Apparatus for private personal identification number management

US 20030229597A1
Filed: 06/05/2002
Published: 12/11/2003
Est. Priority Date: 06/05/2002
Status: Active Grant

First Claim

Patent Images

1. An apparatus for private personal identification number (PIN) management, the apparatus comprising:

means for ascertaining a first delay period of a preceding PIN, said first delay period greater than zero if said preceding PIN does not match a validated PIN, said first delay period equal to zero if said preceding PIN matches said validated PIN;

means for receiving a current PIN after at least said first delay period; and

means for delaying for a second delay period if said current PIN does not match said validated PIN, said second delay period greater than said first delay period.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus for private personal identification number (PIN) management comprises a memory and a PIN comparator in communication with the memory. The PIN comparator is configured to ascertain a first delay period of a preceding PIN. The first delay period is greater than zero if the preceding PIN does not match a validated PIN and the first delay period equals zero if the preceding PIN matches the validated PIN. The PIN comparator is further configured to receive a current PIN after at least the first delay period and delay for a second delay period if the current PIN does not match the validated PIN. The second delay period is greater than the first delay period.

Citations

119 Claims

1. An apparatus for private personal identification number (PIN) management, the apparatus comprising:
- means for ascertaining a first delay period of a preceding PIN, said first delay period greater than zero if said preceding PIN does not match a validated PIN, said first delay period equal to zero if said preceding PIN matches said validated PIN;
  
  means for receiving a current PIN after at least said first delay period; and
  
  means for delaying for a second delay period if said current PIN does not match said validated PIN, said second delay period greater than said first delay period.
- View Dependent Claims (2, 3)
- - 2. The apparatus of claim 1, further comprising means for repeating said ascertaining, said receiving and said delaying until said current PIN matches said validated PIN.
  - 3. The apparatus of claim 2, further comprising means for granting access to a service having restricted access when said current PIN matches said validated PIN.

4. An apparatus for private personal identification number (PIN) management, the apparatus comprising:
- means for receiving a first request for a service having restricted access, said first request comprising a first PIN entered by a user;
  
  means for matching said first PIN with a second PIN that has been validated;
  
  means for allowing access to said service based at least in part on said matching;
  
  means for incrementing an exponent if said first PIN does not match said second PIN; and
  
  means for delaying for a delay period based at least in part on said exponent if said first PIN does not match said second PIN.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 5. The apparatus of claim 4 wherein said means for delaying further comprises means for recording the start of said delay.
  - 6. The apparatus of claim 4 wherein said means for delaying further comprises means for recording the end of said delay.
  - 7. The apparatus of claim 6, further comprising means for resuming said delay if said end has not been recorded.
  - 8. The apparatus of claim 4 wherein said means for delaying further comprises means for delaying for said delay period based at least in part on said exponent after receiving a second request for said service if said first PIN does not match said second PIN.
  - 9. The apparatus of claim 4 wherein said means for delaying further comprises means for delaying for said delay period based at least in part on said exponent before determining whether a third PIN associated with a second request for said service matches said second PIN if said first PIN does not match said second PIN.
  - 10. The apparatus of claim 4 wherein said means for delaying further comprises means for delaying for said delay period based at least in part on said exponent before receiving a second request for said service if said first PIN does not match said second PIN.
  - 11. The apparatus of claim 4, further comprising means for initializing said exponent to 0 if said first PIN matches said second PIN.
  - 12. The apparatus of claim 4 wherein said means for delaying further comprises:
    - means for initializing a counter to the value “
      
      1”
      
      ;
      
      means for left-shifting said counter based at least in part on the value of said exponent, the least significant bit of said counter being populated with the value “
      
      0”
      
      upon each left-shift operation; and
      
      means for delaying for a predetermined time and decrementing said counter while said counter is nonzero.
  - 13. The apparatus of claim 4 wherein said means for delaying further comprises:
    - means for initializing a counter to “
      
      1”
      
      ;
      
      means for left-shifting said counter based at least in part on the value of said exponent, the least significant bit of said counter being populated with the value “
      
