Secure communications system for remotely located computers

Assignee

• International Business Machines Corporation · US

Inventors

• Victor S. Leith · Stanley, US
• James V. Stevens · Huntersville, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2209/56
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A system for determining when a remote computer user is authorized to communicate with a host computer and to establish a ciphering key to be used for the communications session. A random number is generated at the host computer, ciphered under the user's PIN, and sent to the remote user where it is deciphered under the PIN to provide a session key. In one embodiment, this key is reciphered under the PIN, sent to the host computer, and deciphered under the PIN. The deciphered value is equal to the generated random number when the correct PIN's are used, thereby validating the user. In another embodiment, the deciphered random number at the remote user location is used as a key to cipher the PIN which is sent to the host, deciphered under the random number, and compared with the PIN existing at the host. Subsequent, ciphering can use the determined session key as a ciphering key. Additional security can be realized by adding random digits to the PIN, masking some of the developed keys, and sending the user ID to the host in ciphered form. This system does not require a stored key in the remote computer or the transfer in the clear of the PIN between computers.