Patents by Inventor Stephen M. Matyas

Stephen M. Matyas has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 4747050
    Abstract: An electronic funds transfer system (EFT) is described in which retail terminals located in stores are connected through a public switched telecommunication system to card issuing agencies data processing centers. Users of the system are issued with intelligent secure bank cards, which include a microprocessor, ROS and RAM stores. The ROS includes a personal key (KP) and an account number (PAN) stored on the card when the issuer issues it to the user. Users also have a personal identity numbe (PIN) which is stored or remembered separately.A transaction is initiated at a retail terminal when a card is inserted in an EPT module connected to the terminal. A request message including the PAN and a session key (KS) is transmitted to the issuers data processing center. The issuer generates an authentication parameter (TAP) based upon its stored version of KP and PIN and a time variant parameter received from the terminal.
    Type: Grant
    Filed: August 28, 1987
    Date of Patent: May 24, 1988
    Assignee: International Business Machines Corporation
    Inventors: Bruno Brachtl, Christopher J. Holloway, Richard E. Lennon, Stephen M. Matyas, Carl H. Meyer, Jonathan Oseas
  • Patent number: 4736423
    Abstract: A technique for reducing RSA (Rivest, Shamir and Adleman algorithm) cryptovariable key from 1200 bits (400-bit public key, 400-bit secret key and 400-bit modulus) to 106 bits makes feasible the storage of the RSA algorithm parameters on current magnetic stripe cards used by the banking and finance industry. Of the 106 bits required, only 56 bits must be kept secret; the remaining 50 bits are nonsecret. These 106 bits are used to derive two 200-bit primes P and Q from which is computed the modulus N=PQ and two 400-bit keys PK (public key) and SK (secret key). In effect, a savings in storage is achieved at the expense of performing a precomputation to derive the modulus and keys each time the system is utilized for encryption/decryption. The 56-bit value plus the additional 50 bits of nonsecret data can be used to generate the RSA cryptovariables in systems where the RSA algorithm has been implemented.
    Type: Grant
    Filed: January 31, 1986
    Date of Patent: April 5, 1988
    Assignee: International Business Machines Corporation
    Inventor: Stephen M. Matyas
  • Patent number: 4661658
    Abstract: A method of offline personal authentication in a multi-terminal system uses a secret user PIN, a secret key and other nonsecret data stored on a customer memory card and a nonsecret validation value stored in each terminal connected in a network. The technique of "tree authentication" is used which employs an authentication tree with an authentication tree function comprising a one-way function. An authentication parameter is calculated as a function of a personal key and a user identifier read from the user's card and the PIN entered by the user. The calculated authentication parameter is mapped to a verification value using the one-way function to the root of the authentication tree. The verification value obtained by mapping the calculated authentication parameter is then compared with a global verification value stored at the terminal. If the comparison is favorable, the system is enabled for the user; otherwise, the user is rejected.
    Type: Grant
    Filed: February 12, 1985
    Date of Patent: April 28, 1987
    Assignee: International Business Machines Corporation
    Inventor: Stephen M. Matyas
  • Patent number: 4649233
    Abstract: A method for authenticating nodes/users and in protecting data flow between nodes. This is facilitated by creating a dialogue involving authenticated encryption among the nodes. During each session, a key for use in cryptographic conversion is constructed among the node participants in order to permit symmetric authentication. The key is unique to the session. A different key is generated for each and every session. The building of the session key involves sharing of a minimal amount of information among the participants in the form of combining both a random number and authentication indicia.
    Type: Grant
    Filed: April 11, 1985
    Date of Patent: March 10, 1987
    Assignee: International Business Machines Corporation
    Inventors: Walter E. Bass, Stephen M. Matyas, Jonathan Oseas
  • Patent number: 4500750
    Abstract: In a data communication network which includes terminals interconnected via a central switch, a process for verifying the identity of a terminal user who is provided with secret data associated with his identity. In carrying out the verification process, the secret data is first encrypted at the terminal under a transfer-in key for transmission to an associated data processing system. When it is determined that the terminal user maintains an account at the associated data processing system, a first translate operation is performed to translate the data from encryption under the transfer-in key to encryption under an authentication key, both of which keys are protected under other keys which are different from each other, thereby providing an authentication parameter which may be used to verify the identity of the terminal user.
