Initialization of cryptographic variables in an EFT/POS network with a large number of terminals

US 4,771,461 A
Filed: 06/27/1986
Issued: 09/13/1988
Est. Priority Date: 06/27/1986
Status: Expired due to Term

First Claim

Patent Images

1. A method for initialization of cryptographic variables in a network with a predetermined number of terminals using a public key algorithm comprising the steps of:

establishing a key distribution center and generating a public and secret key pair for the key distribution center;

providing each terminal in the network with a terminal identification known to the key distribution center and a cryptographic facility in which is stored the public key of the key distribution center;

designating a terminal initializer for each terminal in the network and notifying the terminal initializer for each terminal of two expiration times for purposes of registering a terminal cryptovariable with said key distribution center;

generating at a terminal a cryptovariable using said cryptographic facility;

prior to the first expiration time, preparing and transmitting to said key distribution center a registration request message which includes the terminal identification and said cryptovariable;

temprarily registering said cryptovariable at said key distribution center in association with said terminal identification;

invalidating said terminal identification whenever a second attempt is made to register a cryptovariable in association with said terminal identification, prior to said first expiration time; and

after the expiration of said second time, permanently registering said cryptovariable at said key distribution center.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A procedure is disclosed for initializing with security and integrity a large number of terminals in an EFT/POS network with cryptographic variables. Each terminal in the network is provided with a cryptographic facility which performs the necessary cryptographic functions. A key distribution center is established, and a public and secret key pair is generated for the key distribution center. Each terminal in the network is provided with a terminal identification known to the key distribution center, the public key of the key distribution center is stored in the cryptographic facility of each terminal. A terminal initializer is designated for each terminal, and the terminal initializer for each terminal is notified of two expiration times for the purposes of registering the terminal'"'"'s cryptovariable with the key distribution center. The cryptovariable is generated by the terminal using its cryptographic facility. Prior to the first expiration time, a registration request is prepared and transmitted to the key distribution center. The registration request includes the terminal identification and the cryptovariable. When the key distribution center receives this request, the cryptovariable is temporarily registered and that fact is acknowledged to the requesting terminal. After the expiration of the second time, the registration is complete. Provisions are also made for invalidating a terminal identification in the event that more than one registration is attempted for a given terminal identification or that the registration was not made in time. The same procedure can be used to initialize cryptovariables of users of a network. The protocol is basically the same except that a user identification is used instead of a terminal identification, and the users may be provided with a transportable media, such as a magnetic stripe card or the like, which stores the user cryptovariable and can be read by terminals in the network.

92 Citations

View as Search Results

16 Claims

1. A method for initialization of cryptographic variables in a network with a predetermined number of terminals using a public key algorithm comprising the steps of:
- establishing a key distribution center and generating a public and secret key pair for the key distribution center;
  
  providing each terminal in the network with a terminal identification known to the key distribution center and a cryptographic facility in which is stored the public key of the key distribution center;
  
  designating a terminal initializer for each terminal in the network and notifying the terminal initializer for each terminal of two expiration times for purposes of registering a terminal cryptovariable with said key distribution center;
  
  generating at a terminal a cryptovariable using said cryptographic facility;
  
  prior to the first expiration time, preparing and transmitting to said key distribution center a registration request message which includes the terminal identification and said cryptovariable;
  
  temprarily registering said cryptovariable at said key distribution center in association with said terminal identification;
  
  invalidating said terminal identification whenever a second attempt is made to register a cryptovariable in association with said terminal identification, prior to said first expiration time; and
  
  after the expiration of said second time, permanently registering said cryptovariable at said key distribution center.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method for initialization of cryptographic variables in a network as recited in claim 1 wherein the request message transmitted to said key distribution center includes time variant data and the step of temporarily registering said cryptovariable includes the step of acknowledging the temporary registration of the cryptovariable to the requesting terminal by sending a message to the requesting terminal containing the terminal identification, the cryptovariable, the time variant data echoed, and a signature using the secret key of the key distribution center.
  - 3. The method for initialization of cryptographic variables in a network as recited in claim 1 further comprising the steps of:
    - installing the public key of the key distribution center in each terminal at a central location before shipping the terminal to its point of use; and
      
