Method for encrypting transmitted data using a unique key

US 4,933,971 A
Filed: 04/14/1989
Issued: 06/12/1990
Est. Priority Date: 03/14/1989
Status: Expired due to Term

First Claim

Patent Images

1. A method of encrypting data for on-line data communication between a host computer and each of a plurality of remote terminals, wherein a unique dynamic key is periodically generated for each said terminal using a system seed key residing only in the host computer, said dynamic key being for use by said terminal in encrypting data transmitted to said host computer and for decrypting data received from said host computer, each said terminal further including means for storing a previously generated dynamic key for said terminal, said method comprising the steps of:

a. receiving at said host computer a new dynamic key request from one of said terminals, said new dynamic key request including a predetermined terminal identifier for said terminal;

b. determining in said host computer the dynamic key previously generated for said terminal by said host wherein said dynamic key previously generated by said host is currently stored in said terminal;

c. generating in said host computer a new dynamic key for said terminal as a function of said seed key and said predetermined terminal identifier for said terminal;

d. encrypting said new dynamic key in said host computer using said dynamic key previously generated by said host computer;

e. transmitting said encrypted new dynamic key from said host computer to said terminal;

f. decrypting said new dynamic key at said terminal using said dynamic key previously generated by said host currently stored in said terminal;

g. encrypting data at said terminal using said new dynamic key and transmitting said encrypted data to said host;

h. decrypting said encrypted data at said host using said new dynamic key; and

i. storing said new dynamic key in said terminal in place of said dynamic key previously generated by said host.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention comprises a method for encrypting data for communication between a host computer and each of a plurality of remote terminals in a network. A method is provided for periodically generating a unique dynamic encryption key for each of said plurality of terminals using a system seed key residing only in the host computer. The dynamic encryption key generated for use by said terminal in encrypting data transmitted to said host computer and for decrypting data received from said host computer. The method includes storing at said terminal the dynamic key previously generated by said host for said terminal.

Citations

35 Claims

1. A method of encrypting data for on-line data communication between a host computer and each of a plurality of remote terminals, wherein a unique dynamic key is periodically generated for each said terminal using a system seed key residing only in the host computer, said dynamic key being for use by said terminal in encrypting data transmitted to said host computer and for decrypting data received from said host computer, each said terminal further including means for storing a previously generated dynamic key for said terminal, said method comprising the steps of:
- a. receiving at said host computer a new dynamic key request from one of said terminals, said new dynamic key request including a predetermined terminal identifier for said terminal;
  
  b. determining in said host computer the dynamic key previously generated for said terminal by said host wherein said dynamic key previously generated by said host is currently stored in said terminal;
  
  c. generating in said host computer a new dynamic key for said terminal as a function of said seed key and said predetermined terminal identifier for said terminal;
  
  d. encrypting said new dynamic key in said host computer using said dynamic key previously generated by said host computer;
  
  e. transmitting said encrypted new dynamic key from said host computer to said terminal;
  
  f. decrypting said new dynamic key at said terminal using said dynamic key previously generated by said host currently stored in said terminal;
  
  g. encrypting data at said terminal using said new dynamic key and transmitting said encrypted data to said host;
  
