System for authenticating users and devices in on-line transaction networks
First Claim
1. In a system for authenticating users and devices in on-line transaction networks comprising a plurality of remote terminals in communication with a central processing unit including a data base containing encrypted data used in the authentication of the users and devices, said data being encrypted with a master key and including terminal master keys for each of said remote terminals and identification numbers for each of said users all of which are secret, said data further including terminal identification numbers for each of said remote terminals and account numbers for each of said users, wherein each of said remote terminals is provided with means for entering an account number and an identification number of a user initiating a transaction as well as the nature of the transaction, the improvement in a method for protecting the transaction comprising the steps of:
- generating at a terminal a transaction request message based on the information entered at the terminal by a user initiating a transaction,using the identification number and the account number entered by the user and the terminal identification number and the terminal master key, and employing such variants as to generate a working key unique to each transaction,encrypting the transaction request message using the working key,transmitting the encrypted transaction request message,deriving the working key at the central processing unit using information derived from the transmitted message and the data base including the account number, the terminal master key and the terminal identification number,decrypting the message received at the central processing unit using the working key,comparing the user identification number and account number obtained by decrypting corresponding data in the data base with the data in the transaction request message to validate the transaction request message,generating a transaction request response and encrypting the transaction request response with the working key,transmitting the encrypted transaction request response to the terminal where the transaction was initiated, anddecrypting the message received at the terminal using the working key and, if the transaction is approved, providing the requested service.
0 Assignments
0 Petitions
Accused Products
Abstract
A method for efficiently protecting transactions and providing authentication of users and devices in on-line systems that transfer funds electronically, dispense cash, or provide a good or permit a service to be utilized is provided. The transaction may be initiated by a magnetic-striped plastic card at an attended or unattended terminal (10, 11, 12) and requires the entry of a preassigned Personal Identification Number through a keyboard (20). The Personal Identification Number is encrypted (23) more than once at the terminal and other means are used in order to prevent the utilization of certain tapped-line data. The data required to validate and authorize the transaction is transmitted securely to a centralized computer (14) which accesses from its stored data base (15) the data that is required to decrypt and validate the transaction, including the encrypted Personal Identification Number corresponding to the received transaction data. A secret Terminal Master Key must be maintained securely at each terminal and may differ at each terminal. A list of such Terminal Master Keys and other secret data must be securely maintained at the centralized computer. Means for multiple-encryptions and decryptions in a predetermined way must also be maintained at each terminal and at the centralized computer. Means (34) are provided for securely returning a response to the terminal at which the transaction was initiated to authorize or reject the requested transaction. These functions are accomplished in a way that permits efficient utilization of data communications lines and reduces or eliminate perpetration of fraud by any of various means.
-
Citations
17 Claims
-
1. In a system for authenticating users and devices in on-line transaction networks comprising a plurality of remote terminals in communication with a central processing unit including a data base containing encrypted data used in the authentication of the users and devices, said data being encrypted with a master key and including terminal master keys for each of said remote terminals and identification numbers for each of said users all of which are secret, said data further including terminal identification numbers for each of said remote terminals and account numbers for each of said users, wherein each of said remote terminals is provided with means for entering an account number and an identification number of a user initiating a transaction as well as the nature of the transaction, the improvement in a method for protecting the transaction comprising the steps of:
-
generating at a terminal a transaction request message based on the information entered at the terminal by a user initiating a transaction, using the identification number and the account number entered by the user and the terminal identification number and the terminal master key, and employing such variants as to generate a working key unique to each transaction, encrypting the transaction request message using the working key, transmitting the encrypted transaction request message, deriving the working key at the central processing unit using information derived from the transmitted message and the data base including the account number, the terminal master key and the terminal identification number, decrypting the message received at the central processing unit using the working key, comparing the user identification number and account number obtained by decrypting corresponding data in the data base with the data in the transaction request message to validate the transaction request message, generating a transaction request response and encrypting the transaction request response with the working key, transmitting the encrypted transaction request response to the terminal where the transaction was initiated, and decrypting the message received at the terminal using the working key and, if the transaction is approved, providing the requested service. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
Specification