      shipping the terminals to their respective points of use with the public key of the key distribution center installed.
  - 4. The method for initialization of cryptographic variables in a network as recited in claim 1 further comprising the step of installing the public key of the key distribution center in each terminal after the terminal has been installed at its point of use.
  - 5. The method for initialization of cryptographic variables as recited in claim 1 wherein the step of generating is performed by generating a public key and secret key pair for the terminal.
  - 6. The method for initialization of cryptographic variables as recited in claim 1 wherein the step of generating is performed by generating a secret terminal key using a symmetric algorithm.
  - 7. The method for initialization of cryptographic variables as recited in claim 1 further comprising the step of preparing and transmitting to said key distribution center prior to the second expiration time a terminal identification invalidation request message in the event that the terminal fails to receive a positive acknowledgement from the key distribution center stating that the requested cryptovariable was temporarily registered at the key distribution center or fails to receive a positive acknowledgement from the key distribution center stating that the requested terminal identification has been invalidated by the key distribution center.
  - 8. The method for initialization of cryptographic variables as recited in claim 1 further comprising the steps of:
    - proving the identification of the designated terminal initializer for a terminal after the second expiration time has passed; and
      
      requesting the invalidation of the terminal identification of that terminal if the requested cryptovariable was not registered with the key distribution center.
  - 9. The method for initialization of cryptographic variables as recited in claim 1 further comprising the steps of:
    - requesting the key distribution center to provide a verification of the cryptovariable registration for the terminal identification after the second expiration time has passed; and
      
      providing verification of the registration if the terminal identification is valid and a cryptovariable was previously registered.
  - 10. The method for initialization of cryptographic variables as recited in claim 9 wherein the step of providing verification of the registration is provided by sending a message specifying the registered cryptovariable for that terminal, the terminal identification and a signature using the secret key of the key distribution center.

11. A method for initialization of cryptographic variables in a network with a predetermined number of terminals using a public key algorithm comprising the steps of:
- establishing a key distribution center and generating a public and secret key pair for the key distribution center;
  
  providing each terminal in the network with a terminal identification known to the key distribution center and a cryptographic facility in which is stored the public key of the key distribution center;
  
  designating a terminal initializer for each terminal in the network and notifying the terminal initializer for each terminal of two expiration times for purposes of registering a terminal cryptovariable with said key distribution center;
  
  generating at a terminal a cryptovariable using said cryptographic facility;
  
  prior to the first expiration time, preparing and transmitting to said key distribution center a registration request message which includes the terminal identification, time variant data, and said cryptovariable;
  
  temprarily registering said cryptovariable at said key distribution center in association with said terminal identification;
  
  acknowledging the temporary registration of the cryptovariable to the requesting terminal by sending a message to the requesting terminal containing the terminal identification, the cryptovariable, the time variant data echoed, and a signature using the secret key of the key distribution center;

12. invalidating said terminal identification whenever a second attempt is made to register a cryptovariable in association with said terminal identification, prior to said first expiration time;
- andafter the expiration of said second time, permanently registering said cryptovariable at said key distribution center.

13. The method for initialization of cryptographic variables in a network with a predetermined number of terminals using a public key algorithm comprising the steps of:
- establishing a key distribution center and generating a public and secret key pair for the key distribution center;
  
  providing each terminal in the network with a terminal identification known to the key distribution center and a cryptographic facility in which is stored the public key of the key distribution center;
  
  designating a terminal initializer for each terminal in the network and notifying the terminal initializer for each terminal of two expiration times for purposes of registering a terminal cryptovariable with said key distribution center;
  
  generating at a terminal a cryptovariable using said cryptographic facility;
  
  prior to the first expiration time, preparing and transmitting to said key distribution center a registration request message which includes the terminal identification, time variant data, and said cryptovariable;
  
  temprarily registering said cryptovariable at said key distribution center in association with said terminal identification;
  
  acknowledging the temporary registration of the cryptovariable to the requesting terminal by sending a message to the requesting terminal containing the terminal identification, the cryptovariable, the time variant data echoed, and a signature using the secret key of the key distribution center;
  
  invalidating said terminal identification whenever a second attempt is made to register a cryptovariable in association with said terminal identification, prior to said first expiration time; and
  
  after the expiration time, permanently registering said cryptovariable at said key distribution center.

