Method and apparatus incorporating a one-way sequence for transaction and identity verification
First Claim
1. A transaction and identity verification system including a plurality of terminals connected together over a common communication channel wherein any given pair of users located at different terminals on this system have exchanged a contract comprising a plurality of reference signatures, each of which constitutes the final member of a one-way keyed signature sequence and each of which is a one-way function of each users secret encryption key (KX) and a number (NUM) known to both parties and wherein each terminal connected to said system includes:
- means for generating a multi-digit ranking vector which is a cryptographic function of the entire message (DATA) to be transmitted,means for forming as many signature elements as there are digits in said ranking vector, the particular signature element being an intermediate member of a predetermined keyed signature sequence specified by an associated digit of the ranking vector,said means for forming including means for initiating the generation of a separate keyed signature sequence to derive each signature element,means for continuing that keyed signature sequence generation until the particular keyed signature sequence element (KSS.sub.ρ
) specified by the associated ranking vector digit (ρ
) has been generated,means for transmitting said message (DATA) together with all of said signature elements to another predetermined terminal connected to said system,means operable upon the receipt of a signed message from another terminal for deriving a ranking vector for said received message which is a function of the message (DATA) received,means for deriving a successor one-way keyed signature sequence reference element from each received signature element,means for comparing the derived keyed signature sequence reference elements with the associated keyed signature sequence reference elements in the contract of reference signatures previously exchanged between the users.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for verifying both the content of a transaction and the identity of the parties thereto. The system includes a plurality of terminals connected together over a common communication channel wherein a given pair of users located at different terminals on the system have exchanged a contract comprising a plurality of reference signatures each of which constitutes the final member of a one-way keyed signature sequence and each of which is a one-way function of each user'"'"'s secret encryption key (Kx) and a number (NUM) known to both parties. Each terminal connected to the system includes means for generating a multidigit ranking vector which is a cryptographic function of the entire message (DATA) tobe transmitted. Further means are provided for forming as many signature elements as there are digits in said ranking vector, the particular signature element being an intermediate member of a predetermined one-way keyed signature sequence specified by an associated digit of the ranking vector. Additional means are provided for initiating the generation of a separate keyed signature sequence to derive each signature element beginning with a starting element which requires that user'"'"'s secret encryption key (Kx) and the number (NUM) and continuing the generation of successive members of the one-way keyed signature sequence until the particular signature sequence element (KSS.sub.ρ) which was specified by the associated ranking vector digit (ρ) is obtained. When the appropriate sequence of one-way keyed signature sequence elements has been generated as specified by the ranking vector, this sequence of signature elements is appended onto the original message (DATA) and transmitted to a receiver. Means are provided in each terminal which are activated upon receipt of an appropriately signed message for another terminal for deriving a ranking vector from the received message which again is the same function of the message (DATA) received and a cryptographic function known to both parties. Circuitry is provided, upon the determination of the ranking vector for generating successor one-way keyed signature sequence reference elements from each received signature element based solely upon the knowledge of said element as received and the ranking vector. This process is continued until all reference elements have been derived from the received signature at which point the reference elements so derived are compared with the reference elements previously exchanged between the parties and designated for use for this particular transaction. If the elements match, the identity of the user is unequivocally verified and the contents of the message are guaranteed.
-
Citations
24 Claims
-
1. A transaction and identity verification system including a plurality of terminals connected together over a common communication channel wherein any given pair of users located at different terminals on this system have exchanged a contract comprising a plurality of reference signatures, each of which constitutes the final member of a one-way keyed signature sequence and each of which is a one-way function of each users secret encryption key (KX) and a number (NUM) known to both parties and wherein each terminal connected to said system includes:
-
means for generating a multi-digit ranking vector which is a cryptographic function of the entire message (DATA) to be transmitted, means for forming as many signature elements as there are digits in said ranking vector, the particular signature element being an intermediate member of a predetermined keyed signature sequence specified by an associated digit of the ranking vector, said means for forming including means for initiating the generation of a separate keyed signature sequence to derive each signature element, means for continuing that keyed signature sequence generation until the particular keyed signature sequence element (KSS.sub.ρ
) specified by the associated ranking vector digit (ρ
) has been generated,means for transmitting said message (DATA) together with all of said signature elements to another predetermined terminal connected to said system, means operable upon the receipt of a signed message from another terminal for deriving a ranking vector for said received message which is a function of the message (DATA) received, means for deriving a successor one-way keyed signature sequence reference element from each received signature element, means for comparing the derived keyed signature sequence reference elements with the associated keyed signature sequence reference elements in the contract of reference signatures previously exchanged between the users. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for verifying the content of a message and the identity of the sender, said method comprising two participants (USER A and USER B) first exchanging a contract containing two finite sequences of keyed-reference-signatures:
-
space="preserve" listing-type="equation">KSS.sub.r (k.sub.A,1)KSS.sub.r (k.sub.A,2), . . .
