The present invention relates to improvements in methods and systems for authenticating the hardware or components of a communication system. More particularly, the present invention relates to improvements useful in a cryptographic communication system between components or terminals which may be located at spatially separated locations.
Terminal to terminal communication is expanding both in terms of volume and in terms of importance. This communication occurs for various purposes, such as electronic funds transfers and for the transfer of credits in merchandising situations. One component which is assuming increased presence and importance in such systems is a "memory" card or a "smart" card, which includes memory, a processor and an input/output device mounted on a portable unit approximately the size of a credit card. Examples of such systems using the so called "memory" cards or "smart" cards shown in U.S. Pat. No. 3,702,464 to Castrucci, U.S. Pat. No. 4,007,355 to Moreno and U.S. Pat. No. 4,211,919 to Ugon.
Communication between terminals of systems frequently occurs without the human supervision of a system operator. This occurs either because at least a part of the communication is occurring at a remote location in which communication, occurs over a telecommunication facility (a telephone line or via radio waves or satellite, for example) or because labor-saving measures are being used (e.g., automatic teller machines placed in a bank lobby to off-load some teller labor which would otherwise be required.)
A variety of systems for insuring security of communications have been suggested. Some include a challenge and password arrangement, and some of these involved the use of a random number as a challenge. These security systems generally divulge some useful or secret information to a terminal before the terminal has been identified as friendly, as opposed to hostile (e.g., an impostor.) It is undesirable to provide such information before the identity is established, since the distribution of such information can lead to the penetration of the system by unauthorized terminals, presumably operated by unauthorized personnel or in unauthorized modes (removing cash from someone else's account, for example). Examples of such security systems are shown in U.S. Pat. Nos. 3,798,605; 4,123,747; 4,193,131; 4,203,166; 4,218,738; 4,227,253; 4,238,853; 4,238,854; 4,259,720; 4,288,659; 4,295,039; 4,393,269; 4,423,287; 4,453,074; and 4,471,216.
Other limitations and disadvantages of the prior art terminal security systems will be apparent to those skilled in this art in view of the following detailed description of the best mode of carrying out the present invention, taken in conjunction with the appended claims and the accompanying drawings.