Pocket banking terminal, method and system

US 4,536,647 A
Filed: 07/15/1983
Issued: 08/20/1985
Est. Priority Date: 07/15/1983
Status: Expired due to Term

First Claim

Patent Images

1. The method of securing communications concerning selected data between an entity which has a master key code and a portable terminal which stores a plural number of codes that are unique to the entity and the terminal for operation by an authorized user having a Personal Identification Number, the method comprising:

encrypting in accordance with a first logical combination of the user'"'"'s Personal Identification Number and the entity and terminal codes to produce a Personal Verification Number;

comparing the Personal Verification Number produced by encryption with a Personal Verification Number previously established for an authorized user and stored in the terminal to activate, upon favorable comparison thereof, the generation of random numbers at the entity and at the terminal;

transmitting the random number generated at the entity to the terminal and the random number generated at the terminal to the entity;

encrypting at the entity and at the terminal in accordance with a second logical combination the random numbers generated at the entity and at the terminal with a Key-Exchange Key at the entity and at the terminal to produce a Session Key at the entity and at the terminal;

encrypting at the terminal as a third logical combination the selected data and the Session Key to produce an encrypted message for transmission to the entity;

decrypting the encrypted message at the entity in accordance with the third logical combination to yield the selected data;

altering portions of the decrypted selected data at the entity and encrypting the same according to the third logical combination with the Session Key to produce a return encrypted message for transmission to the terminal; and

decrypting the return encrypted message at the terminal in accordance with the third logical combination to yield the altered data for operation thereon at the terminal.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A portable banking terminal under control of an authorized user and operating within a system of banks and retailers may be initialized for personal use under separate controls by the banks and the retailers to facilitate the completion of basic transactions such as deposits and withdrawals from remote locations. Multiple verification checks for authorization of the user secure the transactions against interception and alteration during transmission over unsecured communication channels.

Citations

15 Claims

1. The method of securing communications concerning selected data between an entity which has a master key code and a portable terminal which stores a plural number of codes that are unique to the entity and the terminal for operation by an authorized user having a Personal Identification Number, the method comprising:
- encrypting in accordance with a first logical combination of the user'"'"'s Personal Identification Number and the entity and terminal codes to produce a Personal Verification Number;
  
  comparing the Personal Verification Number produced by encryption with a Personal Verification Number previously established for an authorized user and stored in the terminal to activate, upon favorable comparison thereof, the generation of random numbers at the entity and at the terminal;
  
  transmitting the random number generated at the entity to the terminal and the random number generated at the terminal to the entity;
  
  encrypting at the entity and at the terminal in accordance with a second logical combination the random numbers generated at the entity and at the terminal with a Key-Exchange Key at the entity and at the terminal to produce a Session Key at the entity and at the terminal;
  
  encrypting at the terminal as a third logical combination the selected data and the Session Key to produce an encrypted message for transmission to the entity;
  
  decrypting the encrypted message at the entity in accordance with the third logical combination to yield the selected data;
  
  altering portions of the decrypted selected data at the entity and encrypting the same according to the third logical combination with the Session Key to produce a return encrypted message for transmission to the terminal; and
  
  decrypting the return encrypted message at the terminal in accordance with the third logical combination to yield the altered data for operation thereon at the terminal.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method according to claim 1 wherein the step of encrypting at the terminal as the third logical combination includes combining with the selected data a secondary Personal Verification Number which is stored in the terminal as an encryption according to a fourth logical combination of the entity code, the terminal code and an entity encryption key;
    - and wherein the step of decrypting the encrypted message at the entity includes decrypting the secondary Personal Verification Number; and
      
      comprising the additional step of encrypting at the entity according to the fourth logical combination the entity code, the terminal code and the entity encryption key to produce a secondary Personal Verification Number for comparison with the decrypted secondary Personal Verification Number as an indication of unaltered transmission and reception of the encrypted message at the entity.
  - 3. The method according to claim 1 comprising the preliminary steps of encrypting in accordance with the first logical combination of the user'"'"'s Personal Identification Number and the entity code and the terminal code to produce said Personal Verification Number;
    - andstoring said Personal Verification Number in said terminal.
  - 4. The method according to claim 1 comprising the additional steps, performed in selected sequence, of encrypting in accordance with a fifth logical sequence the terminal code, the entity code and an entity master key to produce the Key-Exchange Key for storage in the terminal prior to secured communication therewith and for use at the entity in encrypting said random numbers in accordance with said second logical combination.
  - 5. The method according to claim 1 wherein in the step of encrypting at the terminal as a third logical combination, said selected data includes information about the balance on deposit at the terminal;
    - the step of decrypting the encrypted message at the entity includes decrypting the information about the balance on deposit at the terminal;
      