    Type: Grant
    Filed: December 30, 1981
    Date of Patent: February 19, 1985
    Assignee: International Business Machines Corporation
    Inventors: Robert C. Elander, Richard E. Lennon, Stephen M. Matyas, Carl H. W. Meyer, Robert E. Shuck, Walter L. Tuchman
  • Patent number: 4393269
    Abstract: A method and apparatus for verifying both the content of a transaction and the identity of the parties thereto. The system includes a plurality of terminals connected together over a common communication channel wherein a given pair of users located at different terminals on the system have exchanged a contract comprising a plurality of reference signatures each of which constitutes the final member of a one-way keyed signature sequence and each of which is a one-way function of each user's secret encryption key (K.sub.x) and a number (NUM) known to both parties. Each terminal connected to the system includes means for generating a multidigit ranking vector which is a cryptographic function of the entire message (DATA) tobe transmitted.
    Type: Grant
    Filed: January 29, 1981
    Date of Patent: July 12, 1983
    Assignee: International Business Machines Corporation
    Inventors: Alan G. Konheim, Stephen M. Matyas, Carl H. Meyer
  • Patent number: 4386234
    Abstract: A data security device which includes storage means for storing a master cipher key, cryptographic apparatus for performing cryptographic operations and control means for controlling the writing of a master cipher key into the storage means, controlling the transfer of the master cipher key to the cryptographic apparatus and controlling the cryptographic apparatus to perform cryptographic operations. When a new master cipher key is written into the storage means, the old master cipher key is automatically overwritten with an arbitrary value, after which the new master key may be written into the storage means. The cryptographic apparatus of the data security device includes storage means, a cipher key register and cipher means for performing a cipher function on data stored in the cryptographic apparatus storage means under control of a working cipher key stored in the cipher key register with the resulting ciphered data being stored in the cryptographic apparatus storage means.
    Type: Grant
    Filed: December 5, 1977
    Date of Patent: May 31, 1983
    Assignee: International Business Machines Corp.
    Inventors: William F. Ehrsam, Robert C. Elander, Stephen M. Matyas, Carl H. W. Meyer, Robert L. Powers, Paul N. Prentice, John L. Smith, Walter L. Tuchman
  • Patent number: 4238854
    Abstract: A file security system for data files associated with a host data processing system. The host system includes a data security device which contains a secure host master key and is capable of performing a variety of cryptographic operations. At initialization time, the host system generates a series of file keys for the associated storage media and protects them by enciphering the file keys under a variant of the host master key. When a data file is to be created, a random number is generated and defined as an operational key enciphered under the file key of a designated storage media. The host data security device, using the enciphered file key of the designated storage media, transforms the enciphered operational key under control of the host master key into a form which permits the operational key to be used for enciphering host data.
    Type: Grant
    Filed: December 5, 1977
    Date of Patent: December 9, 1980
    Assignee: International Business Machines Corporation
    Inventors: William F. Ehrsam, Robert C. Elander, Stephen M. Matyas, Carl H. W. Meyer, John L. Smith, Walter L. Tuchman
  • Patent number: 4238853
    Abstract: A communication security system for data transmissions between remote terminals and a host system. The remote terminals and the host system include data security devices capable of performing a variety of cryptographic operations. At initialization time, a host master key is written into the host data security device and the host system generates a series of terminal master keys for the remote terminals. Protection is provided for the terminal master keys by enciphering them under a variant of the host master key. The terminal master keys are then written into the data security devices of the respective remote terminals to permit cryptographic operations to be performed. When a communication session is to be established between a designated remote terminal and the host system, a random number is generated and defined as an operational key enciphered under the host master key which permits the operational key to be used at the host system for enciphering or deciphering data operations.
