WO1984000457A1 - Private communication system - Google Patents

Private communication system Download PDF

Info

Publication number
WO1984000457A1
WO1984000457A1 PCT/US1983/000567 US8300567W WO8400457A1 WO 1984000457 A1 WO1984000457 A1 WO 1984000457A1 US 8300567 W US8300567 W US 8300567W WO 8400457 A1 WO8400457 A1 WO 8400457A1
Authority
WO
WIPO (PCT)
Prior art keywords
station
signals
data
card
security
Prior art date
Application number
PCT/US1983/000567
Other languages
French (fr)
Inventor
Robert Norman Goldman
Original Assignee
Light Signatures Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Light Signatures Inc filed Critical Light Signatures Inc
Publication of WO1984000457A1 publication Critical patent/WO1984000457A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1016Devices or methods for securing the PIN and other transaction-data, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • H04L9/0662Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)

Definitions

  • Encryption coding techniques have been developed with the objective of obtaining greater security for central processors.
  • One form of such apparatus is the so-called "trap-door” encoder and decoder.
  • Such structures are operated by data keys (sets of numerals) that are treated differently depending upon the operation to be performed.
  • a relatively well known (“public”) key can be used to actuate a trap-door encoder for encrypting a message.
  • a more secure "private" key is required to operate a decoder for converting encrypted information back into a usable form.
  • Such systems are quite effective? however, they are relatively slow in operation.
  • a specific form of trap-door system was developed at Stanford University and the structural details are publicly available.
  • DES DES
  • the structure has been embodied to use a key of fifty-six binary bits and is available in a commercial form.
  • a potential problem with the DES system lies in the possibility of persons cracking the encryption key or otherwise obtaining a key for unapproved use to
  • OMPI * establish an illicit communication. Unfortunately, even if knowledge of the key is limited to a very few persons, there may be considerable difficulty in attempting to trace the source of the key for an unauthorized use. Consequently, a considerable need exists for a reliable and effective technique of private and secure communication between a remote terminal and a central computer.
  • the present invention is based on the concept of automatically generating within electronic circuitry a distinctive numerical key for use only during a specific interval of communication. That is, the system utilizes secure identification as a basis for controlling the generation of a numerical key to accomplish a specific interval of communication. At the termination of that interval, the key is released to be essentially lost, not being of record on hard copy. Consequently, in the use of the system, durable keys do not exist with the attendant concern that they may be broken or come to be held for unauthorized use. Rather, the primary security dwells in identification, as in the form of a card or other device which may be maintained relatively secure. The use of such a card can also be easily traced.
  • preliminary data signals are formulated at a remote station and include security data as from an identification card.
  • the security information is encoded by a first coding system along with a random number and control information, all of which is transmitted to a central computer as the preliminary data signals.
  • the random number is sent to a second encoding system in the
  • O remote station where it acts as a key for the encoding of the message information to be transmitted.
  • the security data is verified, the level of access is established, and the random number is set up as a coding key for the second coding system.
  • Message information can now be communicated through the second coding system actuated by a common key in the form of the random number.
  • the key is cleared from the system with no permanent record.
  • system hereof may be variously implemented, using different media and different techniques.
  • different security systems may be utilized and different forms of coding systems may also be employed. Consequently, it is to be appreciated that the disclosed embodiments are merely exemplary.
  • FIGURE 1 is a block diagram illustrating a basic data flow system constructed in accordance with the present invention
  • FIGURE 2 is a block diagram of a detailed system constructed in accordance with the present invention.
  • FIGURE 3 is a plan view of an identification card for use with the system of FIGURE 2;
  • FIGURE 4 is a block diagram of a component part for use in the system of FIGURE 2.
  • identification apparatus, data formats, coding formats and devices used or adapted for use in the present system all may vary in accordance with specific designs and objectives.
  • Some forms of elements used in the system in accordance with the present invention may be quite different from those as disclosed herein. Consequently, the specific structural and functional details disclosed herein are merely represen ⁇ tative? yet in that regard, they are deemed to afford the best embodiment for purposes of disclosure and to provide a basis for the claims herein which define the scope of the present invention.
  • a structure is represented for communicating message data and reply data between a remote station and a central station.
  • a line 10 at a remote station (left) carries message data which is processed then transmitted through a communication link (generally indicated by the numeral 12) to a central station (right).
  • the message data is decoded and provided in usable form on a line 14 at the central station.
  • Reply data at the central station, is provided to a line 16 for coding and passage through the communication link 12 to the remote station.
  • the reply data is decoded and provided by representative signals in a line 18.
  • indications of message data and reply data are merely representative; and it is to be understood that the communication might involve any of a variety of specific patterns.
  • a sequence of communication between the remote station and the central station can be initiated after certain security data has been verified. Specifi ⁇ cally, security data is provided as part of preliminary signals in a line 20 at the remote station for transmission to the central station where the data is verified.
  • the line 20, carrying security data is connected to an encoder 22 at the remote station.
  • the encoder 22 is connected for two-way communication with a random number generator 24.
  • the generator 24 Upon being activated by security data, the generator 24 supplies a random number to a register 26 which is in turn connected to supply a key to a code unit 28.
  • the register 26 provides the numerical key for operation of the code unit 28.
  • the encoder 22 and the code unit 28 are coupled through the communication link 12 to the central station. Specifically, the encoder 22 is coupled to a decoder 30 at the central station while the code unit 28 is coupled to a code unit 32, also at the central station.
  • the decoder 30 (central station) is connected to a verifier 34 which is connected to a gate 36 which also receives signals from the decoder 30.
  • the gate 36 supplies signals to a register 38 that represents the random number which is the key for operation of the code unit 32.
  • security data is provided to the line 20 comprising at least part of preliminary data signals.
  • the security data received through the line 20 is encoded to an encrypted form by the encoder 22.
  • the encoder 22 also actuates the random number generator 24 prompting the generator to provide signals representative of a random number both to the register 26 and back to the encoder 22.
  • the random number also becomes part of the preliminary data signals.
  • the actuation of the random number generator 24 may be contingent upon the encoder 22 verifying the security data, e.g. confirming the represented identification.
  • the encoder 22 has transmitted preliminary data signals representative of the security data and the random number. Such signals are received by the decoder 30 at the central station where they are returned to a workable form (not encrypted).
  • the security data is provided from the decoder 32 to the verifier 34 which may verify the data and provide a signal to qualify the gate 36. With qualification, the gate 36 provides the decoded random number to the register 38. Consequently, both the register 38 (at the central station) and the register 26 (at the remote station) contain the identical random number which now functions as a key for the intercoupled code units 28 and 32.
  • message data in the line 10 is encrypted by the code unit 28, transmitted through the communication link 12, and deciphered by the code unit 32 to be provided in its original form in the line 14, e.g. message data.
  • reply data in the line 16 may be encrypted by the code unit
  • any number of interchanges may occur between the remote station and the central station.