  h. decrypting said encrypted data at said host using said new dynamic key; and
  
  i. storing said new dynamic key in said terminal in place of said dynamic key previously generated by said host.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method of claim 1 wherein steps a through i are repeated for each transaction.
  - 3. The method of claim 1 including generating at said host computer and said terminal a plurality of transaction data encryption keys using a plurality of variants, wherein said plurality of variants are common to said host system and said of terminal, and wherein said plurality of variants generate said plurality of transaction data encryption keys as a function of said new dynamic key.
  - 4. The method of claim 3 wherein transaction data transmitted between said host computer and said one of said plurality of terminals is encrypted with said transaction data encryption keys.
  - 5. The method of claim 4 wherein said transaction data encryption keys include at least a key encryption key and a PIN encryption key.
  - 6. The method of claim 5 wherein said variant generating means includes a plurality of variant numbers, each of said plurality of variant numbers corresponding to one of each of said plurality of transaction data encryption keys.
  - 7. The method of claim 6 wherein said variant generating means includes means for exclusively or-ing each of said plurality of variant numbers with said first dynamic key wherein each of said corresponding plurality of transaction data keys is formed.
  - 8. The method of claim 7 wherein said variant numbers are comprised of a 4 bit data input and wherein said means for exclusively or-ing said variant numbers with said first dynamic key exclusively or'"'"'s said 4 bit input with a selected 4 bits in the first 8 bits of said dynamic key input string.
  - 9. The method of claim 3 wherein steps a through i are repeated for each transaction.
  - 10. The method of claim 3 wherein steps a through i are selectively repeated at predetermined intervals.
  - 11. The method of claim 3 wherein one of said plurality of transaction encryption keys is used to encrypt said data at said terminal.
  - 12. The method of claim 1 wherein said new dynamic key request further includes a transaction number for said terminal.
  - 13. The method of claim 12 wherein said new dynamic key is generated by said host as a function of said seed key and said predetermined terminal identifier for said terminal, and said transaction number for said terminal.
  - 14. The method of claim 1 wherein said host computer and said plurality of terminals comprises a card activation and pin selection system.
  - 15. The method of claim 1 wherein said host computer and said plurality of terminals comprises an Electronic Funds Transfer System with Point of Sale Terminals.
  - 16. The method of claim 1 wherein said host computer and said plurality of terminals comprises an Automated Teller Network.
  - 17. The method of claim 1 wherein said dynamic key is comprised of a 64 bit data input string.
  - 18. The method of claim 1 including one or more additional seed keys and wherein said one or more additional seed keys are used to generate said new dynamic key.
  - 19. The method of claim 1 further including a plurality of seed keys for use in generating said new dynamic key.
  - 20. The method of claim 19 wherein each of said seed keys is selectively variable through input means of the host computer.
  - 21. The method of claim 1 including generating at said host computer and said terminal a plurality of transaction data encryption keys using a plurality of variants, wherein said plurality of variants are common to said host system and said one of said plurality of terminals, and wherein said plurality of variants generate said plurality of transaction data encryption keys as a function of said new dynamic key.

22. In a network comprising a host computer and a plurality or remote terminals, a method for safeguarding the on-line transmission of data between said host computer and any one of said plurality of remote terminals wherein a unique encryption key is used for each transmission of data between said host computer and said one of said plurality of terminals, said unique encryption key being derived as function of a unique dynamic key generated using a system seed key residing only in said host computer wherein a plurality of unique dynamic keys may be generated as a function of said seed key, and wherein N is a finite integer greater than or equal to 1 that defines the number of unique dynamic keys generated as a function of said seed key, said generation of said unique dynamic keys being programmable to occur at preselected intervals, comprising the steps of:
- a. generating in said host computer an nth dynamic key for said one of said plurality of terminals, wherein said nth dynamic key is a function of said seed key and a predetermined terminal identifier for said one of said plurality of terminals;
  
  b. encrypting said nth dynamic key in said host computer using the (n-1)^th dynamic key, wherein said (n-1)^th dynamic key is also stored at said one of said plurality of terminals;
  
  c. transmitting said encrypted nth dynamic key from said host computer to said one of said plurality of terminals;
  
  d. decrypting said nth dynamic key at said terminal using said (n-1)^th dynamic key stored at said one of said plurality of terminals;
  
  e. encrypting data at said one of said plurality of terminals using said nth dynamic key and transmitting said encrypted data to said host;
  
  f. decrypting said encrypted data at said host using said nth dynamic key.
- View Dependent Claims (23, 24)
- - 23. The method of claim 22 wherein steps a through f are selectively repeated at predetermined intervals.
  - 24. The method of claim 22 including one or more additional seed keys and wherein said one or more additional seed keys are used to generate said (n+1) dynamic key.