      1”
      
      upon each left-shift operation; and
      
      means for means for delaying for a predetermined time and decrementing said counter while said counter is nonzero.
  - 14. The apparatus of claim 4 wherein said means for receiving further comprises:
    - means for storing said first PIN in a mutable persistent mutable memory; and
      
      means for marking said stored first PIN as untested.
  - 15. The apparatus of claim 14 wherein said means for delaying further comprises:
    - means for storing said exponent in said persistent mutable memory before initiation of said delay; and
      
      means for storing an end-of-delay marker in said persistent mutable memory after completion of said delay.
  - 16. The apparatus of claim 4 wherein said means for receiving further comprises:
    - means for storing said first PIN in a mutable persistent memory; and
      
      means for marking said stored first PIN as untested; and
      
      said means for delaying further comprises;
      
      means for storing said exponent in said mutable persistent memory upon initiation of said delay; and
      
      means for storing an end-of-delay marker in said persistent mutable memory after completion of said delay.
  - 17. The apparatus of claim 16 wherein said means for storing said first PIN further comprises:
    - means for allocating an entry in a list of entries in said persistent mutable memory; and
      
      means for storing said first PIN in said allocated entry.
  - 18. The apparatus of claim 16 wherein said means for matching further comprises marking said stored first PIN with the result of the test.
  - 19. The apparatus of claim 16 wherein said means for delaying further comprises:
    - means for storing said exponent with said stored first PIN;
      
      means for performing a delay determined by said stored exponent; and
      
      means for marking said stored first PIN as tested successfully and said delay completed by setting said stored exponent to 0.

20. An apparatus for private personal identification number (PIN) management, the apparatus comprising:
- means for receiving a first request for a service, said first request comprising a first PIN entered by a user;
  
  means for allowing access to said service if said service is not PIN-protected;
  
  means for determining a PIN status if said service is PIN-protected, said means for determining including means for delaying for a delay period that increases exponentially with each successive failed access request; and
  
  means for allowing access to said service based at least in part on said PIN status if said service is PIN-protected.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
- - 21. The apparatus of claim 20 wherein said means for determining further comprises:
    - means for ascertaining a first PIN test result;
      
      means for indicating a successful PIN status if said first PIN test result indicates a successful PIN test;
      
      means for testing said first PIN against a second PIN stored in a memory if said first PIN test result is unavailable or if said first PIN test result indicates an unsuccessful PIN test, said second PIN comprising a PIN that has been validated;
      
      means for ascertaining a second PIN test result after said testing;
      
      means for indicating a successful PIN status if said second PIN test result indicates a successful PIN test; and
      
      means for indicating an unsuccessful PIN status if said second PIN test result indicates an unsuccessful PIN test.
  - 22. The apparatus of claim 20 wherein said means for delaying comprises:
    - means for storing an exponent in a persistent mutable memory before initiation of said delay; and
      
      means for storing an end-of-delay marker in said persistent mutable memory after completion of said delay; and
      
      said means for ascertaining a first PIN test result comprises;
      
      means for determining the presence of an end-of-delay marker in said persistent mutable memory; and
      
      means for delaying for a delay period based at least in part on said stored exponent if said marker is not present in said persistent mutable memory.
  - 23. The apparatus of claim 21 wherein said means for delaying comprises:
    - means for storing an exponent in a persistent mutable memory before initiation of said delay; and
      
      means for storing an end-of-delay marker in said persistent mutable memory after completion of said delay; and
      
      said means for ascertaining a second PIN test result is based at least in part on the presence of said end-of-delay marker in said persistent mutable memory and upon the result of said testing.
  - 24. The apparatus of claim 21 wherein said first PIN test result comprises a flag stored in a non-persistent mutable memory;
    - and said second PIN test result comprises a flag stored in a non-persistent mutable memory.
  - 25. The apparatus of claim 24 wherein said flag indicates an unsuccessful PIN test upon initialization of said non-persistent mutable memory.
  - 26. The apparatus of claim 21 wherein said means for testing further comprises:
    - means for incrementing an exponent and delaying a delay period based at least in part on said exponent if said first PIN does not match said second PIN;
      
      means for marking a session PIN flag to indicate a successful PIN test if said first PIN matches said second PIN; and
      
      means for setting said exponent value to “
      
      0”
      
