Sequential authentication with infinitely variable codes
First Claim
1. A method and apparatus for the authentication of a person registered in a system to the Controller of that system by means of authentication Codes which are characterised by being variable for each occasion of use, the authentication Codes being derived from the input by the person of predetermined specified fixed and variable data, the fixed data including an identifying account number and the variable data being derived from randomly generated characters communicated for the purpose to that person by the Controller of the system for use on the first occasion of authentication and thereafter derived in part as a sequential function of the immediately preceding authentication Codes used by that person, with in each case a treatment of the data input serving to mix the elements in a manner whose outcome is known only to the person and the Controller of the system.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for the authentication of a person or thing (being a computer, a data carrying card or a machine) registered in a system to the Controller of that system by means of authentication Codes which are characterised by being variable for each occasion of use, the authentication Codes being derived from the input of predetermined specified fixed and variable data, the variable data being derived primarily from a sequential function of the immediately preceding authentication Codes used, with in each case a treatment of the data input serving to mix the elements in a manner whose outcome is known only to the person or thing and the Controller of the system, allowing for the provision for visible reciprocal authentication of the system to the registered person or thing, for provision for Code calculation in advance allowing for integrated identification and authentication, and provision for other benefits flowing solely from a variable Code which is both unpredictable externally yet readily calculated by the registered person or machine.
-
Citations
20 Claims
- 1. A method and apparatus for the authentication of a person registered in a system to the Controller of that system by means of authentication Codes which are characterised by being variable for each occasion of use, the authentication Codes being derived from the input by the person of predetermined specified fixed and variable data, the fixed data including an identifying account number and the variable data being derived from randomly generated characters communicated for the purpose to that person by the Controller of the system for use on the first occasion of authentication and thereafter derived in part as a sequential function of the immediately preceding authentication Codes used by that person, with in each case a treatment of the data input serving to mix the elements in a manner whose outcome is known only to the person and the Controller of the system.
-
9. A method and apparatus for the authentication of a person registered in a system to the Controller of that system by means of authentication Codes which are characterised by being variable for each occasion of use, the authentication Codes being derived from the input by the person of predetermined specified fixed and variable data, the fixed data including an identifying account number and 1 or more digits from a Fixed Personal Identification (“
- FPI”
) remembered by the person and registered with the Controller and the variable data being derived from randomly generated characters communicated for the purpose to that person by the Controller of the system for use on the first occasion of authentication and thereafter derived in part as a sequential function of the immediately preceding authentication Codes used by that person, with in each case a treatment of the data input serving to mix the elements in a manner whose outcome is known only to the person and the Controller of the system, and further characterised by the provision by the Controller, subsequent to a validated authentication Code submitted by that person, of a reciprocal authentication Code being a separate code derived from the same data and the same treatment as produced the validated a separate code derived from the same data and the same treatment as produced the validated authentication Code, identified beforehand and known only to the Controller and the person, and thereby reciprocally authenticating the Controller to that person. - View Dependent Claims (10, 20)
- FPI”
-
11. A method and apparatus for the authentication of a person registered in a system to the Controller of that system comprising the following steps
[a the registration of a person with the Controller of a system [b the allotment of an account number to the person [c the agreement between the person and the Controller of fixed data elements and of the arithmetical and other processes to be applied to input data [d the registration with the Controller of a Fixed Personal Identification (“ - FPI”
) selected by the person[e the transmission by the Controller to the person of a starting value, consisting of a series of random digits or letters, in a secure manner as practised in the art [f the transmission by the Controller of software for computing the authentication Codes and in particular for remembering the sequential value of the preceding authentication Code [g on the first occasion of use, the input by the person of the fixed data, the starting value and the FPI into a personal computer where the input data is subject to arithmetical and other processes from which is derived the variable authentication Code [h means for submitting the authentication Code together with an identifying account number to the Controller for authentication or rejection [i means for remembering the authentication Code for use as a sequential value in the next authentication Code calculation [j on the second and subsequent occasions of use, the input by the person of the FPI and the automated input by the personal computer of the fixed data and of the immediately preceding authentication Code as a random variable and wherein the input data is subject to arithmetical and other processes from which is derived the variable authentication Code [k means for submitting the authentication Code together with an identifying account number to the Controller for authentication or rejection [l means for remembering the authentication Code for use as a sequential value with the next authentication Code calculation [m means for transporting the sequential values and other fixed values where the person wishes to be authenticated away from the personal computer wherein most of the fixed and variable data is held on a portable data carrying card capable of interacting with a computer and having facilities for reading and recording data and for inputting data from memory into that computer by means of a card reader attached to the computer on the input by the person of the remaining required data including a FPI of more than 1 character - View Dependent Claims (12, 13)
- FPI”
-
14. A method and apparatus for authentication of a person registered in a closed system to the Controller of that system comprising the following steps
[a the registration of a person with the Controller of a system [b the allotment of an account number to the person [c the agreement between the person and the Controller of fixed data elements and of the arithmetical and other processes to be applied to input data [d the transmission by the Controller to the person of a starting value, consisting of a series of random digits or letters, in a secure manner as practised in the art [e the transmission by the Controller of software for computing the authentication Codes and in particular for remembering the sequential value of the preceding authentication Code [f the person registering on his personal computer a Fixed Personal Identification (“ - FPI”
