Method and means for combining and managing personal verification and message authentication encrytions for network transmission
First Claim
1. The method of securing transaction data between two locations in response to a user'"'"'s message and personal identification number, the method comprising:
- forming a sequence number representative of the user'"'"'s transaction;
encoding in a first logical combination at the first location the user'"'"'s message and the sequence number in accordance with the personal identification number received from the user to produce a message authentication code having a plural number of digit sectors;
generating a random number;
establishing a first encoding key;
encoding in a second logical combination at the first location the random number and a selected number of sectors of the message authentication code in accordance with the first encryption key to produce a first coded output;
encoding in a third logical combination at the first location the user'"'"'s personal identification number in accordance with the first encoding key to produce a second coded output;
transmitting to another location the user'"'"'s message and the sequence number and the first and second coded outputs;
establishing the first encoding key at such other location;
decoding the first coded output received at such other location with the first encoding key according to said second logical combination thereof to provide the random number and message authentication code;
decoding the second coded output received at such other location with the first encoding key according to said third logical combination to provide the user'"'"'s personal identification number;
encoding in the first logical combination at such other location the user'"'"'s message and sequence number received thereat in accordance with the decoded personal identification number to produce a message authentication code having a plural number of digit sectors; and
comparing selected corresponding digit sectors of the decoded message authentication code and the encoded message authentication code to provide an indication upon favorable comparison of the valid transmission of the user'"'"'s message between the two locations.
5 Assignments
0 Petitions
Accused Products
Abstract
The method and means of transmitting a user'"'"'s transaction message to a destination node in a computer-secured network operates on the message, and a sequence number that is unique to the transaction message to form a message authentication code in combination with the user'"'"'s personal identification number. The message authentication code is encrypted with a generated random number and a single session encryption key which also encrypts the user'"'"'s personal identification number. An intermediate node may receive the encryptions to reproduce the personal identification number that is then used to encrypt the received message and sequence number to produce the random number and a message authentication code for comparison with a decrypted message authentication code. Upon favorable comparison, the random number and the message authentication code are encrypted with a second session encryption key to produce an output code that is transmitted to the destination node along with an encrypted personal identification number. There, the received encryptions are decrypted using the second session key to provide the personal identification number for use in encrypting the message and sequence number to produce a message authentication code for comparison with a decrypted message authentication code. Upon favorable comparison, the transaction is completed and a selected portion of the decrypted random number is returned to the originating node for comparison with the corresponding portion of the random number that was generated there. Upon unfavorable comparison at the destination node or at an intermediate node, a different portion of the decrypted random number is returned to the originating node for comparison with the corresponding portion of the random number that was generated there. The comparisons at the originating node provide an unambiguous indication of the completion or non-completion of the transaction at the destination node.
147 Citations
7 Claims
-
1. The method of securing transaction data between two locations in response to a user'"'"'s message and personal identification number, the method comprising:
-
forming a sequence number representative of the user'"'"'s transaction; encoding in a first logical combination at the first location the user'"'"'s message and the sequence number in accordance with the personal identification number received from the user to produce a message authentication code having a plural number of digit sectors; generating a random number; establishing a first encoding key; encoding in a second logical combination at the first location the random number and a selected number of sectors of the message authentication code in accordance with the first encryption key to produce a first coded output; encoding in a third logical combination at the first location the user'"'"'s personal identification number in accordance with the first encoding key to produce a second coded output; transmitting to another location the user'"'"'s message and the sequence number and the first and second coded outputs; establishing the first encoding key at such other location; decoding the first coded output received at such other location with the first encoding key according to said second logical combination thereof to provide the random number and message authentication code; decoding the second coded output received at such other location with the first encoding key according to said third logical combination to provide the user'"'"'s personal identification number; encoding in the first logical combination at such other location the user'"'"'s message and sequence number received thereat in accordance with the decoded personal identification number to produce a message authentication code having a plural number of digit sectors; and comparing selected corresponding digit sectors of the decoded message authentication code and the encoded message authentication code to provide an indication upon favorable comparison of the valid transmission of the user'"'"'s message between the two locations. - View Dependent Claims (2, 3, 4)
-
-
5. Apparatus for securing transaction data between two locations in response to a user'"'"'s message and personal identification number, the apparatus comprising:
-
means for generating a sequence number associated with a user'"'"'s transaction; means for generating a random number; first encryption means at one location for encrypting according to a first logical combination of the user'"'"'s message and the sequence number applied thereto with the personal identification number received from the user for producing a message authentication code therefrom having a plural number of digit sectors; means at said one location for producing a first session key; second encryption means coupled to receive the random number and a selected sector of the message identification code for encrypting the same with the first session key according to a second logical combination thereof to produce a first encoded output; third encryption means coupled to receive the personal identification number from the user for encrypting the same with the first session key according to a third logical combination thereof to produce a second encoded output; means for transmitting the first and second encoded outputs and message and sequence number from the one location to the next location; means at the next location for producing the first session key; first decryption means at the next location coupled to receive the transmitted first encoded output and the first session key for decrypting in accordance with said second logical combination to provide the random number and the message authentication code; second decryption means at the next location coupled to receive the transmitted second encoded output and the first session key for decrypting in accordance with the third logical combination thereof to produce the user'"'"'s personal identification number; first encrpytion means at the next location coupled to receive the transmitted message and sequence number for encoding the same according to said first logical combination with the decrypted personal identification number to produce a message authentication code having a plural number of digit sectors; comparison means at the next location coupled to receive the corresponding selected sectors of the decrypted message authentication code and of the encrypted message authentication code for producing an output indication of the parity thereof; and means at the next location responsive to said output indication for operating upon the received message in response to favorable comparison. - View Dependent Claims (6, 7)
-
Specification