      if said first PIN matches said second PIN.
  - 27. The apparatus of claim 21 wherein said means for delaying comprises:
    - means for storing an exponent in a persistent mutable memory before initiation of said delay, said exponent stored in the last entry of a buffer comprising a plurality of entries, each entry comprising a PIN, an exponent and an attempt reference ID, said attempt reference ID associated with a session used to enter said PIN; and
      
      means for storing an end-of-delay marker in said persistent mutable memory after completion of said delay;
      
      said means for ascertaining a first PIN test result comprises;
      
      means for determining the presence of said end-of-delay marker in said persistent mutable memory; and
      
      means for delaying for a delay period based at least in part on said exponent if said marker is not present in said persistent mutable memory; and
      
      said means for ascertaining a second PIN test result is based at least in part on the presence of said end-of-delay marker in said persistent mutable memory and upon the result of said testing.
  - 28. The apparatus of claim 27, further comprising means for delaying for a delay period based at least in part on said exponent of said last entry if the current delay has been interrupted.
  - 29. The apparatus of claim 27 wherein said last entry is validated if said exponent of said last entry is 0.
  - 30. The apparatus of claim 27 wherein said last entry is invalid if said exponent of said last entry is nonzero.
  - 31. The apparatus of claim 27, further comprising means for indicating a previous delay has been interrupted if the exponent of a buffer entry immediately preceding said last buffer does not equal the exponent of said last buffer entry.
  - 32. The apparatus of claim 27, further comprising means for indicating said last entry is associated with said current session if the session ID of said last buffer entry equals the session ID of the current session.
  - 33. The apparatus of claim 27 wherein said means for testing further comprises:
    - means for recording a PIN compare attempt in said buffer;
      
      means for delaying if said first PIN does not match the PIN in a validated entry; and
      
      marking a delay result in said buffer.
  - 34. The apparatus of claim 33 wherein said means for recording further comprises:
    - means for determining empty entries in said buffer;
      
      means for determining the last entered entry in said buffer based at least in part on the entry number of each entry in said buffer;
      
      means for creating a new entry comprising an exponent that equals one plus the exponent of said last entered entry. means for storing said new entry in one of said empty entries; and
      
      means for marking said new entry as the last entry.
  - 35. The apparatus of claim 34 wherein said means for delaying further comprises:
    - means for locating a validated entry in said buffer, said validated entry having an exponent value of 0;
      
      means for loading the PIN value from said last buffer entry; and
      
      means for delaying for a delay period based at least in part on said exponent value read from said last entry.
  - 36. The apparatus of claim 33 wherein said means for marking a delay result further comprises:
    - means for copying the buffer entry stored immediately prior to said delaying to create a new entry;
      
      means for setting the exponent value of said new entry to 0 if said first PIN equals said second PIN; and
      
      means for storing said new entry in said persistent mutable memory.
  - 37. The apparatus of claim 21 wherein said means for delaying comprises:
    - means for storing said exponent in said persistent mutable memory before initiation of said delay, said exponent stored in the last entry of a buffer comprising a plurality of entries, each entry comprising a scrambled PIN, an exponent and an attempt reference ID, said attempt reference ID associated with a session used to enter said PIN; and
      
      means for storing an end-of-delay marker in said persistent mutable memory after completion of said delay;
      
      said means for ascertaining a first PIN test result comprises;
      
      means for determining the presence of said end-of-delay marker in said persistent mutable memory; and
      
      means for delaying for a delay period based at least in part on said exponent if said marker is not present in said persistent mutable memory; and
      
      said ascertaining a second PIN test result is based at least in part on the presence of said end-of-delay marker in said persistent mutable memory and upon the result of said testing.
  - 38. The apparatus of claim 37, further comprising means for delaying for a delay period based at least in part on said exponent in said last entry if the current delay has been interrupted.
  - 39. The apparatus of claim 37 wherein said last entry is validated if said exponent of said last entry is 0.
  - 40. The apparatus of claim 37 wherein said last entry is invalid if said exponent of said last entry is nonzero.
  - 41. The apparatus of claim 37, further comprising means for indicating a previous delay has been interrupted if the exponent of an entry immediately preceding said last does not equal the exponent of said last entry.
  - 42. The apparatus of claim 37, further comprising means for indicating said last entry is associated with said current session if the session ID of said last entry equals the session ID of the current session.
  - 43. The apparatus of claim 37 wherein said means for testing further comprises:
    - means for recording a PIN compare attempt in said buffer;
      
