Certain known systems for securing the transmission of data between locations rely upon computer-operated terminals as input and output devices. These terminals commonly include an encoding module which encrypts applied data so that the subsequent transmission thereof to a remote location remains secured against unauthorized reception, alteration or duplication. The encoding module is commonly controlled by an encoding key which is only known to one or two trusted persons, but which nevertheless must be changed periodically to assure continued integrity of the secured data-transmission system.
In the banking industry where secured-data transmission systems of this type have become widely used, it is common practice to allow a bank officer to initially establish the encoding key at each terminal at the start of operations for the day. This encoding key most usually must also be established at a remote end of the transmission system (say, at the central processor of the bank) in order to facilitate the decryption of transmitted and received encrypted data, and to permit the encryption of return messages that can then be decrypted according to the same key at the receiving terminal.
Previous schemes for disseminating the encoding key for use at remote locations have included too many people who thereby obtain sufficient information about the encoding key to seriously degrade the security of the system against unauthorized use of the encoding key by individuals who have access to the system from within the bank or from along the transmission system.
In accordance with a preferred embodiment of the present invention, encryption and decryption keys for controlling the encoding and decoding of secured, transmitted data are generated and distributed over the secured transmission system without the involvement of additional individuals than the person who initializes the system, and who may not even learn about the operating encoding key for himself. This is accomplished by relying on a secret code number or word or phrase which is selected by and known only to an authorized individual, which code (called a Personalized Individual Number or Code or Phrase) is combined in logical manner with an identification number for the terminal and a sequence number (or date, or random number, etc.) to produce a pair of codes, one of which remains stored in the terminal as an initialization key and the other of which (TRAC) can then be sent to the central processor at a remote location for proper analysis.
At the central processor, the PIN (or PIC or PIP) for the authorized individual (and for all other authorized individuals) is retained in storage (preferably in encrypted form with its requisite encrypting key) along with the identification number of the terminal (and all other terminals included within the system). Thus, the central processor may regenerate the authorized individual's PIN for use within the processor only by decrypting the stored encrypted PIN using the stored encryption key code. The PIN and the terminal identification number accessed from the processor memory may be combined in the same logical manner as at the identified terminal to yield a pair of codes, namely, a TRAC and an initialization key. The TRAC thus generated, and the TRAC transmitted and received from the remote terminal may then be compared for parity. Upon detection of parity, any set of numbers may be randomly selected for encoding to provide the session key, and this session key may be encoded with the initialization key to produce an encrypted session key for transmission back to the identified terminal. Since the session key actually determines the encryption/decryption for the day (or other session period), it is only necessary to decrypt the encrypted session key as received back at the terminal using the initialization key stored therein to produce the requisite session key. Thereafter, the initialization key can be discarded. In accordance with this embodiment of the invention, the users of a terminal cannot know the session key, and other terminals cannot be used to intercept a message selected for transmission to one terminal. In addition, terminals cannot simply be connected unauthorizedly into the system because of the need for proper initial conditioning.