CENTRALIZED VERIFICATION SYSTEM
First Claim
1. In a data processing network having a plurality of terminals and a central processing unit, a centralized verification system comprising:
- store means for holding a list of terminal subscriber keys, each key associated with a single subscriber to said network and consisting of a block of n binary digits arranged in a unique combination;
means for presenting a first subgroup of binary digits representing a data vector;
means for generating a second subgroup of binary digits representing a password to be recognized at a receiver station in said network in order to gain admittance for carrying out further communications;
first cryptographic means for accepting in combination said first and second subgroups of binary digits and generating a block cipher under the control of a subscriber key;
means for presenting a combination of binary digits associated with a subscriber key to said cryptographic means for controlling the generation of said block cipher;
second cryptographic means for deciphering said block cipher under the control of an identical subscriber key obtained from said store means;
means for testing the output of said second cryptographic means for identifying a subgroup of the deciphered cleartext as consisting of a password;
gate means for permitting the flow of the subgroup data when said means for testing finds the correct password.
0 Assignments
0 Petitions
Accused Products
Abstract
This specification describes a multi-terminal data processing system having means and process for verifying the identity of subscribers to the system. Validity of a terminal request for communication with the data processing system are determined on the basis of a centralized verification system. Each subscriber to the system is identified by a unique key binary symbol pattern. The central data processing unit contains a listing of all valid keys for subscribers to the system. Two embodiments of the centralized verification system are presented, a password system and a handshaking system. In the password system, all data or information originating at the terminal under use of the subscriber is enciphered in combination with the unique subscriber key. Upon proper deciphering of the key or password at the central processing unit and arriving at a match with one of the keys in the processor'"'"''"'"'s listing, the subscriber may communicate with the processing system. In the handshaking system embodiment, the user and the central processor exchange a plurality of messages each formed by a combination of new and prior received data. Received data messages are also maintained within the registers at both the terminal and the central processor for further verification upon the return of the portion of the message that was previously transmitted.
427 Citations
6 Claims
-
1. In a data processing network having a plurality of terminals and a central processing unit, a centralized verification system comprising:
- store means for holding a list of terminal subscriber keys, each key associated with a single subscriber to said network and consisting of a block of n binary digits arranged in a unique combination;
means for presenting a first subgroup of binary digits representing a data vector;
means for generating a second subgroup of binary digits representing a password to be recognized at a receiver station in said network in order to gain admittance for carrying out further communications;
first cryptographic means for accepting in combination said first and second subgroups of binary digits and generating a block cipher under the control of a subscriber key;
means for presenting a combination of binary digits associated with a subscriber key to said cryptographic means for controlling the generation of said block cipher;
second cryptographic means for deciphering said block cipher under the control of an identical subscriber key obtained from said store means;
means for testing the output of said second cryptographic means for identifying a subgroup of the deciphered cleartext as consisting of a password;
gate means for permitting the flow of the subgroup data when said means for testing finds the correct password.
- store means for holding a list of terminal subscriber keys, each key associated with a single subscriber to said network and consisting of a block of n binary digits arranged in a unique combination;
-
2. The system as defined in claim 1 wherein said means for generating said password comprises means for generating a sequentially changing combination of binary digits of dimension less than the block size input of said first cryptographic means.
-
3. The system as defined in claim 2 further comprising encoder block error detection and correction encoding means connected to said first cryptographic means for encoding all block ciphers prior to transmission;
- decoder error detection and correction means connected to said second cryptographic means for decoding received block ciphers and correcting errors caused by interference in the transmission channel.
-
4. In a computer network having a plurality of terminal devices used by subscribers to said network to communicate with a central processing unit and its associated data banks, a method of centralized verification for recognizing authorized subscribers, said method comprising the steps of:
- establishing a preliminary identification between a terminal and the central processing unit;
preparing a user key associated with the subscriber operating the terminal and making said key available to identical cryptographic devices at both the terminal and the central processing unit;
forming a composite message from a plurality of code groups comprising data and password information;
enciphering said composite message and forming a block cipher to be transmitted to a receiver station;
accepting said transmitted cipher at said receiver station and deciphering the received Message into cleartext representing the composite message;
forming a reply message from a plurality of code groups, one of said code groups being a portion of the received message;
enciphering said second composite message and transmitting it to the terminal station;
deciphering said received second cipher text into a clear-text representative of said second composite message;
comparing a portion of the deciphered message with that portion of the first message which was returned by said receiver station;
preparing further transmission if said comparison indicates a correct code.
- establishing a preliminary identification between a terminal and the central processing unit;
-
5. The process as defined in claim 4 further comprising the steps of:
- storing a portion of every received message at both the terminals and the central processing unit for further comparison with subsequently received messages;
combining all code group messages with a portion of prior received communications to form composite messages at both said terminal and said central processing unit.
- storing a portion of every received message at both the terminals and the central processing unit for further comparison with subsequently received messages;
-
6. The method as defined in claim 4 further comprising the steps of:
- encoding all block ciphers prior to transmission in accordance with an error detection and correction code;
decoding received block ciphers and correcting errors in accordance with said error detection and correction code.
- encoding all block ciphers prior to transmission in accordance with an error detection and correction code;
Specification