      means for delaying if a first scrambled PIN does not match a second scrambled PIN that has been validated, said first scrambled PIN comprising said first PIN scrambled with a first key, said second scrambled PIN comprising a second PIN scrambled with said first key, said second scrambled PIN and said first key stored in a validated entry; and
      
      means for marking a delay result in said buffer.
  - 44. The apparatus of claim 43 wherein said first key comprises a randomized key.
  - 45. The apparatus of claim 43 wherein said first key comprises a session ID.
  - 46. The apparatus of claim 43 wherein said means for recording further comprises:
    - means for determining empty entries in said buffer;
      
      means for determining the last entered entry in said buffer based at least in part on the entry number of each entry in said buffer;
      
      means for creating a new entry comprising a PIN that equals said first PIN, said new entry further comprising an exponent that equals one plus the exponent of said last entered entry. means for scrambling the PIN of said new entry with a second key;
      
      means for storing said new entry in one of said empty entries; and
      
      means for marking said new entry as the last entry.
  - 47. The apparatus of claim 46 wherein said means for delaying further comprises:
    - means for locating said validated entry in said buffer;
      
      means for loading said first PIN from said last entry;
      
      means for scrambling said first PIN with said first key to create said first scrambled PIN; and
      
      means for delaying for a delay period based at least in part on said exponent value read from said last entry.
  - 48. The apparatus of claim 47 wherein said means for scrambling said first PIN further comprises means for applying an exclusive “
    - OR”
      
      operation to said first PIN and said first key.
  - 49. The apparatus of claim 47 wherein said means for delaying for a delay period further comprises means for performing a number of unit delays, said number based at least in part on said exponent, each of said unit delays comprising:
    - means for initializing a result to 0; and
      
      means for applying a bit-wise exclusive “
      
      OR”
      
      operation to said result, said first scrambled PIN and said second scrambled PIN.
  - 50. The apparatus of claim 43 wherein said means for marking a delay result further comprises:
    - means for copying said PIN compare attempt entry to create a new entry;
      
      means for setting the exponent value of said new entry to 0 if said result is 0; and
      
      means for storing said new entry in said persistent mutable memory.

51. An apparatus for private personal identification number (PIN) management, the apparatus comprising:
- a memory; and
  
  a PIN comparator in communication with said memory, said PIN comparator configured to;
  
  ascertain a first delay period of a preceding PIN, said first delay period greater than zero if said preceding PIN does not match a validated PIN, said first delay period equal to zero if said preceding PIN matches said validated PIN;
  
  receive a current PIN after at least said first delay period; and
  
  delay for a second delay period if said current PIN does not match said validated PIN, said second delay period greater than said first delay period.
- View Dependent Claims (52, 53)
- - 52. The apparatus of claim 51 wherein said PIN comparator is further configured to repeatedly ascertain a frist delay period of a preceding PIN, receive a current PIN and delay for increasing delay periods until said current PIN matches said validated PIN.
  - 53. The apparatus of claim 52 wherein said PIN comparator is further configured to grant access to a service having restricted access when said current PIN matches said validated PIN.

54. An apparatus for private personal identification number (PIN) management, the apparatus comprising:
- a first memory for storing an exponent and a second PIN that has been validated, said first memory comprising a persistent mutable memory;
  
  a second memory for storing a session PIN flag and a first PIN, said second memory comprising a non-persistent mutable memory; and
  
  a PIN comparator in communication with said first memory and said second memory, said PIN comparator configured to;
  
  receive a first request for a service having restricted access, said first request comprising said first PIN;
  
  match said first PIN with said second PIN;
  
  allow access to said service based at least in part on said matching;
  
  increment an exponent if said first PIN does not match said second PIN; and
  
  delay for a delay period based at least in part on said exponent if said first PIN does not match said second PIN.
- View Dependent Claims (55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78)
- - 55. The apparatus of claim 54 wherein said apparatus comprises a smart card.
  - 56. The apparatus of claim 55 wherein said smart card comprises a Java Card™
    - technology-enabled smart card.
  - 57. The apparatus of claim 55 wherein said smart card comprises a CDMA (Code Division Multiple Access) technology-enabled smart card.
  - 58. The apparatus of claim 55 wherein said smart card comprises a SIM (Subscriber Identity Module) card.
  - 59. The apparatus of claim 55 wherein said smart card comprises a WIM (Wireless Interface Module).
  - 60. The apparatus of claim 55 wherein said smart card comprises a USIM (Universal Subscriber Identity Module).
  - 61. The apparatus of claim 55 wherein said smart card comprises a UIM (User Identity Module).
  - 62. The apparatus of claim 55 wherein said smart card comprises a R-UIM (Removable User Identity Module).
  - 63. The apparatus of claim 54 wherein said apparatus comprises a mobile phone.
  - 64. The apparatus of claim 54 wherein said PIN comparator is further configured to record the start of said delay.
  - 65. The apparatus of claim 54 wherein said PIN comparator is further configured to record the end of said delay.
  - 66. The apparatus of claim 65 wherein said PIN comparator is further configured to resume said delay if said end has not been recorded.
  - 67. The apparatus of claim 54 wherein said PIN comparator is further configured to delay for said delay period based at least in part on said exponent after receiving a second request for said service if said first PIN does not match said second PIN.
  - 68. The apparatus of claim 54 wherein said PIN comparator is further configured to delay for said delay period based at least in part on said exponent before determining whether a third PIN associated with a second request for said service matches said second PIN if said first PIN does not match said second PIN.
  - 69. The apparatus of claim 54 wherein said PIN comparator is further configured to delay for said delay period based at least in part on said exponent before receiving a second request for said service if said first PIN does not match said second PIN.
  - 70. The apparatus of claim 54 wherein said PIN comparator is further configured to initialize said exponent to 0 if said first PIN matches said second PIN.
  - 71. The apparatus of claim 54 wherein said PIN comparator is further configured to:
    - initialize a counter to the value “
      
      1”
      
      ;
      
      left-shift said counter based at least in part on the value of said exponent, the least significant bit of said counter being populated with the value “
      
      0”
      
      upon each left-shift operation; and
      
      delay for a predetermined time and decrementing said counter while said counter is nonzero.
  - 72. The apparatus of claim 54 wherein said PIN comparator is further configured to:
    - initialize a counter to “
      
      1”
      
      ;
      
      left-shift said counter based at least in part on the value of said exponent, the least significant bit of said counter being populated with the value “
      
      1”
      
      upon each left-shift operation; and
      
      delay for a predetermined time and decrementing said counter while said counter is nonzero.
  - 73. The apparatus of claim 54 wherein said PIN comparator is further configured to:
    - store said first PIN in a mutable persistent mutable memory; and
      
      mark said stored first PIN as untested.
  - 74. The apparatus of claim 73 wherein said PIN comparator is further configured to:
    - store said exponent in said persistent mutable memory before initiation of said delay; and
      
      store an end-of-delay marker in said persistent mutable memory after completion of said delay.
  - 75. The apparatus of claim 54 wherein said PIN comparator is further configured to:
    - store said first PIN in said second memory;
      
      mark said stored first PIN as untested;
      
      store said exponent in second memory upon initiation of said delay; and
      
      store an end-of-delay marker in said second memory after completion of said delay.
  - 76. The apparatus of claim 75 wherein said PIN comparator is further configured to store said first PIN by allocating an entry in a list of entries in said second memory and storing said first PIN in said allocated entry.
  - 77. The apparatus of claim 75 wherein said PIN comparator is further configured to mark said stored first PIN with the result of the test.
  - 78. The apparatus of claim 75 wherein said PIN comparator is further configured to store said exponent with said stored first PIN;
    - perform a delay determined by said stored exponent; and
      
      mark said stored first PIN as tested successfully and said delay completed by setting said stored exponent to 0.

79. An apparatus for private personal identification number (PIN) management, the apparatus comprising:
- a first memory for storing an exponent and a second PIN that has been validated, said first memory comprising a persistent mutable memory;
  
  a second memory for storing a session PIN flag and a first PIN, said second memory comprising a non-persistent mutable memory; and
  
  a PIN comparator in communication with said first memory and said second memory, said PIN comparator configured to;
  
  receive a first request for a service, said first request comprising a first PIN entered by a user;
  
  allow access to said service if said service is not PIN-protected;
  
  determine a PIN status if said service is PIN-protected, said determining including delaying for a delay period that increases exponentially with each successive failed access request; and
  
  allow access to said service based at least in part on said PIN status if said service is PIN-protected.
- View Dependent Claims (80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107)
- - 80. The apparatus of claim 79 wherein said PIN comparator is further configured to:
    - ascertain a first PIN test result;
      
      indicate a successful PIN status if said first PIN test result indicates a successful PIN test;
      
      test said first PIN against a second PIN stored in a memory if said first PIN test result is unavailable or if said first PIN test result indicates an unsuccessful PIN test, said second PIN comprising a PIN that has been validated;
      
      ascertain a second PIN test result after said testing;
      
      indicate a successful PIN status if said second PIN test result indicates a successful PIN test; and
      
      indicate an unsuccessful PIN status if said second PIN test result indicates an unsuccessful PIN test.
  - 81. The apparatus of claim 80 wherein said PIN comparator is further configured to:
    - store an exponent in a first memory before initiation of said delay;
      
      store an end-of-delay marker in said first memory after completion of said delay;
      
      determine the presence of an end-of-delay marker in said first memory; and
      
      delay for a delay period based at least in part on said stored exponent if said marker is not present in said first memory.
  - 82. The apparatus of claim 80 wherein said PIN comparator is further configured to:
    - store an exponent in said first memory before initiation of said delay;
      
      store an end-of-delay marker in said first memory after completion of said delay; and
      
      base said second PIN test result upon the presence of said end-of-delay marker in said first memory and upon the result of said testing.
  - 83. The apparatus of claim 80 wherein said first PIN test result comprises a flag stored in said second memory;
    - and said second PIN test result comprises a flag stored in a said second memory.
  - 84. The apparatus of claim 83 wherein said flag is configured to indicate an unsuccessful PIN test upon initialization of said second memory.
  - 85. The apparatus of claim 80 wherein said PIN comparator is further configured to:
    - increment an exponent and delay a delay period based at least in part on said exponent if said first PIN does not match said second PIN;
      
      mark a session PIN flag to indicate a successful PIN test if said first PIN matches said second PIN; and
      
      set said exponent value to “
      
      0”
      
      if said first PIN matches said second PIN.
  - 86. The apparatus of claim 80 wherein said PIN comparator is further configured to:
    - store an exponent in said first memory before initiation of said delay, said exponent stored in the last entry of a buffer comprising a plurality of entries, each entry comprising a PIN, an exponent and an attempt reference ID, said attempt reference ID associated with a session used to enter said PIN;
      
      store an end-of-delay marker in said persistent mutable memory after completion of said delay;
      
      ascertain a first PIN test result by determining the presence of said end-of-delay marker in said persistent mutable memory and delaying for a delay period based at least in part on said exponent if said marker is not present in said persistent mutable memory; and
      
      ascertain a second PIN test result based at least in part on the presence of said end-of-delay marker in said first memory and upon the result of said test.
  - 87. The apparatus of claim 86 wherein said PIN comparator is further configured to delay for a delay period based at least in part on said exponent of said last entry if the current delay has been interrupted.
  - 88. The apparatus of claim 86 wherein said last entry is validated if said exponent of said last entry is 0.
  - 89. The apparatus of claim 86 wherein said last entry is invalid if said exponent of said last entry is nonzero.
  - 90. The apparatus of claim 86 wherein said PIN comparator is further configured to indicate a previous delay has been interrupted if the exponent of a buffer entry immediately preceding said last buffer does not equal the exponent of said last buffer entry.
  - 91. The apparatus of claim 86 wherein said PIN comparator is further configured to:
    - record a PIN compare attempt in said buffer upon initiation of said test;
      
      delay if said first PIN does not match the PIN in a validated entry; and
      
      mark a delay result in said buffer.
  - 92. The apparatus of claim 91 wherein said PIN comparator is further configured to record said PIN compare attempt by:
    - determining empty entries in said buffer;
      
      determining the last entered entry in said buffer based at least in part on the entry number of each entry in said buffer;
      
      creating a new entry comprising an exponent that equals one plus the exponent of said last entered entry. storing said new entry in one of said empty entries; and
      
      marking said new entry as the last entry.
  - 93. The apparatus of claim 92 wherein said PIN comparator is further configured to delay by:
    - locating a validated entry in said buffer, said validated entry having an exponent value of 0;
      
