Browse Prior Art Database

Authentication with Stored KP and Dynamic Pac

IP.com Disclosure Number: IPCOM000050326D
Original Publication Date: 1982-Oct-01
Included in the Prior Art Database: 2005-Feb-10
Document File: 3 page(s) / 65K

Publishing Venue

IBM

Related People

Lennon, RE: AUTHOR [+3]

Abstract

A method is disclosed for verification of system users at the issuing node where the users are provided with user cards, e.g., bank cards, on each of which is stored a Personal Key (KP) derived in a manner which permits dynamically producing a related Personal Authentication Code (PAC), used in the verification process, rather than requiring PAC to be stored on the card.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 54% of the total text.

Page 1 of 3

Authentication with Stored KP and Dynamic Pac

A method is disclosed for verification of system users at the issuing node where the users are provided with user cards, e.g., bank cards, on each of which is stored a Personal Key (KP) derived in a manner which permits dynamically producing a related Personal Authentication Code (PAC), used in the verification process, rather than requiring PAC to be stored on the card.

An Authentication Pattern (AP) resulting from a complex cryptographic process based on a user's Personal Identification Number (PIN) may be routed through a network with relative freedom from risk that the PIN can be deduced. Possible candidates for AP include: AP=E(KPPhiPIN) (ID) (1a)

AP=(PINPhiID) Phi (EKPPhiPINPhiID) (ID)) (1b) where ID represents the system's user identification, or, in banking terms, the Primary Account Number (PAN). B represents modulo two addition without carry, i.e., an Exclusive OR operation. Thus, the encryption E of the system user identification ID under control of the personal key KP Exclusive ORed with the personal identification number PIN yields the authentication pattern AP expressed by the equation 1a. Alternatively, may be obtained by the process expressed by the equation 1b. In general terms, AP may be defined as a complex function (f) of PIN, ID and KP which may be expressed by the equation AP=f(PIN,ID,KP).

Verification of system users at the appropriate issuing node involves comparing an "AP of Reference" with the received value of AP initially generated at a terminal entry point and transmitted to the issuer via the communication network. If the two APs are identical, the user is accepted; otherwise, the user is rejected. To eliminate the potentially large storage needed to contain the "APs of Reference" at the issuer, authentication could be based on a Personal Authentication Code (PAC) computed dynamically from a secret authentication key (KA) as follows: PAC1 equals the leftmost 16 bits of E(KA) (...