Data communication systems and methods
First Claim
1. A method of secure message transmission from a terminal apparatus to a remote receiving station in a communications system, which involves appending to a message to be transmitted an authentication code comprising substantially fewer data bits than in the message and the value of which depends upon both the information in the message and information representing the identity of the sender, and wherein the authentication code is produced by a method comprising the steps of:
- computing within the terminal apparatus by first processing means a first code the value of which depends upon the information within the message and comprising substantially fewer data bits than in said message;
issuing that code to the sender;
computing a second code from said first code and from information representing the identity of the sender, said second code comprising substantially fewer data bits than in said message, by second processing means within a token assigned to the sender and which means can be actuated to perform the computation of said second code only upon recognition of a correct input indicative of the authority of the sender; and
entering said code into the terminal apparatus, that code or a derivative thereof constituting the authentication code; and
which comprises at the receiving station repeating the computation of an authentication code from the received message by means replicating the computations of said first and said second processing means, and comparing the authentication code thus computed with the authentication code received, thereby to permit authentication of the received message and of the identity of the sender.
4 Assignments
0 Petitions
Accused Products
Abstract
In order to improve the security of message transmission from a terminal apparatus in an electronic banking or other data communications system a check-sum or MAC is computed from the data within the message in dependence upon a cryptographic key. This MAC is issued as a "challenge" to the user who is also equipped with a separate portable token for computing a "response" in dependence upon a second cryptographic key which is unique to his token. This "response" is then entered into the terminal and appended to the message as its authentication code before transmission. A recipient of the message and authentication code equipped with the same cryptographic keys can therefore check both the contents of the message and the correct identity of the sender by computing an expected authentication code from the received message and comparing it with the code received.
103 Citations
8 Claims
-
1. A method of secure message transmission from a terminal apparatus to a remote receiving station in a communications system, which involves appending to a message to be transmitted an authentication code comprising substantially fewer data bits than in the message and the value of which depends upon both the information in the message and information representing the identity of the sender, and wherein the authentication code is produced by a method comprising the steps of:
- computing within the terminal apparatus by first processing means a first code the value of which depends upon the information within the message and comprising substantially fewer data bits than in said message;
issuing that code to the sender;
computing a second code from said first code and from information representing the identity of the sender, said second code comprising substantially fewer data bits than in said message, by second processing means within a token assigned to the sender and which means can be actuated to perform the computation of said second code only upon recognition of a correct input indicative of the authority of the sender; and
entering said code into the terminal apparatus, that code or a derivative thereof constituting the authentication code; and
which comprises at the receiving station repeating the computation of an authentication code from the received message by means replicating the computations of said first and said second processing means, and comparing the authentication code thus computed with the authentication code received, thereby to permit authentication of the received message and of the identity of the sender. - View Dependent Claims (2, 3, 4, 5, 6, 7)
- computing within the terminal apparatus by first processing means a first code the value of which depends upon the information within the message and comprising substantially fewer data bits than in said message;
-
8. Apparatus for secure message transmission to a remote receiving station in a communications system, by a method which involves appending to a message to be transmitted an authentication code comprising substantially fewer data bits than in the message and the value of which depends upon both the information in the message and information representing the identity of the sender, comprising:
- a terminal apparatus having first processing means adapted to compute a first code the value of which depends upon the information within the message and means to issue that code to the sender, said first code comprising substantially fewer data bits than in said message; and
a token assigned to the sender having second processing means adapted to compute a second code from said first code and from information representing the identity of the sender, said second code comprising substantially fewer data bits than in said message, and which second processing means can be activated to perform the computation of said second code only upon recognition of a correct input indicative of the authority of the sender;
the terminal apparatus also being adapted to receive said second code and appended that code or a derivative thereof to the message as said authentication code; and
the receiving station having means adapted to replicate the computations of said first and second processing means for repeating the computation of an authentication code from the received message and means for comparing that code with the authentication code received, thereby to permit authentication of the received message and of the identity of the sender.
- a terminal apparatus having first processing means adapted to compute a first code the value of which depends upon the information within the message and means to issue that code to the sender, said first code comprising substantially fewer data bits than in said message; and
Specification