Validation check for remote digital station
First Claim
1. A method for authenticating an electronic access card to a communication system having a plurality of access stations interconnected to a central data processing device, said method comprising the steps of:
- (a) coupling said access card to an access station by means of a bidirectional data channel;
(b) generating a first message having random content in said access station and converting said first message to a first encrypted message by means of a locally resident first encoding key;
(c) transferring said first encrypted message to said access card and decoding said first encrypted message by means of a locally resident first decoding key associated with said first encoding key in said access card;
(d) converting said decoded first encrypted message to a second encrypted message in said access card by means of a locally resident second encoding key;
(e) transferring said second encrypted message to said access station and decoding said second encrypted message by means of a locally resident second decoding key associated to said second encoding key in said access station;
(f) comparing said decoded second encrypted message to said first message for selectively generating an authentication signal upon detection of equality,said method thereby entailing transfer of only encrypted representations of said first message in the form of first and second encrypted messages, respectively, wherein said first encoding key and said second encoding key are mutually different and wherein said first decoding key and said second encoding key are complementary among a predetermined plurality of access cards, and are externally inaccessible in said access cards.
0 Assignments
0 Petitions
Accused Products
Abstract
A cryptographic validation for an external station of a communication system provided with a central data processing device, a number of access stations which are coupled thereto and a number of external stations which can be selectively coupled to the access stations. To validate an external station, the access station transmits a message encoded by a first encoding key. The external station decodes the message received and re-encodes the message using a second encoding key, transmitting the re-encoded message back to the access station. The access station then decodes this message using a second key decoder. This decoded data is compared with the data originally encoded by the access station. If the data is identical, the external station is validated.
-
Citations
3 Claims
-
1. A method for authenticating an electronic access card to a communication system having a plurality of access stations interconnected to a central data processing device, said method comprising the steps of:
-
(a) coupling said access card to an access station by means of a bidirectional data channel; (b) generating a first message having random content in said access station and converting said first message to a first encrypted message by means of a locally resident first encoding key; (c) transferring said first encrypted message to said access card and decoding said first encrypted message by means of a locally resident first decoding key associated with said first encoding key in said access card; (d) converting said decoded first encrypted message to a second encrypted message in said access card by means of a locally resident second encoding key; (e) transferring said second encrypted message to said access station and decoding said second encrypted message by means of a locally resident second decoding key associated to said second encoding key in said access station; (f) comparing said decoded second encrypted message to said first message for selectively generating an authentication signal upon detection of equality, said method thereby entailing transfer of only encrypted representations of said first message in the form of first and second encrypted messages, respectively, wherein said first encoding key and said second encoding key are mutually different and wherein said first decoding key and said second encoding key are complementary among a predetermined plurality of access cards, and are externally inaccessible in said access cards.
-
-
2. A system for authenticating an electronic access card to a communication system, said communication system comprising a plurality of access stations interconnected to a central data processing device, and comprising:
-
(a) coupling means in an access station for coupling thereto said access card via a bidirectional data channel; (b) a generator in said access station for a first random message and first encoding means fed by said generator for converting by means of a locally resident first encoding key said first random message to a first encrypted message for transferral via said data channel; (c) first decoding means in said access card fed by said data channel for decoding said first encrypted message by means of a locally resident first decoding key associated to said first encoding key; (d) second encoding means in said access card fed by said first decoding means for converting said decoded first encrypted message to a second encrypted message for transferral via said data channel by means of a locally present second encoding key; (e) second decoding means in said access station fed by said data channel for decoding said second encrypted message by means of a locally resident second decoding key associated to said second encoding key; (f) comparing means fed by said generator and by said second decoding means for comparing said first random message and said decoded second encrypted message and having an authentication output for upon detecting an equality outputting an authentication signal for enabling further data processing operations in said communication system; said communication system thereby having only encrypted representations of said first random message transmitted on said data channel in the form of said first encrypted and second encrypted messages, respectively, wherein said first encoding key and said second encoding key are mutually different, wherein said first decoding key and second encoding key are complementary among a predetermined plurality of access cards, said access cards comprising storage means provided with access blocking means for blocking external access to said first decoding key and second encoding key.
-
-
3. An authenticatable electronic access card for use in a communication system having a plurality of access stations interconnected to a central data processing facility, said access card comprising:
-
(a) coupling means for coupling thereto an access station via a bidirectional data channel; (b) a first decoding means fed by said data channel for receiving a first encrypted message as generated in said access station from a first random message by means of first encoding key, said first decoding means comprising storage means for a first decoding key associated with said first encoding key for controlling said first decoding means to decode said first encrypted message; (c) second encoding means fed by said first decoding means for converting by means of a locally present second encoding key said decoded first encrypted message for transferral via said data channel to said access station for decoding therein by means of a second decoding key associated with said second encoding key and thereupon being compared to said first random message for authentication, said access card thereby communicating only encrypted representations of said first random message on said data channel in the form of said first encrypted and second encrypted messages, respectively, wherein said first encoding key and said second encoding key are mutually different and wherein said first decoding key and said second encoding key are complementary among a predetermined plurality of access cards, said access card comprising storage means provided with access blocking means for blocking external access to said first decoding key and second encoding key.
-
Specification