      loading said first PIN from said last entry; and
      
      delaying for a delay period based at least in part on said exponent value read from said last entry.
  - 94. The apparatus of claim 91 wherein said marking a delay result further comprises:
    - copying the buffer entry stored immediately prior to said delaying to create a new entry;
      
      setting the exponent value of said new entry to 0 if said first PIN equals said second PIN; and
      
      storing said new entry in said first memory.
  - 95. The apparatus of claim 80 wherein said PIN comparator is further configured to:
    - store said exponent in said persistent mutable memory before initiation of said delay, said exponent stored in the last entry of a buffer comprising a plurality of entries, each entry comprising a scrambled PIN, an exponent and an attempt reference ID, said attempt reference ID associated with a session used to enter said PIN;
      
      store an end-of-delay marker in said persistent mutable memory after completion of said delay;
      
      ascertain a first PIN test result by determining the presence of said end-of-delay marker in said persistent mutable memory and delaying for a delay period based at least in part on said exponent if said marker is not present in said persistent mutable memory; and
      
      ascertain a second PIN test result based at least in part on the presence of said end-of-delay marker in said first memory and upon the result of said test.
  - 96. The apparatus of claim 95 wherein said PIN comparator is further configured to delay for a delay period based at least in part on said exponent of said last entry if the current delay has been interrupted.
  - 97. The apparatus of claim 95 wherein said last entry is validated if said exponent of said last entry is 0.
  - 98. The apparatus of claim 95 wherein said last entry is invalid if said exponent of said last entry is nonzero.
  - 99. The apparatus of claim 95 wherein said PIN comparator is further configured to indicate a previous delay has been interrupted if the exponent of a buffer entry immediately preceding said last buffer does not equal the exponent of said last buffer entry.
  - 100. The apparatus of claim 95 wherein said PIN comparator is further configured to:
    - record a PIN compare attempt in said buffer in said buffer upon initiation of said test;
      
      delay if a first scrambled PIN does not match a second scrambled PIN that has been validated, said first scrambled PIN comprising said first PIN scrambled with a first key, said second scrambled PIN comprising a second PIN scrambled with said first key, said second scrambled PIN and said first key stored in a validated entry; and
      
      mark a delay result in said buffer.
  - 101. The apparatus of claim 100 wherein said first key comprises a randomized key.
  - 102. The apparatus of claim 100 wherein said first key comprises a session ID.
  - 103. The apparatus of claim 100 wherein said PIN comparator is further configured to record said PIN compare attempt by:
    - determining empty entries in said buffer;
      
      determining the last entered entry in said buffer based at least in part on the entry number of each entry in said buffer;
      
      creating a new entry comprising a PIN that equals said first PIN, said new entry further comprising an exponent that equals one plus the exponent of said last entered entry. scrambling the PIN of said new entry with a second key;
      
      storing said new entry in one of said empty entries; and
      
      marking said new entry as the last entry.
  - 104. The apparatus of claim 103 wherein said PIN comparator is further configured to delay by:
    - locating said validated entry in said buffer, said validated entry having an exponent value of 0;
      
      loading said first PIN from said last entry;
      
      scrambling said first PIN with said first key to create said first scrambled PIN; and
      
      delaying for a delay period based at least in part on said exponent value read from said last entry.
  - 105. The apparatus of claim 104 wherein said PIN comparator is further configured to scramble said first PIN further by applying an exclusive “
    - OR”
      
      operation to said first PIN and said first key.
  - 106. The apparatus of claim 104 wherein said PIN comparator is further configured to delay for a delay period by performing a number of unit delays, said number based at least in part on said exponent, each of said unit delays comprising:
    - initializing a result to 0; and
      
      applying a bit-wise exclusive “
      
      OR”
      
      operation to said result, said first scrambled PIN and said second scrambled PIN.
  - 107. The apparatus of claim 100 wherein said PIN comparator is further configured to mark a delay result further by:
    - copying said PIN compare attempt entry to create a new entry;
      
      setting the exponent value of said new entry to 0 if said result is 0; and
      
      storing said new entry in said first memory.

