Pocket banking terminal, method and system
First Claim
1. The method of securing communications concerning selected data between an entity which has a master key code and a portable terminal which stores a plural number of codes that are unique to the entity and the terminal for operation by an authorized user having a Personal Identification Number, the method comprising:
- encrypting in accordance with a first logical combination of the user'"'"'s Personal Identification Number and the entity and terminal codes to produce a Personal Verification Number;
comparing the Personal Verification Number produced by encryption with a Personal Verification Number previously established for an authorized user and stored in the terminal to activate, upon favorable comparison thereof, the generation of random numbers at the entity and at the terminal;
transmitting the random number generated at the entity to the terminal and the random number generated at the terminal to the entity;
encrypting at the entity and at the terminal in accordance with a second logical combination the random numbers generated at the entity and at the terminal with a Key-Exchange Key at the entity and at the terminal to produce a Session Key at the entity and at the terminal;
encrypting at the terminal as a third logical combination the selected data and the Session Key to produce an encrypted message for transmission to the entity;
decrypting the encrypted message at the entity in accordance with the third logical combination to yield the selected data;
altering portions of the decrypted selected data at the entity and encrypting the same according to the third logical combination with the Session Key to produce a return encrypted message for transmission to the terminal; and
decrypting the return encrypted message at the terminal in accordance with the third logical combination to yield the altered data for operation thereon at the terminal.
1 Assignment
0 Petitions
Accused Products
Abstract
A portable banking terminal under control of an authorized user and operating within a system of banks and retailers may be initialized for personal use under separate controls by the banks and the retailers to facilitate the completion of basic transactions such as deposits and withdrawals from remote locations. Multiple verification checks for authorization of the user secure the transactions against interception and alteration during transmission over unsecured communication channels.
-
Citations
15 Claims
-
1. The method of securing communications concerning selected data between an entity which has a master key code and a portable terminal which stores a plural number of codes that are unique to the entity and the terminal for operation by an authorized user having a Personal Identification Number, the method comprising:
-
encrypting in accordance with a first logical combination of the user'"'"'s Personal Identification Number and the entity and terminal codes to produce a Personal Verification Number; comparing the Personal Verification Number produced by encryption with a Personal Verification Number previously established for an authorized user and stored in the terminal to activate, upon favorable comparison thereof, the generation of random numbers at the entity and at the terminal; transmitting the random number generated at the entity to the terminal and the random number generated at the terminal to the entity; encrypting at the entity and at the terminal in accordance with a second logical combination the random numbers generated at the entity and at the terminal with a Key-Exchange Key at the entity and at the terminal to produce a Session Key at the entity and at the terminal; encrypting at the terminal as a third logical combination the selected data and the Session Key to produce an encrypted message for transmission to the entity; decrypting the encrypted message at the entity in accordance with the third logical combination to yield the selected data; altering portions of the decrypted selected data at the entity and encrypting the same according to the third logical combination with the Session Key to produce a return encrypted message for transmission to the terminal; and decrypting the return encrypted message at the terminal in accordance with the third logical combination to yield the altered data for operation thereon at the terminal. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system including a portable terminal for operation by an authorized individual having a Personal Identification Number to provide secured data communications with a remote entity via a communication network, the system comprising:
-
manually-actuatable switch means for controlling operation of the terminal; circuit means in the terminal responsive to operation of selected switch means in accordance with the user'"'"'s Personal Identification Number for producing a first signal as an indication of the authority of the user to operate the terminal; means at the entity responsive to the first signal for generating and communicating to the terminal a first random number; means at the terminal responsive to the first signal for generating a second random number; first encryption means in the terminal for encrypting according to a first logical combination the first and second random numbers with a first key code to produce a Session Key for controlling communication of encrypted data between remote entity and terminal; second encryption means for encrypting according to a second logical combination of selected data and the Session Key to produce an encrypted message for communicating with the second random number to the remote entity; third encryption means at the remote entity for encrypting according to said first logical combination of the first random number and the received second random number with the first key code to produce said Session Key at the entity for controlling communication of encrypted data between remot entity and terminal; first decryption means at the entity responsive to the Session Key generated thereat for decrypting the received encrypted message according to said second logical combination to yield the selected data; second circuit means at the entity selectively operable for altering selected data; fourth encryption means for encrypting according to a third logical combination of the altered data and Session Key to yield an encrypted altered message for communicating to the terminal; and second decryption means at said terminal for decrypting in accordance with said third logical combination the received encrypted altered message and Session Key to yield the altered data. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
Specification