EP0112944B1 - Examen de la validité de codes d'identification - Google Patents
Examen de la validité de codes d'identification Download PDFInfo
- Publication number
- EP0112944B1 EP0112944B1 EP19820306989 EP82306989A EP0112944B1 EP 0112944 B1 EP0112944 B1 EP 0112944B1 EP 19820306989 EP19820306989 EP 19820306989 EP 82306989 A EP82306989 A EP 82306989A EP 0112944 B1 EP0112944 B1 EP 0112944B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- pin
- location
- message authentication
- authentication code
- data processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired
Links
Images
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1016—Devices or methods for securing the PIN and other transaction-data, e.g. by encryption
Definitions
- This invention relates to methods of validating identification codes entered at locations connected in a communication network and in particular to methods of validating personal identification numbers (PIN) in an electronic funds transfer at the retail point of sale (E.F.T.) system.
- PIN personal identification numbers
- Electronic Funds Transfer is the name given to a system of directly debiting and crediting customer and service suppliers' accounts at the instant of confirmation of a transaction.
- the accounts are held at a bank, or credit card company's central processing system, which is connected to a dedicated network of retailers or service suppliers' data processing equipment. In this way no cash or cheque processing is required for the transaction.
- each bank or credit card company has its own network and each customer of the bank has a credit card which can only be used on that network, such a network is described in European Patent Publication 32193.
- European Patent publication 32193 (IBM Corporation) describes a system in which each user and retailer has a key number - retailers key Kr and users key Kp - which is stored together with the user's identity number and retailer's business number in a data store at the host central processing unit (c.p.u.).
- the retailer's key and the user key are used in the encryption of data sent between the retailer's transaction terminal and the host c.p.u.
- Obviously only users or customers with their identity numbers and encryption keys stored at the host c.p.u. can make use of the system. As the number of users expands there is an optimum number beyond which the time taken to look up corresponding keys and identity numbers is unacceptable for on-line transaction processing.
- European Patent Publication 18 129 (Motorola Inc.) describes a method of providing security of data on a communication path. Privacy and security of a dial-up data communications network are provided by means of either a user or terminal identification code together with a primary cipher key. A list of valid identification codes and primary cipher code pairs is maintained at the central processing unit. Identification code and cipher key pairs, sent to the c.p.u. are compared with the stored code pairs. A correct comparison is required before the c.p.u. will accept encoded data sent from the terminal. All data sent over the network is encrypted to prevent unauthorised access using the relevant user or terminal key.
- UK Patent Application 2,020,513A (Atalla Tech- novations) describes a method and apparatus which avoids the need for transmitting user- identification information such as a personal identification number (PIN) in the clear from station to station in a network such as described in the two European Patent Publications mentioned above.
- PIN personal identification number
- the PIN is encoded using a randomly generated number at a user station and the encoded PIN and the random number are sent to the processing station.
- a second PIN having generic application is encoded using the received random number and the received encoded PIN and the generic encoded PIN are compared to determine whether the received PIN is valid.
- the EFT system made possible by the systems described in the above patent applications is limited to a single host c.p.u. holding the accounts of all users both retailers and customers.
- PCT publication Wo 81/02655 (Marvin Sendrow) describes a multi-host, multi-user system in which the PIN is encrypted more than once at the entry terminal.
- the data required to validate and authorise the transactions is transmitted to a host computer which access from its stored data base the data that is required to decrypt and validate the transaction, including the encrypted PIN.
- a secret terminal master key must be maintained at each terminal.
- a list of these master keys is,also maintained at the host computer.
- European Patent publication 55580 (Honeywell Informations systems) seeks to avoid the necessity of transmitting PIN information in the network. This is achieved by issuing each user with a card that has encoded in the magnetic strip the bank identification (BIN) the user's account number (ACCN) and a PIN offset number.
- the PIN offset is calculated from the PIN, BIN and ACCN.
- the user enters the PIN at a keyboard attached to the terminal, which also reads the PIN offset, BIN and ACCN from the card.
- the terminal then recalculates a PIN offset from the user's entered PIN, the BIN and ACCN. If the recalculated PIN offset is the same as the PIN offset read from the card then validation of the PIN is assumed.
- This system has the disadvantage in that the card issuer is not involved in the validation and that knowing that the PIN offset is calculated from the PIN, the BIN and ACCN, anyone having illicitly the process can manufacture fraudulent cards with valid PINS.
- PCT Application WO 82/02446 (Transac-Alcatel (USA Patent 4,498,000)) describes both a method and the apparatus for exchanging data between a crediting means (smart-card) and a remote data processing centre.
- the data produced by the smart card includes a secret PIN number and a card identification.
