Browse Prior Art Database

Transaction Response Message Authentication (Public Key and Des)

IP.com Disclosure Number: IPCOM000041338D
Original Publication Date: 1984-Jan-01
Included in the Prior Art Database: 2005-Feb-02
Document File: 3 page(s) / 49K

Publishing Venue

IBM

Related People

Lennon, RE: AUTHOR [+4]

Abstract

This article discloses a protocol and key management technique for authenticating transaction response messages between the issuer and acquirer of an electronic funds transfer (EFT) system by using a public-key algorithm and between the acquirer and EFT terminal by using system keys and the Data Encryption Standard (DES) algorithm. In this system, the DES algorithm is implemented in each bank's host system and each associated EFT terminal. Additionally, a public-key algorithm is also implemented in each bank's host system to permit the introduction of a digital signature. Thus, in this arrangement, each institution (host) is provided with a public and private key, PK and SK, respectively. Only the public key is shared with each other institution and published in a public repository, as illustrated in Fig. 1.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 3

Transaction Response Message Authentication (Public Key and Des)

This article discloses a protocol and key management technique for authenticating transaction response messages between the issuer and acquirer of an electronic funds transfer (EFT) system by using a public-key algorithm and between the acquirer and EFT terminal by using system keys and the Data Encryption Standard (DES) algorithm. In this system, the DES algorithm is implemented in each bank's host system and each associated EFT terminal. Additionally, a public-key algorithm is also implemented in each bank's host system to permit the introduction of a digital signature. Thus, in this arrangement, each institution (host) is provided with a public and private key, PK and SK, respectively. Only the public key is shared with each other institution and published in a public repository, as illustrated in Fig. 1. The protocol for authenticating a transaction response message using digital signatures is shown in Fig. 2. The issuing institution, i.e., the institution at which a user opens an account, first recovers a transaction request message enciphered with its public key PK by deciphering it with its secret key SK. Then, the issuer generates a response message (Mresp) which is deciphered (or which may be enciphered) under control of the issuer's secret key (SKi) before being transmitted to the originating acquirer. The acquirer, i.e., the institution which first acts on information entered at the terminal, recovers Mresp by enciphering (or deciphering, if the original transformation was a encipherment of Mresp) it with the issuer's public key previously obtained from the public repository, validated and stored on the acquirer's data base. Thus, it will be apparent that the acquirer can authenticate Mresp without knowledge of the issuer's secret key, thereby improving security over conventional systems where each institution must have knowledge of the authentication key and the message authentication process can also be isolated among the institutions. Also, it should be apparent that Mresp enciphered under control of the issuer's secret key provides the acquirer with the equivalent of a signed message since only the issuer's secret key is capable of creating the enciphered Mresp authorizing the acquirer to take some action on the transaction. A message authe...