The invention relates to an operating procedure and to a device for making an electronically authorized determination of a matter as well as to a computer device for implementing the operating procedure, with the major purpose being the electronically authorized determination of an individual matter and the remotely authorized individual differentiation, reliable in its differentiation and secure against forgery, of a transaction authentication requiring on the part of the authorized person. The device is comprised of a pocket calculator provided with a numerical field and a display as well as additional function keys.
In this application, the following terms have the definitions as explained:
Authenticator (AUT)--digital electronic signature (authentication number) calculated by including, in addition to an identification of the person authorized to sign (authenticate), also the information to be signed (authenticated). If this information is altered, this is detected during checking of the AUT. PA0 AIDA--an acronym for "Authentication and Identification Apparatuses" PA0 Customer operated terminals--devices which are not operated by employees of a firm but by their customers themselves. Examples: videotex machines, point-of-sale terminals (POS devices located at a retail store and by means of which the bank customer pays for his purchases); automated teller machines (automatic bank windows at which the customer can, for example, obtain cash or initiate transfers of funds). PA0 Key management method--a method which automatically changes the secret values (numbers) required to control an encoding algorithm. PA0 Communications system--device for transmitting information (voice, text, data or images) between remotely located devices (for example telephones, teletypewriters, telecopiers, videotex machines, remote data processing terminals). PA0 Input/output=from/to--processing/communications system. Interface over which the connection to the AIDA module is established for transmission of values to be checked. PA0 Encode/decode chip--chip which, with the aid of an encoding process, generates an encoded text from the clear text (encode) and converts the encoded text into clear text (decode). PA0 Session PIN (SPIN)--a personal identification number valid only for the time of a connection between the remote device and the central device. PA0 TAN--transaction number. PA0 AIDA card--contains the AIDA chip on an insertable card intended for the processor and the chip for encoding and decoding of the information. PA0 AIDA box--pocket calculator having special function keys. PA0 AIDA module--central device for checking identification.
The operating procedure and its devices can be used wherever the unequivocal identification of a person, who is to be given access to a computer system, is required. Additionally, there exists the possibility, for transactions requiring a signature (authentication), in a manner secure against forgery, a digital, electronic signature (authenticator) by calculation and checking. In this transaction, all information to be signed authenticated is incorporated in the calculation of the authenticator. If even one portion of the information is altered, this is detected during the checking process. The authenticator is determined to be false. A typical example for this type of use are with customer terminals in banks. Access to an account is permitted after successful identification. Transfers of funds are secured by the authenticator, with at least the information to be made secure being incorporated in the calculation of the authenticator.
It is already known, according to the teaching of German Offenlegungsschrift OS-DE No. 3,248,400 of Dec. 28, 1982, to effect a checking arrangement in the sense of a remotely located user authorization check. However, this procedure secures only the identification of the user himself, not the fact that a transaction requiring a signature (authentication) has been signed (authenticated by the person authorized to do so. Checking the subscriber requires a physical connection with a telephone line and a modem. If this connection cannot be established or is uneconomical, the entire procedure cannot be used. This also applies for operating instructions given by way of a voice generating device.