×

System for authenticating users and devices in on-line transaction networks

  • US 4,317,957 A
  • Filed: 03/10/1980
  • Issued: 03/02/1982
  • Est. Priority Date: 03/10/1980
  • Status: Expired due to Term
First Claim
Patent Images

1. In a system for authenticating users and devices in on-line transaction networks comprising a plurality of remote terminals in communication with a central processing unit including a data base containing encrypted data used in the authentication of the users and devices, said data being encrypted with a master key and including terminal master keys for each of said remote terminals and identification numbers for each of said users all of which are secret, said data further including terminal identification numbers for each of said remote terminals and account numbers for each of said users, wherein each of said remote terminals is provided with means for entering an account number and an identification number of a user initiating a transaction as well as the nature of the transaction, the improvement in a method for protecting the transaction comprising the steps of:

  • generating at a terminal a transaction request message based on the information entered at the terminal by a user initiating a transaction,using the identification number and the account number entered by the user and the terminal identification number and the terminal master key, and employing such variants as to generate a working key unique to each transaction,encrypting the transaction request message using the working key,transmitting the encrypted transaction request message,deriving the working key at the central processing unit using information derived from the transmitted message and the data base including the account number, the terminal master key and the terminal identification number,decrypting the message received at the central processing unit using the working key,comparing the user identification number and account number obtained by decrypting corresponding data in the data base with the data in the transaction request message to validate the transaction request message,generating a transaction request response and encrypting the transaction request response with the working key,transmitting the encrypted transaction request response to the terminal where the transaction was initiated, anddecrypting the message received at the terminal using the working key and, if the transaction is approved, providing the requested service.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×