Integrated systems for simultaneous mutual authentication of database and user

US 20080313726A1
Filed: 06/14/2007
Published: 12/18/2008
Est. Priority Date: 06/14/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method and apparatus for the authentication of a system to the holder of a data carrying device recording identification data and other data related to a registered user of that system, wherein subsequent to the introduction of the data carrying device at a device reading apparatus connected to the system and the sending of said identification data to the system, the system sends, from recorded data related to the registered system user, a first code to the device reading apparatus which is compared with a second code derived from the data carrying device, thereby providing for the authentication of the system by reference to a preset differential between the two codes.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In the field of user authentication, the present invention provides an integrated system for the mutual authentication of a system database and a registered user with a view to increasing the security of remote authentication and the prevention of “phishing/man-in-the-middle” attacks, by one of several alternative means including Code matching, PIN verification, Image reproduction and recognition, Signature and personal data verification, DNA verification and Biometric verification, in each case by means of the differential between variable Codes computed at the database from data recorded for that user and at a remote terminal from replicate data retrieved from a data carrying device. The Codes are derived from the recorded data and a simple algorithm such that the Codes are not predicable.

43 Citations

View as Search Results

20 Claims

1. A method and apparatus for the authentication of a system to the holder of a data carrying device recording identification data and other data related to a registered user of that system, wherein subsequent to the introduction of the data carrying device at a device reading apparatus connected to the system and the sending of said identification data to the system, the system sends, from recorded data related to the registered system user, a first code to the device reading apparatus which is compared with a second code derived from the data carrying device, thereby providing for the authentication of the system by reference to a preset differential between the two codes.
- View Dependent Claims (2, 3, 4, 11, 12, 13, 14, 15, 16, 18, 20)
- - 2. The method and apparatus of claim 1 wherein the codes comprise predetermined variations of elements of the recorded data such that both the first code and the second code vary on each occasion of use without affecting the resultant differential.
  - 3. The method and apparatus of claim 2 wherein the variations of the elements of the recorded data are determined by reference to an algorithm and determinant recorded on the data carrying device and the system.
  - 4. The method and apparatus of claim 3 wherein the algorithm and determinant provide for variations related to a specified time and date for the attempted authentication.
  - 11. The method and apparatus of claim 1 wherein a new random code is sent from the device reading apparatus with the identification data to the system and amalgamated using an exclusive/or logic gate into both the first code and the second code without affecting the resultant differential.
  - 12. The method and apparatus of claims 11 wherein a predetermined fixed personal identification data is entered by the system user at the device reading apparatus and applied by a predetermined algorithm to the second code derived from the data carrying device, thereby providing for simultaneous mutual authentication of system and system user by fixed personal identification data and the resultant differential between the two codes.
  - 13. The method and apparatus of claim 11 wherein the differential comprises the binary value of a facial representation of the system user which is displayed at the device reading apparatus for comparison with the person presenting the data carrying device, thereby providing for simultaneous mutual authentication of system and system user.
  - 14. The method and apparatus of claim 11 wherein additionally the differential in addition comprises the binary value of a representation of the system user'"'"'s signature, which is additionally displayed at the device reading apparatus for comparison with a specimen signature provided by that person.
  - 15. The method and apparatus of claim 11 wherein additionally the differential comprises the binary value of a representation of other personal data related to the system user, which is displayed at the device reading apparatus for verification of a part of that personal data by input or disclosure by that person.
  - 16. The method and apparatus of claim 11 wherein the differential comprises the binary value of biometric data of the system user, previously captured and reduced by an appropriate algorithm to form a template for subsequent biometric data capture matching and being amalgamated by exclusive/or logic gate onto a part of the first code, such template being recovered as the differential being compared with a temporary template derived from an actual biometric image reduced by the same algorithm after capture at the time of the attempted authentication by a biometric capture device linked to the device reading apparatus, thereby providing for simultaneous mutual authentication of system and system user by conventional biometric verification.
  - 18. The method and apparatus of claim 1 wherein the differential relates to the binary value of data residing on the system database and specified by the system user together with the user'"'"'s identification code, such binary value being amalgamated by the system with the first code by exclusive/or logic gate and thereafter being retrieved by the system user by exclusive/or logic gate amalgamation between the first and second codes.
  - 20. The method and apparatus of claim 12 wherein the differential relates to the binary value of data residing on the system database and specified by the system user together with the user'"'"'s identification code, such binary value being amalgamated by the system with the first code by exclusive/or logic gate and thereafter being retrieved by the system user by exclusive/or logic gate amalgamation between the first and second codes.

