Browse Prior Art Database

Personal Key Implementation With Standardized Bank Cards

IP.com Disclosure Number: IPCOM000060205D
Original Publication Date: 1986-Mar-01
Included in the Prior Art Database: 2005-Mar-08
Document File: 3 page(s) / 41K

Publishing Venue

IBM

Related People

Elander, RC: AUTHOR [+2]

Abstract

One essential requirement of an electronic fund transfer (EFT) system is that institutions must be able to join together in a common EFT network, defined as an interchange, such that the EFT security of each institution is independent of the security measures implemented at other institutions. One method to achieve this is by employing one-way function methods for personal identification number (PIN) verification, as well as for establishing end-to-end cryptographic keys. Since the PIN is normally only 4 to 6 digits long, it does not have enough combinations to be useful in a one-way function approach. To overcome this drawback, another quantity stored on the card is introduced. This quantity, defined personal key here, is then employed in conjunction with the PIN to generate a strong one-way function.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 3

Personal Key Implementation With Standardized Bank Cards

One essential requirement of an electronic fund transfer (EFT) system is that institutions must be able to join together in a common EFT network, defined as an interchange, such that the EFT security of each institution is independent of the security measures implemented at other institutions. One method to achieve this is by employing one-way function methods for personal identification number (PIN) verification, as well as for establishing end-to-end cryptographic keys. Since the PIN is normally only 4 to 6 digits long, it does not have enough combinations to be useful in a one-way function approach. To overcome this drawback, another quantity stored on the card is introduced. This quantity, defined personal key here, is then employed in conjunction with the PIN to generate a strong one-way function. Details of how to generate such a one-way function have been published [*]. The method described in this article shows how a personal key can be generated with presently standardized cards. A personal key which depends only on card data can be obtained (1) directly from the card (using information which is not transmitted) or (2) indirectly from the time- invariant card information, of which some is transmitted and some is not. To indirectly generate a personal key, the one-way function shown in Fig. 1 can be effectively employed as follows: The card information, which is used to generate the personal key, is first broken up into 64-bit blocks. The information is padded, if necessary, to assure that multiple blocks of 64 bits are available. As shown in Fig. 1, it is assumed that only two blocks are present, defined X1 and X2. As a first step, X1 is decrypted at 10 with an origin key 12 and the resulting cryptogram is added at 14, modulo 2, to X1. This then becomes the key used via 16 to decrypt X2 at 18, and the resulting cryptogram is added at 20, modulo 2, to X2. The final result is defined as the "personal key" 22. The origin key does not have to be secret and could be defined as a universal constant, or may even be made an institution-dependent parameter. OVE...