Browse Prior Art Database

Application for Personal Key Crypto with Insecure Terminals

IP.com Disclosure Number: IPCOM000052565D
Original Publication Date: 1981-Jun-01
Included in the Prior Art Database: 2005-Feb-11
Document File: 5 page(s) / 99K

Publishing Venue

IBM

Related People

Lennon, RE: AUTHOR [+4]

Abstract

A method is disclosed for secure data transmissions between an inexpensive terminal equipped with a crypto facility, the design of which does not provide adequate protection for a resident master key, and a host processor equipped with a secure crypto facility. The method is based upon a secret pseudo-master key defined as a personal key generating key (KPG) residing in protected form at the host system and used to produce any user personal key (KP) on demand, thereby eliminating the need to store a substantial directory of personal keys at the host system. Once the participants in the communication have a copy of KP, in a form usable at their respective crypto facilities, each may then send and receive messages enciphered under KP.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 33% of the total text.

Page 1 of 5

Application for Personal Key Crypto with Insecure Terminals

A method is disclosed for secure data transmissions between an inexpensive terminal equipped with a crypto facility, the design of which does not provide adequate protection for a resident master key, and a host processor equipped with a secure crypto facility. The method is based upon a secret pseudo-master key defined as a personal key generating key (KPG) residing in protected form at the host system and used to produce any user personal key (KP) on demand, thereby eliminating the need to store a substantial directory of personal keys at the host system. Once the participants in the communication have a copy of KP, in a form usable at their respective crypto facilities, each may then send and receive messages enciphered under KP. Where additional protection is desired, this may be achieved by using KP to distribute a time variant session key, unique to the particular transaction.

Fig. 1 illustrates a representative cryptographic facility which includes a physically secure implementation containing a cipher device, a working key (WK) register and a data register, a non-volatile memory for a master key and control functions to control the facility and drive the cipher device in either an encipher
(E) or decipher (D) mode. Access to the facility is achieved through inviolable interfaces that handle processing requests, input data and transformed outputs.

KPG may be created at the host system by a random process, such as for a master key and control functions to control the facility and drive the cipher device in either an encipher (E) or decipher (D) mode. Access to the facility is achieved through inviolable interfaces that handle processing requests, input data and transformed outputs.

KPG may be created at the host system by a random process, such as by coin tossing or dice throwing, and inputted to the key generation process, or may be generated by a key generator utility program. KPG is used at the host system to assign the personal keys (KPs) to the users such that KP(i) = D(KPG) (ID(i)), where ID is the customer non-secret account number or some other value related to the identity of a particular customer. Fig. 2 illustrates a flow diagram for creating a representative personal key (KP(i)) at the host system by a sequence of an encipher under master key (EMK) function and a decipher (DCPH) function. In the EMK function, KPG is enciphered under the host master key KM0 to obtain the value E(KM0) KPG, which is then used as an input parameter along with ID(i) in the decipher (DCPH) function. In the DCPH function, the facility first operates in a decipher mode to obtain KPG in clear form and then performs a second decipher operation to "encipher" the customer ID(i) under KPG to obtain the personal key KP(i) = D(KPG)ID(i) which may then be recorded on the customer magnetic stripe bank card along with the customer ID. The customer is also given a secret password (PW) whic...