Method and means for combining and managing personal verification and message authentication encrytions for network transmission

US 5,319,710 A
Filed: 08/22/1986
Issued: 06/07/1994
Est. Priority Date: 08/22/1986
Status: Expired due to Term

First Claim

Patent Images

1. The method of securing transaction data between two locations in response to a user'"'"'s message and personal identification number, the method comprising:

forming a sequence number representative of the user'"'"'s transaction;

encoding in a first logical combination at the first location the user'"'"'s message and the sequence number in accordance with the personal identification number received from the user to produce a message authentication code having a plural number of digit sectors;

generating a random number;

establishing a first encoding key;

encoding in a second logical combination at the first location the random number and a selected number of sectors of the message authentication code in accordance with the first encryption key to produce a first coded output;

encoding in a third logical combination at the first location the user'"'"'s personal identification number in accordance with the first encoding key to produce a second coded output;

transmitting to another location the user'"'"'s message and the sequence number and the first and second coded outputs;

establishing the first encoding key at such other location;

decoding the first coded output received at such other location with the first encoding key according to said second logical combination thereof to provide the random number and message authentication code;

decoding the second coded output received at such other location with the first encoding key according to said third logical combination to provide the user'"'"'s personal identification number;

encoding in the first logical combination at such other location the user'"'"'s message and sequence number received thereat in accordance with the decoded personal identification number to produce a message authentication code having a plural number of digit sectors; and

comparing selected corresponding digit sectors of the decoded message authentication code and the encoded message authentication code to provide an indication upon favorable comparison of the valid transmission of the user'"'"'s message between the two locations.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The method and means of transmitting a user'"'"'s transaction message to a destination node in a computer-secured network operates on the message, and a sequence number that is unique to the transaction message to form a message authentication code in combination with the user'"'"'s personal identification number. The message authentication code is encrypted with a generated random number and a single session encryption key which also encrypts the user'"'"'s personal identification number. An intermediate node may receive the encryptions to reproduce the personal identification number that is then used to encrypt the received message and sequence number to produce the random number and a message authentication code for comparison with a decrypted message authentication code. Upon favorable comparison, the random number and the message authentication code are encrypted with a second session encryption key to produce an output code that is transmitted to the destination node along with an encrypted personal identification number. There, the received encryptions are decrypted using the second session key to provide the personal identification number for use in encrypting the message and sequence number to produce a message authentication code for comparison with a decrypted message authentication code. Upon favorable comparison, the transaction is completed and a selected portion of the decrypted random number is returned to the originating node for comparison with the corresponding portion of the random number that was generated there. Upon unfavorable comparison at the destination node or at an intermediate node, a different portion of the decrypted random number is returned to the originating node for comparison with the corresponding portion of the random number that was generated there. The comparisons at the originating node provide an unambiguous indication of the completion or non-completion of the transaction at the destination node.

147 Citations

7 Claims

1. The method of securing transaction data between two locations in response to a user'"'"'s message and personal identification number, the method comprising:
- forming a sequence number representative of the user'"'"'s transaction;
  
  encoding in a first logical combination at the first location the user'"'"'s message and the sequence number in accordance with the personal identification number received from the user to produce a message authentication code having a plural number of digit sectors;
  
  generating a random number;
  
  establishing a first encoding key;
  
  encoding in a second logical combination at the first location the random number and a selected number of sectors of the message authentication code in accordance with the first encryption key to produce a first coded output;
  
  encoding in a third logical combination at the first location the user'"'"'s personal identification number in accordance with the first encoding key to produce a second coded output;
  
  transmitting to another location the user'"'"'s message and the sequence number and the first and second coded outputs;
  
  establishing the first encoding key at such other location;
  
  decoding the first coded output received at such other location with the first encoding key according to said second logical combination thereof to provide the random number and message authentication code;
  
  decoding the second coded output received at such other location with the first encoding key according to said third logical combination to provide the user'"'"'s personal identification number;
  
  encoding in the first logical combination at such other location the user'"'"'s message and sequence number received thereat in accordance with the decoded personal identification number to produce a message authentication code having a plural number of digit sectors; and
  
  comparing selected corresponding digit sectors of the decoded message authentication code and the encoded message authentication code to provide an indication upon favorable comparison of the valid transmission of the user'"'"'s message between the two locations.
- View Dependent Claims (2, 3, 4)
- - 2. The method according to claim 1 comprising the steps of:
    - establishing a second encoding key at the other location;
      
      encoding in a fourth logical combination at such other location the decoded random number and selected sector of the message authentication code in accordance with the second encoding key to produce a third coded output;
      
      encoding in a fifth logical combination at the other location the decoded user'"'"'s personal identification number in accordance with the second encoding key to produce a fourth coded output;
      
      transmitting to a remote location the user'"'"'s message and the sequence number and the third and fourth coded outputs;
      
      establishing the second encoding key at the remote location;
      
      decoding the third coded output as received at the remote location according to the fourth logical combination in accordance with the second encoding key to provide the random number and the message authentication code having a plural number of digit sectors;
      
      decoding the fourth coded output received at the remote location according to the fifth logical combination in accordance with the second encoding key to provide the user'"'"'s personal identification number;
      
      encoding the message and the sequence number received at the remote location according to the first logical combination in accordance with the decoded personal identification number to produce a message authentication code having a plural number of digit sectors; and
      
