Encrypting transponder
First Claim
1. A passive encrypting transponder for ensuring that only authorized users are given access for transmissions with a remote digital system, including a host computer, from a given computer terminal connected to said system across a telecommunications link, said transponder comprising:
- (a) an input line, including first switching means, for coupling said given terminal to said transponder;
(b) an output line, including second switching means, for coupling said transponder to said link;
(c) third switching means for selectively coupling said input line to said output line;
(d) a user identification means including;
(i) a first memory portion for storing a first key which uniquely identifies said given terminal from other terminals connectable to said system, each of said authorized users being provided with a personal identification number which uniquely identifies that user from other authorized users;
(ii) a second memory portion for prestoring an interrogator identification number which uniquely identifies said system from other possible systems;
(iii) a third memory portion; and
(iv) a fourth memory portion;
(e) an enciphering means, selectively responsive to said first key stored in said first memory portion, for encrypting, under said first key, said personal identification number received across said input line upon coupling thereto of said transponder by said first switching means, said encrypted personal identification number being transmitted across said link;
(f) a deciphering means, selectively responsive to said first key in said first memory portion, for decrypting an interrogator identification number and a first random number, both of which have been encrypted under said first key at said remote system and transmitted to said transponder across said link, said decrypted first random number being stored in said third memory portion; and
(g) control means for generating said first key upon receipt of said personal identification number through said first switching means, for comparing said decrypted interrogator identification number with said prestored interrogator identification number, for generating a working key when said decrypted interrogator identification number and said prestored interrogator identification number match, otherwise aborting the transaction, said working key being a function of said personal identification number, of said interrogator identification number and of said first random number, said working key being stored in said fourth memory portion, said enciphering and said deciphering means being thereafter responsive to said working key and not to said first key, and for transmitting said interrogator identification number and said first random number to said host computer, both being encrypted under said working key, for verification of said working key by said host computer, said host computer transmitting an indication of said verification across said link to said transponder;
(h) wherein, upon reciept of said indication by said transponder, said control means activates said third switching means to couple said input line to said output line.
2 Assignments
0 Petitions
Accused Products
Abstract
An encrypting transponder provides data security for transmissions between a terminal and a remote computer, network or terminal. The transponder provides positive user and terminal identification before access to a remote computer file is permitted, and further provides for secure message authentication during the course of data transmission. The transponder is passive and operates in response to interrogation from a remote host computer, thus making it useful with many different operating system and hand-shake protocols.
60 Citations
16 Claims
-
1. A passive encrypting transponder for ensuring that only authorized users are given access for transmissions with a remote digital system, including a host computer, from a given computer terminal connected to said system across a telecommunications link, said transponder comprising:
-
(a) an input line, including first switching means, for coupling said given terminal to said transponder; (b) an output line, including second switching means, for coupling said transponder to said link; (c) third switching means for selectively coupling said input line to said output line; (d) a user identification means including; (i) a first memory portion for storing a first key which uniquely identifies said given terminal from other terminals connectable to said system, each of said authorized users being provided with a personal identification number which uniquely identifies that user from other authorized users; (ii) a second memory portion for prestoring an interrogator identification number which uniquely identifies said system from other possible systems; (iii) a third memory portion; and (iv) a fourth memory portion; (e) an enciphering means, selectively responsive to said first key stored in said first memory portion, for encrypting, under said first key, said personal identification number received across said input line upon coupling thereto of said transponder by said first switching means, said encrypted personal identification number being transmitted across said link; (f) a deciphering means, selectively responsive to said first key in said first memory portion, for decrypting an interrogator identification number and a first random number, both of which have been encrypted under said first key at said remote system and transmitted to said transponder across said link, said decrypted first random number being stored in said third memory portion; and (g) control means for generating said first key upon receipt of said personal identification number through said first switching means, for comparing said decrypted interrogator identification number with said prestored interrogator identification number, for generating a working key when said decrypted interrogator identification number and said prestored interrogator identification number match, otherwise aborting the transaction, said working key being a function of said personal identification number, of said interrogator identification number and of said first random number, said working key being stored in said fourth memory portion, said enciphering and said deciphering means being thereafter responsive to said working key and not to said first key, and for transmitting said interrogator identification number and said first random number to said host computer, both being encrypted under said working key, for verification of said working key by said host computer, said host computer transmitting an indication of said verification across said link to said transponder; (h) wherein, upon reciept of said indication by said transponder, said control means activates said third switching means to couple said input line to said output line. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A passive encrypting transponder for authenticating messages transmitted between a given computer terminal and a remote digital system, including a host computer, across a telecommunications link and for ensuring that only authorized users are given access to said system for transactions from said given computer terminal, said transponder comprising:
-
(a) an input line, including first switching means, for coupling said given terminal to said transponder; (b) an output line, including second switching means, for coupling said transponder to said link; (c) third switching means for selectively coupling said input line to said output line; (d) a user identification means including; (i) a first memory portion for storing a preselected data set; and (ii) a dynamic memory for storing a first key which uniquely identifies said given terminal from other terminals connectable to said system, each of said authorized users being provided with a personal identification number which uniquely identifies that user from other authorized users, said first key being a subset of said data set, and for storing an interrogator identification number which uniquely identifies said system from other possible systems; (e) an enciphering means, responsive to said first key, for encrypting, under said first key, said personal identification number received across said input line upon coupling thereto of said transponder by said first switching means and transmitting it across said link; (f) a deciphering means, responsive to said first key, for decryptinng an interrogator identification number and a random number transmitted across said link from said system; and (g) control means for generating said first key and a working key, said working key upon generation from said personal identification number, said interrogator identification number and said random number, being transmitted to and stored in said dynamic memory, said control means further being coupled to said first, second and third switching means for control thereof upon receipt of an indication that said working key is verified. - View Dependent Claims (13, 14, 15, 16)
-
Specification