Method and system for identifying an authorized individual by means of unpredictable single-use passwords
First Claim
1. A method for the identification of a party authorized to have the benefit of a service delivered by a provider party via a telematics network, in which said provider party is connected to the network by means of an electronic communications and processing system (S) capable of managing a procedure for identification of user parties authorized to operate with the provider, each user party being able to connect to the network by means of a respective electronic communications and processing system (C), and in which the provider party requests a temporary password (PWD) identifying the user party to allow the user access to the services delivered, characterized in that:
- upon request by the user party, one of said communications and processing systems (S;
C) of the user party or of the provider party generates a random number (RND) by means of a predetermined algorithm for generating random numbers (ALGRND), and communicates said number (RND) to the other party via the network;
in that it involves autonomous execution of a procedure for calculating the password (PWD) at the processing systems (S, C) of both parties on the basis of predetermined common algorithms, said calculating procedure comprising the operations of;
generating a first string of characters (N30) by means of a first algorithm (ALGN30), on the basis of said random number (RND) and of a hidden dynamic variable (n;
p) not transmitted over the network, but obtained from said processing systems (S, C) independently;
extracting a second string of characters (N3), a subset of said first string (N30), by means of a second algorithm (ALGN3), as a function of said hidden dynamic variable (n;
p) and of said random number (RND); and
generating the temporary password (PWD) by means of a third algorithm (ALGPWD), on the basis of said second string of characters (N3), and in that identification of the authorized party takes place following the transmission to the processing system (S) of the provider party, of the password (PWD) calculated by the processing system (C) of the user party, and through subsequent comparison with the password (PWD) calculated by the processing system (S) of the provider party, so that access to the service is permitted if such comparison gives a positive result, and is otherwise denied.
1 Assignment
0 Petitions
Accused Products
Abstract
A method is described for the identification of a party authorised to have the benefit of a service delivered by a provider party via a telematics network, in which the provider party and each user party are connected to the network by means of a respective electronic communications and processing system (S, C), and the provider party requests a temporary password (PWD) identifying the user party to allow access to the services delivered. The method is characterised in that it involves autonomous execution of a procedure for calculating the password (PWD) in the processing systems (S, C) of both parties on the basis of predetermined algorithms, the above-mentioned calculating procedure comprising the operations of: generating a first string of characters (N30) by means of a first pre-established algorithm (ALGN30), on the basis of a random number (RND) and a hidden dynamic variable (n; p) not transmitted over the network, but obtained by the processing systems (S, C) independently; extracting a second string of characters (N3), a subset of the first string (N30), by means of a second pre-established algorithm (ALGN3), as a function of the hidden dynamic variable (n; p) and of said random number (RND); and generating the temporary password (PWD) by means of a third pre-established algorithm (ALGPWD), on the basis of the above-mentioned second string of characters (N3). The authorised party is identified as a result of the comparison between the password (PWD) calculated by the processing system (S) of the provider party and that calculated by the processing system (C) of the user party, whereby access to the service is permitted if this comparison gives a positive result and otherwise is denied. The password thus obtained may also be used as a single-use key in a system for encrypting all the information exchanged between the authorised user party and the service provider party.
-
Citations
39 Claims
-
1. A method for the identification of a party authorized to have the benefit of a service delivered by a provider party via a telematics network,
in which said provider party is connected to the network by means of an electronic communications and processing system (S) capable of managing a procedure for identification of user parties authorized to operate with the provider, each user party being able to connect to the network by means of a respective electronic communications and processing system (C), and in which the provider party requests a temporary password (PWD) identifying the user party to allow the user access to the services delivered, characterized in that: -
upon request by the user party, one of said communications and processing systems (S;
C) of the user party or of the provider party generates a random number (RND) by means of a predetermined algorithm for generating random numbers (ALGRND), and communicates said number (RND) to the other party via the network;
in that it involves autonomous execution of a procedure for calculating the password (PWD) at the processing systems (S, C) of both parties on the basis of predetermined common algorithms, said calculating procedure comprising the operations of;
generating a first string of characters (N30) by means of a first algorithm (ALGN30), on the basis of said random number (RND) and of a hidden dynamic variable (n;
p) not transmitted over the network, but obtained from said processing systems (S, C) independently;
extracting a second string of characters (N3), a subset of said first string (N30), by means of a second algorithm (ALGN3), as a function of said hidden dynamic variable (n;
p) and of said random number (RND); and
generating the temporary password (PWD) by means of a third algorithm (ALGPWD), on the basis of said second string of characters (N3), and in that identification of the authorized party takes place following the transmission to the processing system (S) of the provider party, of the password (PWD) calculated by the processing system (C) of the user party, and through subsequent comparison with the password (PWD) calculated by the processing system (S) of the provider party, so that access to the service is permitted if such comparison gives a positive result, and is otherwise denied. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
-
Specification