- An encryption key stored on the card is used to encrypt the data which is then sent through a suitable terminal to the d.p. centre. Validation takes place at the d.p. centre.
- This scheme can only work with a smart-card (i.e. a card with an embedded microprocessor and read only memory) and is not applicable to the majority of credit card schemes that already exist.
- IBM Technical Disclosure Bulletin Vol 16 No 8 Jan 1974 at pages 2539 and 2540 includes an article on "Cryptographic password management" by Cullum, Feistel and Smith.
- the article is directed to securing a users password in a processing network by using cryptographic procedures.
- a method of testing the validity of an identification code at a location connected over a communication network to a data processing centre at which valid identification codes are stored comprising the steps of:
- An EFT network that is used by several card issuing agencies, banks, credit card companies, etc., and many retail outlets, from large department stores to single unit shops and garages many spread over a large geographical area. It is envisaged that for a country such as England then each card issuer's central processing site and each retail outlet will be connected to a telecommunication network such as the telephone network with direct lines to local exchanges. In such a system is it essential that each card issuing agency is involved in the authorisation of transactions and in the authentication of the card user's identity.
- the number of retail point of sale locations are numbered in hundreds of thousands and there may be a hundred or more different card issuing agencies. In this situation the use of encryption keys that are known both to all card users and to all the point of sale locations become unmanageable and it is desirable to ensure that PIN's are not transmitted through the network.
- the essence of the present invention is to generate an authentication parameter that relates to the PIN both from the number entered at the location and the valid number stored at the host and use this authorisation parameter to encode a variable which has no direct relationship with the PIN.
- the variable can be generated at either or both the initiating location and the host processing centre.
- the received encoded variable then called a message authentication code is compared with the locally derived encoded variable, a correct comparision indicating that the entered PIN is valid.
- variable is generated in two parts, the first part at the location is transmitted to the central processor and the second part at the central processor, the two parts are logically combined at each location to give the complete variable.
- variable parts are the messages sent between the two locations, this can include indexing numbers such as a personal account number (PAN) and the host identification (CIAID) and random numbers generated at each location.
- PAN personal account number
- CIAID host identification
- random numbers generated at each location.
- variable need only be a truly random number generated at the terminal and sent with index information to the host processing centre.
- the variable is encoded using a valid authorisation parameter to derive a valid message authentication code (MAC).
- the terminal encodes the variable using the locally derived authorisation parameter to generate a derived message authentication code (DMAC), and the DMAC and MAC are compared. The comparison could take place at either the host processing centre or the terminal depending upon processing and security factors built into each location. If the comparison is made at the host central processing centre then the DMAC is sent as part of the message and it is not necessary to transmit the MAC to the terminal.
- MAC message authentication code
- Figure 1 is a block schematic of a point of sale or transaction terminal which includes a keyboard 10, a card reader 11 and display 12, which are connected to a common bus 13. Also connected to the bus 13 is random access memory (RAM) 14, a microprocessor 15, a line adapter 16 and encryption device 17 and a read only memory (ROM) 18. The line adapter is connected to a modem 19 which is connected directly to the EFT network.
- RAM random access memory
- ROM read only memory
- FIG. 2 shows schematically a card issuing agency's processing system in which a processor 20 is connected to an encryption device 21, a main working store 22 and an input output channel controller 23 through a bus 24.
- the main work store 22 is connected to a mass backup store 25 which may be a large capacity disc store or a similar device.
- CIA card issuing agency
- PAN user's account number
- CIAID agency's identity
- PIN secret personal number
- the CIA maintains in its data bank 25 a list of all the PANs associated with the relevant valid authorisation parameters (VAPs) and of course the PANs are also used for the relevant financial information, although this aspect is not directly relevant to the present invention.
- a transaction is initiated at the terminal when the user, or it may be a shop employee of a retail organisation, enters a card in the card reader 11.
- the control unit 18 will detect that a card is to be read and control the transfer of the pan and CIAID to the RAM store 14.
- the control unit then constructs a message (message A) to be sent through the line adapter 16 and modem 19 to the appropriate host processing unit identified by the CIAID.
- the message contains the PAN or index number and routing information. It may also contain a random number, which because it does not have to be regenerated can be a truly random number without a known seed.
- the message A is stored in a message buffer in the RAM store 14. The random number can be generated by a special unit or in the processor 15, by standard techniques.
- the PAN or index number is used to identify the user's PIN held in the store 25.
- the PIN need not be stored as such, but as a valid authorisation parameter (VAP) which is the combination of PIN and PAN, and other static card data.
- VAP authorisation parameter
- the other card data (generically termed a personal key) is combined with the PIN.
