Initialization of cryptographic variables in an EFT/POS network with a large number of terminals
First Claim
1. A method for initialization of cryptographic variables in a network with a predetermined number of terminals using a public key algorithm comprising the steps of:
- establishing a key distribution center and generating a public and secret key pair for the key distribution center;
providing each terminal in the network with a terminal identification known to the key distribution center and a cryptographic facility in which is stored the public key of the key distribution center;
designating a terminal initializer for each terminal in the network and notifying the terminal initializer for each terminal of two expiration times for purposes of registering a terminal cryptovariable with said key distribution center;
generating at a terminal a cryptovariable using said cryptographic facility;
prior to the first expiration time, preparing and transmitting to said key distribution center a registration request message which includes the terminal identification and said cryptovariable;
temprarily registering said cryptovariable at said key distribution center in association with said terminal identification;
invalidating said terminal identification whenever a second attempt is made to register a cryptovariable in association with said terminal identification, prior to said first expiration time; and
after the expiration of said second time, permanently registering said cryptovariable at said key distribution center.
1 Assignment
0 Petitions
Accused Products
Abstract
A procedure is disclosed for initializing with security and integrity a large number of terminals in an EFT/POS network with cryptographic variables. Each terminal in the network is provided with a cryptographic facility which performs the necessary cryptographic functions. A key distribution center is established, and a public and secret key pair is generated for the key distribution center. Each terminal in the network is provided with a terminal identification known to the key distribution center, the public key of the key distribution center is stored in the cryptographic facility of each terminal. A terminal initializer is designated for each terminal, and the terminal initializer for each terminal is notified of two expiration times for the purposes of registering the terminal'"'"'s cryptovariable with the key distribution center. The cryptovariable is generated by the terminal using its cryptographic facility. Prior to the first expiration time, a registration request is prepared and transmitted to the key distribution center. The registration request includes the terminal identification and the cryptovariable. When the key distribution center receives this request, the cryptovariable is temporarily registered and that fact is acknowledged to the requesting terminal. After the expiration of the second time, the registration is complete. Provisions are also made for invalidating a terminal identification in the event that more than one registration is attempted for a given terminal identification or that the registration was not made in time. The same procedure can be used to initialize cryptovariables of users of a network. The protocol is basically the same except that a user identification is used instead of a terminal identification, and the users may be provided with a transportable media, such as a magnetic stripe card or the like, which stores the user cryptovariable and can be read by terminals in the network.
92 Citations
16 Claims
-
1. A method for initialization of cryptographic variables in a network with a predetermined number of terminals using a public key algorithm comprising the steps of:
-
establishing a key distribution center and generating a public and secret key pair for the key distribution center; providing each terminal in the network with a terminal identification known to the key distribution center and a cryptographic facility in which is stored the public key of the key distribution center; designating a terminal initializer for each terminal in the network and notifying the terminal initializer for each terminal of two expiration times for purposes of registering a terminal cryptovariable with said key distribution center; generating at a terminal a cryptovariable using said cryptographic facility; prior to the first expiration time, preparing and transmitting to said key distribution center a registration request message which includes the terminal identification and said cryptovariable; temprarily registering said cryptovariable at said key distribution center in association with said terminal identification; invalidating said terminal identification whenever a second attempt is made to register a cryptovariable in association with said terminal identification, prior to said first expiration time; and after the expiration of said second time, permanently registering said cryptovariable at said key distribution center. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for initialization of cryptographic variables in a network with a predetermined number of terminals using a public key algorithm comprising the steps of:
-
establishing a key distribution center and generating a public and secret key pair for the key distribution center; providing each terminal in the network with a terminal identification known to the key distribution center and a cryptographic facility in which is stored the public key of the key distribution center; designating a terminal initializer for each terminal in the network and notifying the terminal initializer for each terminal of two expiration times for purposes of registering a terminal cryptovariable with said key distribution center; generating at a terminal a cryptovariable using said cryptographic facility; prior to the first expiration time, preparing and transmitting to said key distribution center a registration request message which includes the terminal identification, time variant data, and said cryptovariable; temprarily registering said cryptovariable at said key distribution center in association with said terminal identification; acknowledging the temporary registration of the cryptovariable to the requesting terminal by sending a message to the requesting terminal containing the terminal identification, the cryptovariable, the time variant data echoed, and a signature using the secret key of the key distribution center;
-
-
12. invalidating said terminal identification whenever a second attempt is made to register a cryptovariable in association with said terminal identification, prior to said first expiration time;
- and
after the expiration of said second time, permanently registering said cryptovariable at said key distribution center.
