Abstract
Plastic cards for different types of stored data are in wide use at present. Examples are credit cards and cards bearing access control information for automatic teller machines. More powerful devices with non-volatile read/write memory of several kilobytes, possibly with some intelligence, (Personal Data Cards), open new fields of applications in banking, administration, health care and communications.
If sensitive data is stored on such cards, protection of this data and authentication of the authorized user becomes crucial. This paper describes a method for user verification and selective record protection in a network of terminals and one or more trusted Authentication Servers. The method is based on Single Key and/or Public Key Cryptography in conjunction with personal feature recognition (such as fingerprints) and selective key distribution. All the system information that needs secrecy protection is one key in the Authentication Server(s). The reference pattern for the feature recognition is stored on the card in encrypted form. The Authentication Server(s) can be kept very simple and inexpensive since no long-term data storage is required. As no user specific information remains permanently in the terminals, full user mobility is assured.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
The Nilson Report, Issue 257, April 1981.
Meyer, C.H., Matyas, S.M., “Some Cryptographic Principles of Authentication in Electronic Funds Transfer Systems”, Proceedings of the Seventh Data Communications Symposium, ACM and IEEE, 1981, pp. 73–88.
The Memory Card - Applications, Markets, Opportunities“, Battelle Study, August 1981.
Data Encryption Standard“, National Bureau of Standards, Federal Information Processing Standard (FIPS) Publication No. 46, Jan. 1977.
Lagger, H., Mueller-Schloer, C., Unterberger, H., “Security Aspects of Computer Controlled Communication Systems”, (in German), Elektronische Rechenanlagen, 22 (1980), 6, pp. 276–280.
Hellman, M.E., “The Mathematics of Public Key Cryptography”, Scientific American, Vol. 241, No. 2, August 1979.
Rivest, R.A., Shamir, A., Adleman, L., “A Method for Obtaining Digital Signatures and Public Key Cryptosystems”, Communications of the ACM, 21 (1978), 2, pp. 120–126.
Rivest, R.A., “A Description of a Single-Chip Implementation of the RSA Cipher”, Lambda, 1 (1980), 3, pp. 14–18.
Mueller-Schloer, C., Wagner, N.R., “The Implementation of a Cryptography-Based Secure Office System”, Proceeding of the 1982 National Computer Conference, Houston, Texas, pp. 487–492.
Wagner, N.R., “Practical Approaches to Secure Computer Systems“, Technical Report UH-CS-81–3, Computer Science Department, University of Houston, Texas, April 1981.
Needham, R.M., Schroeder, M.D., “Using Encryption for Authentication in Large Networks of Computers”, Communications of the ACM, 21 (1978), 12, pp. 993–999.
Denning, D.E., Sacco, G.M., “Time Stamps in Key Distribution Protocols”, Communications of the ACM, 24 (1981), 8, pp. 533–536.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1983 Springer Science+Business Media New York
About this paper
Cite this paper
Mueller-Schloer, C., Wagner, N.R. (1983). Cryptographic Protection of Personal Data Cards. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds) Advances in Cryptology. Springer, Boston, MA. https://doi.org/10.1007/978-1-4757-0602-4_21
Download citation
DOI: https://doi.org/10.1007/978-1-4757-0602-4_21
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-0604-8
Online ISBN: 978-1-4757-0602-4
eBook Packages: Springer Book Archive