Method for generating a random number for the encoded transmission of data using a variable starting value. Using a most recently used and intermediately stored random number, every byte of this random number has a logical operation performed on it with respective bytes of a plurality of data blocks, each being n-bytes wide, from the working memory of the chip card processor and the result of this multiple operation is used as starting value for generating a new random number.

A secret cipher (Ki) that is the same for all user terminals is formed of two sub-components (KTi, KT'i) whereof the one sub-component (KTi) is deposited in an erasable, programmable read-only memory (EEPROM). For the second sub-component (KT'i), an encoded data block (E(KT'i)) is transmitted from the outside to a decoder means (DEC) provided in the security module, the decoded output signal thereof being deposited as second sub-component (KT'i) in a first sub-area of a write-read memory (RAM) present in the security module of the user terminal. An overall cipher (Ki) is calculated from the two sub-components (KTi, KT'i) and the result is deposited in a second sub-area of the write-read memory (RAM).

Dependent on a variable start value (s), a random number according to the relationship v=f (K;s) is generated from a ciphering algorithm (f) implemented in the microprocessor of the chip card and from a stored secret cipher (K). This random number can be intermediately stored in a register and, when generating a new random number, can be logically operated with a variable input quantity (for example, with the variable start value (s), to form a modified variable start value (s'), for use in establishing protected communications between the chip card and a user terminal having a chip card reader.

Proceeding on the basis of a mutual authentification of two subscribers, wherein for one user an authorization parameter is formed using a secret cipher and an implemented ciphering algorithm dependent on a random number transmitted from the other subscriber, the authorization parameter being transmitted back to the other subscriber as a check, a new starting value for the one user's own random number generator is formed by a logical operation on the authorization parameter using the previous random number most recently generated and stored at the one user, the new random number of this random number generator being both stored as well as transmitted to the other subscriber.

A secure credit card 10 has a body member to which is attached a microprocessor controller 14 electrically coupled a Programmable Read Only Memory (PROM) device 18 programmed with a series of random numbers in a predetermined sequence. The random numbers are identical to random numbers in a host computer and in the identical sequence as the random numbers in the host computer. This computer is accessible upon each use of the credit card 10. The Programmable Read Only Memory (PROM) accesses the next random number in sequence with each use of the credit card 10 to permit verification by comparing the random number with each use of the credit card 10 with the next random number in sequence as indicated by the computer. A switch 20 actuated with each use of the credit card 10 provides a pulse signal that activates the microprocessor controller 14 to turn on the Programmable Read Only Memory (PROM) to access the next random number in the sequence. A counter 26 connected to the microprocessor controller 14 counts the number of pulse signals received to count each use of the credit card 10. A display device 24 displays the next Personal Identification Number (PIN) in the sequence each time a pulse is received.