Transaction security system using time variant parameter

Assignee

• International Business Machines Corporation · US

Inventors

• Bruno O. Brachtl · Eppelheim, DE
• Christopher J. Holloway · Woking, GB
• Richard E. Lennon · Saugerties, US
• Stephen M. Matyas · Manassas, US
• Carl H. W. Meyer · Portage, US
• Jonathan Oseas · Hurley, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG07F7/1016
• WIPO fieldIT methods for management
• WIPO sectorElectrical engineering

Abstract

An electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data processing centers. Users of the system are issued with intelligent secure bank cards, which include a microprocessor, ROS and RAM stores. The ROS includes a personal key (KP) and an account number (PAN) stored on the card when the issuer issues it to the user. Users also have a personal identity numbe (PIN) which is stored or remembered separately. A transaction is initiated at a retail terminal when a card is inserted in an EPT module connected to the terminal. A request message including the PAN and a session key (KS) is transmitted to the issuers data processing center. The issuer generates an authentication parameter (TAP) based upon its stored version of KP and PIN and a time variant parameter received from the terminal. The TAP is then returned to the terminal in a response message, and based upon an inputed PIN, partial processing of the input PIN and KP on the card a derived TAP is compared with the received TAP in the terminal. A correct comparison indicating that the entered PIN i…