- the resultant data is then used as an encipherment key to encipher the PAN to produce the VAP.
- the processor 20 constructs a return message B, which in the preferred embodiment is regarded as the second half of the variable, as message A this may also contain a truly random number.
- Messages A and B are then concatenated (Mess A: Mess B) by the processor 20 and the result (VAR) stored in the main store 22.
- VAR is then encoded by the encryption device 21 using the VAP as the encryption key.
- the result is a message authentication code (MAC).
- MAC is then added to message B which is then transmitted to the originating terminal through the I/O channel control 23 and the EFT network.
- the control unit will then cause an instruction to appear on the display 12 telling the card user to enter his or her PIN at the keyboard 10.
- the terminal is used by the card user only for cash issuing then the card reader 11, keyboard 10 and display 12 can be close together, however if the terminal is used for point of sale transactions then the keyboard at which PINs are entered must be shielded from the retailers employees.
- the user enters the PIN this is then stored in the RAM 14.
- the next step at the terminal is to generate a locally derived authorisation parameter (DAP). This is done by using the processor 15 to perform the same function as that used to derive the VAP.
- the DAP is then stored in the RAM 14.
- the control unit and processor 15 now performs the identical concatenation operation on message A and message B as performed by the host processor.
- the result should be the same as VAR, the variable generated at the host processor.
- the encryption device 17 then encrypts VAR using the previously generated DAP as the encryption key, the result is a locally generated MAC (DMAC).
- DMAC is stored in the RAM 14 and the processor 15 then compares the received MAC with DMAC. An incorrect comparison indicates that the PIN entered locally and used to generate the DAP was not correct and the transaction is aborted.
- the control unit 18 will cause an appropriate message to appear on the display. If the comparison is satisfactory then the entered PIN is correct and the control 18 unit will allow the transaction to proceed.
- the transaction terminal In an EFT system it is not necessary for the transaction terminal to store the PIN.
- the PIN need only be entered at the keyboard when the MAC is received from the host and the calculation of the DAP can be started at that point.
- a random number can be generated by using a continuously running microsecond clock and the timed intervals between key strokes at the keyboard as seed numbers.
- control of the operations of the transaction terminal is by microcode stored in a read only memory in the control unit.
- the operations of the terminalcould be controlled by a logic switching circuit embodied in a solid state logic device.
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
- Cash Registers Or Receiving Machines (AREA)
Claims (10)
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE8282306989T DE3275604D1 (en) | 1982-12-30 | 1982-12-30 | Testing the validity of identification codes |
EP19820306989 EP0112944B1 (fr) | 1982-12-30 | 1982-12-30 | Examen de la validité de codes d'identification |
JP58154229A JPS59123968A (ja) | 1982-12-30 | 1983-08-25 | 識別コードの妥当性試験方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP19820306989 EP0112944B1 (fr) | 1982-12-30 | 1982-12-30 | Examen de la validité de codes d'identification |
Publications (2)
Publication Number | Publication Date |
---|---|
EP0112944A1 EP0112944A1 (fr) | 1984-07-11 |
EP0112944B1 true EP0112944B1 (fr) | 1987-03-04 |
Family
ID=8189877
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP19820306989 Expired EP0112944B1 (fr) | 1982-12-30 | 1982-12-30 | Examen de la validité de codes d'identification |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP0112944B1 (fr) |
JP (1) | JPS59123968A (fr) |
DE (1) | DE3275604D1 (fr) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8881294B2 (en) * | 2011-02-18 | 2014-11-04 | Honeywell International Inc. | Methods and systems for securely uploading files onto aircraft |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2146815A (en) * | 1983-09-17 | 1985-04-24 | Ibm | Electronic fund transfer systems |
GB2146814A (en) * | 1983-09-17 | 1985-04-24 | Ibm | Electronic fund transfer systems |
EP0168667B1 (fr) * | 1984-07-19 | 1992-03-04 | Tandem Computers Incorporated | Système de transfert d'un message protégé, et procédé utilisant un code de session mis à jour |
DE3877984D1 (de) * | 1987-03-04 | 1993-03-18 | Siemens Nixdorf Inf Syst | Datenaustauschsystem. |
GB2255664B (en) * | 1991-04-09 | 1994-07-06 | Frank Victor Haymann | Preventing unauthorised usage of a credit card |
US5544322A (en) * | 1994-05-09 | 1996-08-06 | International Business Machines Corporation | System and method for policy-based inter-realm authentication within a distributed processing system |
