Browse Prior Art Database

Coupling PAC to Both AP and ID

IP.com Disclosure Number: IPCOM000047386D
Original Publication Date: 1983-Nov-01
Included in the Prior Art Database: 2005-Feb-07
Document File: 2 page(s) / 35K

Publishing Venue

IBM

Related People

Lennon, RE: AUTHOR [+4]

Abstract

This article describes a user verification process that is dependent upon several related input parameters, namely, a user identifier (ID), an authentication parameter (AP) and a personal authentication code (PAC). Use of a system is denied to users unless the correct correspondence between ID, AP and PAC can be demonstrated. When a user opens his account at an issuer institution, the issuer or user selects a secret personal identification number (PINi), the issuer selects a personal key (KPi) and the issuer computes an authentication parameter (APi). The issuer also selects an authentication key KA and computes a personal authentication code (PACi). Thus, referring to Fig.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 53% of the total text.

Page 1 of 2

Coupling PAC to Both AP and ID

This article describes a user verification process that is dependent upon several related input parameters, namely, a user identifier (ID), an authentication parameter (AP) and a personal authentication code (PAC). Use of a system is denied to users unless the correct correspondence between ID, AP and PAC can be demonstrated. When a user opens his account at an issuer institution, the issuer or user selects a secret personal identification number (PINi), the issuer selects a personal key (KPi) and the issuer computes an authentication parameter (APi). The issuer also selects an authentication key KA and computes a personal authentication code (PACi). Thus, referring to Fig. 1, an initialization process is performed at the issuer in which PINi is modulo 2 added (0+) to KPi with the result being used as a key for enciphering IDi to produce APi. IDi is also enciphered under control of KA to produce an enciphered result which is modulo 2 added to APi, with the result being enciphered under control of KA to produce PACi. After completing this initialization process, IDi, KPi, and PACi are recorded on the user's card. In a similar fashion, the issuer computes APi and PACi for each user. KA is retained by the issuer so that each user's pair (IDi APi) can be checked against PACi, which is stored on the user's card. The process of user verification shown in Fig. 2 requires that user i enter IDi, KPi, PINi and PACi at an entry point terminal....