      the step of producing a return encrypted message at the entity includes encrypting the information about the balance on deposit;
      
      the step of decrypting the return encrypted message at the terminal includes decrypting the information about balance on deposit; and
      
      comprising the additional step of comparing the information about balance on deposit decrypted at the terminal from the return encrypted message with the information about balance on deposit at the terminal as an indication of the unaltered transmission and reception of the encrypted message and the return encrypted message.
  - 6. The method according to claim 1 wherein the master key code to increment the balance on deposit at the terminal is different from the master key code to decrement the balance on deposit at the terminal.

7. A system including a portable terminal for operation by an authorized individual having a Personal Identification Number to provide secured data communications with a remote entity via a communication network, the system comprising:
- manually-actuatable switch means for controlling operation of the terminal;
  
  circuit means in the terminal responsive to operation of selected switch means in accordance with the user'"'"'s Personal Identification Number for producing a first signal as an indication of the authority of the user to operate the terminal;
  
  means at the entity responsive to the first signal for generating and communicating to the terminal a first random number;
  
  means at the terminal responsive to the first signal for generating a second random number;
  
  first encryption means in the terminal for encrypting according to a first logical combination the first and second random numbers with a first key code to produce a Session Key for controlling communication of encrypted data between remote entity and terminal;
  
  second encryption means for encrypting according to a second logical combination of selected data and the Session Key to produce an encrypted message for communicating with the second random number to the remote entity;
  
  third encryption means at the remote entity for encrypting according to said first logical combination of the first random number and the received second random number with the first key code to produce said Session Key at the entity for controlling communication of encrypted data between remot entity and terminal;
  
  first decryption means at the entity responsive to the Session Key generated thereat for decrypting the received encrypted message according to said second logical combination to yield the selected data;
  
  second circuit means at the entity selectively operable for altering selected data;
  
  fourth encryption means for encrypting according to a third logical combination of the altered data and Session Key to yield an encrypted altered message for communicating to the terminal; and
  
  second decryption means at said terminal for decrypting in accordance with said third logical combination the received encrypted altered message and Session Key to yield the altered data.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
- - 8. The system according to claim 7 wherein said circuit means includes:
    - storage means having an entity number and a terminal number stored therein;
      
      fifth encryption means for encrypting as a fourth logical combination of the entity number, the terminal number supplied thereto from the storage means and the Personal Identification Number of the user supplied thereto by the user via the switch means to yield a first Personal Verification Number;
      
      means storing in said storage means a selected portion of a first Personal Verification Number previously produced according to said fourth logical combination of said entity number, terminal number and Personal Identification Number supplied by the authorized user; and
      
      comparator means for producing said first signal in response to favorable comparison of said stored selected portion of first Personal Verification Number and the corresponding selected portion of the first Personal Verification Number produced by said fifth encryption means.
  - 9. The system according to claim 7 comprising sixth encryption means for encrypting according to a fifth logical combination of the entity number, the terminal number and an entity master key to yield said first key code;
    - andsaid storage means in the terminal includes therein the first key code previously produced in accordance with said fifth logical combination for access therefrom in response to the appearance of said first signal.
  - 10. The system according to claim 8 comprising seventh encryption means at said entity for encrypting according to a sixth logical combination the entity number, the terminal number and auxiliary entity key for producing a second Personal Verification Number;
    - said storage means in said terminal including therein a second Personal Verification Number which is accessible therefrom for encrypting in accordance with said second logical combination said selected data and the first Personal Verification Number; and
      
      comparator means in said entity for producing a second signal in response to favorable comparison of the decrypted second Personal Verification Number from the first decryption means with the second Personal Verification Number produced by said seventh encryption means; and
      
