Note : Les descriptions sont présentées dans la langue officielle dans laquelle elles ont été soumises.
1 1 59920
IMPROVED METHOD AND APPARATUS
FOR SECURING DATA TRANSMISSIONS
Background of the Invention
Numerous methods and apparatus have been developed for
transmitting messages in a secure manner between stations. Many
of the methods and apparatus provide for coding of the message
prior to transmission and for decoding of the message at its
destination subsequent to transmission. Two such methods and
apparatus are described, for example, in U. S. Patent No.
3,711,645 issued January 16, 1973, ~o Kurt Ehrat, entitled Method
,~ And Apparatus For Coding Messages, and in U. S. Patent No.
3,956,615 issued May 11, 1976, to Thomas G. Anderson, William A.
Boothroyd and Richard C. Frey, entitled Transaction Execution
System With Secure Data Storage And Communications, A third
method and apparatus is described, for example, in U. S. Patent
No. 3,938,091 issued February 10, 1976, to Martin M. Atalla,
entitled Personal Verification System.
A common feature of such apparatus is the use of fixed,
predetermined encoding-decoding keys to encode and decode data,
or the use of variable encoding keys transmitted with the encoded
message to a destination station for processing (the variable
-d~
1 1599~0
encoding keys being supplied by the user, or generated by the
apparatus from user-supplied information). At the destination
station, the transmitted variable-key is utilized by a decoder
of the apparatus to decode the encoded message.
Whereas the use of variable rather than fixed encoding-
decoding keys would seem to provide a greater measure of security
in message transmission than do fixed keys ~especially variable
keys supplied by a user or generate~ by the apparatus from user-
supplied information), the practice of transmitting a variable
key so that it can be used in the decoding process reduces the
security of the operation because unauthorized users could con-
ceivably gain access to the key during the transmission of the
key, It would be desirable, therefore, in improving the security
of such data transmission operations (especially bank transaction
operations or the like which require not only secure transmission
of data but also accurate identification of users) to use a
technique which provides for secure transmission of data without
requiring transmission of matching encoding-decoding keys or of
user-identification information. Also, it would be desirable in
certain applications to obviate the need for dedicated pairs of
matched encoders/decoders in order to enhance the flexibility of
the data-transfer system and to reduce the start-up and chanae-
over time inherent in placing conventional paired modules in the
proper locations. In addition, it would be desirable to encrypt
messages between specific persons or entities via an intermediate
or central station which can function in a manner similar to a
data switch that ties numerous entities together.
Summary of the Invention
In accordance with the illustrated preferred embodiment
of the present invention, a method and apparatus are provided
1 159920
for improving security of data transmission between stations by
making it unnecessary to transmit user-identification information
between the stations. Also, to further improve security, an
alternative method provides for encoding and decoding the data
during each transaction, using encoding and decoding ke~s pro-
duced from different PIN~s(Personal Identification Number entered
into the apparatus by a user to initiate a transaction such as a
bank deposit or withdrawal transactlon). The apparatus includes
at least one irreversible algorithm module, a random number
generator, and at least onè data file. The composite system
embodiment of the present invention enables encoded data to be
transferred by conventional data transmission means such as
mail, voice transmission via telephone, radio, and the like,
without loss of security associated with the transmitted data
or the identifying code of an authorized user. Also, the system
embodiment of the present invention facilitates the remote con-
trol of data-transfer operations between distant stations and
permits changes of and additions to central files of identifying
codes for authorized individuals from remote stations without
compromising the security of the transmission of such critical
information In additionj the system embodiment of the present
invention enables messages in various formats to be transmitted
in fully-secured, encrypted form between specified persons or
entities via an intermediate or central station which can link
any selected pair of numerous such entities.
.
1 1 59920
Various aspects of the invention are as follows:
A ~ethod of securing the identification of an
individual in data-handling operations utilizing
identification information supplied by the individual, the
me-thod comprising the steps of:
-3a-
1 159920
generating a selected number that is different for
each data-handling operation;
producing a first identification code in response
to the generated selected number and to first identification
information supplied by an individual;
storing the generated selected number and the
first identification code;
producing a second identification code in response
to the stored selected number and second identification
10 information supplied by an individual;
comparing the stored first identification code
with the second identification code to determine the
authenticity of the supplied identification information;
generating a second selected number t~at is
15 different for each data-handling operation;
producing a third identification code in response
to the second selected number and to the second
identification information supplied by the individual; and
storing the second selected number and the third
20 identification code for subsequent use.
A method of simultaneously securing transmitted
data and the identification of an individual in data
transmission between stations utilizing identification
information about the individual which is pre-stored and
25 identification information supplied by the individual, the
method comprising the steps of:
generating a selected number that is different for
each data transmission;
producing a first encryption key in response to
30 the generated selected number and to identification
information supplied by an individual at a first station;
1 15992Q
encoding data in accordance with the first
encryption key;
transmitting the generated selected number and the
encoded data to a second station;
producing a second encryption key utilizing the
pre$tored identification information and the transmitted
selected number; and
decoding the encoded data in accordance with the
second encryption key.
A method of simultaneously securing transmitted
data and the identification of an individual in data
transmission between stations utilizing identification
information supplied by the individual, the method
comprising the steps of:
generating and storing a first selected number
that is different for each data transmission;
producing and storing a first key in response to
the first selected number and to a first identification
information supplied by an individual at a first station;
producing a second key in response to the stored
first selected number and to second identification
information supplied by an individual;
generating a second selected number that is
different for each data transmission;
producing a third key in response to the second
selected number and to the second identification information
supplied by the individual;
encoding in accordance with the second key
selected information including data and the second selected
30 number and the third key;
-3c-
1 159920
transmitting the encoded information to a second
station;
decoding the encoded information in accordance
with the stored first key; and
storing the second selected number and third key
of the decoded information for subsequent use.
Apparatus for simultaneously securing transmitted
data and the identification of an individual when
transmitting the data between stations utilizing
identification information about the individual which is
pre-stored and identification information supplied by the
individual, the apparatus comprising:
means for generating a selected number that is
different for each data transmission;
means coupled to receive the generated selected
number and to receive identification information supplied by
an individual at a first station for producing a first
encryption key;
means coupled to receive data and the first
20 encryption key for encoding the data in accordance with the
first encryption key;
means responsive to the pre-stored identification
information and coupled to receive the generated selected
number for producing a second encryption key; and
means disposed at a second station to receive the
encoded data and the second encryption key for decoding the
encoded data in accordance with the second encryption key.
Apparatus for simultaneously securing transmitted
data and the identification of an individual when
30 transmitting the data between stations utilizing
~3d-
1 1 59~20
identification information supplied by the individual, the
apparatus comprising:
means for generating a first and a second selected
number, each of which is different from each data
traLnsmission:
means coupled to the generating means for storing
the first selected number:
means coupled to receive the first selec~ed number
and to receive a first identification information supplied
by an individual at a first station for producing a first
key, for producing a second key in response to the stored
first selected number and to a second identification
information supplied by an individual, and for producing a
third key in response to the second selected number and to
the second identification information supplied by the
individual, the' means for storing being disposed for
receiving and storing the first key;
means coupled to receive data, the second selected
number, and the second and third keys for encoding in
accordance with the second key selected information
including the data and the second selected number and the
third key; and
means coupled to the means for storing and
disposed at a second station to receive the encoded
information for decoding the encoded information in
accordance with the stored first key, the means for storing
also being disposed for storing the second selected number
and the third key of the decoded information for subsequent
use.
-3e-
1 1 59920
Brief Description of the Drawings
Figures lA and lB are block diagrams showing,
respectively, the apparatus and method of the present
invention;
Figures 2A and 2B are block diagrams showing,
respectively, alternative embodiments of the apparatus
and method of the present invention;
-3f-
1 1 59920
Figures 3A and 3B are block diagrams showing, respectively,
other alternative embodiments of the apparatus and method of the
present invention;
Figures 4A and 4B are block diagrams showing, respectively,
still other alternative embodiments of the apparatus and method of
the present invention;
Figure 5A is a schematic block diagram of another embodi-
ment cf the present invention in which a transaction may be
securedly controlled at a remote location;
Figure 5B is a flow chart illustrating the operation of
.' the embodiment of Figure 5A;
Figures 6, 7A and 7B are illustrations of other embodi-
ments of the present invention in which transactions may be
securedly controlled at remote branch locations of remote central
offices;
Figure 8 is an illustration of another embodiment of the
present invention using prestored identification information about
two individuals or entities in order to securedly control a trans-
action at a remote branch location of a remote central office;
Figure 9 is an illustration of an embodiment of the
present invention in which encoded identification information
for an individual may be stored remotely using a sponsor and
associated identification information;
Figure lO is an illustration of an embodiment of the
present invention in which encoded identification information
for an individual that is stored remotely may be securedly
changed using a sponsor and associated identification information;
and
Figure ll is an illustration of an embodiment of the
present invention in which encoded messages may be transmitted
1 1 59920
between two users via a central station which routes the encoded
message.
Description of the Preferred Embodiment
Referring now to Figures lA and lB, there are shown an
apparatus and a method for improving the security of transmitted
data between stations. The apparatus and method offer improved
security by not requiring the transmission of PIN data from the
originating or user station to the destination or processing
station. The apparatus comprises at a transmitting location 23
l~ a random number generator 13, and an irreversible algorithm
module (I.A~M,) 15 (for example, of the t~pe disclosed in U. S.
Patent No. 3,938,091 issued on February 10, 1976, to M. M.
Atalla and A. F. Liu), and further comprises a storage file 17,
another irreversible algorithm module l9, and a comparator 21
at a receiving location 25. In response to PIN data entered
by a user and in response to a random number (RN) produced by
random number generator 13, algorithm module 15 produces a user
identifier code (ID) which may be transmitted and applied to
comparator 21 at the receiving location. The RN produced by
2~ random number generator 13 is also transmitted to an I.A.M. l9
in the receiving station 25, A predetermined authentic PIN (pre-
stored in a selected register of storage file 17) may be accessed
and applied to algorithm module l9 along with the received RN to
produce a new user identifier code (ID'). The algorithm module
~5 19 encrypts or encodes the signals applied thereto in a manner
which is identical to module 15. The previously produced user
identifier code (ID) is then compared with the ne~ly produced
usex identifier code (ID') by comparator 21. If a match occurs
(i.e,, if ID and ID' are found to be the same), an output data
3;0 value is produced (or internal flag is set) indicating that the
-- 5 --
1 159920
transaction (e.g., user withdrawal of money from a bank) should
proceed. If no match occurs, comparator 21 produces an output
value indicating that the transaction should not proceed.
From the above-described apparatus and method of FigureS
lA and lB, therefore, it is seen that no personal identification
number of the user (PIN) is transmitted from the originating or
user location 23 to the destination or receiving location 25.
Another embodiment of the p~esent invention is shown
in Figures 2A and 2B. In this embodiment, the user identifier
code (ID) is produced in response to RN and to entered PIN data
in a manner similar to that shown in Figures lA and lB. ~owever,
only RN and ID are transmitted from user station 37 to file
storage 31, 33 at processing station 39. In this embodiment, no
PIN is transmitted between stations, nor is the PIN stored in the
file 31, 33 where it may be susceptible to unauthorized access.
In this embodiment, the present apparatus operates, as
shown in Figure 2B, to update the identifier code ID and the
random number RN in storage files each time a proper verification
of user is established. Thus, a user's initial entry of a PIN
is combined with an RN via an irreversible algorithm module of
the type previously described to produce an ID which, with the
associated RN, may be transmitted and stored in files 31, 33 at
the receiver statio~ 39 (and optionally at a local file 38).
Thereafter, the authorized user again enters his PIN
(referred to herein as PIN ' ), and the RN is accessed from the
file 31 (or optionally from the local file 38). The PIN ' and
the retrieved RN (RNX herein) are encrypted by the algorithm
module 29 to produce the ID (which should be identical to the
ID in file 33) for transmission to comparator 35 at the receiving
station 39. There, the comparison is made with the ID retrieved
1 15992~ `
from ~ile 33, If the match is detected, the output from com-
parator 35 provides the indication that the present transaction
may proceed, and also initiates the generation of a new random
number RNy. This new random number is encrypted by the algorithm
module 29 along with 'he PIN' which was entered in the present
transaction to yield the new IDy. The new RNy and new IDy are
then transmitted to files 31, 33 (and optionally to local file
38) to supplant RNX and IDX previous`ly stored therein. In this
manner, a user identifier code is dynamically stored and updated
each time an authorized user is verified. More importantly,
however, no PIN need be stored or transmitted in order to verify
the authorized user.
Referring now to the embodiment of the present invention,
as illustrated in Figures 3A and 3~, a PIN in storage 47 is used
with a random number RN to produce a KEY code by which data may
be encrypted (encoded). However, the KEY code used to encrypt
data is not transmitted. In response to a PIN entered by a user
and a random number (RN) generated by a random number generator
41, irreversible algorithm module 43 of the type previously
~O described produces an encryption key (KEY) which is applied to
encoding zlgorithm module 45 (e.g., an encoder such as The Bureau
of Standards Chip incorporating the National Bureau of Standards'
encryption-decryption algorithm which is the Federal Information
Processing Standard approved by the U. S. Department of Commerce).
In response to applied data, encoding module 45 encodes the data
in accordance with the encryption key (KEY). The encoded data,
together with the associated random number (RN) is then trans-
mitted from user station 53 to processing station 55. The random
number (RN) thus received by station 55 and the prestored authentic
PIN which is accessed from file 47 are applied to algorithm module
l 159920
49 which produces an encryption key (KEY') that should be
identical to the KEY, and this KEY' is applied to decoding
module 51. Decoding module 51 operates in accordance with the
same National Bureau of Standards encoding scheme as module 45
and produces the desired decrypted (decoded) data. It should
be noted that as long as the entered PIN matches the prestored
PIN, KEY will match KEY', and the decrypted data will match the
entered data~ This embodiment of the present invention thus
obviates the need to transmit the generated KEY between stations
and eliminates risk of disclosure of the KEY during such trans-
mission. Also, it should be noted that in this embodiment, the
KEY is determined and the PIN is verified simultaneously under
the control of the user. That is, the éncryption and decryption
of data are solely under the control of the user by virtue of
his own entered PIN. Also, the user who entered the PIN is
verified in response to the encrypted data being received and
decrypted at the receiver station 55 using the corresponding PIN
that is retained in file 47. Further, the information which is
transmitted between stations includes a random number which
changes after each transaction and the encrypted data which also
changes form after each transaction, even for the same data
entered at station 53.
In the embadiment of the present invention shown in
Figures 4A and 4B, there is no need to transmit the PIN from
user station 73 to processing station 75, and no need to store
PIN information in a file. As shown in Figures 4A and 4B, the
system is first initialized in preparation for user transactions.
The PIN is entered by the user during initialization and random
number generator 61 generates a random number (RNl) and applies
the RNl to irreversible algorithm module 63 of the type previously
1 159920
described. Module 63 combines the PIN and RNl information and
produces therefrom a first encryption key (KEYl) to be used in
later encryption of data. The RNl and KEYl are then stored for
later retrieval in a storage file 65 at the processing station
75 (and optionally the random number may also be stored in a
local file 72).
In commencing a transaction, the user first enters his
PIN into the algorithm module 63. ~n response to the entered
PIN, and in response to RNl which is accessed from file 65 (or
optionally from local file 72), the module 63 reproduces the
encryption key (KEYl) which is applied to the control input of
the encryption module 67 (say, of the National Bureau of Standards
type previously described). With the encryption module 67 set to
encode in accordance with KEYl, another random number (RN2) is
generated by random number generator 61, and is applied to modules
63 and 67. The module 63 is able to produce an encryption key
(Æ Y2) from the applied RN2 and from the PIN that is available
during the present user transaction. KEY2 and RN2 which was
associated with XEY2 are included with the applied daia (which
data may include a fixed alphanumeric reference) for encoding by
module 67 under the control of KEYl to produce the encrypted
message "DATA+RN2+KEY2". This encrypted message is then trans-
mitted from user station 73 to processing station 75 where de-
cryption module 69 (matching encoding module 67) decrypts or
decodes the encrypted message in accordance with KEYl which is
accessed from the file 65 where it was originally entered during
the initialization operation previously described. The DATA is
thus retrieved in clear text and the RN2 and the KEY2 are also
separately available for updating file 65 (and optionally local
file 72) with RN2 and KEY2 in place of RNl and XEYl, respectively.
_ g
1 159920
In a subsequent transaction, the user again enters his
PIN in1:o the algorithm module 63. In response to the entered
PIN, and in response to the updated RN2 accessed from file 65
(or from local file 72), the module 63 reproduces the encryption
key (KEY2). With the encryption module 6 7 set to encode applied
data in accordance with KEY2, the random number generator 61
produces another random number RN3 which is applied to the al-
gorithm module 63 along with the PIN that is available during the
present transaction to produce another encryption key (KEY3).
10 KEY3 and RN3 are included with the DATA that is applied to the
, encoding module ~7 which produces the encrypted message
"DATA+RN3+KEY3" when encrypted under the control of KEY2. This
encrypted message is then transmitted from user station 73 to
pxocessing station 75, where decoding module 69 decrypts the
encrypted message in accordance with the Æ Y2 which is accessed
as the updated entry from file 65. The DATA is thus retrieved
in clear text and the RN3 and XEY3 are again available to update
the file 65 (and local file 72) for use in subsequent transactions.
The reference data previously referred to as being
included with the input DATA may simply be a standard code word
which must be extracted at the output of module 69 as an indi-
cation that the user inserted the proper PIN, In this way, the
encrypted message transmitted to and received by the processing
station 75 can be promptly decrypted to verify the PIN before
the file 65 (or local file 72) is updated with keys and random
numbers which would not relate to the authorized PIN.
Thus, it can be seen from Figures 4A and ~B that not
only is PIN information not stored or transmitted from user
station 73 to user station 75 but, for added security, the key
used to encrypt data in response to a given user transaction is
-- 10 --
1 1 59920
not the same key that is used to decrypt the encrypted data
during such transaction. Also, it should be noted that the
stored code words are updated in each transaction and that these
code words are under the control of the user.
With the personal identification number of an authorized
individual stored in encrypted form (PIN') along with an encrypted
key for that encryption of the PIN, a system is provided which
enables the authorized individual to control various secured
transactions at remote locations without the need for matched
pairs of modules and without compromising the security of the
system. In one embodiment of the system, as shown in the block
diagram and flow chart of Figures 5A and 5B, respectively, the
data 81 or message MSGE to be secured against alteration or
unauthorized use ~such as account number, amount of money being
transferred, type of transfer, etc.) is combined with a sequence
number (such as date and time) to supply to an encryption al-
gorithm module 83. Of course, the data may be in clear text or
in encoded form. In addition, the authorized person introduces
his PIN via keyboard 87 or other entry device to produce another
input to the module 83. This algorithm used in module 83 may be
of the National Bureau of Standards type previously described,
or of the type described in the aforementioned U. S. patent
issued to Atalla and Liu. The module 83 accepts the two inputs
(or obtains two inputs from any combination of all the entry bits
involved) in a format as shown in Figure 5A and encodes the input
information in accordance with the operating algorithm thereof to
produce an N-bit output, one portion of which serves as the
TRansfer Authorization Code (TRAC) signal 89 and another portion
of which serves as the ACKnowledgment-TRansfer Authorization _ode
(ACK-TRAC) signal 91. Only the data or message MSGE plus sequence
1 1 59920
number plus TRAC output 89 are transmitted over a data link 93
to a remote location. Note that the PIN for the authorized
indivi.dual is not transmitted from the location where introduced
and i~ not stored in any file.
Thus, the data link 93 may be a simple and convenient
data link or voice communication over telephone lines or a
writing transmitted by telegram or mail, or the like. Since the
TRAC signal 89 was generated using ~he PIN and the sequence
number and the MSGE, any alteration of the MSGE or TRAC or se-
quence number (e.g., b~ an unauthorized attempt to rerun a cash
~- withdrawal transaction) will alter the transmitted TRAC which
will not compare favorably with the TRAC signal regenerated at
the receiving location. Thus, an unauthorized alteration of any
part of the MSGE, SEQ. NO. or TRAC during transmission will re-
sult in unfavorable comparison and rejection of the received
transmission, as later described.
The received transmission is compared for parity of TRAC
signals by first accessing the memory 96 of a local central pro-
cessing unit or computer 95 for the PIN of the authorized indi-
vidual that is stored in encrypted-form, together with the en-
crypted key that was used to encrypt the PIN and also stored in
the memory, as previously described. From this information ob-
tained from the computer memory 96, the PIN of the authorized
individual may be regenerated using the encryption module and is
then only available internally for use in regenerating a TRAC
signal at the receiving location. The PIN thus regenerated from
information accessed out of the computer memory 96 and the trans-
mitted MSGE and SEQ. NO. received at the remote loca~ion are
encrypted in module 97 which operates according to exactly the
same algorithm as is used in module 83 on the two input signals
- 12 _
1 159920
that are applied in exactly the same format as is applied to
module 83. The resulting TRAC 99 and ACX-TRAC 101 outputs
appear as a composite N-bit output in the same format as the
outputs of module 83. Thus, the transmitted and received TRAC
signal 89 must be identical to the regenerated TRAC signal 99
for the received ~SGE and SEQ. NO. signals and encrypted PIN and
encrypted key signals from memory 96. These two TRAC signals
are compared in comparator 103 to produce an output 105 in re-
sponse to parity of the two TRAC signals, and this parity output
signal gates out the PCK-TRAC signal 101 for retransmission back
to the originating location via a convenient communication link
93. Of course, the local computer 95 is also enabled to operate
on the MSGE signal, for example, to debit an account, update a
file, etc. If no favorable comparison of TRAC signals in com-
parator 103 is obtained, the received MSGE signal need not beacted upon and a suitable non-response signal may be returned to
the originating location.
For a favorable comparison of TRAC signals, the resulting
ACK-TRAC signal is retransmitted and received back at the origi-
nating location and is compared in comparator 107 with the ACK-TRAC
signal that was originally generated from the MSGE and SEQ. NO.
signals and PIN signal received from the authorized individual
upon initiation of the transaction. These signals must be iden-
tical for the given MSGE and SEQ. NO. signals and proper PIN from
the authorized individual applied in identical formats to identical
modules 83 and 97. Thus, unfavorable comparison of the two
ACK-TRAC signals in comparator 107 is an indication of a possible
alteration of one or more of the signals from which each of the
ACK-TRAC signals is generated, or of an error or alteration in
the retransmitted ACK-TRAC signal 109. Of course, an output 110
1 159~2~
generated upon favorable comparison of the two ACK-TRAC signals
in comparator 107 is an indication of completion of the trans-
action (e.g., debiting an account, dispensing cash, etc.~, which
was initiated by the individual whose PIN 87 was introduced.
It should be noted that the system operated as described
in connection with Figures 5A and 5B assures the proper identity
of the individual whose encrypted PIN and encrypted key are on
file at the receiving location (e.g`, bank). Also, the MSGE
cannot be altered and cannot be replayed without detection, 50
that convenient less secure data-transmission links can be used
without degrading the security of the over-all system. It should
be noted also that the individual's PIN is not transmitted in
clear text from anywhere within the system, and that ample record-
producing checkpoints are provided for later, convenient auditing
procedures.
Referring now to the illustration of Figure 6, there are
shown the method and means for controlling a transaction such as
a "wire transfer" of funds from a remote location with a high
degree of security against unauthorized manipulation. In this
~0 embodiment, the components of the system which are similar to the
components of the system in Figure 5A are similarly labeled.
Thus, an authorized individual located at correspondent office A
(e.g., a bankf trucking company, etc.) is able to control a trans-
action such as the "wire transfer" of money for withdrawal from
correspondent office B with the aid of the circuitry, files and
operation of the central office. As in the embodiment of Figure
5A, an individual (e.g., manager or officer, etc.) whose encrypted
PIN and encrypting key are on file at the central office is able
to generate a TRACA signal 89, as previously described, which is
transmitted to the central office over a convenient data
- 14 -
1 159920
transmission link 10~, along with the composite signal 80
including data or message or instructions MSGE and appropriate
sequence number (e.g., date and time). These signals when re-
ceived at the central office are used to regenerate a PIN for
the individual in the manner previously described from the infor-
mation about that individual that is stored in the central com-
puter 95 and memory 96. The PIN thus produced is then available
only internally to produce a TRACA signal 99 for comparison with
the transmitted and received TRACA signal 89 in comparator 103.
However, in this embodiment the output signal 105 that is gener-
ated in response to favorable comparison is used to generate
:
another or TRACB signal for transmission to the correspondent
office B. Optionally, this signal may also be used 120 to gate
out an ACK-TRACA signal for transmission back to the ori~inating
office A. The new TRACB signal is produced by accessing from
storage in computer memory (which, of course, may be the same
computer and memory but at a different memory address location)
the encrypted PINB and encrypted KEYB for an authorized individual
(e.g., manager or officer, etc.) at correspondent office B. This
- O PIN information is used interactively with the irreversible al-
gorithm module 97' (which, of course, may be the same module 97
used in the serial-state operation of the same computer 95, 96)
in order to generate the PINB which is only available internally
for use in generating the TRACB signal 99' in the manner pre-
viously described in connection with the TRACA signal.
The TRACB signal and the MSGE and SEQ. NO. signals maythen be transmitted over the data link 112 to the correspondent
office B. There, the PINB may be manually supplied via keyboard
117 by the authorized individual (or may be regenerated in the
manner previously described by interactive operation of computer
1 159920
115 with the encryption module 113 from PIN information accessed
from storage in computer memory).
The circuitry at correspondent office B operates in the
manner previously described in connection with the receiving
location in Figure SA to produce ACK-TRACB signal 119 that is
transmitted back to the central office. When received there,
the ACK-TRACB signal is compared with the ACK-TRACB signal locally
generated in the manner previously ~escribed. The signal 118
generated in response to favorable comparison of these two signals
indicates that the requested transaction was completed at office
, B. Optionally, the signal 118 may be used to enable the gate to
transmit the ACK-TRACA signal 121 back to the correspondent office
A where it is compared with the original ACK-TRACA signal gener-
ated in the manner described in connection with Figure 5A. Favor-
able comparison of all the ACK-TRAC signals would provide indi-
cation at office A that the requested transaction was completed
at office B.
Thus, the instructions and acknowledgments required to
command a transaction at the remote office are transmitted and
returned with substantial security against errors and unauthorized
alterations, and with ample provisions for auditable records of
the transaction. It should be readily apparent that transactions
between remote offices of unassociated businesses may thus be con-
ducted in this manner through one or more "central" office links,
as shown, for example, in Figure 7 in connection with interbank
transactions. By introducing additional circuitry similar to
that which was described in connection with central office 114
for each central unit or office between the ultimate end-users,
a transaction may be initiated by one BANK A 123 and be consum-
mated at BANK Y 125 under command and control of BANK A and with
- 16 -
1 159920
verification back to BANK A, all with a high degree of immunity
from errors and unauthorized alterations. This is accomplished
by retaining in the files of office 124 the requisite encrypted
PIN's and encrypted keys therefor for each of its branches (or
the officers thereof), and by retaining in the files of office
128 the requisite encrypted PIN's and encrypted keys therefor
for each of its branches (or the officers thereof). Then, the
central unit 126 need only retain in its files the requisite
encrypted PINIs and encrypted keys therefor for each of offices
124 and 128 (or the officers thereof) in order to complete
secured transactions in the manner previously described.
In similar manner, an interchange transaction between
bank A and bank B may be accomplished by using a data switch to
route customer information and TRAC signals between banks A and
B, Thus, data from a customer of one bank 132 which is entered
on a Teller Terminal 128' such as a conventional automatic teller
machine (ATM~ in one bank 130 may be routed to the proper bank
via the data switch 134 for comparison with data on file for that
customer at bank 132. The TRAC, MSGE and SEQ. NO generated in
response to the customer's entry of his own PIN may thus be trans-
ferred via switch 134 to the proper bank 132 for comparison there
with data on file, all as previously described, for example, with
respect to the embodiment of Figure 6.
Referring now to the illustration of Figure 8, there is
snown another embodiment of the present invention in which a
central office is able to implement the command and confirmation
of a transaction consummated between remote offices. In this
embodiment, the apparatus and method of operation for trans-
ferring data between office A 131 and central office 133 is
similar to the operation previously described in connection with
- 17 -
1 ~ 59920
Figures 5A and 5B, except that upon favorable comparison of TRACA
signals, only the MSGE and SEQ. NO. signals 134 are retransmitted
to the office B 135 and, optionally, the ACK-TRACA signal may also
be returned to office A 131 as an acknowledgment of proper receipt
of the transmitted information. At office B, the PINB signal for
another authorized individual is provided for generating a TRACB
signal as previously described for transmission back to the cen-
tral office 133 with the MSGE and S~Q. NO. signals 137. At the
central office 133 the PINB must be regenerated from stored infor-
mation in order to produce a TRACB signal therefrom in combination
~; with the MSGE and SEQ. NO. signals, as previously described. Upon
favorable comparison of TRACB signals at the central ofice 133,
the ACK-TRACB signal may be transmitted back to the receiving
office B 135 as a confirmation of unaltered communication of data
between office B 135 and the central office 133.
Referring now to the illustration of Figure 9, there are
shown the apparatus and the method involved in remotely signing
on a new individual who is to receive authorization to use the
system. This is accomplished with the aid of a sponsor who is
already authorized to use the system and whose PIN is- already
stored in encrypted form in the remote tsay, central) location
141. It is possible in this embodiment of the present invention
to introduce a new PIN for a new individual at a remote storage
file with a high degree of security while using the transmission
data link 143 in a manner similar to that which was described
above. Note that this embodiment requires the entry o~ a new
PIN for the new individual as part of data (entered, for example,
by a keyboard) to be encrypted by the encryption module 157.
This information, along with a sequence number (say, date and
time) is then encrypted in the encryption module 157 during a
- 18 -
1 159~20
first operating state using the PIN of the sponsor as part of
the encryption key. The data may include an indication of the
bit-length of the P~N for the new individual, etc., and the en-
cryption thereof yields an encrypted PIN 153 for the new indi-
vidual. Also, the PIN for the sponsor, entered by keyboard 155along with other data and sequence number and encrypted PIN for
the new individual can be applied to the encryption module 157
operating during a sequential state or time-shared mode to pro-
duce a TRACS signal 159. This TRACS signal is transmitted along
with the encrypted PIN' signal 153 for the new individual and
data and the sequence number signal 161 over data link 143 to
the remote or central location 141.
At the remote location, the PIN of the sponsor is de-
crypted by the encryption module 166 from information including
encrypted PIN' and encrypted key for the sponsor contained in
computer memory 165. Thus, once the PIN for the sponsor is re-
generated, it is available (internally only) in combination with
the received SEQ. NO. and other data as one input to the module
166 while the received encrypted PIN' for the new individual
~0 serves as another input. This module then operates according to
the same algorithm as module 157 to produce a TRACS signal which
should compare favorably with the received TRACS 159. When so
favorably compared (indicating transmission and reception without
alteration), the resulting output 168 then controls the encryption
of the PIN for the new individual. This is accomplished by first
decrypting the received PIN' for the new individual to obtain the
PIN for the new individual in clear text (internally only). This is
obtained by decrypting in encryption module 166' the sequence
number and the received encrypted PIN for the new individual.
The encryption module 166' operates with the same algorithm as
-- 19 _
1 1 5992~
module 157 (and, of course, may be the same module as module 166
operating in a sequential state or time-shared mode) to yield the
PIN 172 for the new individual in clear text tinternally only).
A random number from generator 171 is then combined with the PIN
for the new individual 172 in an encryption module 166 " (which,
of course, can be the same as module 166 operating in a sequential
state or time-shared mode) to produce the encrypted PIN for the
new individual which can be stored in memory 165 along with the
random number 176 used to encrypt the PIN. Of course, the (PIN')
for a new individual may also be transmitted over a data link 143
to a remote location 141 with additional data necessary to iden-
tify the individual, the extent of his authority, data about the
number of bits in the new individual's PIN, the encryption key,
etc. Either way, a new individual may be incorporated into a
total system from a remote or branch location and thereby obviate
the need to sign on only at a central location.
With reference to the illustration of Figure 10, it
should be noted that an individual may also change his own PIN
from a remote location with the aid of a sponsor. The sequence
~0 number 181 may be used to prepare a TRACS signal 183 for the
sponsor and another TRACoLD signal 185 for the old PIN of an
established individual, all as previously described. These TRAC
signals may be stored in a buffer 187 for assemblage into a format,
as illustrated. In addition, an encrypted form of the new PIN
for such individual is also generated by the encryption module 188
using the sponsor's PIN alone or in combination with a SEQ. NO.,
etc., as the encryption key. A composite signal 186, for example,
in a format as illustrated, may be transmitted with the SEQ. NO.
signal 189 over the data transmission link 190 to the remote
location 192. Then, using an encryption module 194 (shown in
- 20 -
1 15992~
three circuit locations for clarity and comprehension, but
singularly usable in different sequential states or time-shared
modes for the operations indicated), the encrypted PIN and en-
cryptecl key therefor for the sponsor stored in file l91 may be
operated with module 194 to regenerate the PIN (internally only)
for the sponsor according to the same algorithm used in module
188. This can then be combined in the module 194 with the re-
ceived SEQ. NO. signal 189 to produce the TRACS signal for the
sponsor using the same algorithm as in module 188. Similarly,
the TRAC signal for the old PIN of the individual may also be
regenerated from information contained in file 191, all as pre-
viously described. These two TRAC signals may thus be compared
in comparator 199 with the received TRAC signals in the same
format. If comparison is favorable, indicating that the TRAC
signal for the sponsor's PIN and the TRAC signal for the old PIN
are all right, then the resulting output signal 198 controls the
decryption of the encrypted new PIN for the individual using that
individual's old PIN (available only internally) as the decryption
key in the module 194'. The resulting new PIN for the individual
~0 may be encrypted in module 194'' using a random number from
generator 201 to yield the encrypted new PIN and encryption key
therefor for storage in file 191, as previously described. Thus,
when an individual is to be introduced into the system for the
first time, he may merely be given a PIN that is set into a
central file solely for the purpose of enabling him to change
the PIN to one of his own, secret selections as the first trans-
action.
Referring now to the illustration in Figure 11, the
present invention may be used to transmit a secured memo or
other message between two users via a central station which
- 21 -
1 159920
contains the identification information fox the two users and
which provides the requisite routing of the encoded message. In
this embodiment of the invention, the sender A at station 205
introduces his PINA, identifies himself and his intended receiver
B at location 209, and also introduces a SEQ. NO. (such as date
and time), all via keyboard means 211 which may contain a full
complement of 26 letters and 10 digits for convenient encoding
of textual messages. In addition, sender A introduces his message
to be encoded for secure transmission over the data link 203 to
the central station 213 for further processing.
At the initiating station 205, the keyboard means 211
may contain conventional,addressable buffer registers for se-
lecting the portions of input information introduced via the key-
board keys for separate treatment and routing. Thus, for a
National Bureau of Standards encryption module 207 of the type
previously described, the keyboard means 211 may supply two
separate inputs to the module 207 in the format illustrated (or
in other suitable sets of the input information, as desired) and
may also supply the identity of A and B (and optionally the se-
~0 quence number) in clear text. The module 207, operating on thesignals applied to it, produces an encoded ~essage 215 which can
be sent along with the identity information about A and B over
data link 203 of any type, as previously described, to the cen-
tral station 213. There, the received encoded message 215 is
decoded using information about the sender A that is on file and
is then reencrypted for retransmission using information about
receiver B which is also on file Specifically, the received
information 206 (in clear text usually) which identifies the
sender A enables the encoded PIN for sender A and the encrypted
key therefor to be withdrawn from file 219 for decoding using
- 22 -
1 1 5992~
the encrypted key, as previously described, to produce PI~A
(internally only) that is then used to decrypt the received
message 215 in encryption module 217. Once decrypted (and avail-
able internally only), the message may now be reencrypted using
the PINB for the receiver B. The PINB may be reproduced (avail-
able internally only) by decrypting the encrypted PINB and the
encrypted keyB therefor applied to encryption module 217 in the
manner previously described to produce the PINB for reencrypting
the message that was decrypted using the PINA. Thus, the en-
crypted message 221 that is transmitted via data link 223 to
station 209 along with the information 206 about the sender A
and the receiver B is newly encrypted with respect to the identity
of the intended receiver B.
At the remote station 209, the received encrypted message
221 and the received information 206 about the sender A and
receiver B may be decoded under B's control to yield the encoded
message in clear text. Specifically, the receiver B need only
enter his PIN via keyboard means 225 for combining with the re-
ceived sequence num~er, and the like, to provide the input signal
- ~0 in requisite format to apply to the encryption module 227. The
key for decrypting the received encrypted message 221 is thus
supplied by B himself to operate the module 227 according to the
inverse of the algorithm by which module 217 reencrypted the
message, Of course, TRAC signals and ACK-TRAC siqnals may be
furnished and transmitted along with the encoded messages in the
manner previously described. However, in this application where
an entire memo or letter is being encoded, for example, in elec-
tronic mail transmission, the entire memo will either decode or
not decode depending upon whether error or tampering occurred in
transmission, or upon whether unauthorized persons attempted to
1 159920
transmit or decode messages within this system embodiment of the
present invention. Thus, a "scrambled" memo remaining after an
attempted decryption by receiver B at station 209 indicates that
error or alteration occurred during transmission or that un-
authorized persons other than those whose encrypted PIN's andencrypted keys are on file at station 213 attempted to transmit
or decode the memo.
It should be noted that for enhanced security or control,
two or more individuals, each having a PIN that is stored remotely
in encrypted form along with the encryption keys therefor, may
combine their PIN's to produce a composite TRAC signal, for
example, as described in connection with Figure 5A, that can then
be compared with a TRAC signal regenerated from the two PIN's and
encryption keys therefor stored in the remote file. The rest of
the acknowledgment message may proceed as described in connection
with Figure 5A.
In each of the embodiments above, additional information
such as a MSGE or DATA signal may always be sent to the remote
location along with the TRAC signalts) transmitted. Such MSGE
_O or DATA signals may identify-the first number of characters of
one input to an encryption module that represent the number of
bits in the PIN, or the like. Also, it should be understood that
in each of the embodiments of the present invention described
above sequential numbers may be used in place of random numbers
used in the identification or encoding schemes, or random numbers
may be used in place of sequential numbers. This permits the
systems to exclude the repeating of the same data or information
in subsequent transactions by enabling a check for parity of
either random or sequential numbers at the receiving stations.
Also, as used herein, "individual" may refer to a person or an
institution such as a correspondent bank, or the like.
- 24 -
t 159920
Therefore, the present invention may operate without
paired modules at remote ends of a data transmission link, pro-
vided, of course, that encryption modules of similar type and
operable according to the identical algorithm are contained in
each location. Then, the secret PIN of an individual remains
secret at the entry point (and is either stored in encrypted
form or regenerated internally only elsewhere in the system).
This facilitates the convenient generation of a TRAC signal,
for example, by a simple calculator-type device containing an
encryption module, and this TRAC signal may then be openly com-
municated to the remote location by telephone, telegram, etc.,
along with the transaction message or data, all without possi-
bility of unauthorized alteration. Such a user's device may
simply calculate a TRAC number for all the data, PIN and SEQ. NO.
supplied, and this TRAC number becomes that user's unique signa-
ture for that single transaction. Audit records pertaining to
all such transactions are therefore amply available and more
readily recallable than the microfilmed records of paper trans-
actions currently in use.
