Cryptographic Protection of Personal Data Cards
Plastic cards for different types of stored data are in wide use at present. Examples are credit cards and cards bearing access control information for automatic teller machines. More powerful devices with non-volatile read/write memory of several kilobytes, possibly with some intelligence, (Personal Data Cards), open new fields of applications in banking, administration, health care and communications.
If sensitive data is stored on such cards, protection of this data and authentication of the authorized user becomes crucial. This paper describes a method for user verification and selective record protection in a network of terminals and one or more trusted Authentication Servers. The method is based on Single Key and/or Public Key Cryptography in conjunction with personal feature recognition (such as fingerprints) and selective key distribution. All the system information that needs secrecy protection is one key in the Authentication Server(s). The reference pattern for the feature recognition is stored on the card in encrypted form. The Authentication Server(s) can be kept very simple and inexpensive since no long-term data storage is required. As no user specific information remains permanently in the terminals, full user mobility is assured.
KeywordsAuthentication Server Automatic Teller Machine Data Encryption Standard Reference Feature Insurance Carrier
Unable to display preview. Download preview PDF.
- The Nilson Report, Issue 257, April 1981.Google Scholar
- Meyer, C.H., Matyas, S.M., “Some Cryptographic Principles of Authentication in Electronic Funds Transfer Systems”, Proceedings of the Seventh Data Communications Symposium, ACM and IEEE, 1981, pp. 73–88.Google Scholar
- The Memory Card - Applications, Markets, Opportunities“, Battelle Study, August 1981.Google Scholar
- Data Encryption Standard“, National Bureau of Standards, Federal Information Processing Standard (FIPS) Publication No. 46, Jan. 1977.Google Scholar
- Lagger, H., Mueller-Schloer, C., Unterberger, H., “Security Aspects of Computer Controlled Communication Systems”, (in German), Elektronische Rechenanlagen, 22 (1980), 6, pp. 276–280.Google Scholar
- Hellman, M.E., “The Mathematics of Public Key Cryptography”, Scientific American, Vol. 241, No. 2, August 1979.Google Scholar
- Rivest, R.A., “A Description of a Single-Chip Implementation of the RSA Cipher”, Lambda, 1 (1980), 3, pp. 14–18.Google Scholar
- Mueller-Schloer, C., Wagner, N.R., “The Implementation of a Cryptography-Based Secure Office System”, Proceeding of the 1982 National Computer Conference, Houston, Texas, pp. 487–492.Google Scholar
- Wagner, N.R., “Practical Approaches to Secure Computer Systems“, Technical Report UH-CS-81–3, Computer Science Department, University of Houston, Texas, April 1981.Google Scholar