摘要 |
An encryption device. A user wishes to identify himself to a remote party, over a telephone line. The remote party provides a Transaction Number, TN, to the user. The TN is given to the encryption device. The user gives the encryption device a Personal Identification Number, PIN. The encryption device generates a random number, combines it with the PIN and TN, to form an Authorization Number, AN, and encrypts the AN into cypher text. The cypher text is transmitted to the remote party, together with the user's name. The remote party de-crypts the cypher text, to obtain the TN and PIN. Using the name received from the user, and a table of names, and their associated PINs, the remote party verifies whether the PIN obtained from the AN matches the PIN assigned to the name given by the user. If so, the user's identity is considered verified, but without requirement that the user disclose a PIN, in plain text form, over a telephone.
|