Key management system for on-line communication

US 4,605,820 A
Filed: 11/10/1983
Issued: 08/12/1986
Est. Priority Date: 11/10/1983
Status: Expired due to Term

First Claim

Patent Images

1. A transaction terminal having a cryptographic key generator suitable for on-line encrypted communication between the terminal and a central host comprising:

means for encrypting data;

means for receiving and storing a base generator value;

storage means containing a plurality of modifier values;

means for generating a matrix table of encryption keys wherein the keys in a first column in the matrix table are generated by encrypting said modifier values using the base generator value as the encrypting key and wherein the keys of the second and each successive column in the table are generated by encrypting the modifier values with the first unused key in the previous column, and wherein any key that is used to generate a column of keys is immediately erased; and

counter means, having at least as many digits as columns in said matrix, with the location of the digits in the counter means corresponding to a particular column in the matrix and with the value of each digit corresponding to a particular row in the matrix, whereby transmission of the value in the counter means to the host during a transaction will enable the host to determine the key used to encrypt the communication.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The subject invention relates to a new and improved key management system particularly suited to facilitate communication between point of sale terminals and a host processor. The system provides for the generation of a table of keys in the terminal. The terminal includes a counter which is related to the table of keys. During a transaction, information, such as a personal identification number (PIN) is encrypted using one of the keys in the table. This information is transmitted, along with other transaction data, and the number stored in the counter. By utilizing the information in the counter, the host processor can generate the key used for encrypting the PIN. By this arrangement, security is enhanced and there is no need for large storage of keys at the central host.

Citations

13 Claims

1. A transaction terminal having a cryptographic key generator suitable for on-line encrypted communication between the terminal and a central host comprising:
- means for encrypting data;
  
  means for receiving and storing a base generator value;
  
  storage means containing a plurality of modifier values;
  
  means for generating a matrix table of encryption keys wherein the keys in a first column in the matrix table are generated by encrypting said modifier values using the base generator value as the encrypting key and wherein the keys of the second and each successive column in the table are generated by encrypting the modifier values with the first unused key in the previous column, and wherein any key that is used to generate a column of keys is immediately erased; and
  
  counter means, having at least as many digits as columns in said matrix, with the location of the digits in the counter means corresponding to a particular column in the matrix and with the value of each digit corresponding to a particular row in the matrix, whereby transmission of the value in the counter means to the host during a transaction will enable the host to determine the key used to encrypt the communication.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A terminal as recited in claim 1 wherein during a transaction, said encrypting means selects a key from the first unused row in the last column of the matrix to encrypt the communication and erases that key when the transaction is complete.
  - 3. A terminal as recited in claim 2 arranged such that when a column of keys has been erased, the generator means generates a new column by encrypting the modifier values with the first unused key in the previous row and thereafter erases that key.
  - 4. A terminal as recited in claim 1 including a means for replacing the gas generator value when all the keys in said matrix have been erased, said means including a table of secondary modifier values and wherein said generation means functions to generate a secondary key table by encrypting the secondary modifier values in said table using the base generator value, with said keys in said secondary key table being available to replace the base generator value.
  - 5. A terminal as recited in claim 4 wherein said counter includes an overflow digit, with the value of said overflow digit corresponding to the key from the secondary key table that was utilized to generate the matrix.
  - 6. A terminal as recited in claim 1 wherein the counter is decimal based.

7. A secure communication system including a transaction terminal and a central host, with said system comprising:
- a terminal including;
  
  means for encrypting data;
  
  means for receiving and storing a base generator value;
  
  storage means containing a plurality of modifier values;
  
  means for generating a matrix table of encryption keys wherein the keys in a first column in the matrix table are generated by encrypting said modifier values using the base generator value as the encrypting key and wherein the keys of the second and each successive column in the table are generated by encrypting the modifier values with the first unused key in the previous column and wherein any key that is used to generate a column of keys is immediately erased; and
  
  counter means, having at least as many digits as columns in said matrix, with the location of the digits in the counter means corresponding to a particular column in the matrix and with the value of each digit corresponding to a particular row in the matrix;
  
  means for transmitting to the central host the value of the counter means along with transaction data encrypted using an encryption key from the matrix; and
  
  means at the central host for deriving the encryption key utilizing the counter value received from the terminal permitting evaluation of the encrypted transaction information.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. A communication system as recited in claim 7, where the means for deriving the key at the central host encrypts the modifier value associated with the most significant digit of the counter using the base generator value and thereafter, the modifier values associated with each of the successive digits of the counter are encrypted utilizing the result from the previous encryption step as the encryption key, with the final result being representative of the key used to encrypt the transaction data.
  - 9. A communication system as recited in claim 7 wherein during a transaction, said encrypting means selects a key from the first unused row in the last column of the matrix to encrypt the communication and erases that key when the transaction is complete.
  - 10. A communication system as recited in claim 9 arranged such that when a column of keys has been erased, the generator means generates a new column by encrypting the modifier values with the first unused key in the previous row and thereafter erases that key.
  - 11. A communication system as recited in claim 7 including a means for replacing the base generator value when all the keys in said matrix have been erased, said means including a table of secondary modifier values and wherein said generation means functions to generate a secondary key table by encrypting the secondary modifier values in said table using the base generator value, with said keys in said secondary key table being available to replace the base generator value.
  - 12. A communication system as recited in claim 11 wherein said counter includes an overflow digit, with the value of said overflow digit corresponding to the key from the secondary key table that was utilized to generate the matrix.
  - 13. A communication system as recited in claim 7 wherein the counter is decimal based.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa USA, Inc. (Visa, Inc.)
Original Assignee
Visa USA, Inc. (Visa, Inc.)
Inventors
Campbell, Carl M. Jr.
Primary Examiner(s)
Cangialosi, Salvatore
Assistant Examiner(s)
Lewis, Aaron J.

Application Number

US06/550,885
Time in Patent Office

1,006 Days
Field of Search

178/22.07, 178/22.09, 178/22.13, 178/22.14, 178/22.15, 178/22.16, 178/22.19, 178/22.08, 340/825.34
US Class Current

705/71
CPC Class Codes

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/3829   involving key management

G07F 7/1016   Devices or methods for secu...

Key management system for on-line communication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Key management system for on-line communication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links