Key management system for on-line communication
First Claim
1. A transaction terminal having a cryptographic key generator suitable for on-line encrypted communication between the terminal and a central host comprising:
- means for encrypting data;
means for receiving and storing a base generator value;
storage means containing a plurality of modifier values;
means for generating a matrix table of encryption keys wherein the keys in a first column in the matrix table are generated by encrypting said modifier values using the base generator value as the encrypting key and wherein the keys of the second and each successive column in the table are generated by encrypting the modifier values with the first unused key in the previous column, and wherein any key that is used to generate a column of keys is immediately erased; and
counter means, having at least as many digits as columns in said matrix, with the location of the digits in the counter means corresponding to a particular column in the matrix and with the value of each digit corresponding to a particular row in the matrix, whereby transmission of the value in the counter means to the host during a transaction will enable the host to determine the key used to encrypt the communication.
1 Assignment
0 Petitions
Accused Products
Abstract
The subject invention relates to a new and improved key management system particularly suited to facilitate communication between point of sale terminals and a host processor. The system provides for the generation of a table of keys in the terminal. The terminal includes a counter which is related to the table of keys. During a transaction, information, such as a personal identification number (PIN) is encrypted using one of the keys in the table. This information is transmitted, along with other transaction data, and the number stored in the counter. By utilizing the information in the counter, the host processor can generate the key used for encrypting the PIN. By this arrangement, security is enhanced and there is no need for large storage of keys at the central host.
-
Citations
13 Claims
-
1. A transaction terminal having a cryptographic key generator suitable for on-line encrypted communication between the terminal and a central host comprising:
-
means for encrypting data; means for receiving and storing a base generator value; storage means containing a plurality of modifier values; means for generating a matrix table of encryption keys wherein the keys in a first column in the matrix table are generated by encrypting said modifier values using the base generator value as the encrypting key and wherein the keys of the second and each successive column in the table are generated by encrypting the modifier values with the first unused key in the previous column, and wherein any key that is used to generate a column of keys is immediately erased; and counter means, having at least as many digits as columns in said matrix, with the location of the digits in the counter means corresponding to a particular column in the matrix and with the value of each digit corresponding to a particular row in the matrix, whereby transmission of the value in the counter means to the host during a transaction will enable the host to determine the key used to encrypt the communication. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A secure communication system including a transaction terminal and a central host, with said system comprising:
-
a terminal including; means for encrypting data; means for receiving and storing a base generator value; storage means containing a plurality of modifier values; means for generating a matrix table of encryption keys wherein the keys in a first column in the matrix table are generated by encrypting said modifier values using the base generator value as the encrypting key and wherein the keys of the second and each successive column in the table are generated by encrypting the modifier values with the first unused key in the previous column and wherein any key that is used to generate a column of keys is immediately erased; and counter means, having at least as many digits as columns in said matrix, with the location of the digits in the counter means corresponding to a particular column in the matrix and with the value of each digit corresponding to a particular row in the matrix; means for transmitting to the central host the value of the counter means along with transaction data encrypted using an encryption key from the matrix; and means at the central host for deriving the encryption key utilizing the counter value received from the terminal permitting evaluation of the encrypted transaction information. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
Specification