Abstract

A security system and method are disclosed in a network comprised of a plurality of remote terminals in communication with a central processor wherein, before a user can access data from the central processor, that user's assigned terminal must first verify that the user is the proper user of that terminal and then the central processor must verify that the terminal requesting that data is authorized to access that data. In a preferred embodiment, a first memory in the terminal that is assigned to a particular user is initialized by storing therein a file number associated with the particular user, an assigned terminal number of the terminal, an assigned algorithm, and a first number derived from the use in the assigned algorithm of the assigned terminal number and a secret PIN number entered by the particular user into the terminal. The file number of the user and the terminal number and algorithm associated with that file number are also stored in a second memory in the central processor as another part of the initialization procedure. In a subsequent operation, a user enters his secret PIN number and a desired file number into the terminal. That current secret PIN number and the terminal number are used in the assigned algorithm to compute a second number. If the first and second numbers properly compare, the user is verified and the terminal transmits the desired file number to the central processor. In response to this desired file number, the central processor causes a random number to be generated. The terminal uses this random number and its assigned terminal number and algorithm to calculate a third number which is applied to the central processor. At the same time the central processor uses this random number and the terminal number and algorithm which are both associated with the desired file number to calculate a fourth number. If the third and fourth numbers properly compare in the central processor, the terminal is verified and access to the desired file number is allowed.