Sequential authentication with infinitely variable codes

US 20030208697A1
Filed: 04/24/2003
Published: 11/06/2003
Est. Priority Date: 04/24/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method and apparatus for the authentication of a person registered in a system to the Controller of that system by means of authentication Codes which are characterised by being variable for each occasion of use, the authentication Codes being derived from the input by the person of predetermined specified fixed and variable data, the fixed data including an identifying account number and the variable data being derived from randomly generated characters communicated for the purpose to that person by the Controller of the system for use on the first occasion of authentication and thereafter derived in part as a sequential function of the immediately preceding authentication Codes used by that person, with in each case a treatment of the data input serving to mix the elements in a manner whose outcome is known only to the person and the Controller of the system.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for the authentication of a person or thing (being a computer, a data carrying card or a machine) registered in a system to the Controller of that system by means of authentication Codes which are characterised by being variable for each occasion of use, the authentication Codes being derived from the input of predetermined specified fixed and variable data, the variable data being derived primarily from a sequential function of the immediately preceding authentication Codes used, with in each case a treatment of the data input serving to mix the elements in a manner whose outcome is known only to the person or thing and the Controller of the system, allowing for the provision for visible reciprocal authentication of the system to the registered person or thing, for provision for Code calculation in advance allowing for integrated identification and authentication, and provision for other benefits flowing solely from a variable Code which is both unpredictable externally yet readily calculated by the registered person or machine.

50 Citations

View as Search Results

20 Claims

1. A method and apparatus for the authentication of a person registered in a system to the Controller of that system by means of authentication Codes which are characterised by being variable for each occasion of use, the authentication Codes being derived from the input by the person of predetermined specified fixed and variable data, the fixed data including an identifying account number and the variable data being derived from randomly generated characters communicated for the purpose to that person by the Controller of the system for use on the first occasion of authentication and thereafter derived in part as a sequential function of the immediately preceding authentication Codes used by that person, with in each case a treatment of the data input serving to mix the elements in a manner whose outcome is known only to the person and the Controller of the system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method and apparatus for authentication as in claim [1 with further provision for the sending by the Controller to the person, subsequent to a validated authentication Code submitted by that person, of a reciprocal authentication Code being a separate code derived from the same data and the same treatment as produced the validated authentication Code identified beforehand and known only to the Controller and the person, and thereby reciprocally authenticating the Controller to that person.
  - 3. A method and apparatus for authentication as in claim [2 and further providing for digitasl certification of a person wherein such a person may pass an authentication Code together with the reciprocal authentication Code to be expected to a third party who may then send such authentication Code to the Controller and by receiving from the Controller the expected reciprocal authentication Code subsequent to validation of the original authentication Code be satisfied that the person is in fact registered with the system
  - 4. A method and apparatus for authentication as in claim [2 wherein the input by the person includes at least one character from a set of at least two fixed characters remembered by the person and registered with the Controller as a means of Fixed Personal Identification (“
    - FPI”
      
      ),
  - 5. A method and apparatus for authentication as in claim [4 wherein the input by the person further includes fixed data consisting of 1 or more characters derived from material in the possession of the person which is capable of being carried personally and which is not publicly available
  - 6. A method and apparatus for authentication as in claim [5 wherein the material in the possession of the person consists of any Credit or Debit Card registered by the person with the Controller for the purpose, and wherein the data to be entered is 1 or more digits from that Card, as previously specified and agreed between the person and the Controller without the need of further specific direction on any subsequent occasion
  - 7. A method and apparatus for authentication as in claim [6 wherein the predetermined specified fixed and variable data is recalled on a personal computer and entered automatically by the personal computer on an attempted authentication on the input by the person of a FPI of more than 1 character
  - 8. A method and apparatus for authentication as in claim [7 wherein most of the predetermined specified fixed and variable data is held on a portable card capable of interacting with a computer and having facilities for reading and recording data and for inputting data from memory into that computer by means of a card reader attached to the computer on the input by the person of the remaining required data including a FPI of more than 1 character