  • the registers 26 and 38 are both cleared of their keys (sets of numerals) with the consequence that the key indicators (values from the random number generator 24) are lost. It may therefore be seen that the common key has functioned for a single use in cooperation with specific security data and with the consequence that such a key would be difficult to obtain and furthermore in any event would be of questionable value.
  • the operation places considerable importance upon the effectiveness of the security data provided i n the line 20; however, an appropriate technique for providing such data is disclosed and considered in detail below.
  • FIGURE 2 A plurality of remote stations are represented, specifically including remote stations 1 through N. Each of the remote stations is connected to be coupled through a communication link 50 to a central station which is the location of a central processor. Accommodating various specific installations, the remote stations 1 through N may take any of a variety of terminal forms as, for example, where the remote stations are terminals for the computer or central processor of the central stations. Addressing, coupling, and station identification
  • OMPI structures and techniques are well known for such systems.
  • the operation of a remote station necessitates the presentation of an identification card bearing a magnetic stripe to provide security data.
  • an identification card bearing a magnetic stripe to provide security data.
  • One form of such a card is generally disclosed in complete detail in the parent case of which this is a continuation-in-part.
  • a specific exemplary form of card is disclosed herein with reference to FIGURE 3.
  • FIGURE 3 shows a card 52 bearing printing 54 (upper left) indicating the name of the assigned holder.
  • a photographic likeness 56 is also represented.
  • the printing 54 and the likeness 56 may be variously deposited or printed on a sheet of bond paper 58.
  • the translucency values at predetermined locations of the card 52 are sensed to provide a record for authenticating the card in accordance with an inherent characteristic, e.g. translucency. Data so sensed is then compared with recorded data indicative of the same characteristic as a basis for verifying the card 52 as authentic.
  • a magnetic stripe 60 is provided on the card
  • the card 52 and recorded with a clock track which indexes another magnetic track of the stripe 60 and also indexes nonmagnetic areas on the card 52 for charac ⁇ teristic observations.
  • the card 52 is scanned along the magnetic stripe 60 and translucency tracks 62 and 64.
  • the magnetic stripe 60 provides data in accordance with well known techniques of the prior art specifically including pattern data from a prior translucency sensing of the tracks 62 and 64. Concur- rently, the card 52 is scanned for translucency readings along the paths 62 and 64 for characteristic data to be used in testing for coincidence with a prior similar scanning.
  • Data from the magnetic stripe 60 may designate locations along the tracks 62 and 64 for translucency observations. Additionally, the data from the stripe 60 represents the results of previous translucency observations along with various other information including control information designating the specific level of access to the central computer which is to be permitted to the card bearer.
  • the locations Dl, D2, D3, and D4 are sensed optically by sensing the tracks 62 and 64.
  • the magnetic stripe 60 is sensed to provide data representative of a previous sensing of the locations Dl, D2, D3, and D4.
  • the results of a current sensing (signals S2) is then compared with the results of a prior sensing (signals S2)
  • a card reader 70 (FIGURE 2, upper left) receives and senses the card 52 (FIGURE 3).
  • card reader 70 is described in detail below; however, the unit might take a variety of forms of structure for sensing data as described above from the card 52. Specifically, the card reader 70 incorporates apparatus for sensing translucency along the paths 62 and 64 and for reading the magnetic stripe 60 as well known in the art. In addition to transmissivity, a form of reflectivity sensing apparatus also is disclosed in detail in the parent patent application of which this is a continuation-in-part. A form of device for sensing the magnetic stripe 60 is disclosed in detail in U. S. Patent 3,914,789, Crocker, et al.
  • the card reader 70 provides data from the card 52 which includes three distinct data signals.
  • the signals include: (1) the observed pattern of translucency (signals S2), (2) the data representative of the pattern of translucency from a prior observation (signals SI), and (3) a control number signal indicating the level of permissive use of the computer by the holder of the card.
  • the first two sets of signals are security data S and are provided along with the control signal C to a data path 72.
  • Another signal, signal G not representative of data, but rather indicating that a card has been sensed, is also provided from the reader 70.
  • the card reader 70 may condition the provision of the signal G on a preliminary test of the security data or the signal may simply indicate operation of the reader 70 depending upon security considerations.
  • the signal G is provided from the card reader 70 to a random number generator 74 which may take the form of any of a variety of well known number generators and simply provides signals R representative of a random number (set of numerals) in response to receiving the signal G.
  • the random number, represented by the signals R will function as the key for code units as described below.
  • the random number represented by the signals R is set into a key register 76 for cooperation with a code unit 78 through a data path 80.
  • the signals R (key) are also provided to a trap-door encoder 82 which also receives the security signals S and the control signals C through the data path 72.
  • the trap-door encoder 82 encodes those signals as the preliminary data signals for transmission to the central station by the communication link 50.
  • the encoder 82 may be relatively slow in operation compared to the coding unit 78 and may take the form of an encoder as developed at Stanford University which is
  • the key for the trap-door encoder 82 is provided by internal circuitry within the encoder as, for example, from a read-only internal memory.
  • a keyboard 84 transmits the personal identification number to -the trap-door encoder and also has an output to a data path 86 for providing message signals to the code unit 78.
  • the encoder 82 may also provide conventional terminal signals which, for example, identify the remote station 1 to the computer at the central station. In operation, the elements as described above, located at the remote station 1, are sequenced by a timing unit 88.
  • timing signals Tl and T2 Two intervals are designated by the timing signals Tl and T2. Specifically, the timing interval designated by the signal Tl involves preliminary operation by the encoder 82 and the register 76. During the interval of signal Tl security data is verified and the keys are set for code units. Subsequently, during the interval of the timing signal T2, the code unit 78 functions to accommodate actual communication.
  • the initial preparatory operation designated by Tl occurs as the trap-door encoder 82 operates through the communication link 50 to verify the security data at the central station and set the random number as the key. Subsequently, during the period of T2, the code unit 78 operates in communication through the link 50 to accommodate communication.
  • data paths 90 and 92 are coupled to a trap-door decoder 94.
  • the decoder 94 not only decodes the received signals S, C, and R but additionally provides such signals at separate and distinct outputs.
  • the trap-door decoder 94 consists of
  • the encoder 82 as well known in the prior art and is operated by a private key which is received from a terminal apparatus 96 through a data path 98.
  • a terminal apparatus 96 Such apparatus is connected for operation with a signal distributor for segregating the signals S (security data), C (level of access control), and R (key number).
  • the signals R (key) are supplied to a key register 100 which functions in cooperation with a code unit 102 which is compatible with the code unit 78 at the remote station 1.
  • the code units 78 and 102 take the illustrative form of DES or Data Encryption Standard units as referred to above and are available from IBM. Note that such units are described in the publication Technology Review for April 1982 on page 27.
  • the security signals S are provided to a security verification unit 104 which is in turn connected to the terminal 96.
  • the terminal 96 has bidirectional communication capability with a central processor 106 which also provides operating and control signals to the trap-door decoder 94, the key register 100, and the data code unit 102.
  • the card reader 70 senses a card 52 (FIGURE 3) to provide specific signals (including signals S and C) as indicated above.