    Type: Grant
    Filed: December 5, 1977
    Date of Patent: December 9, 1980
    Assignee: International Business Machines Corporation
    Inventors: William F. Ehrsam, Robert C. Elander, Stephen M. Matyas, Carl H. W. Meyer, Robert L. Powers, Paul N. Prentice, John L. Smith, Walter L. Tuchman
  • Patent number: 4229818
    Abstract: A method and apparatus for providing improved error-recovery and cryptographic strength when enciphering blocks which succeed short blocks in a Key-Controlled Block-Cipher Cryptographic System with chaining. Beginning with a pre-existing current chaining value (V), the system determines whether a current input block (X) of data to be encrypted is a full block or a short block. Both in the previous system and in proposed improvement, if the block is a full block, the system first combines the chaining value (V) with said full block (X) by a reversible operation such as exclusive-or and then block-enciphers the result of said exclusive-or under control of the user's cryptographic key (K) to produce an output cipher full block (Y); but if the block is a short block, of length L.sub.
    Type: Grant
    Filed: December 29, 1978
    Date of Patent: October 21, 1980
    Assignee: International Business Machines Corporation
    Inventors: Stephen M. Matyas, Carl H. W. Meyer, Louis B. Tuckerman, III
  • Patent number: 4227253
    Abstract: A communication security system for data transmissions between different domains of a multiple domain communication network where each domain includes a host system and its associated resources of programs and communication terminals. The host systems and communication terminals include data security devices each having a master key which permits a variety of cryptographic operations to be performed. When a host system in one domain wishes to communicate with a host system in another domain, a common session key is established at both host systems to permit cryptographic operations to be performed. This is accomplished by using a mutually agreed upon cross-domain key known by both host systems and does not require each host system to reveal its master key to the other host system.
    Type: Grant
    Filed: December 5, 1977
    Date of Patent: October 7, 1980
    Assignee: International Business Machines Corporation
    Inventors: William F. Ehrsam, Robert C. Elander, Lloyd L. Hollis, Richard E. Lennon, Stephen M. Matyas, Carl H. W. Meyer, Jonathan Oseas, Walter L. Tuchman
  • Patent number: 4218738
    Abstract: Secure hardware is provided for cryptographically generating a verification pattern which is a function of a potential computer user's identity number, the potential computer user's separately entered password, and a stored test pattern. The test pattern for each authorized computer user is generated at a time when the physical security of the central computer and its data can be assured, such as in a physically guarded environment with no teleprocessing facilities operating. Secure hardware for generating verification patterns during authentication processing and for generating test patterns during the secure run is disclosed which uses a variation of the host computer master key to reduce risk of compromise of total system security. The use of a variant of the host master key prevents system programmers and/or computer operators from compromising the integrity of the authentication data base by, for example, interchanging entries and/or inserting new entries.
    Type: Grant
    Filed: May 5, 1978
    Date of Patent: August 19, 1980
    Assignee: International Business Machines Corporation
    Inventors: Stephen M. Matyas, Carl H. W. Meyer
  • Patent number: 4206315
    Abstract: A digital signature machine provides a simplified method of forming and verifying a signature that is appended to a digital message. A sender transmits a signature with the usual signature keys and with validation table entries that correspond to the unsent keys and with the compressed encoding of the next validation table. The receiver uses the compressed encoding of the next validation table to form validation table entries from the signature keys so that the receiver has a full validation table. This validation table is compressed and compared with the compressed encoding which was received from the sender in a preceding message.
    Type: Grant
    Filed: January 4, 1978
    Date of Patent: June 3, 1980
    Assignee: International Business Machines Corporation
    Inventors: Stephen M. Matyas, Carl H. W. Meyer, Walter L. Tuchman