Method for authenticating the identity of a user of an information system

US 4,218,738 A
Filed: 05/05/1978
Issued: 08/19/1980
Est. Priority Date: 05/05/1978
Status: Expired due to Term

First Claim

Patent Images

1. In a system providing data communication between a terminal and a host data processing system each having cryptographic apparatus for cryptographic data communications and provided with a terminal master key and a host master key, a process for authenticating the identity of a terminal user provided with an identification number and a secret password comprising the steps of:

providing said terminal user identification number at said terminal,providing said password at said terminal,performing an operation at said terminal in accordance with said terminal user identification number and said password to obtain a terminal user authentication pattern,transferring said terminal user identification number and said authentication pattern from said terminal to said host data processing system,providing a predetermined number at said host data processing system,performing a first operation at said host data processing system in accordance with said predetermined number and said terminal user identification number to obtain a terminal user first verification pattern,providing a predetermined terminal user test pattern at said host data processing system,performing a second operation at said host data processing system in accordance with said terminal user test pattern and said terminal user authentication pattern to obtain a terminal user second verification pattern, andcomparing said first verification pattern with said second verification pattern to authenticate the identity of said terminal user.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Secure hardware is provided for cryptographically generating a verification pattern which is a function of a potential computer user'"'"'s identity number, the potential computer user'"'"'s separately entered password, and a stored test pattern. The test pattern for each authorized computer user is generated at a time when the physical security of the central computer and its data can be assured, such as in a physically guarded environment with no teleprocessing facilities operating. Secure hardware for generating verification patterns during authentication processing and for generating test patterns during the secure run is disclosed which uses a variation of the host computer master key to reduce risk of compromise of total system security. The use of a variant of the host master key prevents system programmers and/or computer operators from compromising the integrity of the authentication data base by, for example, interchanging entries and/or inserting new entries.

