Browse Prior Art Database

Unified Authentication Parameter

IP.com Disclosure Number: IPCOM000047694D
Original Publication Date: 1983-Dec-01
Included in the Prior Art Database: 2005-Feb-07
Document File: 2 page(s) / 31K

Publishing Venue

IBM

Related People

Matyas, SM: AUTHOR [+3]

Abstract

This article discloses a method for generating an authentication parameter (AP), which may subsequently be used for personal verification, as a function of user-remembered secret information, namely, a personal identification number (PIN) in combination with additional static information. Authentication parameters have heretofore been generated as a function only of PIN which, by definition, has in the order of 10/4/ to 10/6/ combinations. To increase security, it has been proposed that the authentication parameter be defined as AP = PAN||PIN, where the symbol "||" indicates concatenation and PAN represents a personal account number. (The order in which the parameters are concatenated is unimportant.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 86% of the total text.

Page 1 of 2

Unified Authentication Parameter

This article discloses a method for generating an authentication parameter (AP), which may subsequently be used for personal verification, as a function of user- remembered secret information, namely, a personal identification number (PIN) in combination with additional static information. Authentication parameters have heretofore been generated as a function only of PIN which, by definition, has in the order of 10/4/ to 10/6/ combinations. To increase security, it has been proposed that the authentication parameter be defined as AP = PAN||PIN, where the symbol "||" indicates concatenation and PAN represents a personal account number. (The order in which the parameters are concatenated is unimportant.) The figure illustrates a method which increases security and retains compatibility with the authentication parameter AP = PAN||PIN in which a secret quantity on the card, i.e., a personal key KP, is used. In this stronger implementation, AP is a function of PIN, KP, and PAN. It should be noted that the 0 input could be replaced by a general quantity, C, provided that C is also added, modulo 2, at point "a". AP is defined so that, in the degenerate case, AP reduces to PAN||PIN, the degenerate case being defined when KP = 0. Accordingly, it is seen that AP = PAN||PIN if KP = 0, whereas AP = PAN||f(PAN, PIN, KP) if KP is not equal to 0. The number of Encipher (E) - Decipher (D) operations can be reduced from two to one if AP does not h...