Cryptographic Protection of Personal Data Cards

  • Christian Mueller-Schloer
  • Neal R. Wagner


Plastic cards for different types of stored data are in wide use at present. Examples are credit cards and cards bearing access control information for automatic teller machines. More powerful devices with non-volatile read/write memory of several kilobytes, possibly with some intelligence, (Personal Data Cards), open new fields of applications in banking, administration, health care and communications.

If sensitive data is stored on such cards, protection of this data and authentication of the authorized user becomes crucial. This paper describes a method for user verification and selective record protection in a network of terminals and one or more trusted Authentication Servers. The method is based on Single Key and/or Public Key Cryptography in conjunction with personal feature recognition (such as fingerprints) and selective key distribution. All the system information that needs secrecy protection is one key in the Authentication Server(s). The reference pattern for the feature recognition is stored on the card in encrypted form. The Authentication Server(s) can be kept very simple and inexpensive since no long-term data storage is required. As no user specific information remains permanently in the terminals, full user mobility is assured.


Authentication Server Automatic Teller Machine Data Encryption Standard Reference Feature Insurance Carrier 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    The Nilson Report, Issue 257, April 1981.Google Scholar
  2. [2]
    Meyer, C.H., Matyas, S.M., “Some Cryptographic Principles of Authentication in Electronic Funds Transfer Systems”, Proceedings of the Seventh Data Communications Symposium, ACM and IEEE, 1981, pp. 73–88.Google Scholar
  3. [3]
    The Memory Card - Applications, Markets, Opportunities“, Battelle Study, August 1981.Google Scholar
  4. [4]
    Data Encryption Standard“, National Bureau of Standards, Federal Information Processing Standard (FIPS) Publication No. 46, Jan. 1977.Google Scholar
  5. [5]
    Lagger, H., Mueller-Schloer, C., Unterberger, H., “Security Aspects of Computer Controlled Communication Systems”, (in German), Elektronische Rechenanlagen, 22 (1980), 6, pp. 276–280.Google Scholar
  6. [6]
    Hellman, M.E., “The Mathematics of Public Key Cryptography”, Scientific American, Vol. 241, No. 2, August 1979.Google Scholar
  7. [7]
    Rivest, R.A., Shamir, A., Adleman, L., “A Method for Obtaining Digital Signatures and Public Key Cryptosystems”, Communications of the ACM, 21 (1978), 2, pp. 120–126.CrossRefGoogle Scholar
  8. [8]
    Rivest, R.A., “A Description of a Single-Chip Implementation of the RSA Cipher”, Lambda, 1 (1980), 3, pp. 14–18.Google Scholar
  9. [9]
    Mueller-Schloer, C., Wagner, N.R., “The Implementation of a Cryptography-Based Secure Office System”, Proceeding of the 1982 National Computer Conference, Houston, Texas, pp. 487–492.Google Scholar
  10. [10]
    Wagner, N.R., “Practical Approaches to Secure Computer Systems“, Technical Report UH-CS-81–3, Computer Science Department, University of Houston, Texas, April 1981.Google Scholar
  11. [11]
    Needham, R.M., Schroeder, M.D., “Using Encryption for Authentication in Large Networks of Computers”, Communications of the ACM, 21 (1978), 12, pp. 993–999.CrossRefGoogle Scholar
  12. [12]
    Denning, D.E., Sacco, G.M., “Time Stamps in Key Distribution Protocols”, Communications of the ACM, 24 (1981), 8, pp. 533–536.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 1983

Authors and Affiliations

  • Christian Mueller-Schloer
    • 1
    • 2
  • Neal R. Wagner
    • 1
    • 2
  1. 1.Siemens AGMuenchenGermany
  2. 2.Drexel UniversityPhiladelphiaUSA

Personalised recommendations