Citations

24 Claims

1. In a system providing data communication between a terminal and a host data processing system each having cryptographic apparatus for cryptographic data communications and provided with a terminal master key and a host master key, a process for authenticating the identity of a terminal user provided with an identification number and a secret password comprising the steps of:
- providing said terminal user identification number at said terminal,providing said password at said terminal,performing an operation at said terminal in accordance with said terminal user identification number and said password to obtain a terminal user authentication pattern,transferring said terminal user identification number and said authentication pattern from said terminal to said host data processing system,providing a predetermined number at said host data processing system,performing a first operation at said host data processing system in accordance with said predetermined number and said terminal user identification number to obtain a terminal user first verification pattern,providing a predetermined terminal user test pattern at said host data processing system,performing a second operation at said host data processing system in accordance with said terminal user test pattern and said terminal user authentication pattern to obtain a terminal user second verification pattern, andcomparing said first verification pattern with said second verification pattern to authenticate the identity of said terminal user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 24)
- - 2. In the process as defined in claim 1 wherein said predetermined terminal user test pattern is provided by an operation which includes the step of:
    - performing an irreversible cryptographic operation which is a function of said terminal user authentication pattern and said terminal user first verification pattern.
  - 3. In the process as defined in claim 2 wherein providing said predetermined terminal user test pattern further includes the step of:
    - providing a physical key operated security lock operable by an authorized person for enabling said cryptographic function.
  - 4. In the process as defined in claim 1 wherein the operation performed at said terminal includes the steps of:
    - providing the terminal user password as a cryptographic key, andenciphering said terminal user identification number under control of said password cryptographic key to obtain said terminal user authentication pattern.
  - 5. In the process as defined in claim 1 wherein said terminal user identification number and said authentication pattern are transferred from said terminal to said host data processing system in encrypted form.
  - 6. In the process as defined in claim 1 wherein the transferring of said terminal user identification number and said authentication pattern includes the steps of:
    - providing an operational key enciphered under the terminal master key of said terminal,performing a cryptographic operation at said terminal in accordance with said terminal enciphered operational key and said terminal user identification number and authentication pattern to obtain said terminal user identification number and said authentication pattern enciphered under said operational key,providing an operational key enciphered under the host master key of said host data processing system, said operational key at said terminal and said host data processing system being a common operational key, andperforming a cryptographic operation at said host data processing system in accordance with said host enciphered operational key and said enciphered terminal user identification number and authentication pattern to obtain said terminal user identification number and authentication pattern in clear form.
  - 7. In the process as defined in claim 6 wherein the cryptographic operation performed at said terminal includes the steps of:
    - deciphering said enciphered operational key under control of said terminal master key to obtain said operational key in clear form, andenciphering said terminal user identification number and said authorization pattern under control of said operational key to obtain said terminal user identification number and said authorization pattern enciphered under said operational key.
  - 8. In the process as defined in claim 6 wherein the cryptographic operation performed at said host data processing system includes the steps of:
    - deciphering said enciphered operational key under control of said host master key to obtain said operational key in clear form, anddeciphering said enciphered terminal user identification number and said authorization pattern under control of said operational key to obtain said terminal user identification number and said authorization pattern in clear form.
  - 9. In the process as defined in claim 1 wherein said predetermined number is a constant.
  - 10. In the process as defined in claim 4 wherein said constant has a value of zero.
  - 11. In the process as defined in claim 1 wherein said first operation performed at said host data processing system includes the steps of:
    - performing a cryptographic operation to obtain said terminal user identification number as a cryptographic key, andenciphering said predetermined number under control of said identification cryptographic key to obtain said terminal user first verification pattern.
  - 12. In the process as defined in claim 1 wherein the first operation performed at said host data processing system includes the steps of:
    - enciphering said terminal user identification number under control of said host master key to obtain an enciphered terminal user identification number,deciphering said enciphered terminal user identification number under control of said host master key to obtain said terminal user identification number as a cryptographic key, andenciphering said predetermined number under control of said identification number cryptographic key to obtain said terminal user first verification pattern.
  - 13. In the process as defined in claim 1 wherein said second operation performed at said host data processing system comprises the steps of:
    - carrying out an irreversible cryptographic operation which is a function of said terminal user test pattern and said terminal user authentication pattern to obtain said terminal user second verification pattern.
  - 14. In the process as defined in claim 1 wherein the second operation performed by said host data processing system includes the steps of:
    - providing a variant of said host master key,deciphering said terminal user authentication pattern under control of said variant of said host master key to obtain an operational key, andenciphering said terminal user test pattern under control of said operational key to obtain said terminal user second verification pattern.
  - 15. In the process as defined in claim 1 wherein providing said predetermined terminal user test pattern at said host data processing system includes the host initialization steps of:
    - providing said terminal user identification number at said host data processing system,providing said password at said host data processing system,performing a first initialization operation at said host data processing system in accordance with said terminal user identification number and said password to obtain said terminal user authentication pattern,performing a second initialization operation at said host data processing system in accordance with said predetermined number and said terminal user identification number to obtain said terminal user first verification pattern, andperforming a third initialization operation at said host data processing system in accordance with said terminal user authentication pattern and said terminal user first verification pattern to obtain said terminal user test pattern.
  - 16. In the process as defined in claim 15 wherein said first initialization operation includes the steps of:
    - performing a cryptographic operation to obtain said terminal user password as a cryptographic key, andenciphering said terminal user identification number under control of said password cryptographic key to obtain said terminal user authentication pattern.
  - 17. In the process as defined in claim 15 wherein said first initialization operation includes the steps of:
    - enciphering said terminal user password under control of said host master key to obtain an enciphered terminal user password,deciphering said enciphered terminal user password under control of said host master key to obtain said terminal user password as a cryptographic key, andenciphering said terminal user identification number under control of said password cryptographic key to obtain said terminal user authentication pattern.
  - 18. In the process as defined in claim 15 wherein said second initialization operation includes the steps of:
    - performing a cryptographic operation to obtain said terminal user identification number as a cryptographic key, andenciphering said predetermined number under control of said identification number cryptographic key to obtain said terminal user first verification pattern.
  - 19. In the process as defined in claim 15 wherein said second initialization operation includes the steps of:
    - enciphering said terminal user identification number under control of said host master key to obtain an enciphered terminal user identification number,deciphering said enciphered terminal user identification number under control of said host master key to obtain said terminal user identification number as a cryptographic key, andenciphering said predetermined number under control of said identification number cryptographic key to obtain said terminal user first verification pattern.
  - 20. In the process as defined in claim 15 wherein said third initialization operation performed at said host data processing system comprises the step of:
    - carrying out an irreversible cryptographic operation which is a function of said terminal user first verification pattern and said terminal user authentication pattern to obtain said terminal user test pattern.
  - 21. In the process as defined in claim 15 wherein said third initialization operation includes the steps of:
    - providing a variant of said host master key,deciphering said terminal user authentication pattern under control of said variant of said host master key to obtain an operational key, anddeciphering said terminal user first verification pattern under control of said operational key to obtain said terminal user test pattern.
  - 22. In the process as defined in claim 21 wherein said third initialization operation further includes the step of:
    - providing a physical key operated security lock operable by an authorized person for enabling said deciphering of said enciphered terminal user first verification pattern.
  - 24. In the process as defined in claim 22 wherein providing said table of predetermined terminal user test patterns at said host data processing system includes the host initialization steps of:
    - providing said terminal user identification numbers at said host data processing system,providing said passwords at said host data processing system,performing a first initialization operation at said host data processing system in accordance with said terminal user identification numbers and said passwords to obtain terminal user authentication patterns,performing a second initialization operation at said host data processing system in accordance with said predetermined number and said terminal user identification numbers to obtain terminal user first verification patterns, andperforming a third initialization operation at said host data processing system in accordance with said terminal user authentication patterns and said terminal user first verification patterns to obtain said table of terminal user test patterns.