space="preserve" listing-type="equation">KSS.sub.r (k.sub.B,1)KSS.sub.r (k.sub.B,2), . . .wherein the jth reference signature KSSr (kX,j) of USER X is the rth or final term in the jth keyed-signature-sequence
space="preserve" listing-type="equation">KSS.sub.0 (k.sub.X,j)KSS.sub.1 (k.sub.Xi ,j), . . . , KSS.sub.r (k.sub.X,j)whose terms are defined and related as follows;
the initial element
space="preserve" listing-type="equation">KSS.sub.0 (k.sub.X,j)of the jth sequence is derived from USER X'"'"'s (secret) key kX and the index j specifying the keyed-signature-sequence by means of the rule
space="preserve" listing-type="equation">KSS.sub.0 (k.sub.X,j)=DES}k.sub.X,j+k.sub.X }where DES denotes the Data Encryption Standard and wherein each succeeding element KSSi (kX,j) with i=1, 2, . . . , r of the jth keyed-signature-sequence is derived from the immediately preceding element KSSi-1 (kX,j) by a known algorithm f according to the rule
space="preserve" listing-type="equation">KSS.sub.i (k.sub.A,j)=f(KSS.sub.i-1 (k.sub.A,j)to transmit signed data to USER B, USER A, appending to DATA a number s of signatures
space="preserve" listing-type="equation">DATA,SIG.sub.0,SIG.sub.1, . . . ,SIG.sub.s-1the tth signature SIGt where t=0, 1, . . . , s-1 being the element in position ρ
t
space="preserve" listing-type="equation">KSS.sub.ρ
.sbsb.t (k.sub.A,NUM.sub.t)in USER A'"'"'s NUMtth keyed-signature-sequence
space="preserve" listing-type="equation">KSS.sub.0 (k.sub.A,NUM.sub.t),KSS.sub.1 (k.sub.A,NUM.sub.t), . . . ,KSS.sub.r (k.sub.A,NUM.sub.t)the position ρ
t of the tth signature SIGt being determined by the rank of the data
space="preserve" listing-type="equation">ρ
.sub.0,ρ
.sub.1, . . . ,ρ
.sub.s-1USER A determining the rank of data to produce a sequence of s numbers
space="preserve" listing-type="equation">ρ
.sub.0,ρ
.sub.1, . . . ,ρ
.sub.s-1each term being an integer having one of the values 0, 1, . . . , r-1. The value of the tth term ρ
t depends on DATA through a predetermined cryptographic protocol,USER B, upon receipt of the signed message
space="preserve" listing-type="equation">DATA,SIG.sub.0,SIG.sub.1, . . . ,SIG.sub.s-1independently determining the rank of DATA,
space="preserve" listing-type="equation">ρ
.sub.0,ρ
.sub.1, . . . ,ρ
.sub.s-1USER B then deriving presumptive values for the s reference elements by computing the appropriate successor reference signatures for each of the s appended signatures;
as defined by;r-ρ
0th successor of SIG0r-ρ
1th successor of SIG1. . . . . . r-ρ
s-1th successor of SIGs-1USER B comparing the computed successor reference elements to the corresponding reference signatures in the previously exchanged contract, and USER B accepting the transaction if and only if there is complete agreement. - View Dependent Claims (13, 14, 15)
-
-
16. A communication method whereby users of a public data network may upon receipt of a message over the network, verify both the content of the message (DATA) and the identity of the sender wherein said network comprises a plurality of terminals connected together over a common communication channel, and wherein each terminal has the ability to perform a key controlled block cypher cryptographic operation, said method comprising:
-
any given pair of users located at different terminals on the system first exchanging a contract comprising a plurality of reference signatures, each of which constitutes the final member of a one-way keyed signature sequence and each of which is a one-way function of each user'"'"'s secret encryption key (KX) and a number (NUM) known to both parties, and included specifically in the contract, subsequently when a sending user (sender) wishes to send a message (DATA) to a receiving user, performing the steps of generating a multi-digit ranking vector (ρ
0 . . . ρ
s-1) which is a predetermined cryptographic function of the entire message (DATA) to be transmitted,forming as many signature elements (SIG0 . . . SIGs-1) as there are digits in said ranking vector, the particular signature element formed being an intermediate member of a predetermined one-way keyed signature sequence specified by an associated digit of the ranking vector, transmitting said message (DATA) together with all s signature elements to another predetermined terminal connected to said system, the receiving user, upon the receipt of a signed message from another terminal, deriving a ranking vector ρ
0 . . . ρ
s-1 for said received message (DATA) which is also a predetermined cryptographic function of the message (DATA) received, and then,deriving a successor one-way keyed signature sequence reference element from each received signature element, comparing the derived keyed signature sequence reference elements with the associated keyed signature sequence reference elements contained in the contract of reference signatures previously exchanged between the users, and accepting the message (DATA) as validly signed if said comparison is successful. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
-
Specification