[54] METHOD AND APPARATUS FOR ACHIEVING SECURE PASSWORD VERIFICATION
[75] Inventor: Paul E. Stuckert, Katonah, N.Y.
[73] Assignee: International Business Machines Corporation, Armonk, N.Y.
[21] Appl. No.: 99,797
[22] Filed: Dec. 3, 1979
[51] Int. CV G06K 5/00; G06K 19/06;
H04Q 9/00; G06F 7/00
[52] U.S. CI 235/380; 235/492;
235/379; 340/149 A; 364/900
[58] Field of Search 235/380, 492, 441, 379,
235/381, 382, 493, 439; 250/568, 569; 360/2; 340/149 R, 149 A, 152 T; 364/408, 900
[56] References Cited
U.S. PATENT DOCUMENTS
3,594,727 7/1971 Braun 235/379
3,806,874 4/1974 Ehrat 340/149 R
3,906,460 9/1975 Halpern 235/439
3,971,916 7/1976 Moreno 235/492
3,978,320 8/1976 McBride 235/493
4,007,355 2/1977 Moreno 235/492
4,023,013 5/1977 Kinker 340/149 A
4,123,747 10/1978 Lancto 340/149 A
4,234,932 11/1980 Gorgens 235/379
Primary Examiner—Robert M. Kilgore
Attorney, Agent, or Firm—Roy R. Schlemmer, Jr.
[57] ABSTRACT
A method and apparatus for identifying an individual holder (person) of an unalterable charge card-like device (CARD) at a utilization terminal (U/I Terminal) wherein a unique user entered key (asserted key Ka) is handled in a highly secure manner. The holder of the
CARD causes same to be placed in a data coupling mode with the U/I Terminal. At this point, the person enters asserted key (i'm) via a keyboard associated with said system. A random word is generated by at least one random word generator located in said CARD and this random word is encrypted utilizing the asserted key K. i entered by the holder at the keyboard and also encrypted under a true key K/ stored in said CARD. The random word encrypted under the asserted key K..( is stored in said U/I Terminal and the random word encrypted under the true key Kris stored in the CARD. The U/I Terminal then causes the encrypted word stored in the CARD to be transferred to the U/I Terminal and the two encrypted words are compared for identity.
If the comparison is true, the holder of the card has entered the correct asserted key Ka into the system, and his identity is presumed to be true.
According to a first embodiment of the invention, the keyboard is actually located in the U/I Terminal, sacrificing some security for the person's asserted key Ka
According to a further embodiment of the system, the CARD is inserted into a personal portable transaction terminal (XATR) which is then inserted into the U/I terminal. Said XATR in the possession of the holder of the CARD contains a keyboard for entering the individual's asserted key Ka- Additional means are provided when the two encrypted random words are to be transferred between the U/I Terminal and the CARD for comparison so that the transfer occurs simulataneously in bit serial mode and in the opposite order of bit significance, and whereby any attempt to subvert the data flow path within the XATR will be impossible.
18 Claims, 5 Drawing Figures
