Method for authenticating the identity of a user of an information system
First Claim
1. In a system providing data communication between a terminal and a host data processing system each having cryptographic apparatus for cryptographic data communications and provided with a terminal master key and a host master key, a process for authenticating the identity of a terminal user provided with an identification number and a secret password comprising the steps of:
- providing said terminal user identification number at said terminal,providing said password at said terminal,performing an operation at said terminal in accordance with said terminal user identification number and said password to obtain a terminal user authentication pattern,transferring said terminal user identification number and said authentication pattern from said terminal to said host data processing system,providing a predetermined number at said host data processing system,performing a first operation at said host data processing system in accordance with said predetermined number and said terminal user identification number to obtain a terminal user first verification pattern,providing a predetermined terminal user test pattern at said host data processing system,performing a second operation at said host data processing system in accordance with said terminal user test pattern and said terminal user authentication pattern to obtain a terminal user second verification pattern, andcomparing said first verification pattern with said second verification pattern to authenticate the identity of said terminal user.
0 Assignments
0 Petitions
Accused Products
Abstract
Secure hardware is provided for cryptographically generating a verification pattern which is a function of a potential computer user'"'"'s identity number, the potential computer user'"'"'s separately entered password, and a stored test pattern. The test pattern for each authorized computer user is generated at a time when the physical security of the central computer and its data can be assured, such as in a physically guarded environment with no teleprocessing facilities operating. Secure hardware for generating verification patterns during authentication processing and for generating test patterns during the secure run is disclosed which uses a variation of the host computer master key to reduce risk of compromise of total system security. The use of a variant of the host master key prevents system programmers and/or computer operators from compromising the integrity of the authentication data base by, for example, interchanging entries and/or inserting new entries.
-
Citations
24 Claims
-
1. In a system providing data communication between a terminal and a host data processing system each having cryptographic apparatus for cryptographic data communications and provided with a terminal master key and a host master key, a process for authenticating the identity of a terminal user provided with an identification number and a secret password comprising the steps of:
-
providing said terminal user identification number at said terminal, providing said password at said terminal, performing an operation at said terminal in accordance with said terminal user identification number and said password to obtain a terminal user authentication pattern, transferring said terminal user identification number and said authentication pattern from said terminal to said host data processing system, providing a predetermined number at said host data processing system, performing a first operation at said host data processing system in accordance with said predetermined number and said terminal user identification number to obtain a terminal user first verification pattern, providing a predetermined terminal user test pattern at said host data processing system, performing a second operation at said host data processing system in accordance with said terminal user test pattern and said terminal user authentication pattern to obtain a terminal user second verification pattern, and comparing said first verification pattern with said second verification pattern to authenticate the identity of said terminal user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 24)
-
-
23. In a system providing data communication between a terminal and a host data processing system each having cryptographic apparatus for cryptographic data communications, a process for authenticating the identity of a terminal user provided with an identification number and a secret password comprising the steps of:
-
providing said terminal user identification number at said terminal, providing said password at said terminal, performing an operation at said terminal in accordance with said terminal user identification number and said password to obtain a terminal user authentication pattern, transferring said terminal user identification number and said authentication pattern from said terminal to said host data processing system, providing a predetermined number at said host data processing system, performing a first operation at said host data processing system in accordance with said predetermined number and said terminal user identification number to obtain a terminal user first verification pattern, providing a table of predetermined terminal user test patterns at said host data processing system, each said terminal user test pattern being a cryptographic function of said terminal user authentication pattern and said terminal user first verification pattern, accessing said table of predetermined terminal user test patterns in accordance with said terminal user identification number to provide a terminal user test pattern corresponding to said terminal user, performing a second operation at said host data processing system in accordance with said accessed terminal user test pattern and said terminal user authentication pattern to obtain a terminal user second verification pattern, and comparing said first verification pattern with said second verification pattern to authenticate the identity of said terminal user.
-
Specification