25. A method of encrypting data for on-line data communication between a host computer and each of a plurality of remote terminals, wherein a unique dynamic key is periodically generated for each said terminal using a system seed key residing only in the host computer, said dynamic key being for use by said terminal in encrypting data transmitted to said host computer and for decrypting data received from said host computer, each said terminal further including means for storing a previously generated dynamic key for said terminal, said method comprising the steps of:
- a. receiving at said host computer a new dynamic key request from one of said terminals, said new dynamic key request including a predetermined terminal identifier for said terminal;
  
  b. determining in said host computer the dynamic key previously generated for said terminal by said host wherein said dynamic key previously generated by said host is currently stored in said terminal;
  
  c. generating in said host computer a new dynamic key for said terminal as a function of said seed key and said predetermined terminal identifier for said terminal;
  
  d. encrypting said new dynamic key in said host computer using said dynamic key previously generated by said host computer;
  
  e. transmitting said encrypted new dynamic key from said host computer to said terminal;
  
  f. decrypting said new dynamic key at said terminal using said dynamic key previously generated by said host currently stored in said terminal;
- View Dependent Claims (26, 27, 28, 29, 30)
- - 26. The method of claim 25 including generating at said host computer and said terminal a plurality of transaction data encryption keys using a plurality of variants, wherein said plurality of variants are common to said host system and said one of said plurality of terminals, and wherein said plurality of variants generate said plurality of transaction data encryption keys as a function of said new dynamic key.
  - 27. The method of claim 26 wherein said plurality of transaction data encryption keys are used to encode data transmitted between said host and one of said plurality of terminals.
  - 28. The method of claim 27 wherein steps a through f are selectively repeated at predetermined intervals.
  - 29. The method of claim 25 including one or more additional seed keys and wherein said one or more additional seed keys are used to generate said first dynamic key.
  - 30. The method of claim 29 wherein each of said seed keys is selectively variable through input means of the host computer.

31. A method of encrypting data for on-line data communication between a host computer and each of a plurality of remote terminals, wherein a unique dynamic key is periodically generated for each said terminal using a system seed key residing only in the host computer, said dynamic key being for use by said terminal in encrypting data transmitted to said host computer and for decrypting data received from said host computer, each said terminal further including means for storing a previously generated dynamic key for said terminal, said method comprising the steps of:
- a. sending a new dynamic key request to said host computer, said new dynamic key request comprising at least a terminal identification number for said terminal and a terminal transaction number for said terminal;
  
  b. receiving from said host computer an encrypted new dynamic key, wherein said new dynamic key is generated as a function of said new dynamic key request and said new dynamic key is encrypted by said host with a previously generated dynamic key;
  
  c. decrypting said new dynamic key at said terminal using said dynamic key previously generated by said host currently stored in said terminal;
  
  d. encrypting data at said terminal using said new dynamic key and transmitting said encrypted data to said host;
  
  e. decrypting said encrypted data at said host using said new dynamic key; and
  
  f. storing said new dynamic key in said terminal in place of said dynamic key previously generated by said host.
- View Dependent Claims (32, 33, 34, 35)
- - 32. The method of claim 31 including generating at said host computer and said terminal a plurality of transaction data encryption keys using a plurality of variants, wherein said plurality of variants are common to said host system and said one of said plurality of terminals, and wherein said plurality of variants generate said plurality of transaction data encryption keys as a function of said new dynamic key.
  - 33. The method of claim 32 wherein said plurality of transaction data encryption keys are used to encode data transmitted between said host and one of said plurality of terminals.
  - 34. The method of claim 31 including one or more additional seed keys and wherein said one or more additional seed keys are used to generate said first dynamic key.
  - 35. The method of claim 34 wherein each of said seed keys is selectively variable through input means of the host computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Tandem Computers Incorporated (HP Inc.)
Inventors
Kim, Jae-Young, Hopkins, Webster D., Atalla, Martin M., Bestock, Ralph R.
Primary Examiner(s)
Buczinski, Stephen C.
Assistant Examiner(s)
GREGORY, BERNARR E

Application Number

US07/323,485
Time in Patent Office

424 Days
Field of Search

380/4, 380/23-25, 380/29, 380/44, 380/49, 380/50, 380/28, 380/21, 380/45, 364/200, 364/900, 364/222.5, 364/224.21, 364/260.81, 364/260.9, 364/286.4, 364/286.5, 364/918.7, 364/943.7, 364/944.5
US Class Current

380/44
CPC Class Codes

G06Q 20/3829   involving key management

G07F 7/1016   Devices or methods for secu...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/06   for supporting key manageme...

H04L 63/083   using passwords cryptograph...

H04L 9/0822   using key encryption key

H04L 9/0891   Revocation or update of sec...

Method for encrypting transmitted data using a unique key

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Method for encrypting transmitted data using a unique key

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links