Process for the control of secret keys between two smart cards
    3.
    发明授权
    Process for the control of secret keys between two smart cards 失效
    用于控制两个智能卡之间的密钥的过程

    公开(公告)号:US5602915A

    公开(公告)日:1997-02-11

    申请号:US201979

    申请日:1994-02-25

    IPC分类号: G07F7/10 H04L9/08 H04L9/00

    摘要: A process for controlling communication between a first and a second smart card using key-based cryptography is provided. In the disclosed process, a first identity code is stored in the first smart card and a second identity code is stored in the second smart card. The smart cards are customized by writing into each of the smart cards an identical group secret key and respective algorithms for processing the identical group secret key and the first and second identity codes stored in the first and second smart cards, respectively. The smart cards are used by transmitting the first identity code to the second smart card, transmitting the second identity code to the first smart card, and calculating using the respective processing algorithms stored in the smart cards, first and second session keys for the first and second smart cards, respectively.

    摘要翻译: 提供了使用基于密码的密码学来控制第一和第二智能卡之间的通信的过程。 在所公开的过程中,第一身份码存储在第一智能卡中,第二识别码存储在第二智能卡中。 智能卡通过将每个智能卡写入相同的组密钥和分别用于处理相同组密钥以及存储在第一和第二智能卡中的第一和第二身份码的各自的算法进行定制。 通过将第一身份码发送到第二智能卡,将第二身份码发送到第一智能卡,并使用存储在智能卡中的各个处理算法进行计算,第一和第二会话密钥用于第一和第 第二智能卡。

    Process for the dissimulaton of a secret code in a data authentication
device
    4.
    发明授权
    Process for the dissimulaton of a secret code in a data authentication device 失效
    用于在数据认证设备中解密密码的过程

    公开(公告)号:US5894519A

    公开(公告)日:1999-04-13

    申请号:US838646

    申请日:1997-04-09

    摘要: A process for the dissimulation of concealment of a secret code in a data authentication device by encrypting the secret code by an encrypting function for forming an image of the secret code and storing the secret code image in the authentication device. Beforehand, an encrypting function is chosen such that with each stored secret code image corresponds a plurality of antecedent codes all differing from the secret code, but which, once encrypted by the encrypting function have an image identical to that of the secret code. The secret code of a user has an authentication device in which is stored the secret code image.

    摘要翻译: 一种用于通过用于形成秘密码的图像的加密功能加密秘密码并将该秘密码图像存储在认证装置中来隐藏数据认证装置中的秘密码的隐藏的过程。 之前,选择加密功能,使得每个存储的密码图像对应于与密码不同的多个先行代码,但是一旦由加密函数加密,其具有与密码相同的图像。 用户的秘密码具有存储秘密码图像的认证装置。

    Process for the authentication of a data processing system by another
data processing system
    5.
    发明授权
    Process for the authentication of a data processing system by another data processing system 失效
    用于由另一数据处理系统认证数据处理系统的过程

    公开(公告)号:US5481612A

    公开(公告)日:1996-01-02

    申请号:US167502

    申请日:1993-12-15

    IPC分类号: G06F21/31 H04L9/30

    CPC分类号: G06F21/31 G06F2221/2103

    摘要: A process is provided for authentication in a data processing system using a data processing terminal having a programmable memory. The terminal supplies to a server an identify code (ID), the server checks the identify code, and in the case of agreement, supplies a random number (ALEA-A) to the terminal. The terminal encodes the random number using a signature algorithm (B) defined by a secret key (SID), and supplies a first signed random number (ALEA-S) to the server, which applies a signature checking algorithm (T, B, C) to the number (ALEA-S). The identity code and an encrypted secret key (KID) are written into the memory. The secret key (SID) used for the signature of the random number is determined using a decrypting algorithm (INVA) using the encrypted secret key (KID) and a password (MP) supplied by the terminal user. Particular utility for the present invention is found in the area of data processing, although other utilities are also contemplated.

    摘要翻译: 在使用具有可编程存储器的数据处理终端的数据处理系统中提供用于认证的处理。 终端向服务器提供识别码(ID),服务器检查识别代码,并且在协商的情况下,向终端提供随机数(ALEA-A)。 终端使用由秘密密钥(SID)定义的签名算法(B)对随机数进行编码,并向服务器提供第一带符号随机数(ALEA-S),其应用签名检查算法(T,B,C )到号码(ALEA-S)。 身份码和加密密钥(KID)被写入存储器。 使用使用加密秘密密钥(KID)和由终端用户提供的密码(MP)的解密算法(INVA)来确定用于签名随机数的秘密密钥(SID)。 在数据处理领域中发现了本发明的特别实用性,尽管也可以考虑其它实用程序。

    Method for controlling independent secure transactions by means of a single apparatus
    6.
    发明授权
    Method for controlling independent secure transactions by means of a single apparatus 失效
    用于通过单个设备来控制独立安全交易的方法

    公开(公告)号:US06205553B1

    公开(公告)日:2001-03-20

    申请号:US08888367

    申请日:1997-07-03

    IPC分类号: G06F1760

    摘要: The present invention relates to a procedure for controlling independent secure transactions using a single physical apparatus (11) that is the property of the user, wherein: the user of said apparatus obtains the apparatus independently of any service provider, on presentation by the user of said apparatus (11) to a service provider (P1, P2, P3) said service provider supplies a set of data identifying the user associated with the apparatus for access to a given service (S1, S2, S3) the combination of the apparatus and the data enables a secure transaction to be conducted with the service.

