Electronic funds transfer system with means for verifying a personal identification number without pre-established secret keys
First Claim
1. A method of operating an electronic funds transfer of the type having at least one remote terminal and at least one issuer host terminal, comprising the steps of:
- (a) accepting at the remote terminal account identification data and a personal identification number PE from a user;
(b) providing a first key A at the remote terminal;
(c) encrypting PE using encryption key A to derive A(PE);
(d) transmitting A(PE) to the host terminal;
(e) providing a second key B at the host terminal;
(f) encrypting A(PE) at the host terminal using encryption key B to derive B(A[PE]);
(g) providing at the host terminal the value of B(PT) which is the correct personal identification number PT encrypted using an encryption key B;
(h) transmitting B(A[PE]) and B(PT) from the host terminal to the remote terminal;
(i) encrypting B(PT) at the remote terminal using encryption key A to derive the value A(B[PT]);
(j) comparing the value of A(B[PT]) to B(A[PE]);
(k) executing an electronic funds transaction responsive to the values of A(B[PT]) and B(A[PE]) being the same;
wherein each encrypting step is executed with the same algorithm, and wherein the algorithm effects a transformation such that, with two successive encryptions using two different keys the result is the same irrespective of the order of encryption.
2 Assignments
0 Petitions
Accused Products
Abstract
An electronic funds transfer system employs a means to verify a personal identification number PE entered by the user with the correct PIN (PT) stored at the host terminal. The remote and host terminals each generate an encryption key, and encrypt PE and PT at the respective terminals. These values are transmitted to the other terminal, where they are re-encrypted using the other encryption key. The double-encrypted numbers are then compared. The user-entered PIN can thus be verified without the need to share en encryption key between the remote and host terminals. The encryption transformation is of the type where the results of successive encryptions does not depend on the order of encryption.
-
Citations
7 Claims
-
1. A method of operating an electronic funds transfer of the type having at least one remote terminal and at least one issuer host terminal, comprising the steps of:
-
(a) accepting at the remote terminal account identification data and a personal identification number PE from a user; (b) providing a first key A at the remote terminal; (c) encrypting PE using encryption key A to derive A(PE); (d) transmitting A(PE) to the host terminal; (e) providing a second key B at the host terminal; (f) encrypting A(PE) at the host terminal using encryption key B to derive B(A[PE]); (g) providing at the host terminal the value of B(PT) which is the correct personal identification number PT encrypted using an encryption key B; (h) transmitting B(A[PE]) and B(PT) from the host terminal to the remote terminal; (i) encrypting B(PT) at the remote terminal using encryption key A to derive the value A(B[PT]); (j) comparing the value of A(B[PT]) to B(A[PE]); (k) executing an electronic funds transaction responsive to the values of A(B[PT]) and B(A[PE]) being the same; wherein each encrypting step is executed with the same algorithm, and wherein the algorithm effects a transformation such that, with two successive encryptions using two different keys the result is the same irrespective of the order of encryption. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification