04295039 is referenced by 73 patents and cites 9 patents.

A method and apparatus for identifying an individual holder (person) of an unalterable charge card-like device (CARD) at a utilization terminal (U/I Terminal) wherein a unique user entered key (asserted key K.sub.A) is handled in a highly secure manner. The holder of the CARD causes same to be placed in a data coupling mode with the U/I Terminal. At this point, the person enters asserted key (K.sub.A) via a keyboard associated with said system. A random word is generated by at least one random word generator located in said CARD and this random word is encrypted utilizing the asserted key K.sub.A entered by the holder at the keyboard and also encrypted under a true key K.sub.T stored in said CARD. The random word encrypted under the asserted key K.sub.A is stored in said U/I Terminal and the random word encrypted under the true key K.sub.T is stored in the CARD. The U/I Terminal then causes the encrypted word stored in the CARD to be transferred to the U/I Terminal and the two encrypted words are compared for identity.

If the comparison is true, the holder of the card has entered the correct asserted key K.sub.A into the system, and his identity is presumed to be true.

According to a first embodiment of the invention, the keyboard is actually located in the U/I Terminal, sacrificing some security for the person's asserted key K.sub.A.

According to a further embodiment of the system, the CARD is inserted into a personal portable transaction terminal (XATR) which is then inserted into the U/I terminal. Said XATR in the possession of the holder of the CARD contains a keyboard for entering the individual's asserted key K.sub.A. Additional means are provided when the two encrypted random words are to be transferred between the U/I Terminal and the CARD for comparison so that the transfer occurs simulataneously in bit serial mode and in the opposite order of bit significance, and whereby any attempt to subvert the data flow path within the XATR will be impossible.

Method and apparatus for achieving secure password verification
Application Number
Publication Number
Application Date
December 3, 1979
Publication Date
October 13, 1981
Paul E Stuckert
Roy R Schlemmer Jr
International Business Machines Corporation
G06F 7/00
H04Q 9/00
G06K 19/06
G06K 5/00
View Original Source