US5724423A (en) * | 1995-09-18 | 1998-03-03 | Telefonaktiebolaget Lm Ericsson | Method and apparatus for user authentication |
JP4810098B2 (ja) * | 2005-01-19 | 2011-11-09 | 株式会社東芝 | 紙葉類処理装置における処理データ転送方法および紙葉類処理装置 |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4123747A (en) * | 1977-05-20 | 1978-10-31 | International Business Machines Corporation | Identity verification method and apparatus |
GB2099195B (en) * | 1978-05-03 | 1983-05-18 | Atalla Technovations | Method and apparatus for securing data transmissions |
US4223403A (en) * | 1978-06-30 | 1980-09-16 | International Business Machines Corporation | Cryptographic architecture for use with a high security personal identification system |
FR2469760A1 (fr) * | 1979-11-09 | 1981-05-22 | Cii Honeywell Bull | Procede et systeme d'identification de personnes demandant l'acces a certains milieux |
US4295039A (en) * | 1979-12-03 | 1981-10-13 | International Business Machines Corporation | Method and apparatus for achieving secure password verification |
DE3013211A1 (de) * | 1980-04-03 | 1981-10-08 | GAO Gesellschaft für Automation und Organisation mbH, 8000 München | Verfahren zur handhabung einer persoenlichen indentifikationsnummer (pin) im zusammenhang mit einer ausweiskarte |
US4390968A (en) * | 1980-12-30 | 1983-06-28 | Honeywell Information Systems Inc. | Automated bank transaction security system |
FR2497617B1 (fr) * | 1981-01-07 | 1989-08-18 | Transac Develop Transactions A | Procede et dispositif de securite pour communication tripartie de donnees confidentielles |
-
1982
- 1982-12-30 DE DE8282306989T patent/DE3275604D1/de not_active Expired
- 1982-12-30 EP EP19820306989 patent/EP0112944B1/fr not_active Expired
-
1983
- 1983-08-25 JP JP58154229A patent/JPS59123968A/ja active Granted
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8881294B2 (en) * | 2011-02-18 | 2014-11-04 | Honeywell International Inc. | Methods and systems for securely uploading files onto aircraft |
Also Published As
Publication number | Publication date |
---|---|
DE3275604D1 (en) | 1987-04-09 |
EP0112944A1 (fr) | 1984-07-11 |
JPH049355B2 (fr) | 1992-02-19 |
JPS59123968A (ja) | 1984-07-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US4747050A (en) | Transaction security system using time variant parameter | |
EP0137999B1 (fr) | Systèmes à points de vente et aux systèmes électroniques de transfert de fonds | |
EP0032193B1 (fr) | Appareil de communication | |
EP0385400B1 (fr) | Appareil et méthode à plusieurs niveaux de sécurité avec clef personnelle | |
JP3145268B2 (ja) | 端末認証方法 | |
US7177835B1 (en) | Method and device for generating a single-use financial account number | |
US4386266A (en) | Method for operating a transaction execution system having improved verification of personal identification | |
EP0047285B1 (fr) | Systeme d'authentification d'usager et dispositifs dans des reseaux de transactions en direct | |
EP0287720B1 (fr) | Administration de clés cryptographiques | |
US8315948B2 (en) | Method and device for generating a single-use financial account number | |
EP0068805B1 (fr) | Système cryptographique point-à-point et procédé de son opération | |
CA2010450C (fr) | Methode utilisant une cle particuliere pour chiffrer des donnees a transmettre | |
US8527427B2 (en) | Method and system for performing a transaction using a dynamic authorization code | |
EP0007002A1 (fr) | Systèmes de terminaux de transactions avec authentification d'un utilisateur potentiel | |
EP0148960B1 (fr) | Sécurité pour systèmes de transmission de données | |
EP0112944B1 (fr) | Examen de la validité de codes d'identification | |
JPH10294727A (ja) | データ照合方法 | |
EP0112943A1 (fr) | Réseau de communication de données |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
AK | Designated contracting states |
Designated state(s): DE FR GB IT |
|
17P | Request for examination filed |
Effective date: 19841029 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): DE FR GB IT |
|
REF | Corresponds to: |
Ref document number: 3275604 Country of ref document: DE Date of ref document: 19870409 |
|
ET | Fr: translation filed | ||
ITF | It: translation for a ep patent filed |
Owner name: IBM - DR. ARRABITO MICHELANGELO |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
26N | No opposition filed | ||
ITTA | It: last paid annual fee | ||
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: GB Payment date: 19951127 Year of fee payment: 14 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: FR Payment date: 19951128 Year of fee payment: 14 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: DE Payment date: 19951229 Year of fee payment: 14 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GB Effective date: 19961230 |
|
GBPC | Gb: european patent ceased through non-payment of renewal fee |
Effective date: 19961230 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: FR Effective date: 19970829 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: DE Effective date: 19970902 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: ST |