  • the start signal G is also provided from the card reader 70 and is applied to the random number generator 74, prompting that unit to provide signals R representing a set of numerals to be used as the coding key for the unit 88.
  • the signals R are applied to the key register 76 and also to the trap ⁇ door encoder 82 along with the security data signals S and the control signal C.
  • the trap-door encoder encrypts the received signals S, C, and R as the preliminary data signals for transmission through the communication link 50 to the trap-door decoder 94 at the central station.
  • the trap-door decoder 94 reconstitutes the signals R, S, and C (in decoded formats) segregating the signals for various functions. Specifically, the signals S are applied to the security verification unit 104 where a test is performed to determine the propriety of the signals. In the disclosed embodiment (see FIGURE 4), the signals S2 sensed from the card 52 are compared with the recorded data signals SI read from the card 52, the degree of coincidence indicating the authenticity of the card. If the card is recognized as authentic, that is if the security data indicates an authentic communication, then the unit 104 provides an approval signal to the terminal 96. As a consequence, the terminal 96 accepts the signal C from the decoder 94 for controlling the level of access to the central processor 106 during a specific private communication.
  • the trap-door decoder 94 also provides the decoded signals R in the key register 100 for the DES code unit 102. Consequently, at this stage of operation, the key registers 76 and 100 both contain the random number as a common key for use by the DES code units 78 and 102, respectively. Also, at this state of operation, a favorable test of the security data S would have actuated the terminal 96 for controlling the central processor 106, the terminal 96 being set for specific communication levels with the processor 106.
  • the terminal 96 is not actuated with the consequence that communications will not be received at the central station. Specifically, the central processor 106 simply rejects communications from the unit 102 and rejects the key.
  • a timing unit 88 at the remote station 1 provides the signal T2 in a high state with the consequence that the DES code unit 78 is actuated. Consequently, the system is in a communicative state and messages may be formulated by the keyboard 84 for transmission through the data path 86 and the unit 78, then through the communication link 50 to the central station. At that location, such messages are decoded by the DES code unit 102 and provided to the central processor 106 through the terminal 96. Reply messages are provided from the central processor 106
  • Such reply messages are transmitted from the unit 102 through the communication link 50 to the unit 78 to be decoded at the remote station and provided to a display unit 105 at the remote station.
  • the communication may continue until such time as the central processor 106 formulates a termination signal.
  • a signal E is provided to end communication.
  • the signal E is applied from the central processor 106 to the key register 100 to clear that register.
  • the signal E is coded by the unit 102 and transmitted through the communication link 50 to be decoded at the remote station by the DES code unit 78. From that unit, the signal E is applied to clear the key register 76. Accordingly, the communication is terminated and the key indicator which functioned to accommodate the encryption of the message is cleared from the system, unrecorded in hard copy. Accordingly, as indicated above, the DES code units 78 and 102 are operated with a high degree of security.
  • the card reader 70 (FIGURE 2) and the card 52 (FIGURE 3) function in accordance with the disclosure in the parent case of which this is a continuation-in-part.
  • the card 52 (FIGURE 4) is represented in the upper right portion of the drawing, held between a pair of rollers 101 for movement by a transport and generator 103.
  • the generator 103 is connected as illustrated to roller pairs 101 and 108 which move the card 52 from right to left in relation to devices for dynamically sensing the card.
  • the generator 103 controls card movement and provides control signals tl-t6 and G. Traveling from the roller pair 101, the card 52 passes under four sensors or readers. Specifically, the card 52 initially passes under a magnetic transducer 110 which specifically reads the card for signals including: security data represented by the signals Si and control data represented by the signal C.
  • a sensor 109 receives light from the card 52 to provide a signal which is applied to a light analyzer 111.
  • the analyzer 111 tests the card 52 spectrographically to indicate material foreign to that which is contained in genuine cards.
  • the card 52 comes under an edge sensor 112 that detects the edge of the card.
  • the edge detector 112 senses the point from which clock pulses are counted for indexing the tracks 62 and 64 (FIGURE 3).
  • the output from the edge sensor 112 is connected to the transport and generator 103.
  • the card 52 In the path of the card 52, beyond the edge sensor 112, the card 52 passes under a characteristic sensor 114 which incorporates a bank of miniature photoelectric cells that are illuminated by an opposed light source 118. As the card 52 passes between the bank 116 and the light source 118, it is scanned along parallel tracks including the translucency tracks 62 and 64 (FIGURE 3). Accordingly, the characteristic sensor 114 provides analog translucency signals to output lines 120 which are connected to signal processors 122 for amplifying and refining the individual analog signals before application to a series of selector gates 124. The gates 124 pass discrete samples of the observed analog signals which are representative of the selected locations Dl, D2, D3, and D4 (FIGURE 3).
  • the gates 124 are controlled by address information and clock signals C as described in greater detail below. It should be noted that the card transport and pulse generator 103 supplies timing signals and clock signals to the gates 124 indicative of the instant position of the card 52 as it moves under the characteristic sensor 114. The initial data sensed from the card
  • the magnetic transducer 110 designates the locations Dl, D2, D3, and D4 on the card 52 (FIGURE 3). Specifically, signals from the magnetic transducer 110 are applied to a signal separator 125 which separates clock signals C the signals designating locations from the signals Si and C. The signals designating locations, address signals A, are set in a register 126 for subsequent use in selecting samples representative of sensing precisely at the locations Dl, D2, D3, and D4.
  • the signals SI and C (security data and control data) are supplied from the signal separator 125 to a cryptographic decoder 130. Although these signals are to be subsequently encripted again (by the trap-door encoder 82, FIGURE 2) they are decoded from
  • OMPI the form in which they are read from the card 52.
  • the decoded security signals SI might be compared with the sensed security signals S2 at the remote station to condition further operation. That is, a remote station security test could involve the comparison of the security data represented by the signals SI, i.e. the recorded data with the sensed data, represented by the signals S2, both being representative of the light transmissivity of the card at locations Dl, D2, D3 and D4. A favorable comparison between the security signals Si and S2 would indicate the card 52 to be genuine.
  • the decoded signals Si and C are provided from the decoder 130 to terminals from the card reader 70 as represented in FIGURE 2.
  • the signals SI are part of the security signals s, which also include the signals S2 representative of current light transmissivity observations.
  • analog signals are supplied from the characteristic sensor 114 through lines 120 and signal processors 122 to selector gates 124.
  • the control signals (clock and gating) are provided to the gates 124 to pass selected samples of the analog signals during four discrete intervals.
  • Such analog signal samples are selected by the contents of the register 126.
  • the value in the register 126 simply designates the two tracks 62 and 64 and specific locations along those tracks on the basis of space-time scanning relationships. Accordingly, in the illustrative example, the selector gates 124 sample the analog
  • OMPI ⁇ WIPO signals to provide signals representative of the translucency at locations Dl and D2 in one of a pair of lines 142 and similar representations for locations D3 and D4 in another of the lines 142.
  • the sampled signals carried by the lines 142 are applied to an analog-digital converter 144. Consequently, the samples supplied to the converter 144 are translated into digital-format signals S2 and registered in a buffer storage 148. Accordingly, the translucency characteristics of the four selected locations are manifest by the sensed characteristic security signals S2 for subsequent comparison with the recorded security signals SI provided from the cryptographic decoder 130. As indicated above, that operation will be performed at the central station and may alternately be done locally.

Abstract

The system incorporates a random number generator (24) for generating a specific key to be used during a specific interval of communication and which key is effective only after the verification of proper security data. Verification is accomplished during a preliminary operation of coding security data and a random number at one station and transmitting such data to another station for verification. In the operating sequence of the disclosed system, security data, as from a identification card (52) or tag, along with a random number, is initially coded at a remote station and transmitted as preliminary data signals to a central station for decoding and verification. The random number is developed at the remote station and transmitted to the central station as part of the preliminary data signals for decoding and temporary registration. Upon verification of the security data, the random number functions as a key for coding means at both the remote and central stations for processing message data.

Description

PRIVATE COMMUNICATION SYSTEM
Related Subject Matter This is a continuation-in-part of Application Serial No. 276,282 filed June 22, 1981, and entitled NQN-COUNTERFEI ABLE DOCUMENT SYSTEM.
Background and Summary of the Invention A growing need exists for a practical system of identification for use in a variety of specific applications to distinguish genuine articles from counterfeits and fakes. Included within that growing need is the specific ability to verify identification cards or other devices that are used to gain access to computing systems. A considerable need exists for a system to verify, limit and control communications from remote computer terminals to central processing units. The number of computer terminals distributed throughout the united States has grown phenomenally in recent years. Those terminals, along with word processors and other automated office devices pose a substantial threat for use in unauthorized communication with central processors under any of a variety of circumstances. Unauthorized communication with a central computer might occur either deliberately or accidentally to produce very serious consequences. For example, an unauthorized communication might accomplish any of a variety of undesired consequences, including: mischief in the central computer, piracy of valuable information or even monetary theft by an illicit order to transfer funds.
To control user access within a computing system, the most common technique has been to issue secret passwords to authorized users. Unfortunately, such passwords are difficult to preserve in secrecy. Consequently, they are not particularly effective to control computer access.
Encryption coding techniques have been developed with the objective of obtaining greater security for central processors. One form of such apparatus is the so-called "trap-door" encoder and decoder. Such structures are operated by data keys (sets of numerals) that are treated differently depending upon the operation to be performed. Specifically, a relatively well known ("public") key can be used to actuate a trap-door encoder for encrypting a message. However, a more secure "private" key is required to operate a decoder for converting encrypted information back into a usable form. Such systems are quite effective? however, they are relatively slow in operation. A specific form of trap-door system was developed at Stanford University and the structural details are publicly available.
Another form of key-operated coding system was developed by the National Bureau of Standards and IBM and is entitled the "Data Encryption Standard"
(DES). The structure has been embodied to use a key of fifty-six binary bits and is available in a commercial form. A potential problem with the DES system lies in the possibility of persons cracking the encryption key or otherwise obtaining a key for unapproved use to
OMPI * establish an illicit communication. Unfortunately, even if knowledge of the key is limited to a very few persons, there may be considerable difficulty in attempting to trace the source of the key for an unauthorized use. Consequently, a considerable need exists for a reliable and effective technique of private and secure communication between a remote terminal and a central computer.
The present invention is based on the concept of automatically generating within electronic circuitry a distinctive numerical key for use only during a specific interval of communication. That is, the system utilizes secure identification as a basis for controlling the generation of a numerical key to accomplish a specific interval of communication. At the termination of that interval, the key is released to be essentially lost, not being of record on hard copy. Consequently, in the use of the system, durable keys do not exist with the attendant concern that they may be broken or come to be held for unauthorized use. Rather, the primary security dwells in identification, as in the form of a card or other device which may be maintained relatively secure. The use of such a card can also be easily traced.
Generally, in the system of the present invention, two sets of coding apparatus are employed along with a random number generator and security- verification apparatus. As an exemplary operation, preliminary data signals are formulated at a remote station and include security data as from an identification card. The security information is encoded by a first coding system along with a random number and control information, all of which is transmitted to a central computer as the preliminary data signals. The random number is sent to a second encoding system in the
O remote station where it acts as a key for the encoding of the message information to be transmitted. At the computer, the security data is verified, the level of access is established, and the random number is set up as a coding key for the second coding system. Message information can now be communicated through the second coding system actuated by a common key in the form of the random number. At the termination of the communi¬ cation, the key is cleared from the system with no permanent record.
As disclosed in detail below, the system hereof may be variously implemented, using different media and different techniques. For example, different security systems may be utilized and different forms of coding systems may also be employed. Consequently, it is to be appreciated that the disclosed embodiments are merely exemplary.
Brief Description of the Drawings In the drawings, which constitute a part of this specification, exemplary embodiments of the invention are set forth as follows: FIGURE 1 is a block diagram illustrating a basic data flow system constructed in accordance with the present invention;
FIGURE 2 is a block diagram of a detailed system constructed in accordance with the present invention;
FIGURE 3 is a plan view of an identification card for use with the system of FIGURE 2; and
FIGURE 4 is a block diagram of a component part for use in the system of FIGURE 2. Description of the Illustrative Embodiments As indicated above, detailed illustrative embodiments of the present invention are disclosed herein. However, identification apparatus, data formats, coding formats and devices used or adapted for use in the present system all may vary in accordance with specific designs and objectives. Some forms of elements used in the system in accordance with the present invention may be quite different from those as disclosed herein. Consequently, the specific structural and functional details disclosed herein are merely represen¬ tative? yet in that regard, they are deemed to afford the best embodiment for purposes of disclosure and to provide a basis for the claims herein which define the scope of the present invention.
Referring initially to FIGURE 1, a structure is represented for communicating message data and reply data between a remote station and a central station. Specifically, a line 10 at a remote station (left) carries message data which is processed then transmitted through a communication link (generally indicated by the numeral 12) to a central station (right). The message data is decoded and provided in usable form on a line 14 at the central station.
Reply data, at the central station, is provided to a line 16 for coding and passage through the communication link 12 to the remote station. At that location, the reply data is decoded and provided by representative signals in a line 18. Of course, indications of message data and reply data are merely representative; and it is to be understood that the communication might involve any of a variety of specific patterns. A sequence of communication between the remote station and the central station can be initiated after certain security data has been verified. Specifi¬ cally, security data is provided as part of preliminary signals in a line 20 at the remote station for transmission to the central station where the data is verified.
Unless the security data is verified, the communication is rejected.
To consider the system of FIGURE 1 in somewhat greater detail, the line 20, carrying security data, is connected to an encoder 22 at the remote station. The encoder 22 is connected for two-way communication with a random number generator 24. Upon being activated by security data, the generator 24 supplies a random number to a register 26 which is in turn connected to supply a key to a code unit 28. Functionally, the register 26 provides the numerical key for operation of the code unit 28.
The encoder 22 and the code unit 28 (both at the remote station) are coupled through the communication link 12 to the central station. Specifically, the encoder 22 is coupled to a decoder 30 at the central station while the code unit 28 is coupled to a code unit 32, also at the central station.
The decoder 30 (central station) is connected to a verifier 34 which is connected to a gate 36 which also receives signals from the decoder 30. The gate 36 supplies signals to a register 38 that represents the random number which is the key for operation of the code unit 32. In the operation of the system of FIGURE 1, security data is provided to the line 20 comprising at least part of preliminary data signals. The security data received through the line 20 is encoded to an encrypted form by the encoder 22. The encoder 22 also actuates the random number generator 24 prompting the generator to provide signals representative of a random number both to the register 26 and back to the encoder 22. The random number also becomes part of the preliminary data signals. The actuation of the random number generator 24 may be contingent upon the encoder 22 verifying the security data, e.g. confirming the represented identification.
After the initial phase of operation described above, the encoder 22 has transmitted preliminary data signals representative of the security data and the random number. Such signals are received by the decoder 30 at the central station where they are returned to a workable form (not encrypted). The security data is provided from the decoder 32 to the verifier 34 which may verify the data and provide a signal to qualify the gate 36. With qualification, the gate 36 provides the decoded random number to the register 38. Consequently, both the register 38 (at the central station) and the register 26 (at the remote station) contain the identical random number which now functions as a key for the intercoupled code units 28 and 32. Accordingly, message data in the line 10 is encrypted by the code unit 28, transmitted through the communication link 12, and deciphered by the code unit 32 to be provided in its original form in the line 14, e.g. message data. In response to message data, reply data in the line 16 may be encrypted by the code unit
__QMPI ' 32, transmitted through the communications link 12, and deciphered by the code unit 28 to appear in a workable form in the line 18.
In the operation of the system as represented in FIGURE 1, any number of interchanges may occur between the remote station and the central station. However, at the conclusion of a communication sequence, the registers 26 and 38 are both cleared of their keys (sets of numerals) with the consequence that the key indicators (values from the random number generator 24) are lost. It may therefore be seen that the common key has functioned for a single use in cooperation with specific security data and with the consequence that such a key would be difficult to obtain and furthermore in any event would be of questionable value. Of course, the operation places considerable importance upon the effectiveness of the security data provided in the line 20; however, an appropriate technique for providing such data is disclosed and considered in detail below.
Turning to a more comprehensive representation of a system constructed in accordance with the present invention, reference will now be made to FIGURE 2. A plurality of remote stations are represented, specifically including remote stations 1 through N. Each of the remote stations is connected to be coupled through a communication link 50 to a central station which is the location of a central processor. Accommodating various specific installations, the remote stations 1 through N may take any of a variety of terminal forms as, for example, where the remote stations are terminals for the computer or central processor of the central stations. Addressing, coupling, and station identification
OMPI structures and techniques are well known for such systems. In accordance herewith, the operation of a remote station necessitates the presentation of an identification card bearing a magnetic stripe to provide security data. One form of such a card is generally disclosed in complete detail in the parent case of which this is a continuation-in-part. A specific exemplary form of card is disclosed herein with reference to FIGURE 3.
The card used in the system of FIGURE 2 would be issued to responsible persons as an indication of their authority to deal with the central station computer. Cards assigned to individuals would indicate the particular level of communication for the holder. Of course, specific forms for the card or other identi¬ fication device may be adapted for specific systems. Considering the details of an illustrative card, FIGURE 3 shows a card 52 bearing printing 54 (upper left) indicating the name of the assigned holder. A photographic likeness 56 is also represented. The printing 54 and the likeness 56 may be variously deposited or printed on a sheet of bond paper 58. In general, the translucency values at predetermined locations of the card 52 are sensed to provide a record for authenticating the card in accordance with an inherent characteristic, e.g. translucency. Data so sensed is then compared with recorded data indicative of the same characteristic as a basis for verifying the card 52 as authentic.
Of course, the printing 54 and the likeness 56 will normally alter the translucency of the bond paper 58 in specific darkened areas. In general, overlays, erasures, or other modifications of the print 54 or the likeness 56 also will tend to alter the translucency of the paper 58 at the points of alteration. A magnetic stripe 60 is provided on the card
52 and recorded with a clock track which indexes another magnetic track of the stripe 60 and also indexes nonmagnetic areas on the card 52 for charac¬ teristic observations. Specifically, the card 52 is scanned along the magnetic stripe 60 and translucency tracks 62 and 64. The magnetic stripe 60 provides data in accordance with well known techniques of the prior art specifically including pattern data from a prior translucency sensing of the tracks 62 and 64. Concur- rently, the card 52 is scanned for translucency readings along the paths 62 and 64 for characteristic data to be used in testing for coincidence with a prior similar scanning.
Data from the magnetic stripe 60 may designate locations along the tracks 62 and 64 for translucency observations. Additionally, the data from the stripe 60 represents the results of previous translucency observations along with various other information including control information designating the specific level of access to the central computer which is to be permitted to the card bearer.
To consider a specific example of a card format, assume that data locations Dl and D2 (indicated by symbols "X") are assigned in the transparency track 62 and locations D3 and D4 (similarly indicated) are assigned in the translucency track 64.
To verify the exemplary card 52, the locations Dl, D2, D3, and D4 are sensed optically by sensing the tracks 62 and 64. Concurrently, the magnetic stripe 60 is sensed to provide data representative of a previous sensing of the locations Dl, D2, D3, and D4. The results of a current sensing (signals S2) is then compared with the results of a prior sensing (signals
SI) to determine whether or not the card 52 is authentic and genuine. Accordingly, a relatively reliable determination is made of whether or not the card 52 is a proper device for use as a basis to establish communi- cation with a central processor. Additional and alternate security data may also be used. For example, the assigned bearer or user of the card 52 may also possess a personal identification number which he is required to enter on the remote station keyboard and which is also incorporated as part of a security check. The computer may also record such data as a record of access by users. The system of FIGURE 2 will now be considered as it is used in conjunction with the card 52. A card reader 70 (FIGURE 2, upper left) receives and senses the card 52 (FIGURE 3). One form of card reader 70 is described in detail below; however, the unit might take a variety of forms of structure for sensing data as described above from the card 52. Specifically, the card reader 70 incorporates apparatus for sensing translucency along the paths 62 and 64 and for reading the magnetic stripe 60 as well known in the art. In addition to transmissivity, a form of reflectivity sensing apparatus also is disclosed in detail in the parent patent application of which this is a continuation-in-part. A form of device for sensing the magnetic stripe 60 is disclosed in detail in U. S. Patent 3,914,789, Crocker, et al.
The card reader 70 provides data from the card 52 which includes three distinct data signals. Specifically, the signals include: (1) the observed pattern of translucency (signals S2), (2) the data representative of the pattern of translucency from a prior observation (signals SI), and (3) a control number signal indicating the level of permissive use of the computer by the holder of the card. The first two sets of signals are security data S and are provided along with the control signal C to a data path 72. Another signal, signal G, not representative of data, but rather indicating that a card has been sensed, is also provided from the reader 70. The card reader 70 may condition the provision of the signal G on a preliminary test of the security data or the signal may simply indicate operation of the reader 70 depending upon security considerations.
The signal G is provided from the card reader 70 to a random number generator 74 which may take the form of any of a variety of well known number generators and simply provides signals R representative of a random number (set of numerals) in response to receiving the signal G.
The random number, represented by the signals R, will function as the key for code units as described below. Specifically, the random number represented by the signals R is set into a key register 76 for cooperation with a code unit 78 through a data path 80. The signals R (key) are also provided to a trap-door encoder 82 which also receives the security signals S and the control signals C through the data path 72. The trap-door encoder 82 encodes those signals as the preliminary data signals for transmission to the central station by the communication link 50. The encoder 82 may be relatively slow in operation compared to the coding unit 78 and may take the form of an encoder as developed at Stanford University which is
OM commanded by a publicly known key but for which the decoding operations require a very private key. The key for the trap-door encoder 82 is provided by internal circuitry within the encoder as, for example, from a read-only internal memory. A keyboard 84 transmits the personal identification number to -the trap-door encoder and also has an output to a data path 86 for providing message signals to the code unit 78. Note that the encoder 82 may also provide conventional terminal signals which, for example, identify the remote station 1 to the computer at the central station. In operation, the elements as described above, located at the remote station 1, are sequenced by a timing unit 88. Although certain inter-block timing signals are explained in detail below, at the level of presentation in FIGURE 2, two intervals are designated by the timing signals Tl and T2. Specifically, the timing interval designated by the signal Tl involves preliminary operation by the encoder 82 and the register 76. During the interval of signal Tl security data is verified and the keys are set for code units. Subsequently, during the interval of the timing signal T2, the code unit 78 functions to accommodate actual communication.
Accordingly, the initial preparatory operation designated by Tl occurs as the trap-door encoder 82 operates through the communication link 50 to verify the security data at the central station and set the random number as the key. Subsequently, during the period of T2, the code unit 78 operates in communication through the link 50 to accommodate communication.
At the central station, data paths 90 and 92 (from the encoder 82) are coupled to a trap-door decoder 94. Functionally, the decoder 94 not only decodes the received signals S, C, and R but additionally provides such signals at separate and distinct outputs.
The trap-door decoder 94 consists
Figure imgf000015_0001
with the encoder 82 as well known in the prior art and is operated by a private key which is received from a terminal apparatus 96 through a data path 98. Such apparatus is connected for operation with a signal distributor for segregating the signals S (security data), C (level of access control), and R (key number). At the central station, the signals R (key) are supplied to a key register 100 which functions in cooperation with a code unit 102 which is compatible with the code unit 78 at the remote station 1. Struc¬ turally, the code units 78 and 102 take the illustrative form of DES or Data Encryption Standard units as referred to above and are available from IBM. Note that such units are described in the publication Technology Review for April 1982 on page 27.
Returning to further consider signals from the trap-door decoder 94, the security signals S are provided to a security verification unit 104 which is in turn connected to the terminal 96. The terminal 96 has bidirectional communication capability with a central processor 106 which also provides operating and control signals to the trap-door decoder 94, the key register 100, and the data code unit 102.
In view of the above preliminary structural description of the system of FIGURE 2, a comprehensive understanding of the operation thereof may now best be accomplished by assuming a specific sequence of operation and explaining the events that occur in the course of such operation. Accordingly, assume that an identifi¬ cation card 52 is placed in the card reader 70 to initiate a sequence of operation and with the objective of accomplishing an interval of secret communication. of course, the remote station 1 will be described as communicating with the central station through the communication link 50 which may involve any of a variety of very well known forms and formats including a telephonic linkage or any of a variety of data transmission lines.
An exemplary form of apparatus for use as the card reader 70 is disclosed below; however, fundamentally, the card reader 70 senses a card 52 (FIGURE 3) to provide specific signals (including signals S and C) as indicated above. The start signal G is also provided from the card reader 70 and is applied to the random number generator 74, prompting that unit to provide signals R representing a set of numerals to be used as the coding key for the unit 88. The signals R are applied to the key register 76 and also to the trap¬ door encoder 82 along with the security data signals S and the control signal C. The trap-door encoder encrypts the received signals S, C, and R as the preliminary data signals for transmission through the communication link 50 to the trap-door decoder 94 at the central station. The trap-door decoder 94 reconstitutes the signals R, S, and C (in decoded formats) segregating the signals for various functions. Specifically, the signals S are applied to the security verification unit 104 where a test is performed to determine the propriety of the signals. In the disclosed embodiment (see FIGURE 4), the signals S2 sensed from the card 52 are compared with the recorded data signals SI read from the card 52, the degree of coincidence indicating the authenticity of the card. If the card is recognized as authentic, that is if the security data indicates an authentic communication, then the unit 104 provides an approval signal to the terminal 96. As a consequence, the terminal 96 accepts the signal C from the decoder 94 for controlling the level of access to the central processor 106 during a specific private communication.
The trap-door decoder 94 also provides the decoded signals R in the key register 100 for the DES code unit 102. Consequently, at this stage of operation, the key registers 76 and 100 both contain the random number as a common key for use by the DES code units 78 and 102, respectively. Also, at this state of operation, a favorable test of the security data S would have actuated the terminal 96 for controlling the central processor 106, the terminal 96 being set for specific communication levels with the processor 106.
If on the contrary, the security data does not test favorably, then the terminal 96 is not actuated with the consequence that communications will not be received at the central station. Specifically, the central processor 106 simply rejects communications from the unit 102 and rejects the key.
After an appropriate interval for the central station equipment to function, a timing unit 88 at the remote station 1 provides the signal T2 in a high state with the consequence that the DES code unit 78 is actuated. Consequently, the system is in a communicative state and messages may be formulated by the keyboard 84 for transmission through the data path 86 and the unit 78, then through the communication link 50 to the central station. At that location, such messages are decoded by the DES code unit 102 and provided to the central processor 106 through the terminal 96. Reply messages are provided from the central processor 106
OMP through the terminal 96 to be encoded by the code unit 102. In an encrypted form, such reply messages are transmitted from the unit 102 through the communication link 50 to the unit 78 to be decoded at the remote station and provided to a display unit 105 at the remote station.
The communication may continue until such time as the central processor 106 formulates a termination signal. Specifically, a signal E is provided to end communication. Upon occurrence of the signal E, it is applied from the central processor 106 to the key register 100 to clear that register. Similarly, the signal E is coded by the unit 102 and transmitted through the communication link 50 to be decoded at the remote station by the DES code unit 78. From that unit, the signal E is applied to clear the key register 76. Accordingly, the communication is terminated and the key indicator which functioned to accommodate the encryption of the message is cleared from the system, unrecorded in hard copy. Accordingly, as indicated above, the DES code units 78 and 102 are operated with a high degree of security.
While the absence of hard-copy keys (sets of numerals) affords security, as indicated above, the system imposes relatively high security demands on the user identification as represented by the card 52 in the system of the disclosed embodiment. Accordingly, the card reader 70 (FIGURE 2) and the card 52 (FIGURE 3) function in accordance with the disclosure in the parent case of which this is a continuation-in-part. However, the structural details of an exemplary form of the card reader 70 will now be considered in detail with reference to FIGURE 4. The card 52 (FIGURE 4) is represented in the upper right portion of the drawing, held between a pair of rollers 101 for movement by a transport and generator 103. Specifically, the generator 103 is connected as illustrated to roller pairs 101 and 108 which move the card 52 from right to left in relation to devices for dynamically sensing the card. The generator 103 controls card movement and provides control signals tl-t6 and G. Traveling from the roller pair 101, the card 52 passes under four sensors or readers. Specifically, the card 52 initially passes under a magnetic transducer 110 which specifically reads the card for signals including: security data represented by the signals Si and control data represented by the signal C.
As the card 52 continues to move alonq its path, a sensor 109 receives light from the card 52 to provide a signal which is applied to a light analyzer 111. The analyzer 111 tests the card 52 spectrographically to indicate material foreign to that which is contained in genuine cards.
With further movement, the card 52 comes under an edge sensor 112 that detects the edge of the card. Functionally, the edge detector 112 senses the point from which clock pulses are counted for indexing the tracks 62 and 64 (FIGURE 3). The output from the edge sensor 112 is connected to the transport and generator 103.
In the path of the card 52, beyond the edge sensor 112, the card 52 passes under a characteristic sensor 114 which incorporates a bank of miniature photoelectric cells that are illuminated by an opposed light source 118. As the card 52 passes between the bank 116 and the light source 118, it is scanned along parallel tracks including the translucency tracks 62 and 64 (FIGURE 3). Accordingly, the characteristic sensor 114 provides analog translucency signals to output lines 120 which are connected to signal processors 122 for amplifying and refining the individual analog signals before application to a series of selector gates 124. The gates 124 pass discrete samples of the observed analog signals which are representative of the selected locations Dl, D2, D3, and D4 (FIGURE 3). The gates 124 are controlled by address information and clock signals C as described in greater detail below. it should be noted that the card transport and pulse generator 103 supplies timing signals and clock signals to the gates 124 indicative of the instant position of the card 52 as it moves under the characteristic sensor 114. The initial data sensed from the card
52 by the magnetic transducer 110 designates the locations Dl, D2, D3, and D4 on the card 52 (FIGURE 3). Specifically, signals from the magnetic transducer 110 are applied to a signal separator 125 which separates clock signals C the signals designating locations from the signals Si and C. The signals designating locations, address signals A, are set in a register 126 for subsequent use in selecting samples representative of sensing precisely at the locations Dl, D2, D3, and D4.
The signals SI and C (security data and control data) are supplied from the signal separator 125 to a cryptographic decoder 130. Although these signals are to be subsequently encripted again (by the trap-door encoder 82, FIGURE 2) they are decoded from
OMPI the form in which they are read from the card 52. Although such structure is not disclosed in detail herein, it is noteworthy that the decoded security signals SI might be compared with the sensed security signals S2 at the remote station to condition further operation. That is, a remote station security test could involve the comparison of the security data represented by the signals SI, i.e. the recorded data with the sensed data, represented by the signals S2, both being representative of the light transmissivity of the card at locations Dl, D2, D3 and D4. A favorable comparison between the security signals Si and S2 would indicate the card 52 to be genuine.
The decoded signals Si and C are provided from the decoder 130 to terminals from the card reader 70 as represented in FIGURE 2. Of course, as explained above, the signals SI are part of the security signals s, which also include the signals S2 representative of current light transmissivity observations.
Considering the development of the signals S2, analog signals (each representative of a single scansion of the tracks 62 and 64) are supplied from the characteristic sensor 114 through lines 120 and signal processors 122 to selector gates 124. The control signals (clock and gating) are provided to the gates 124 to pass selected samples of the analog signals during four discrete intervals. Such analog signal samples are selected by the contents of the register 126. Essentially, the value in the register 126 simply designates the two tracks 62 and 64 and specific locations along those tracks on the basis of space-time scanning relationships. Accordingly, in the illustrative example, the selector gates 124 sample the analog
OMPI Λ WIPO signals to provide signals representative of the translucency at locations Dl and D2 in one of a pair of lines 142 and similar representations for locations D3 and D4 in another of the lines 142.
The sampled signals carried by the lines 142 are applied to an analog-digital converter 144. Consequently, the samples supplied to the converter 144 are translated into digital-format signals S2 and registered in a buffer storage 148. Accordingly, the translucency characteristics of the four selected locations are manifest by the sensed characteristic security signals S2 for subsequent comparison with the recorded security signals SI provided from the cryptographic decoder 130. As indicated above, that operation will be performed at the central station and may alternately be done locally.
In view of the above description, it will be readily apparent that the system as disclosed is capable of offering private communication with a high level of security. It will similarly be appreciated from the above illustrative embodiment that the system hereof is susceptible of a considerable number of modifications and deviations within the basic conceptual framework. Accordingly, the scope hereof is deemed to be as set forth by the claims below.