23. In a system providing data communication between a terminal and a host data processing system each having cryptographic apparatus for cryptographic data communications, a process for authenticating the identity of a terminal user provided with an identification number and a secret password comprising the steps of:
- providing said terminal user identification number at said terminal,providing said password at said terminal,performing an operation at said terminal in accordance with said terminal user identification number and said password to obtain a terminal user authentication pattern,transferring said terminal user identification number and said authentication pattern from said terminal to said host data processing system,providing a predetermined number at said host data processing system,performing a first operation at said host data processing system in accordance with said predetermined number and said terminal user identification number to obtain a terminal user first verification pattern,providing a table of predetermined terminal user test patterns at said host data processing system, each said terminal user test pattern being a cryptographic function of said terminal user authentication pattern and said terminal user first verification pattern,accessing said table of predetermined terminal user test patterns in accordance with said terminal user identification number to provide a terminal user test pattern corresponding to said terminal user,performing a second operation at said host data processing system in accordance with said accessed terminal user test pattern and said terminal user authentication pattern to obtain a terminal user second verification pattern, andcomparing said first verification pattern with said second verification pattern to authenticate the identity of said terminal user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Matyas, Stephen M., Meyer, Carl H. W.
Primary Examiner(s)
Boudreau, Leo H.

Application Number

US05/903,286
Time in Patent Office

837 Days
Field of Search

364/200 MS File, 364/900 MS File, 235/379, 235/380, 235/382, 235/487, 340/149 A, 340/152 R, 340/534, 340/535, 340/345, 178/22, 178/37, 178/89, 358/259, 179/2 CA
US Class Current

705/72
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2107   File encryption

G06Q 20/347   Passive cards

G06Q 20/3829   involving key management

G06Q 20/4012   Verifying personal identifi...

G07F 7/10   together with a coded signa...

G07F 7/1016   Devices or methods for secu...

G07F 7/1075   PIN is checked remotely

Method for authenticating the identity of a user of an information system

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method for authenticating the identity of a user of an information system

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links