9. A method and apparatus for the authentication of a person registered in a system to the Controller of that system by means of authentication Codes which are characterised by being variable for each occasion of use, the authentication Codes being derived from the input by the person of predetermined specified fixed and variable data, the fixed data including an identifying account number and 1 or more digits from a Fixed Personal Identification (“
- FPI”
  
  ) remembered by the person and registered with the Controller and the variable data being derived from randomly generated characters communicated for the purpose to that person by the Controller of the system for use on the first occasion of authentication and thereafter derived in part as a sequential function of the immediately preceding authentication Codes used by that person, with in each case a treatment of the data input serving to mix the elements in a manner whose outcome is known only to the person and the Controller of the system, and further characterised by the provision by the Controller, subsequent to a validated authentication Code submitted by that person, of a reciprocal authentication Code being a separate code derived from the same data and the same treatment as produced the validated a separate code derived from the same data and the same treatment as produced the validated authentication Code, identified beforehand and known only to the Controller and the person, and thereby reciprocally authenticating the Controller to that person.
- View Dependent Claims (10, 20)
- - 10. A method and apparatus for integrated identification and authentication as in claim [9 wherein the fixed data does not include an identifying account number with identification being obtained from the variable authentication Code itself, and which is computed in advance by the Controller from the known fixed data and the immediately preceding authentication Code, the resulting authentication Code being used for both identification and simultaneous authentication.
  - 20. A method and apparatus for authentication as in claim [9 wherein instead of the FPI input to the computation of the authentication Code as described, the term FPI is taken to mean a digital input made available by the person through submission by that person to a form of Biometric recording device which reads physical characteristics and inputs a digital value regarded as unique to the person.

11. A method and apparatus for the authentication of a person registered in a system to the Controller of that system comprising the following steps [a the registration of a person with the Controller of a system [b the allotment of an account number to the person [c the agreement between the person and the Controller of fixed data elements and of the arithmetical and other processes to be applied to input data [d the registration with the Controller of a Fixed Personal Identification (“
- FPI”
  
  ) selected by the person [e the transmission by the Controller to the person of a starting value, consisting of a series of random digits or letters, in a secure manner as practised in the art [f the transmission by the Controller of software for computing the authentication Codes and in particular for remembering the sequential value of the preceding authentication Code [g on the first occasion of use, the input by the person of the fixed data, the starting value and the FPI into a personal computer where the input data is subject to arithmetical and other processes from which is derived the variable authentication Code [h means for submitting the authentication Code together with an identifying account number to the Controller for authentication or rejection [i means for remembering the authentication Code for use as a sequential value in the next authentication Code calculation [j on the second and subsequent occasions of use, the input by the person of the FPI and the automated input by the personal computer of the fixed data and of the immediately preceding authentication Code as a random variable and wherein the input data is subject to arithmetical and other processes from which is derived the variable authentication Code [k means for submitting the authentication Code together with an identifying account number to the Controller for authentication or rejection [l means for remembering the authentication Code for use as a sequential value with the next authentication Code calculation [m means for transporting the sequential values and other fixed values where the person wishes to be authenticated away from the personal computer wherein most of the fixed and variable data is held on a portable data carrying card capable of interacting with a computer and having facilities for reading and recording data and for inputting data from memory into that computer by means of a card reader attached to the computer on the input by the person of the remaining required data including a FPI of more than 1 character
- View Dependent Claims (12, 13)
- - 12. A method and apparatus for authentication as in claim [11 wherein the next authentication Code is computed by the Controller in advance with at least a part of the next variable authentication Code being available at the system '"'"'s outer barrier firewall, to prevent access inside the firewall to unauthorised intruders and to allow access only to persons presenting the anticipated authentication Code at the system outer barrier firewall
  - 13. A method and apparatus for integrated identification and authentication as in claim [12 wherein the fixed data does not include an identifying account number with identification being obtained from the variable authentication Code which is computed in advance by the Controller from the input fixed data and the immediately preceding authentication Code, the resultant authentication Code being used for both identification and simultaneous authentication.