      said second circuit means being responsive to said second signal for altering selected data.
  - 11. The system according to claim 7 wherein the fourth encryption means encrypts according to the third logical combination of the altered data and the selected data and Session Key to yield the encrypted altered message;
    - and comprisingcomparator means at the terminal responsive to the decrypted selected data at the output of the second decryption means and to the selected data supplied to the second encryption means for producing an indication upon favorable comparison thereof of unaltered transmissions and receptions between entity and terminal of encrypted message and encrypted altered message.
  - 12. Apparatus for operation in the system of claim 7 as a portable terminal capable of secured communications via a communication network with selected entities under the control of an authorized individual having a Personal Identification Number, the apparatus comprising:
    - storage means for storing code information at a plurality of separate addressed locations, and including therein;
      
      a selected number of entity codes at separate addressed locations;
      
      a terminal code at another addressed location;
      
      a plural number of Personal Verification Numbers at other separate addressed locations; and
      
      a selected number of Key-Exchange Keys at still other separate addressed locations, wherein the selected number of entity codes, the plural number of Personal Verification Numbers and the selected number of Key-Exchange Keys are representative of the number of different entities to communicate with;
      
      a plurality of manually-operatable switch means for controlling operation of the terminal;
      
      display means for providing visual indication of data;
      
      network coupling means for transmitting encrypted messages and receiving encrypted altered messages between the communication network and terminal;
      
      digital data processing means coupled to the switch means and display means; and
      
      said first and second encryption means and said second decryption means under control of the processing means for encrypting and decrypting said keys, codes and data in response to operation of selected switch means.
  - 13. Initializing apparatus for the system of claim 8 to initialize each terminal for operation with an authorized individual who has a Personal Identification Number, the initializing apparatus comprising:
    - a data encryption module for encoding data applied thereto;
      
      keyboard data entry means;
      
      memory means including selected codes and keys of the entity;
      
      auxiliary digital data processing means coupled to said data encryption module and to said keyboard data entry means and to said memory means for encrypting data signals from the keyboard data entry means and memory means in accordance with said fourth logical combination to supply said first Personal Verification Number to the terminal for storage therein.
  - 14. Initializing apparatus for the system of claim 9 to initialize each terminal for operation with an authorized individual who has a Personal Identification Number, the initializing apparatus comprising:
    - a data encryption module for encoding data applied thereto;
      
      keyboard data entry means;
      
      memory means including selected codes and keys of the entity;
      
      auxiliary digital data processing means coupled to said data encryption module and to said keyboard data entry means and to said memory means for encrypting data signals from the keyboard data entry means and memory means in accordance with said fifth logical combination of the entity number, the terminal number and the entity master key to supply said first key code to the terminal for storage therein.
  - 15. Initializing apparatus for the system of claim 10 to initialize each terminal for operation with an authorized individual who has a Personal Identification Number, the initializing apparatus comprising:
    - a data encryption module for encoding data applied thereto;
      
      keyboard data entry means;
      
      memory means including selected codes and keys of the entity;
      
      auxiliary digital data processing means coupled to said data encryption module and to said keyboard data entry means and to said memory means for encrypting data signals from the keyboard data entry means and memory means in accordance with said sixth logical combination of the entity number, the terminal number, the first Personal Verification Number, and the auxiliary entity key to supply said second Personal Verification Number to the terminal for storage therein.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Atalla Corp. (HP Inc.)
Original Assignee
Atalla Corp. (HP Inc.)
Inventors
Atalla, Martin M., Bestock, Ralph R.
Primary Examiner(s)
TRAFTON, DAVID

Application Number

US06/514,011
Time in Patent Office

767 Days
Field of Search

235/379, 178/22.08, 178/22.09, 178/22.10
US Class Current

705/70
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/023   the neutral party being a c...

G06Q 20/04   Payment circuits

G06Q 20/108   Remote banking, e.g. home b...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/382   insuring higher security of...

G06Q 20/3829   involving key management

G06Q 20/40975   using encryption therefor

G07F 19/20   Automatic teller machines [...

G07F 19/211   Software architecture withi...

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

Pocket banking terminal, method and system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Pocket banking terminal, method and system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links