
EP0112944B1 (fr) Examen de la validité de codes d'identification
CA3095853C (fr) Securite de transaction
JPH10294727A (ja) データ照合方法
EP0112943A1 (fr) Réseau de communication de données
WO2006107227A1 (fr) Procede de paiement de services par le biais d'un reseau informatique

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Designated state(s): DE FR GB IT

17P Request for examination filed

Effective date: 19841029

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): DE FR GB IT

REF Corresponds to:

Ref document number: 3275604

Country of ref document: DE

Date of ref document: 19870409

ET Fr: translation filed
ITF It: translation for a ep patent filed
PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed
ITTA It: last paid annual fee
PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 19951127

Year of fee payment: 14

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FR

Payment date: 19951128

Year of fee payment: 14

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 19951229

Year of fee payment: 14

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GB

Effective date: 19961230

GBPC Gb: european patent ceased through non-payment of renewal fee

Effective date: 19961230

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: FR

Effective date: 19970829

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DE

Effective date: 19970902

REG Reference to a national code

Ref country code: FR

Ref legal event code: ST