) known only to the person and not registered with or known by the Controller[g the person'"'"'s personal computer calculating as if on the first occasion of use the result of the arithmetical and other processes applied to the notional input by the person of the combination of the fixed data and the starting value, deducting from the resultant variable authentication Code an arithmetical function of the FPI known to the personal computer and recording the resultant code on to the personal computer [h separately the Controller calculating as if on the first occasion of use the result of the arithmetical and other processes applied to a notional input of the combination of the fixed data and the starting value, and recording the resultant variable authentication Code at least in part on to the system'"'"'s outer barrier firewall [i on the first occasion of use, the input by the person of the FPI into a personal computer where the arithmetical and other processes are applied to the resultant code in reverse, producing the pre-computed required variable authentication Code j further, as if on the second occasion of use, the person'"'"'s PC repeating the process from [g but substituting the just determined variable authentication Code for the starting value referred to at [d and deducting from the resultant variable authentication Code an arithmetical function of the FPI known to the personal computer, and recording the resultant code on to the personal computer [k means for submitting the authentication Code determined in [i together with an identifying account number to the Controller [l means for the Controller comparing the code submitted at [k with that calculated at [h and authenticating or rejecting the authentication Code as the case may be [m subsequently, the Controller calculating as if on the next occasion of use the result of the arithmetical and other processes applied to the notional input of the combination of the fixed data and the just used authentication Code, and again recording the resultant variable authentication Code at least in part on to the main system'"'"'s outer barrier firewall [n on the second occasion of use, the input by the person of the FPI into a personal computer where the arithmetical and other processes are applied to the resultant code in reverse, producing the pre-computed required variable authentication Code further, as if on the third occasion of use, repeating the process from [j but substituting the just determined variable authentication Code for that in [j and deducting from the resultant variable authentication Code an arithmetical function of the FPI known to the personal computer, and recording the resultant code as 3rd authentication Code on to the personal computer [p means for the Controller to repeat [l and [k on the 2nd and as if on the 3rd occasion of use and so on [q means for the person to repeat [n and [o on the 3rd and as if on the 4th occasion of use and so on [r means for transporting the sequential values and other fixed values where the person wishes to be authenticated away from the personal computer wherein most of the fixed and variable data is held on a portable data carrying card capable of interacting with a computer and having facilities for reading and recording data and for inputting data from memory into that computer by means of a card reader attached to the computer on the input by the person of the remaining required data including a FPI of more than 1 character - View Dependent Claims (15)
- FPI”
-
16. A method and apparatus for the mutual continuous authentication of one computer terminal linked to another by means of a continuous series of authentication Codes in which each such authentication Code apart from the first is a sequential function of the preceding authentication Code and which therefore varies on each occasion, by means comprising
[a first computer generating a random value A and a fixed value B, and communicating both to second computer in a secure manner as practised in the art [b second computer generating a fixed value C and communicating it to first computer in a secure manner as practised in the art [c first computer using an arithmetic or other function on the random value A and fixed value B, and sending this resultant sequential authentication Code P to second computer [d second computer: -
[i receives sequential authentication Code P from first computer [ii performs the same arithmetical or other function on the first computer'"'"'s random value A &
fixed value B to check the validity of the first computer'"'"'s sequential authentication Code P[iii if authenticated, using the same arithmetical function on the second computer'"'"'s fixed value C and the sequential authentication Code P just received resulting in sequential authentication Code Q [iv sends the sequential authentication Code Q to first computer [e first computer;
—[i receives sequential authentication Code Q from second computer [ii performs the same arithmetical function on the second computer'"'"'s fixed value C and the sequential authentication Code P to check the validity of the second computer'"'"'s sequential authentication Code Q [iii if authenticated, using an arithmetical function on the first computer'"'"'s fixed value A and the sequential authentication Code Q just received and resulting in sequential authentication Code R [iv sends the sequential authentication Code R to first computer and so on at predetermined non-critical intervals of time with both computers having means for recording and recalling as required the different fixed values A and C and the received sequential authentication Codes - View Dependent Claims (17)
-
-
18. A method and apparatus for the digital authentication of documents prepared by a person registered in a system to the Controller of that system comprising the following steps
[a the registration of a person with the Controller of a system [b the allotment of an account number to the person [c the agreement between the person and the Controller of fixed data elements and of the arithmetical and other processes to be applied to input data [d the registration with the Controller of a Fixed Personal Identification (“ - FPI”
) selected by the person[e the transmission by the Controller to the person of a starting value, consisting of a series of random digits, in a secure manner as practised in the art [f the transmission by the Controller of software for computing the authentication Codes and in particular for remembering the sequential value of the preceding authentication Code [g on the first occasion of use, the input by the person of the fixed data, the starting value and the FPI into a personal computer where the input data is subject to arithmetical or other processes from which is derived the first variable authentication Code [h on the second and subsequent occasions of use, the input by the person of the FPI and the automated input by the personal computer of the fixed data and of the immediately preceding authentication Code as a random variable and wherein the input data is subject to arithmetical or other processes from which is derived the next variable authentication Code [i means for remembering the authentication Code for both use as a variable authentication Code but also as a sequential value in the next authentication Code calculation and for enabling the recording of the authentication Code onto the relevant document [i means for transporting the sequential values and other fixed values where the person wishes to be authenticated away from the personal computer wherein most of the fixed and variable data is held on a portable data carrying card capable of interacting with a computer and having facilities for reading and recording data and for inputting data from memory into that computer by means of a card reader attached to the computer on the input by the person of the remaining required data including a FPI of more than 1 character [k means for an interested party to obtain authentication of a document with the Controller of the system by reference to the person'"'"'s account number and authentication Code - View Dependent Claims (19)
- FPI”
Specification