14. A method and apparatus for authentication of a person registered in a closed system to the Controller of that system comprising the following steps [a the registration of a person with the Controller of a system [b the allotment of an account number to the person [c the agreement between the person and the Controller of fixed data elements and of the arithmetical and other processes to be applied to input data [d the transmission by the Controller to the person of a starting value, consisting of a series of random digits or letters, in a secure manner as practised in the art [e the transmission by the Controller of software for computing the authentication Codes and in particular for remembering the sequential value of the preceding authentication Code [f the person registering on his personal computer a Fixed Personal Identification (“
- FPI”
  
  ) known only to the person and not registered with or known by the Controller [g the person'"'"'s personal computer calculating as if on the first occasion of use the result of the arithmetical and other processes applied to the notional input by the person of the combination of the fixed data and the starting value, deducting from the resultant variable authentication Code an arithmetical function of the FPI known to the personal computer and recording the resultant code on to the personal computer [h separately the Controller calculating as if on the first occasion of use the result of the arithmetical and other processes applied to a notional input of the combination of the fixed data and the starting value, and recording the resultant variable authentication Code at least in part on to the system'"'"'s outer barrier firewall [i on the first occasion of use, the input by the person of the FPI into a personal computer where the arithmetical and other processes are applied to the resultant code in reverse, producing the pre-computed required variable authentication Code j further, as if on the second occasion of use, the person'"'"'s PC repeating the process from [g but substituting the just determined variable authentication Code for the starting value referred to at [d and deducting from the resultant variable authentication Code an arithmetical function of the FPI known to the personal computer, and recording the resultant code on to the personal computer [k means for submitting the authentication Code determined in [i together with an identifying account number to the Controller [l means for the Controller comparing the code submitted at [k with that calculated at [h and authenticating or rejecting the authentication Code as the case may be [m subsequently, the Controller calculating as if on the next occasion of use the result of the arithmetical and other processes applied to the notional input of the combination of the fixed data and the just used authentication Code, and again recording the resultant variable authentication Code at least in part on to the main system'"'"'s outer barrier firewall [n on the second occasion of use, the input by the person of the FPI into a personal computer where the arithmetical and other processes are applied to the resultant code in reverse, producing the pre-computed required variable authentication Code further, as if on the third occasion of use, repeating the process from [j but substituting the just determined variable authentication Code for that in [j and deducting from the resultant variable authentication Code an arithmetical function of the FPI known to the personal computer, and recording the resultant code as 3^rdauthentication Code on to the personal computer [p means for the Controller to repeat [l and [k on the 2^ndand as if on the 3^rdoccasion of use and so on [q means for the person to repeat [n and [o on the 3^rdand as if on the 4^thoccasion of use and so on [r means for transporting the sequential values and other fixed values where the person wishes to be authenticated away from the personal computer wherein most of the fixed and variable data is held on a portable data carrying card capable of interacting with a computer and having facilities for reading and recording data and for inputting data from memory into that computer by means of a card reader attached to the computer on the input by the person of the remaining required data including a FPI of more than 1 character
- View Dependent Claims (15)
- - 15. A method and apparatus for integrated identification and authentication as in claim [14 wherein the fixed data does not include an identifying account number with identification being obtained from the variable authentication Code which is computed in advance by the Controller from the known fixed data and the immediately preceding authentication Code, the authentication Code being used for both identification and simultaneous authentication.

