In electronic funds transfer applications, it is customary to authenticate the originator of the transaction by use of a secret code, which is known to the originator of the transaction and is in some way verifiable by electronic equipment under control of the institution that controls the funds. This secret code is usually referred to as a "personal identification number" (PIN) or a password. For purposes of this patent application, these secret authentification codes shall be referred to collectively as a "PIN".
Verification requires that the PIN, which is keyed by the individual into an acquiring device at a remote terminal, be transmitted to a validating device located at the host terminal for comparison with the true PIN for that account. Often, the remote terminal is used by more than one host institution, and therefore the message containing the user's PIN must be transmitted first to a central network switch which then forwards the message to the proper host terminal.
The verification process must be carried out in such a manner that the PIN cannot be determined by gaining access to any information that is held in electronic storage or by intercepting any message along the paths of communication.
The security requirement is currently handled by encrypting the PIN at the point of entry into the system and keeping it encrypted at all times when it is held in electronic storage or when it is being transmitted between terminals. The device which performs the encryption is a separate electronic component which is secure against physical or electronic intrusions that would reveal any data held in the device. The device which verifies the PIN is similarly secure. The only time that the PIN may be in non-encrypted form is when it is within one of these devices.
The method of encryption that is in current general use employs an algorithm known as DES. DES was developed to encrypt text so that the clear text could be recovered only by authorized persons. It requires that a secret encryption key be held in common by the PIN entry device and the PIN verification device, or that there be a chain of encryption keys between the PIN entry device and PIN verification device, with the first key known to the PIN entry device and the last key known to the PIN verification device. Secrecy of the keys is more important than secrecy of PIN's since discovery of a key may compromise the security of all of the accounts at an institution or at several institutions. Except in the very simplest case (where entry and verification of the PIN occurs in the same terminal and therefore the same device functions as both the entry device and the verification device), secure control of the secret keys is the most troublesome and costly element of electronic funds transfer security.
A typical application of such devices occurs in electronic funds transfer. In this application the acquiring device is an automated teller machine or a bankcard point of sale terminal located at a retail merchant. In either case, the acquiring device reads data that is magnetically recorded in the bankcard, including the account number. The card-holder keys his secret PIN into the acquiring device and, in the ensuing electronic dialogue between the acquiring device and validating device, the validity of the PIN keyed into the acquiring device is determined.
Currently two methods are available for the purpose of validating the secret code, while protecting the secrecy of the code.
In the first method, all data which might lead to knowledge of the secret code is transmitted between the acquiring device and validating device in encrypted form. The encryption process uses an encryption key which must also be kept secret. If the acquiring device communicates directly wih the validating device, the key is held in common by the acquiring device and validating device. If the remote terminal is part of a network serving multiple hosts, and along the path between the acquiring device and the validating device there is a chain of intermediate devices, each intermediate device has two keys - one is held in common with the preceding device and one is held in common with the succeeding device. By means of a series of decryptions and re-encryptions the data is transmitted securely between acquiring device and validating device. This latter process is required in a network in which acquiring devices and validating devices are under administrative control of different organizations and cannot reasonably be expected to hold a key in common. In a large network with many endpoints, the problem of initially distributing common keys and periodically changing keys while maintaining key security is extremely difficult.
The second method also employs encryption of sensitive data. However, pre-established common keys are not used. Instead there is a preliminary dialogue between acquiring device and validating device which results in the establishment of a secure common encryption key. This is acceptable in some circumstances. However, there are applications with critical timing requirements for which the time required for the preliminary dialogue is unacceptable. In particular, the bankcard electronic funds transfer application is such an application.
It would be greatly desirable to reduce the problems associated with distributing and maintaining the security of encryption keys that must be shared among different terminals while at the same time carrying out the PIN verification process in a manner whereby the PIN is maintained secure when transmitted between terminals. It would also be desirable to avoid the series of encryptions and decryptions presently employed while transmitting PIN's through a network common to multiple organizations.