Method and apparatus for transaction and identity verification
First Claim
1. A method for effecting a high security transaction verification operation in a computer based communications system comprising a central Host CPU which includes a high security Verify Unit (VAULT) therein said system including at least two remotely located terminals selectively connectable to said Host CPU and wherein said Verify Unit and each of said terminals includes substantially identical key-controlled block cipher cryptographic devices with block chaining included therein said method comprising:
- User A (originator) at a first terminal sending User B (receiver) at a second terminal a message M having a data portion (X) and a signature portion (Y) said signature portion being a block cipher function of A'"'"'s key KA and the data portion (X), such that M=(X,Y);
User B on receipt of the message (X,Y) reencrypting same under his own key KB to form a message U, sending said message U to the Host CPU together with the identities of User A and User B (originator, receiver), and requesting a verification operation from said Host CPU,the Host CPU, after receiving said message, obtaining the keys KA and KB from a secure storage means and decrypting U under key KB to obtain message U which presumptively comprises a message portion U1 and a signature portion U2 ;
the Host CPU then forming a signature utilizing U1 as the data input and KA as the key input to the cryptographic device and comparing this signature with the signature value U2 received from User B, andthe Host CPU returning an accept/reject signal to User B depending upon whether or not the two signatures are identical.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus whereby the senders and receivers of messages sent over a transmission system including a Host CPU may guarantee the integrity of the data content of the message and also the absolute identity of the sender. Each user of the system as well as the Host CPU contains an identical key-controlled block-cipher cryptographic device with data chaining for encrypting and decrypting messages as required, wherein each user has knowledge of only his own cryptographic key and wherein the Host CPU has access to the unique cryptographic keys of all users of the system stored in a high security storage area available only to said CPU. Stated very generally, the originator of a message A sends a message to a receiver B which includes a transaction or message portion X and a unique digital signature portion Y which is a function both of the message and the senders unique cryptographic key KA. The receiver then communicates with the CPU for verification of the signature Y. The CPU accesses the sender'"'"'s key KA from a secure memory and computes the digital signature Y utilizing the message portion X received from B and the key KA. Upon a successful verification of the signatures by the CPU, the CPU notifies B via an additional message that the signature of A is valid based on the data content of the message and the key KA. Based on the information received from the CPU, B may be certain that the signature and message originated with A and A may not later deny having sent the message as it would be virtually impossible for the signature to be forged since it is a complex function of the message content itself. A may also be assured that B cannot alter the message as the signature would no longer be valid.
According to other aspects of the invention the interrupting of communications between A and B by an eavesdropper and the subsequent sending of stale messages is prevented. As a still further feature of the invention, an eavesdropper is prevented from sending the "forged" approval from the CPU to the receiver B.
-
Citations
17 Claims
-
1. A method for effecting a high security transaction verification operation in a computer based communications system comprising a central Host CPU which includes a high security Verify Unit (VAULT) therein said system including at least two remotely located terminals selectively connectable to said Host CPU and wherein said Verify Unit and each of said terminals includes substantially identical key-controlled block cipher cryptographic devices with block chaining included therein said method comprising:
-
User A (originator) at a first terminal sending User B (receiver) at a second terminal a message M having a data portion (X) and a signature portion (Y) said signature portion being a block cipher function of A'"'"'s key KA and the data portion (X), such that M=(X,Y); User B on receipt of the message (X,Y) reencrypting same under his own key KB to form a message U, sending said message U to the Host CPU together with the identities of User A and User B (originator, receiver), and requesting a verification operation from said Host CPU, the Host CPU, after receiving said message, obtaining the keys KA and KB from a secure storage means and decrypting U under key KB to obtain message U which presumptively comprises a message portion U1 and a signature portion U2 ; the Host CPU then forming a signature utilizing U1 as the data input and KA as the key input to the cryptographic device and comparing this signature with the signature value U2 received from User B, and the Host CPU returning an accept/reject signal to User B depending upon whether or not the two signatures are identical. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A transaction verification method for use in a computer based communication system comprising a central Host CPU which includes a high security Verify Unit therein said system including a plurality of remotely located terminals selectively connectable to each other and to said Host CPU via said communications system and wherein said Verify Unit and each of said terminals includes substantially identical key-controlled block-cipher cryptographic devices with block chaining, said method comprising User A (originator), at a first terminal sending User B (receiver) at a second terminal a message M having a data (X) portion and a signature portion (Y) said signature portion being a block-cipher function of User A'"'"'s key KA and the data portion (X) such that:
- M=(X,Y);
User B on receipt of said message M reencrypting said entire message M under his own key KB to form a message U, sending said message U to the Host CPU together with the identities of User A and User B and requesting a verification operation from said Host CPU; the Host CPU, upon receipt of said message from User B, requesting a verify operation from its associated Verify Unit and providing the message information U to said Verify Unit; said Verify Unit obtaining the keys KA and KB from a secure storage means located in said Host CPU and decrypting U under key KB to obtain message U which comprises a data portion U1 and a signature portion U2, the Verify Unit then forming a signature utilizing the data portion U1 as the data input and the key KA as the key input to its associated cryptographic device and comparing the signature so generated with the signature value U2 received from User B, said Verify Unit after determining the validity of the received signature U2 then generating a new signature V for the message U which signature is a predetermined function of the key KB and the previously decrypted message U the particular function being dependent upon the result of said signature comparison operation and sending the message V to User B; User B upon receipt of the message V computing a signature V'"'"' which is a predetermined function of his own key KB and the message (X,Y) initially received from User A and comparing same with the message V for correspondence; and wherein all signature generation operations in the previous enumerated signature generating steps comprise selecting as said signatures a predetermined final number of bytes of the block chained encryption of the full data input to said associated key-controlled block-cipher cryptographic devices with chaining wherein each said signature is a direct function of and fully dependent upon the entire data content supplied to said cryptographic device. - View Dependent Claims (9, 10)
- M=(X,Y);
-
11. A computer based communications system having a high security transaction verification feature incorporated therein, said system comprising a Host CPU which includes a high security Verify Unit therein, said system further including a plurality of remotely located terminals including means for selectively connecting each terminal to said Host CPU or to another terminal via the communications network associated therewith, said Verify Unit and each of said terminals including substantially identical key-controlled block-cipher cryptographic devices equipped with a block chaining feature, each terminal including means actuable when said terminal is used as an originating device (Terminal A) in a transaction to send a message M to another terminal acting as a receiver (Terminal B) said message M having a data portion (X) and a signature portion (Y), means for actuating the cryptographic device located in said terminal to form said signature (Y) as a block-cipher function of Terminal A'"'"'s key KA and the data portion (X) such that M=(X,Y);
-
means in the receiving terminal (Terminal B) actuable on receipt of the message M from (Terminal A) for reencrypting said message under the terminal'"'"'s own key KB to form a message U and means for sending said message U to the Host CPU together with the identities of the originating and receiving terminals (Terminal A and Terminal B) and means for requesting a verification operation from said Host CPU; means in said Host CPU actuable upon the receipt of said message for obtaining the keys KA and KB from memory and for requesting a verify operation from the Verify Unit associated therewith; means in said Verify Unit for decrypting the message U under terminal B'"'"'s key KB to obtain a decrypted message U which comprises a message portion U1 and a signature portion U2, means in said Verify Unit for forming a signature utilizing U1 as a data input and the originating terminal'"'"'s key KA as the key input to the cryptographic device contained therein and means for comparing the signature so generated with the signature value U2 received from terminal B; means in said Verify Unit for returning an accept/reject signal to receiving terminal B depending upon whether the two signatures are identical. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
Specification