16. A method and apparatus for the mutual continuous authentication of one computer terminal linked to another by means of a continuous series of authentication Codes in which each such authentication Code apart from the first is a sequential function of the preceding authentication Code and which therefore varies on each occasion, by means comprising [a first computer generating a random value A and a fixed value B, and communicating both to second computer in a secure manner as practised in the art [b second computer generating a fixed value C and communicating it to first computer in a secure manner as practised in the art [c first computer using an arithmetic or other function on the random value A and fixed value B, and sending this resultant sequential authentication Code P to second computer [d second computer:
- [i receives sequential authentication Code P from first computer [ii performs the same arithmetical or other function on the first computer'"'"'s random value A &
  
  fixed value B to check the validity of the first computer'"'"'s sequential authentication Code P [iii if authenticated, using the same arithmetical function on the second computer'"'"'s fixed value C and the sequential authentication Code P just received resulting in sequential authentication Code Q [iv sends the sequential authentication Code Q to first computer [e first computer;
  
  —
  
  [i receives sequential authentication Code Q from second computer [ii performs the same arithmetical function on the second computer'"'"'s fixed value C and the sequential authentication Code P to check the validity of the second computer'"'"'s sequential authentication Code Q [iii if authenticated, using an arithmetical function on the first computer'"'"'s fixed value A and the sequential authentication Code Q just received and resulting in sequential authentication Code R [iv sends the sequential authentication Code R to first computer and so on at predetermined non-critical intervals of time with both computers having means for recording and recalling as required the different fixed values A and C and the received sequential authentication Codes
- View Dependent Claims (17)
- - 17. A method and apparatus for the authentication of a portable data carrying card capable of interacting with a computer and having facilities for reading and recording data and for inputting data from memory into that computer by means of a card reader attached to the computer as in claim [16 wherein the first computer is taken to be a central master computer and the second is taken to include any subsidiary related computer into which may be inserted such a portable data carrying card with memory function including memory of fixed value equivalent to C, the most recent sequential authentication Code received and instructions for carrying out the calculation, and whereby the calculation functions are passed to and carried out by the second computer with the resultant sequential authentication Code submitted to the first computer for authentication followed by the recording of that sequential authentication Code as the next random function on both the first computer and on the data carrying card, and so on repeated as frequently as may be required.

18. A method and apparatus for the digital authentication of documents prepared by a person registered in a system to the Controller of that system comprising the following steps [a the registration of a person with the Controller of a system [b the allotment of an account number to the person [c the agreement between the person and the Controller of fixed data elements and of the arithmetical and other processes to be applied to input data [d the registration with the Controller of a Fixed Personal Identification (“
- FPI”
  
  ) selected by the person [e the transmission by the Controller to the person of a starting value, consisting of a series of random digits, in a secure manner as practised in the art [f the transmission by the Controller of software for computing the authentication Codes and in particular for remembering the sequential value of the preceding authentication Code [g on the first occasion of use, the input by the person of the fixed data, the starting value and the FPI into a personal computer where the input data is subject to arithmetical or other processes from which is derived the first variable authentication Code [h on the second and subsequent occasions of use, the input by the person of the FPI and the automated input by the personal computer of the fixed data and of the immediately preceding authentication Code as a random variable and wherein the input data is subject to arithmetical or other processes from which is derived the next variable authentication Code [i means for remembering the authentication Code for both use as a variable authentication Code but also as a sequential value in the next authentication Code calculation and for enabling the recording of the authentication Code onto the relevant document [i means for transporting the sequential values and other fixed values where the person wishes to be authenticated away from the personal computer wherein most of the fixed and variable data is held on a portable data carrying card capable of interacting with a computer and having facilities for reading and recording data and for inputting data from memory into that computer by means of a card reader attached to the computer on the input by the person of the remaining required data including a FPI of more than 1 character [k means for an interested party to obtain authentication of a document with the Controller of the system by reference to the person'"'"'s account number and authentication Code
- View Dependent Claims (19)
- - 19. A method and apparatus for digital authentication of as in claim [18 wherein the document is a check, the person is an account holder and a bank manager is both the Controller of the system and an interested party

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Richard M. Gardner
Original Assignee
Richard M. Gardner
Inventors
Gardner, Richard M.

Application Number

US10/421,029
Publication Number

US 20030208697A1
Time in Patent Office

Days
Field of Search
US Class Current

713/202
CPC Class Codes

G06Q 20/04 Payment circuits

G06Q 20/385 using an alias or single-us...

Sequential authentication with infinitely variable codes

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

50 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Sequential authentication with infinitely variable codes

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links