Method and system for providing system security in a remote terminal environment
First Claim
1. In a communication network comprised of a central processor, a plurality of remote terminals, and communication means for operationally coupling said central processor and said plurality of remote terminals, a security system for verifying both that a user of an assigned one of said remote terminals is the correct user of said assigned remote terminal and that said assigned remote terminal requesting access to a particular data file in the central processor is the correct terminal to access that data file, wherein each said remote terminal includes:
- (a) means for enabling an assigned user to enter an associated PIN number;
(b) first memory means for storing a file number for a said data file associated with the assigned user of said remote terminal, a terminal number assigned to said remote terminal, an assigned algorithm and a first residue previously derived from said algorithm, said terminal number of said remote terminal, and the PIN number presented by the assigned user; and
(c) first processor means responsive to the algorithm and terminal number stored in said first memory means and to a PIN number entered by a user for generating a second residue and also for comparing said second residue with said stored first residue and upon correspondence therebetween causing a file number for a requested data file to be outputted; and
wherein said central processor includes;
(a) second memory means for storing the file numbers respectively associated with said remote terminals and the specific algorithm and terminal number associated with each said file number, said second memory means being responsive to a file number from one of said remote terminals for outputting both the specific algorithm and terminal number associated with said file number; and
(b) second processor means responsive to said file number for causing a random number to be generated, and being further responsive to said specific algorithm, said remote terminal number from said second memory means, and said random number for generating a third residue;
said first processor means being responsive to said random number received from said central processor and to said algorithm and terminal number stored in said first memory means for generating a fourth residue;
said second processor means also including comparing means for comparing said fourth residue received from said first processor means of said remote terminal with said third residue from said second processor means and upon a correspondence therebetween, said second processor means enabling said remote terminal from which said file number was outputted to said central processor to gain access to the particular said data file associated with said file number; and
said terminal number being inaccessible to said assigned user, and said terminal number never appearing on said communication means.
1 Assignment
0 Petitions
Accused Products
Abstract
A security system and method are disclosed in a network comprised of a plurality of remote terminals in communication with a central processor wherein, before a user can access data from the central processor, that user'"'"'s assigned terminal must first verify that the user is the proper user of that terminal and then the central processor must verify that the terminal requesting that data is authorized to access that data. In a preferred embodiment, a first memory in the terminal that is assigned to a particular user is initialized by storing therein a file number associated with the particular user, an assigned terminal number of the terminal, an assigned algorithm, and a first number derived from the use in the assigned algorithm of the assigned terminal number and a secret PIN number entered by the particular user into the terminal. The file number of the user and the terminal number and algorithm associated with that file number are also stored in a second memory in the central processor as another part of the initialization procedure. In a subsequent operation, a user enters his secret PIN number and a desired file number into the terminal. That current secret PIN number and the terminal number are used in the assigned algorithm to compute a second number. If the first and second numbers properly compare, the user is verified and the terminal transmits the desired file number to the central processor. In response to this desired file number, the central processor causes a random number to be generated. The terminal uses this random number and its assigned terminal number and algorithm to calculate a third number which is applied to the central processor. At the same time the central processor uses this random number and the terminal number and algorithm which are both associated with the desired file number to calculate a fourth number. If the third and fourth numbers properly compare in the central processor, the terminal is verified and access to the desired file number is allowed.
145 Citations
7 Claims
-
1. In a communication network comprised of a central processor, a plurality of remote terminals, and communication means for operationally coupling said central processor and said plurality of remote terminals, a security system for verifying both that a user of an assigned one of said remote terminals is the correct user of said assigned remote terminal and that said assigned remote terminal requesting access to a particular data file in the central processor is the correct terminal to access that data file, wherein each said remote terminal includes:
-
(a) means for enabling an assigned user to enter an associated PIN number; (b) first memory means for storing a file number for a said data file associated with the assigned user of said remote terminal, a terminal number assigned to said remote terminal, an assigned algorithm and a first residue previously derived from said algorithm, said terminal number of said remote terminal, and the PIN number presented by the assigned user; and (c) first processor means responsive to the algorithm and terminal number stored in said first memory means and to a PIN number entered by a user for generating a second residue and also for comparing said second residue with said stored first residue and upon correspondence therebetween causing a file number for a requested data file to be outputted; and wherein said central processor includes; (a) second memory means for storing the file numbers respectively associated with said remote terminals and the specific algorithm and terminal number associated with each said file number, said second memory means being responsive to a file number from one of said remote terminals for outputting both the specific algorithm and terminal number associated with said file number; and (b) second processor means responsive to said file number for causing a random number to be generated, and being further responsive to said specific algorithm, said remote terminal number from said second memory means, and said random number for generating a third residue; said first processor means being responsive to said random number received from said central processor and to said algorithm and terminal number stored in said first memory means for generating a fourth residue; said second processor means also including comparing means for comparing said fourth residue received from said first processor means of said remote terminal with said third residue from said second processor means and upon a correspondence therebetween, said second processor means enabling said remote terminal from which said file number was outputted to said central processor to gain access to the particular said data file associated with said file number; and said terminal number being inaccessible to said assigned user, and said terminal number never appearing on said communication means. - View Dependent Claims (2, 3, 4)
-
-
5. A method for accessing data from a security system comprised of a central processor operationally coupled to a plurality of remote terminals, said method comprising the steps of:
-
initializing each terminal by storing in that terminal a file number assigned to a particular user, a preselected algorithm and a terminal number assigned to that terminal, and a first number derived from the use of the algorithm and terminal number assigned to that terminal and of the particular user'"'"'s PIN number; initially storing in the central processor each user'"'"'s file number and the algorithm and terminal number associated with that file number; verifying that a user entering his PIN number in a given terminal is authorized to use that given terminal when there is correspondence between the first number stored in that given terminal and a second number derived from the use in the algorithm of the terminal number stored in that given terminal and a user'"'"'s PIN number entered into that given terminal; transmitting the user'"'"'s file number stored in that given terminal to the central processor when the user is verified by that given terminal; generating a random number in the central processor when the user'"'"'s file number is received by the central processor; using the generated random number and the algorithm and terminal number stored in the given terminal to generate a third number; utilizing the generated random number and the algorithm and terminal number associated with the user'"'"'s file number received by the central processor to generate a fourth number in the central processor; and validating that the given terminal transmitting the user'"'"'s file number is authorized to access that file number when there is correspondence between the third and fourth numbers. - View Dependent Claims (6, 7)
-
Specification
-
- Resources
-
Current AssigneeNCR Corporation
-
Original AssigneeNCR Corporation
-
InventorsHale, William J., Horst, William R.
-
Primary Examiner(s)Cangialosi, Salvatore
-
Assistant Examiner(s)Lewis, Aaron J.
-
Application NumberUS06/640,277Time in Patent Office953 DaysField of Search178/22.08, 178/22.09, 235/379, 235/381US Class Current713/155CPC Class CodesG06F 21/31 User authenticationG07F 7/1016 Devices or methods for secu...H04L 2209/56 Financial cryptography, e.g...H04L 9/3226 using a predetermined code,...