Claims

The ClaimsWHAT IS CLAIMED IS:
1. A security system for communication of message data between first and second stations, comprising: a random number generator at said first station; means for providing preliminary data signals at said first station, said preliminary data signals including a key indicator representing a value from said random number generator; means connectable for communicating signals between said first and second stations and including means for communicating said preliminary data signals to said second station; means at said second station for receiving said preliminary data signals to provide said key indicator; coding means at said first station connected to be keyed by said key indicator and for coding message data for communication with said second station; and coding means at said second station connected to be keyed by said key indicator and for coding message data for communication with said first station.
2. A system according to claim 1 further including a source of security data at said first station, means for including said security data in said preliminary data signals and means for verifying said security data at said second station.
3. A system according to claim 1 wherein said means for providing the preliminary data signals comprises an encoding means and wherein said means for receiving said preliminary data signals comprises a decoding means compatible with said encoding means.
4. A system according to claim 1 wherein said means for providing the preliminary data signals includes a register for said key indicator.
5. A system according to claim 2 wherein said means for providing the preliminary data signals includes means for sensing an identification card.
6. A system according to claim 5 wherein said means for sensing an identification card includes magnetic transducer means.
7. A system according to claim 5 wherein said means for sensing an identification card includes means for sensing the opacity of said card at preselected locations to provide pattern signals.
8. A system according to claim 6 wherein said means for sensing an identification card further includes means for sensing representations of previously sensed opacity of said card at said preselected locations to provide recorded pattern signals.
9. A system according to claim 7 wherein said means at said second station to provide said key indicator includes means to compare said pattern signals and said recorded pattern signals.
llEJC
OMPI
10. A system according to claim 1 further comprising register means at said first station for retaining signals representative of said key indicator during a communication interchange.
11. A system according to claim 1 including a plurality of said second stations as specified for communication with a second station.
12. A system according to claim 1 further including keyboard means and display means at said first station for formulating and displaying said message.
PCT/US1983/000567 1982-07-15 1983-04-15 Private communication system WO1984000457A1 (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US39848082A 1982-07-15 1982-07-15

Publications (1)

Publication Number Publication Date
WO1984000457A1 true WO1984000457A1 (en) 1984-02-02

Family

ID=23575535

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1983/000567 WO1984000457A1 (en) 1982-07-15 1983-04-15 Private communication system

Country Status (3)