      comparing corresponding digit sectors of the decoded message authentication code and the encoded message authentication code at the remote location to provide an indication upon favorable comparison of the unaltered transmission of the message, or an indication upon unfavorable comparison of an alteration in the transmission of the message.
  - 3. The method according to claim 1 comprising the steps of:
    - transmitting a selected sector of the decoded random number from the other location to the one location in response to unfavorable comparison; and
      
      comparing the selected sector of the random number received at the one location from the other location with the corresponding selected sector at the one location to provide an indication of the altered transmission of the message to the other location.
  - 4. The method according to claim 2 comprising the steps of:
    - completing the transaction and returning a second selected sector of the decoded random number from the remote location to the one location in response to said favorable comparison, or inhibiting completion of the transaction and returning a third selected sector of the decoded random number from the remote location to the one location in response to said unfavorable comparison; and
      
      comparing the selected sector of the random number received at the one location from the remote location with the corresponding selected sector of the number generated at the one location to provide an indication of the completion or non-completion of the transaction at the remote location.

5. Apparatus for securing transaction data between two locations in response to a user'"'"'s message and personal identification number, the apparatus comprising:
- means for generating a sequence number associated with a user'"'"'s transaction;
  
  means for generating a random number;
  
  first encryption means at one location for encrypting according to a first logical combination of the user'"'"'s message and the sequence number applied thereto with the personal identification number received from the user for producing a message authentication code therefrom having a plural number of digit sectors;
  
  means at said one location for producing a first session key;
  
  second encryption means coupled to receive the random number and a selected sector of the message identification code for encrypting the same with the first session key according to a second logical combination thereof to produce a first encoded output;
  
  third encryption means coupled to receive the personal identification number from the user for encrypting the same with the first session key according to a third logical combination thereof to produce a second encoded output;
  
  means for transmitting the first and second encoded outputs and message and sequence number from the one location to the next location;
  
  means at the next location for producing the first session key;
  
  first decryption means at the next location coupled to receive the transmitted first encoded output and the first session key for decrypting in accordance with said second logical combination to provide the random number and the message authentication code;
  
  second decryption means at the next location coupled to receive the transmitted second encoded output and the first session key for decrypting in accordance with the third logical combination thereof to produce the user'"'"'s personal identification number;
  
  first encrpytion means at the next location coupled to receive the transmitted message and sequence number for encoding the same according to said first logical combination with the decrypted personal identification number to produce a message authentication code having a plural number of digit sectors;
  
  comparison means at the next location coupled to receive the corresponding selected sectors of the decrypted message authentication code and of the encrypted message authentication code for producing an output indication of the parity thereof; and
  
  means at the next location responsive to said output indication for operating upon the received message in response to favorable comparison.
- View Dependent Claims (6, 7)
- - 6. Apparatus as in claim 5 comprising:
    - means at the next location responsive to the unfavorable comparison for transmitting to the one location a selected sector of the random number.
  - 7. Apparatus as in claim 5 comprising:
    - means at the next location for producing a second encoding key;
      
      second encryption means at the next location coupled to receive the decrypted message authentication code and random number for encoding the same with the second encoding key in accordance with a fourth logical combination in response to said favorable comparison for producing a third output code for transmission to a destination location;
      
      third encryption means at the next location coupled to receive the decrypted personal identification number for encoding the same with the second encoding key in accordance with a fifth logical combination in response to said favorable comparison for producing a fourth output code for transmission to a destination location;
      
      means at the destination location for producing the second encoding key;
      
      first decryption means at the destination location for receiving the third output code transmitted from said next location and the second encoding key for decoding the same according to said fourth logical combination to provide the random number and the message authentication code;
      
      second decryption means at the destination location for receiving the fourth output code transmitted from said next location and the second encoding key for decoding the same according to said fifth logical combination to provide the personal identification number;
      
      encryption means at the destination location for receiving the message and the sequence number for encoding the same with the decrypted personal identification number in accordance with the first logical combination to produce a message authentication code having a plural number of digit sectors;
      
      means at the destination location for comparing corresponding selected sectors of the encrypted message authentication code and the decrypted message authentication code to produce output indications of favorable and unfavorable comparisons;
      
      means at the destination location responsive to favorable output indication for operating upon the transmitted message and for transmitting one selected sector of the random number to said one location, and responsive to unfavorable comparison for transmitting another selected sector of the random number to said one location; and
      
      comparator means at the one location coupled to receive said one and another selected sectors of the random number and coupled to receive the corresponding selected sectors of the random number generated at said one location for providing an output indication of the status of operation upon the message at the destination location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Tandem Computers Incorporated (HP Inc.)
Inventors
Hopkins, W. Dale, Atalla, Martin M.
Primary Examiner(s)
Cangialosi, Salvatore

Application Number

US06/899,329
Time in Patent Office

2,846 Days
Field of Search

178/22.08, 178/22.09, 235/379, 235/380, 235/381, 235/382, 380/23-25
US Class Current

705/75
CPC Class Codes

G06Q 20/401   Transaction verification

G06Q 20/4012   Verifying personal identifi...

G07F 7/1016   Devices or methods for secu...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/0872   using geo-location informat...

H04L 9/3226   using a predetermined code,...

H04L 9/3242   involving keyed hash functi...

Method and means for combining and managing personal verification and message authentication encrytions for network transmission

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

147 Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

Method and means for combining and managing personal verification and message authentication encrytions for network transmission

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

147 Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links