Required Cryptographic Authentication Criteria for Electronic Funds Transfer Systems
暂无分享,去创建一个
A set of required security criteria is developed which assures that the personal verification processes at different institutions in an interchange environment are isolated from one another. It is assumed that only information stored on the bank card and information remembered by a systerm user are employed for personal verification. Under that assumption, it is shown that only through the use of a secret quantity (a personal cryptographic key) stored on the bank card will the set of required criteria be satisfied. With a personal key, the same degree of isolation can be achieved for authentication of transaction request messages sent from the entry point to the issuer. However, authentication of transaction response messages sent from the issuer to the entry point requires a system key unknoun to the user.
[1] Stephen M. Matyas,et al. Cryptographic Authentication of Time-Invariant Quantities , 1981, IEEE Trans. Commun..
[2] George B. Purdy,et al. A high security log-in procedure , 1974, Commun. ACM.