This invention relates to data security techniques and, more particularly, to a process for verifying the identity of a terminal user.
Data security is concerned with the prevention of unauthorized entry, modification and disclosure of sensitive data. Electronic Funds Transfer (EFT) systems electronically transfer billions of dollars between institutions and individuals. Deposit and withdrawal transactions cannot be processed safely unless user identities can be validated securely. The process of validating user identities is called personal verification. A user is normally provided with an embossed, magnetic stripe identification card (bank card) containing a primary account number (PAN) a portion of which may include the bank identification number and the user account number, and the card's expiration date. The bank at which the customer opens his account, and which provides the user with a bank card, is called the issuer. At an entry point to the system, information on the user's bank card is read into the system and the user enters a secret quantity called the personal identification number (PIN). If the card holder has supplied the correct PIN associated with the PAN obtained from the card, and if the balance in the account is sufficient to permit the transaction, and if that type of transaction is allowed for that account, the system authorizes the transaction.
The bank which first acts on information entered at an EFT terminal is called the acquirer. A user who initiates a transaction at an EFT terminal may be a customor of the local bank, in which case, the acquirer is also the issuer. If a user can initiate transactions at an entry point not controlled by the issuer, the supporting network is called an interchange. The interchange allows member banks to connect to what may be termed a central master bank called a switch such that requests for information or transactions which cannot be handled by one member bank may be routed to another member bank, with the other member bank being the owner of the information requested. Each member bank need not be aware of the other member banks, just the switch. Of necessity, therefore, before a transaction can be completed, the requester must be verified as a valid customer. Thus, the problem of security in a single banking system becomes far more complex when a network of banks are arranged in an interchange.
Verification is a process which serves to prove that a user of the system is the person authorized to obtain access to the system and the resources therein. This requires a special test of legitimacy, an early form of which arose with the advent of identification cards bearing an identification number (ID) of the person being identified for access to the system. The card would be read at an entry point of the system and compared with a table of ID values to validate the potential user of the system. However, this test had limited value in view of the fact that the card could be easily lost or copied. Accordingly, to provide more secure verification, it became necessary to provide additional evidence that the person presenting an ID card is the correct owner of the card. This was accomplished by providing the authorized user with a memorized PIN for entry into the system along with the user ID. A table of valid reference PINs is stored at the host data processing system (Bank) and is accessible by the user ID. In this arrangement, the ID card is read at the terminal and the memorized PIN is manually entered at the keyboard of the terminal or some other suitable entry device such as a pin pad, the combination being transmitted to the host system. At the host system, the PIN of reference is accessed from the table, on the basis of the user ID, and compared with the received PIN from the terminal to verify the user of the system. Another form of PIN verification is available when the terminals and data processing nodes each have cryptographic facilities. Thus, in such a system, the reference table of clear PINs may be replaced by a reference table of authentication parameters each of which is a cryptographic function of the PIN so that the PINs need never be stored in clear form. In this arrangement, the user ID and PIN are entered at a terminal and the PIN is encrypted to provide an authentication parameter using a cryptographic function. The user ID and authentication parameter are then transferred to the data processing node where the authentication parameter of reference is accessed from the reference table on the basis of the user ID and compared with the received authentication parameter to verify the user of the system.
In a single banking system, the verification is done at the local bank thereby reducing the security exposure of the PINs. However, in a large bank which has many branch offices, each of which may retain the accounts only for the depositers in their branch, with the total depositer table being retained at the main office. In such a case, verification at a branch may not be feasible if the customer is a depositer associated with a different branch of the bank, in which case, the PIN information has to be transferred from the terminal of the branch to the main office for verification before proceeding with the transaction. In such an arrangement, if it is determined that the message from the terminal corresponds to an account maintained at the associated branch, the branch data processor will compare the authentication parameter of reference with the received authentication parameter to verify the identity of the terminal user. However, if the transaction message corresponds to an account maintained at a different branch of the bank, then the encrypted PIN can be re-encrypted into a new authentication parameter which can be transmitted to the main office for verification. At the main office, the authentication parameter of reference, from the table maintained at the main office, is compared with the new authentication parameter received from the branch to verify the identity of the terminal user. It should be apparent that as banks are combined into an interchange which permits a customer of one bank to use the facilities of another bank, the entered PIN at a terminal can be routed through the network to the issuer bank before verification can be obtained. Because of this complexity, it becomes increasingly important to provide a process for validating a terminal user with a minimum of security exposure. In one prior art arrangement, all of the PINs associated with one node as well as the transfer keys from nodes connected to the one node and the transfer keys from the one node to other nodes are all enciphered under the system master key of that node. This permits the same transfer key to be used as both a transfer-in key and a transfer-out key, Which, for all practical purposes means that the properties of "transfer-in" and "transfer-out" cannot be enforced. As a consequence, a cryptographic attack, in which PINS are intentionally misrouted to a compromised node, may succeed by intercepting a PIN encrypted under a transfer-out key on the outbound communication line from the node. Then, gaining access to the sending node, another translation operation can then be performed in accordance with the previous transfer-out key of the sending node used as the transfer-in key and the transfer-out key of the compromised node used as the present transfer-out key, to translate the PIN from encryption under the previous transfer-out key to encryption under the present transfer-out key of the compromised node where, after being transmitted to the compromised node, it be possible to obtain the PIN in clear form.
Accordingly, it is the object of the invention to provide a secure process of verifying the identity of a terminal user.
Another object of the invention is to translate information from encryption under one transfer key to encryption under another transfer key, where the keys may not be selectively used interchangeably.
A further object of the invention is to translate data from encryption under one transfer key to encryption under another transfer key, where the keys are provided under the protection of other keys which are different than one another.
Still another object of the invention is to translate key information from encryption under a transfer-in key to encryption under a transfer-out key, where the transfer keys are provided under the protection of other keys which are different than one another.
Still a further object of the invention is to translate a user's personal identification number encrypted under a transfer key to encryption under an authentication key for user verification, where the keys are provided under the protection of other keys which are different than one another.
Still another object of the invention is to translate, at one data processing node, a user's personal identification number encrypted under a transfer-in key from another node to encryption under a transfer-out key to the next connected node, where the transfer keys are provided under the protection of other keys which are different than one another.
Still a further object of the invention is to translate, at one data processing node, a user's personal identification number encrypted under a transfer-in key from another node to encryption under a transfer-out key associated with a remote data processing node.
Still another object of the invention is to protect user personal identification numbers at each processing node under a unique authentication key associated with that node.
Still a further object of the invention is to protect transfer-in keys stored at a processing node under a key which is different than the node master key.
Still another object of the invention is to protect transfer-out keys stored at a processing node under a key which is different than the node master key.