14. The method for initialization of cryptographic variables in a network with a predetermined number of terminals using a public key algorithm comprising the steps of:
- establishing a key distribution center and generating a public and secret key pair for the key distribution center;
  
  providing each terminal in the network with a terminal identification known to the key distribution center and a cryptographic facility in which is stored the public key of the key distribution center;
  
  designating a terminal initializer for each terminal in the network and notifying the terminal initializer for each terminal of two expiration times for purposes of registering a terminal cryptovariable with said key distribution center;
  
  generating at a terminal a cryptovariable using said cryptographic facility;
  
  prior to the expiration time, preparing at the terminal and transmitting to said key distribution center a registration request message which includes the terminal identification, time variant data, and said cryptovariable;
  
  temprarily registering said cryptovariable at said key distribution center in association with said terminal identification;
  
  acknowledging in a first acknowledgement, the temporary registration of the cryptovariable by sending a message to the requesting terminal containing the terminal identification, the cryptovariable, the time variant data echoed, and a signature using the secret key of the key distribution center;
  
  invalidating at the key distribution center said terminal identification whenever a second attempt is made to register a cryptovariable in association with said terminal identification, prior to said first expiration time;
  
  acknowledging said invalidating step to said terminal in a second acknowledgement;
  
  preparing at the terminal and transmitting to said key distribution center prior to said expiration time a terminal identification invalidation request message in the event that the terminal fails to receive either said first or said second acknowledgement; and
  
  after the expiration time, permanently registering said cryptovariable at said key distribution center.

15. The method for initialization of cryptographic variables in a network with a predetermined number of terminals using a public key algorithm comprising the steps of:
- establishing a key distribution center and generating a public and secret key pair for the key distribution center;
  
  providing each terminal in the network with a terminal identification known to the key distribution center and a cryptographic facility in which is stored the public key of the key distribution center;
  
  designating a terminal initializer for each terminal in the network and notifying the terminal initializer for each terminal of two expiration times for purposes of registering a terminal cryptovariable with said key distribution center;
  
  generating at a terminal a cryptovariable using said cryptographic facility;
  
  prior to the expiration time, preparing at the terminal and transmitting to said key distribution center a registration request message which includes the terminal identification, time variant data, and said cryptovariable;
  
  invalidating said terminal identification at the key distribution center in the event that a cryptovariable has been previously transmitted and temporarily registered at the key distribution center by an imposter using said terminal identification, prior to said expiration time;
  
  acknowledging said invalidating step to said terminal;
  
  temprarily registering said cryptovariable at said key distribution center in association with said terminal identification in the event that there has been no prior registration under said terminal identification;
  
  acknowledging the temporary registration of the cryptovariable to the requesting terminal by sending a message to the requesting terminal containing the terminal identification, the cryptovariable, the time variant data echoed, and a signature using the secret key of the key distribution center;
  
  invalidating said temporarily registered cryptovariable whenever a subsequent attempt is made by an imposter to register a different cryptovariable in association with said terminal identification, prior to said expiration time; and
  
  after the expiration time, permanently registering said cryptovariable at said key distribution center.

16. The method for initialization of user cryptographic variables in a network with a predetermined number of terminals using a public key algorithm comprising the steps of:
- establishing a key distribution center and generating a public and secret key pair for the key distribution center;
  
  providing each terminal in the network with a user identification known to the key distribution center and each terminal in the network with a cryptographic facility in which is stored the public key of the key distribution center;
  
  notifying each user of an expiration time for purposes of registering a terminal cryptovariable with said key distribution center;
  
  generating at a terminal a cryptovariable using said cryptographic facility;
  
  prior to the expiration time, preparing and transmitting to said key distribution center a registration request message which includes the user identification, time variant data, and said cryptovariable;
  
  temprarily registering said cryptovariable at said key distribution center in association with said user identification;
  
  acknowledging the temporary registration of the cryptovariable to the requesting terminal by sending a message to the requesting terminal containing the user identification, the cryptovariable, the time variant data echoed, and a signature using the secret key of the key distribution center;
  
  invalidating said user identification whenever a second attempt is made to register a cryptovariable in association with said user identification, prior to said expiration time; and
  
  after the expiration time, permanently registering said cryptovariable at said key distribution center.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Matyas, Stephen M.
Primary Examiner(s)
Cangialosi, Salvatore

Application Number

US06/879,784
Time in Patent Office

809 Days
Field of Search

178/22.08, 178/22.09, 178/22.11, 380/23, 380/24, 380/25, 380/30, 380/48
US Class Current

380/282
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/10   specially adapted for elect...

G06Q 20/14   specially adapted for billi...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/382   insuring higher security of...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

H04L 9/0833   involving conference or gro...

H04L 9/3271   using challenge-response

Initialization of cryptographic variables in an EFT/POS network with a large number of terminals

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

92 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Initialization of cryptographic variables in an EFT/POS network with a large number of terminals

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

92 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links