System and method for alternative encryption techniques
First Claim
1. A method of verifying identification of a user and securely establishing an encryption key for a communication between a verifying entity having knowledge of a first secret and the user having knowledge of a second secret, comprising;
- generating a first output which is a function of the first secret and a first random number;
generating a second output which is a function of the second secret and a second random number;
generating a first key which is a transform of the first output that is infeasible to invert without the first secret and the second secret;
generating a second key which is a transform of the second output that is infeasible to invert without the first secret and the second secret;
generating a first encrypted output which is a function of the first secret and the first key;
generating a first verification value by decrypting the first encrypted output with the second key that indicates the equivalence of the first secret to the second secret;
generating a second encrypted output which is a function of the second key and one of either the first decrypted number, if the first decrypted number is equal to both of the first and second secrets, and a random number; and
generating a second verification value which is the second encrypted output decrypted using the first key that indicates an equivalence of the first secret to the second secret and the first key to the second key.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for verifying the identification of a user and securely establishing an encryption key for a communication between the user and a verifying entity, such as a bank, which makes use of the numeric value of the user'"'"'s personal identification number (PIN) known only to the user and the bank and resolves the man-in-the-middle problem. The system and method replaces a public parameter with the customer'"'"'s PIN to provide an encryption mechanism that is less complex than existing protocols. Use of the protocol enables new products and improvement of existing products using a service access device and service access device interface, including, for example, self-service terminals.
-
Citations
46 Claims
-
1. A method of verifying identification of a user and securely establishing an encryption key for a communication between a verifying entity having knowledge of a first secret and the user having knowledge of a second secret, comprising;
-
generating a first output which is a function of the first secret and a first random number;
generating a second output which is a function of the second secret and a second random number;
generating a first key which is a transform of the first output that is infeasible to invert without the first secret and the second secret;
generating a second key which is a transform of the second output that is infeasible to invert without the first secret and the second secret;
generating a first encrypted output which is a function of the first secret and the first key;
generating a first verification value by decrypting the first encrypted output with the second key that indicates the equivalence of the first secret to the second secret;
generating a second encrypted output which is a function of the second key and one of either the first decrypted number, if the first decrypted number is equal to both of the first and second secrets, and a random number; and
generating a second verification value which is the second encrypted output decrypted using the first key that indicates an equivalence of the first secret to the second secret and the first key to the second key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A system for verifying the identification of a user and securely establishing an encryption key for a communication between a verifying entity having knowledge of a first secret and the user having knowledge of a second secret, comprising:
-
means for generating a first output with is a function of the first secret and a first random number;
means for generating a second output which is a function of the second secret and a second random number;
means for generating a first key which is a transform of the first output that is infeasible to invert without the first secret and the second secret;
means for generating a second key which is a transform of the second output that is infeasible to invert without the first secret and the second secret;
means for generating a first encrypted output which is a function of the first secret and the first key;
means for generating a first verification value by decrypting the first encrypted output with the second key that indicates the equivalence of the first secret to the second secret;
means for generating a second encrypted output which is a function of the second key and one of either the first decrypted number, if the first decrypted number is equal to both of the first and second secrets, and a random number; and
means for generating a second verification value which is the second encrypted output decrypted using the first key that indicates an equivalence of the first secret to the second secret and the first key to the second key. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45)
-
-
46. A method of verifying identification of a user and securely establishing an encryption key for a communication between a verifying entity having knowledge of a first secret and the user having knowledge of a second secret, comprising:
-
generating a first output by the verifying entity which is a function of the first secret and a first random number, the first secret comprising a pre-assigned personal identification number for the user related to an account number for the user, and the first output being calculated by the equation
A=PINX mod pwhere A is the first output, PIN is the pre-assigned personal identification number, X is the first random number, and p is a pre-assigned prime related to the account number;
generating a second output by the user which is a function of the second secret and a second random number, the second secret comprising the pre-assigned personal identification number for the user, and the second output being calculated by the equation
B=PINY mod pwhere B is the second output, PIN is the second secret, Y is the second random number, and p is the pre-assigned prime;
generating a first key by the user which is a transform of the first output that is infeasible to invert without the first secret and the second secret;
generating a second key by the verifying entity which is a transform of the second output that is infeasible to invert without the first secret and the second secret;
generating a first encrypted output by the user which is a function of the first secret and the first key;
generating a first verification value by the verifying entity by decrypting the first encrypted output with the second key that indicates the equivalence of the first secret to the second secret;
generating a second encrypted output by the verifying entity which is a function of the second key and one of either the first decrypted number, if the first decrypted number is equal to both of the first and second secrets, and a random number; and
generating a second verification value by the user which is the second encrypted output decrypted using the first key that indicates an equivalence of the first secret to the second secret and the first key to the second key.
-
Specification