108. An apparatus for private personal identification number (PIN) management, the apparatus comprising:
- a first memory for storing a plurality of entries, each of said entries comprising an entry number, a PIN field, an exponent, and an attempt reference, said exponent indicating the amount of time to delay if said PIN does not match a second PIN that has been validated, said first memory comprising a persistent mutable memory;
  
  a second memory for storing a session PIN flag, a session ID and a PIN, said second memory comprising a non-persistent mutable memory; and
  
  a PIN comparator in communication with said first memory and said second memory, said PIN comparator configured to store an attempt entry in said plurality of entries to mark the beginning of a PIN comparison, said PIN comparator further configured to store a result entry in said plurality of entries to mark the result of comparing said PIN with said second PIN, said PIN comparator further configured to delay for a delay period based at least in part on the exponent of one of said plurality of entries if said PIN does not match said second PIN.

109. An apparatus for private personal identification number (PIN) management, the apparatus comprising:
- a first memory for storing a plurality of entries, each of said entries comprising an entry number, a scrambled PIN data, an exponent, and an attempt reference, said first memory comprising a persistent mutable memory;
  
  a second memory for storing a session PIN flag, a session ID and a PIN, said second memory comprising a non-persistent mutable memory; and
  
  a PIN comparator in communication with said first memory and said second memory, said PIN comparator configured to store an attempt entry in said plurality of entries to mark the beginning of a PIN comparison, said PIN comparator further configured to store a result entry in said plurality of entries to mark the result of comparing a previously stored scrambled PIN with the result of scrambling said PIN with a key, said PIN comparator further configured to delay for a delay period based at least in part on the exponent of one of said plurality of entries if said result does not match said validated PIN.

110. A memory for storing data for access by an application program being executed on a data processing system, comprising:
- a data structure stored in said memory, said data structure including information used by said program to determine whether a PIN is valid, said data structure comprising a validated PIN and an exponent, said exponent indicating the amount of time to delay if said user-entered PIN does not match a said validated PIN.

111. A memory for storing data for access by an application program being executed on a data processing system, comprising:
- a data structure stored in said memory, said data structure including information used by said program to determine whether a PIN is valid, said data structure comprising a plurality of entries, each of said entries comprising a PIN and an exponent, said exponent indicating the amount of time to delay if said PIN does not match a second PIN that has been validated.

112. A memory for storing data for access by an application program being executed on a data processing system, comprising:
- a data structure stored in said memory, said data structure including information used by said program to determine whether a PIN is valid, said data structure comprising a plurality of entries, each of said entries comprising a PIN and an exponent, said exponent indicating the amount of time to delay if said PIN does not match a previously stored scrambled PIN.
- View Dependent Claims (113, 114, 115, 116, 117)
- - 113. The memory of claim 112 wherein each of said plurality of entries comprises a field for an entry number, said entry number indicating the entry order of said entry relative to at least one other entry in said plurality of entries.
  - 114. The memory of claim 112 wherein each of said plurality of entries comprises a field for an untested marker, said untested marker indicating the PIN in the corresponding entry has not been tested.
  - 115. The memory of claim 112 wherein each of said plurality of entries comprises a field for a test result marker, said test result marker indicating the test result of the PIN in the corresponding entry.
  - 116. The memory of claim 112 wherein each of said plurality of entries comprises a field for an end-of-delay marker indicating the completion of a delay following an unsuccessful PIN compare attempt.
  - 117. The memory of claim 112 wherein each of said plurality of entries comprises a field for a session ID.

118. A memory for storing data for access by an application program being executed on a data processing system, comprising:
- a data structure stored in said memory, said data structure including information used by said program to determine whether a PIN is valid, said data structure comprising a plurality of entries, each of said entries comprising a scrambled PIN and an exponent, said exponent indicating the amount of time to delay if said scrambled PIN does not match a previously stored scrambled PIN.
- View Dependent Claims (119)
- - 119. The memory of claim 118 wherein each of said plurality of entries comprises a field for a key used to scramble said scrambled PIN.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
de Jong, Eduard

Granted Patent

US 7,167,843 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/72
CPC Class Codes

G06F 21/31   User authentication

G06Q 20/382   insuring higher security of...

G06Q 20/4012   Verifying personal identifi...

G06Q 30/018   Certifying business or prod...

Apparatus for private personal identification number management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

119 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus for private personal identification number management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

119 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links