Country Link
EP (1) EP0113730A4 (en)
JP (1) JPS59501388A (en)
WO (1) WO1984000457A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2161680A (en) * 1984-07-09 1986-01-15 Toshiba Kk Transmitter/reciever for signal scrambling
WO1986005611A1 (en) * 1985-03-15 1986-09-25 Hasler Ag Device and method for delivering and controlling predetermined amounts in a predetermined storage of a franking machine
FR2603439A1 (en) * 1986-09-01 1988-03-04 Dassault Electronique Electronic expansion box, especially for enciphering/deciphering Videotex communication
EP0411597A2 (en) * 1989-08-02 1991-02-06 Siemens Aktiengesellschaft Telecommunication system for protected translation of digital signals by means of a passive optical bus network
EP0460538A2 (en) * 1990-06-01 1991-12-11 Kabushiki Kaisha Toshiba Cryptographic communication method and cryptographic communication device
EP0474624A2 (en) * 1990-09-06 1992-03-11 Alcatel Austria Aktiengesellschaft Method for enciphering binary information and apparatus for implementing said method
EP0592808A2 (en) * 1992-10-16 1994-04-20 International Business Machines Corporation Commercial data masking

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3764742A (en) * 1971-12-23 1973-10-09 Ibm Cryptographic identification system
US3781473A (en) * 1971-04-15 1973-12-25 Datotek Random digital code generator
US4268715A (en) * 1978-05-03 1981-05-19 Atalla Technovations Method and apparatus for securing data transmissions
US4281215A (en) * 1978-05-03 1981-07-28 Atalla Technovations Method and apparatus for securing data transmissions
US4283599A (en) * 1979-01-16 1981-08-11 Atalla Technovations Method and apparatus for securing data transmissions
US4317957A (en) * 1980-03-10 1982-03-02 Marvin Sendrow System for authenticating users and devices in on-line transaction networks

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE3177255D1 (en) * 1980-06-23 1991-10-17 Light Signatures Inc AUTHENTICATION DEVICE.

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US3781473A (en) * 1971-04-15 1973-12-25 Datotek Random digital code generator
US3764742A (en) * 1971-12-23 1973-10-09 Ibm Cryptographic identification system
US4268715A (en) * 1978-05-03 1981-05-19 Atalla Technovations Method and apparatus for securing data transmissions
US4281215A (en) * 1978-05-03 1981-07-28 Atalla Technovations Method and apparatus for securing data transmissions
US4283599A (en) * 1979-01-16 1981-08-11 Atalla Technovations Method and apparatus for securing data transmissions
US4317957A (en) * 1980-03-10 1982-03-02 Marvin Sendrow System for authenticating users and devices in on-line transaction networks

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP0113730A4 *

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4700387A (en) * 1984-07-09 1987-10-13 Kabushiki Kaisha Toshiba Broadcast system for scrambled programming signals
GB2161680A (en) * 1984-07-09 1986-01-15 Toshiba Kk Transmitter/reciever for signal scrambling
WO1986005611A1 (en) * 1985-03-15 1986-09-25 Hasler Ag Device and method for delivering and controlling predetermined amounts in a predetermined storage of a franking machine
CH668134A5 (en) * 1985-03-15 1988-11-30 Hasler Ag Ascom DEVICE AND METHOD FOR RELEASING AND CONTROLLING THE STORAGE OF ANY PRESENT AMOUNTS IN THE PRESENT MEMORY OF A franking machine.
US4807139A (en) * 1985-03-15 1989-02-21 Ascom Hasler Ag System for release and control of preset storage of a postage meter machine
FR2603439A1 (en) * 1986-09-01 1988-03-04 Dassault Electronique Electronic expansion box, especially for enciphering/deciphering Videotex communication
EP0411597A2 (en) * 1989-08-02 1991-02-06 Siemens Aktiengesellschaft Telecommunication system for protected translation of digital signals by means of a passive optical bus network
EP0411597A3 (en) * 1989-08-02 1992-06-24 Siemens Aktiengesellschaft Telecommunication system for protected translation of digital signals by means of a passive optical bus network
EP0735723A2 (en) * 1990-06-01 1996-10-02 Kabushiki Kaisha Toshiba Cryptographic communication method and cryptographic communication device
EP0460538A2 (en) * 1990-06-01 1991-12-11 Kabushiki Kaisha Toshiba Cryptographic communication method and cryptographic communication device
EP0735723A3 (en) * 1990-06-01 1997-01-15 Toshiba Kk Cryptographic communication method and cryptographic communication device
EP0460538A3 (en) * 1990-06-01 1993-03-03 Kabushiki Kaisha Toshiba Cryptographic communication method and cryptographic communication device
EP0474624A2 (en) * 1990-09-06 1992-03-11 Alcatel Austria Aktiengesellschaft Method for enciphering binary information and apparatus for implementing said method
EP0474624A3 (en) * 1990-09-06 1993-01-13 Alcatel Austria Aktiengesellschaft Method for enciphering binary information and apparatus for implementing said method
EP0592808A3 (en) * 1992-10-16 1995-01-25 Ibm Commercial data masking.
EP0592808A2 (en) * 1992-10-16 1994-04-20 International Business Machines Corporation Commercial data masking

Also Published As

Publication number Publication date
EP0113730A4 (en) 1984-11-07
JPS59501388A (en) 1984-08-02
EP0113730A1 (en) 1984-07-25

Similar Documents

Publication Publication Date Title
EP0772530B1 (en) Unalterable self-verifying articles
EP1153373B1 (en) Method and system for authentication of articles
US6039249A (en) Method for identifying counterfeit negotiable instruments
CA1223614A (en) Secure transaction card and verification system
US6450403B1 (en) Method and apparatus for depositing ordinary checks from home or office
AU2008283207B2 (en) Security system using encoded image with puzzled image
US6073121A (en) Check fraud prevention system
EP0006419B1 (en) Signature verification and authentication system
US4140272A (en) Optical card, system and method for securing personal identification data
US20020152379A1 (en) Method, arrangement and device for voting
NZ232106A (en) Secure data interchange system: verification of card, terminal and user validity
KR20000048145A (en) Ticket issuing method, ticket issuing system and ticket collating method
WO1995003582A1 (en) Apparatus, method and system for printing of legal currency and negotiable instruments
MY124768A (en) Document authentication method and apparatus
GB2190820A (en) Data communications systems and methods
MXPA06008875A (en) Use of a digital signature obtained from at least one structural characteristic of a hardware element in order to protect direct reading of sensitive information and method for reading protected sensitive information.
AU6902887A (en) Off line cash card system and method
GB2171828A (en) An individual recognition system
WO1984000457A1 (en) Private communication system
CN1321507C (en) Soft certification anti-false method based on graphic code primary and secondary signet series information association mechanism
EP0772929A1 (en) Methods and systems for creating and authenticating unalterable self-verifying articles
JP4868643B2 (en) Authentication system for input operation of personal authentication data recording medium
RU2195021C1 (en) System of protective marking and document verification
JPS6226505B2 (en)
RU19944U1 (en) PROTECTIVE LABELING AND VERIFICATION SYSTEM OF DOCUMENTS

Legal Events

Date Code Title Description
AK Designated states

Designated state(s): JP

AL Designated countries for regional patents

Designated state(s): AT BE CH DE FR GB LU NL SE

WWE Wipo information: entry into national phase

Ref document number: 1983901681

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1983901681

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 1983901681

Country of ref document: EP