Browse Prior Art Database

Off Line Personal Verification using a Public Key Algorithm

IP.com Disclosure Number: IPCOM000051992D
Original Publication Date: 1981-Apr-01
Included in the Prior Art Database: 2005-Feb-11
Document File: 3 page(s) / 62K

Publishing Venue

IBM

Related People

Cantor, RF: AUTHOR [+4]

Abstract

This article describes an off-line personal verification technique usin a public-key algorithm in an interchange or non-interchange environment where a public key is used at each terminal to permit verification and a corresponding secret key is used at a control facility to generate the necessary authentication quantities. In an interchange environment, a bank authentication code recorded on a magnetic stripe card is read from the card and decoded using a central facility public key to obtain the bank public key which is then used to decode a personal authentication code also recorded on the card to obtain a personal identification value (PIV) which is compared for equality with a user-generated PIV to provide user verification.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 3

Off Line Personal Verification using a Public Key Algorithm

This article describes an off-line personal verification technique usin a public- key algorithm in an interchange or non-interchange environment where a public key is used at each terminal to permit verification and a corresponding secret key is used at a control facility to generate the necessary authentication quantities. In an interchange environment, a bank authentication code recorded on a magnetic stripe card is read from the card and decoded using a central facility public key to obtain the bank public key which is then used to decode a personal authentication code also recorded on the card to obtain a personal identification value (PIV) which is compared for equality with a user-generated PIV to provide user verification. In a non-interchange environment, where no central facility is involved, only the personal authentication code need be recorded on the magnetic stripe card. The personal authentication code is decoded using the bank public key to obtain the PIV which, as above, is compared for equality with user-generated PIV to provide user verification.

Each bank generates a pair of public and secret keys, e.g., PK(B) and SK(B) for Bank B, and a set of PIVs for the bank's set of users. The PIVs are obtained using a technique that cannot be duplicated or forged, within acceptable limits, by a skilled opponent, e.g., by back of finger analysis, voice print, finger print or signature dynamics to uniquely identify an individual.

At each bank, a procedure is followed to produce authentication parameters for the bank's set of users. Fig. 1 illustrates the procedure to create the personal authentication code for user i at Bank B as follows: (1) The generated PIV(i) and user identifier ID(i) are read into a protected area of the cryptographic system, (2) the data parameter (PIV(i),ID(i) is deciphered (D) using the secret key of the bank (SK(B)) to produce the quantity D(SKB##) (PIV(i),ID(i)) which is then written onto the magnetic stripe card. This procedure is applicable to off-line verification in both a non-interchange environment as well as an interchange environment.

In an interchange environment, with a public key algorithm, where PK(U) and SK(U) denote the public and secret keys of an agreed-upon central facility or utility (U), the verification procedure is accomplished by each bank sharing the public key PK(U) with the central facility U. Thus, the public key is distributed to each bank in the interchange so that this common key can be installed in each bank's terminal.

During initialization of the system, the banks, Bank A, Bank B, ..., Bank Z, transmit their public keys PK(A), PK(B), ..., PK(Z), to the central facility where, together with their identifier (ID) values, respectively, they are deciphered (D) under the secret key of the central facility (SK(U)) to obtain the parameters D(SKU##) (PK(A),ID(A)), D(SKU##) (PK(B ..., D(SKU##) (PK(Z),ID(Z)). The para...