- and
-
13. The method for initialization of cryptographic variables in a network with a predetermined number of terminals using a public key algorithm comprising the steps of:
-
establishing a key distribution center and generating a public and secret key pair for the key distribution center; providing each terminal in the network with a terminal identification known to the key distribution center and a cryptographic facility in which is stored the public key of the key distribution center; designating a terminal initializer for each terminal in the network and notifying the terminal initializer for each terminal of two expiration times for purposes of registering a terminal cryptovariable with said key distribution center; generating at a terminal a cryptovariable using said cryptographic facility; prior to the first expiration time, preparing and transmitting to said key distribution center a registration request message which includes the terminal identification, time variant data, and said cryptovariable; temprarily registering said cryptovariable at said key distribution center in association with said terminal identification; acknowledging the temporary registration of the cryptovariable to the requesting terminal by sending a message to the requesting terminal containing the terminal identification, the cryptovariable, the time variant data echoed, and a signature using the secret key of the key distribution center; invalidating said terminal identification whenever a second attempt is made to register a cryptovariable in association with said terminal identification, prior to said first expiration time; and after the expiration time, permanently registering said cryptovariable at said key distribution center.
-
-
14. The method for initialization of cryptographic variables in a network with a predetermined number of terminals using a public key algorithm comprising the steps of:
-
establishing a key distribution center and generating a public and secret key pair for the key distribution center; providing each terminal in the network with a terminal identification known to the key distribution center and a cryptographic facility in which is stored the public key of the key distribution center; designating a terminal initializer for each terminal in the network and notifying the terminal initializer for each terminal of two expiration times for purposes of registering a terminal cryptovariable with said key distribution center; generating at a terminal a cryptovariable using said cryptographic facility; prior to the expiration time, preparing at the terminal and transmitting to said key distribution center a registration request message which includes the terminal identification, time variant data, and said cryptovariable; temprarily registering said cryptovariable at said key distribution center in association with said terminal identification; acknowledging in a first acknowledgement, the temporary registration of the cryptovariable by sending a message to the requesting terminal containing the terminal identification, the cryptovariable, the time variant data echoed, and a signature using the secret key of the key distribution center; invalidating at the key distribution center said terminal identification whenever a second attempt is made to register a cryptovariable in association with said terminal identification, prior to said first expiration time; acknowledging said invalidating step to said terminal in a second acknowledgement; preparing at the terminal and transmitting to said key distribution center prior to said expiration time a terminal identification invalidation request message in the event that the terminal fails to receive either said first or said second acknowledgement; and after the expiration time, permanently registering said cryptovariable at said key distribution center.
-
-
15. The method for initialization of cryptographic variables in a network with a predetermined number of terminals using a public key algorithm comprising the steps of:
-
establishing a key distribution center and generating a public and secret key pair for the key distribution center; providing each terminal in the network with a terminal identification known to the key distribution center and a cryptographic facility in which is stored the public key of the key distribution center; designating a terminal initializer for each terminal in the network and notifying the terminal initializer for each terminal of two expiration times for purposes of registering a terminal cryptovariable with said key distribution center; generating at a terminal a cryptovariable using said cryptographic facility; prior to the expiration time, preparing at the terminal and transmitting to said key distribution center a registration request message which includes the terminal identification, time variant data, and said cryptovariable; invalidating said terminal identification at the key distribution center in the event that a cryptovariable has been previously transmitted and temporarily registered at the key distribution center by an imposter using said terminal identification, prior to said expiration time; acknowledging said invalidating step to said terminal; temprarily registering said cryptovariable at said key distribution center in association with said terminal identification in the event that there has been no prior registration under said terminal identification; acknowledging the temporary registration of the cryptovariable to the requesting terminal by sending a message to the requesting terminal containing the terminal identification, the cryptovariable, the time variant data echoed, and a signature using the secret key of the key distribution center; invalidating said temporarily registered cryptovariable whenever a subsequent attempt is made by an imposter to register a different cryptovariable in association with said terminal identification, prior to said expiration time; and after the expiration time, permanently registering said cryptovariable at said key distribution center.
-
-
16. The method for initialization of user cryptographic variables in a network with a predetermined number of terminals using a public key algorithm comprising the steps of:
-
establishing a key distribution center and generating a public and secret key pair for the key distribution center; providing each terminal in the network with a user identification known to the key distribution center and each terminal in the network with a cryptographic facility in which is stored the public key of the key distribution center; notifying each user of an expiration time for purposes of registering a terminal cryptovariable with said key distribution center; generating at a terminal a cryptovariable using said cryptographic facility; prior to the expiration time, preparing and transmitting to said key distribution center a registration request message which includes the user identification, time variant data, and said cryptovariable; temprarily registering said cryptovariable at said key distribution center in association with said user identification; acknowledging the temporary registration of the cryptovariable to the requesting terminal by sending a message to the requesting terminal containing the user identification, the cryptovariable, the time variant data echoed, and a signature using the secret key of the key distribution center; invalidating said user identification whenever a second attempt is made to register a cryptovariable in association with said user identification, prior to said expiration time; and after the expiration time, permanently registering said cryptovariable at said key distribution center.
-
Specification