    摘要翻译: 本发明涉及使用作为用户的属性的单个物理设备(11)来控制独立安全事务的过程,其中:所述设备的用户独立于任何服务提供商获取设备,在用户呈现时 所述设备(11)提供给服务提供商(P1,P2,P3),所述服务提供商提供标识与用于访问给定服务的设备相关联的用户的一组数据(S1,S2,S3),该设备和 该数据使得能够与服务一起进行安全交易。

    Process for the acceptance of a virtual prepaid card use request
permitting the reuse of its serial number
    7.
    发明授权
    Process for the acceptance of a virtual prepaid card use request permitting the reuse of its serial number 失效
    用于接受虚拟预付卡使用请求的过程,允许重复使用其序列号

    公开(公告)号:US5991413A

    公开(公告)日:1999-11-23

    申请号:US873653

    申请日:1997-06-12

    摘要: The present invention relates to a process for accepting a request for use of a virtual prepaid card involving the following stages:a user of a virtual prepaid card is connected to a server containing a data base, particularly version numbers, which are incremented when the corresponding cards are empty or obsolete,said user is authenticated with the server by communicating thereto an authentication sequence and a version number,said server supplies these numbers to a security processor having the capacity to recalculate the authentication sequence and check the validity thereof,in the case of the validity thereof, the processor transmits to the server a consumption authorization,after receiving said authorization the server gives agreement to the use request, within the limits of the credit remaining on the card and the validity date of the latter.

    摘要翻译: 本发明涉及一种用于接受涉及以下阶段的虚拟预付卡使用请求的处理:虚拟预付卡的用户连接到包含数据库(特别是版本号)的服务器,该数据库在相应的 卡是空的或过时的,所述用户通过与服务器通信来认证身份验证序列和版本号,所述服务器将这些号码提供给具有重新计算认证序列的能力的安全处理器,并在该情况下检查其有效性 在其有效性的情况下,处理器在接收到所述授权之后,在卡上剩余的信用限额和后者的有效期之后向服务器发送消费授权,服务器对使用请求达成一致。

    System for control of access to computer machines which are connected in
a private network
    8.
    发明授权
    System for control of access to computer machines which are connected in a private network 失效
    用于控制访问在专用网络中连接的计算机的系统

    公开(公告)号:US5720035A

    公开(公告)日:1998-02-17

    申请号:US560963

    申请日:1995-11-20

    CPC分类号: H04L63/0227 H04L63/102

    摘要: A system for control of access by messages to computer machines which are connected in a host private network by at least one private terminal that comprises an access control module interconnected at each input-output point of the host private network, each module allowing the selective transmission by inhibition, free or conditional authorization of the transmission of the messages to the host private network. A centralized supervisor module is associated with the host private network and interconnected by a specialized link to each access control module, allowing thus to control the selective transmission of the messages by each access control module.

    摘要翻译: 用于控制通过至少一个专用终端连接在主机专用网络中的计算机机器访问的系统,所述专用终端包括在所述主机专用网络的每个输入 - 输出点处互连的访问控制模块,每个模块允许所述选择性传输 通过禁止,免费或有条件地授权将消息传输到主机专用网络。 集中管理器模块与主机专用网络相关联并且通过专用链路互连到每个访问控制模块,从而允许由每个访问控制模块控制消息的选择性传输。

    Process of combined authentication of a telecommunication terminal and
of a user module
    9.
    发明授权
    Process of combined authentication of a telecommunication terminal and of a user module 失效
    电信终端和用户模块的组合认证过程

    公开(公告)号:US5661806A

    公开(公告)日:1997-08-26

    申请号:US411206

    申请日:1995-03-27

    摘要: The terminal and the user module are authenticated in a combined manner on the basis of an authentication key calculated on the one hand by the terminal and on the other hand by the network. A session key is firstly calculated by the user module on the basis of a secret user key, of a terminal identification parameter and of a first random number. Calculation of the authentication key by the terminal involves this session key calculated by the user module, a secret terminal identification key and a second random number. The network calculates in the same way the session key and the authentication key by retrieving the secret keys on the basis of the identification parameters transmitted by the terminal. The terminals can then be authenticated by the network independently of the associated user modules.

    摘要翻译: 终端和用户模块以组合的方式基于终端计算出的认证密钥,另一方面由网络进行认证。 会话密钥首先由用户模块基于秘密用户密钥,终端识别参数和第一随机数来计算。 终端对认证密钥的计算涉及由用户模块计算的该会话密钥,秘密终端识别密钥和第二随机数。 网络通过基于终端发送的识别参数检索密钥,以相同的方式计算会话密钥和认证密钥。 然后终端可以被独立于关联的用户模块的网络认证。