5. A method and apparatus for the authentication of a system to the holder of a data carrying device recording identification data and other data related to a registered user of that system, wherein subsequent to the introduction of the data carrying device at a device reading apparatus connected to the system and the sending of said identification data to the system, the system sends, from recorded data related to the system user, a first code to the device reading apparatus which is compared with a second code derived from the data carrying device, both such codes being determined by variations of elements of the recorded data by reference to an algorithm and determinant recorded on the data carrying device and on the system referenced in part to a specified time and date for the attempted authentication, thereby resulting in first and second codes which vary on every occasion of use and providing for the authentication of the system by reference to a preset differential between the two codes.
- View Dependent Claims (6, 7, 8, 9, 10, 19)
- - 6. The method and apparatus of claim 5 wherein fixed personal identification data is entered by the system user at the device reading apparatus and applied by a predetermined algorithm to the second code derived from the data carrying device, thereby providing for simultaneous mutual authentication of system and system user by reference to a combination of the fixed personal identification data and to a preset differential between the first and second codes
  - 7. The method and apparatus of claim 5 wherein the differential comprises the binary value of a facial representation of the system user which is displayed at the device reading apparatus for comparison with the person presenting the data carrying device, thereby providing for simultaneous mutual authentication of system and system user.
  - 8. The method and apparatus of claim 5 wherein additionally the differential in addition comprises the binary value of a representation of the system user'"'"'s signature, which is additionally displayed at the device reading apparatus for comparison with a specimen signature provided by that person.
  - 9. The method and apparatus of claim 5 wherein additionally the differential comprises the binary value of a representation of other personal data related to the system user, which is displayed at the device reading apparatus for verification of a part of that personal data by input or disclosure by that person.
  - 10. The method and apparatus of claim 5 wherein the differential comprises the binary value of biometric data of the system user, previously captured and reduced by an appropriate algorithm to form a template for subsequent biometric data capture matching and being amalgamated by exclusive/or logic gate onto a part of the first code, such template being recovered as the differential being compared with a temporary template derived from an actual biometric image reduced by the same algorithm after capture at the time of the attempted authentication by a biometric capture device linked to the device reading apparatus, thereby providing for simultaneous mutual authentication of system and system user by conventional biometric verification.
  - 19. The method and apparatus of claim 5 wherein the differential relates to the binary value of data residing on the system database and specified by the system user together with the user'"'"'s identification code, such binary value being amalgamated by the system with the first code by exclusive/or logic gate and thereafter being retrieved by the system user by exclusive/or logic gate amalgamation between the first and second codes.

17. A method and apparatus for the simultaneous mutual biometric authentication of a system and a the registered user of that system by means of a data carrying device recording identification data and other data related to that system user comprising the following steps:
- [a] the allocation of random codes to a data carrying device issued to the registered system user and to the system[b] the capture of a biometric image of the system user[c] the reduction of such image by means of an algorithm to a biometric template value in a format suited to comparison with other values in the same format[d] the amalgamation of such biometric template value to a part of a code recorded on the system but not on the data carrying device[e] the subsequent introduction of the data carrying device at a device reading apparatus connected to the system[f] the sending of said identification data together with a new random code to the system[g] the sending by the system of a first code derived from recorded data related to the system user to the device reading apparatus[h] the generation of a second code derived from the data carrying deviceboth such codes being determined by variations of elements of the recorded data by reference to an algorithm and determinant recorded on the data carrying device and on the system referenced in part to a specified time and date for the attempted authentication and both incorporating the new random code by exclusive/or logic gate and thereby resulting in first and second codes which vary on every occasion of use[i] the comparison of first and second codes by exclusive/or logic gate and thereby deriving a differential between the two codes being the biometric template value[j] the recording of a session biometric image capture[k] the reduction of such image to a session template by application of the same algorithm as at [c][l] the comparison of the biometric template value with the session template value[m] the evaluation of the difference between the two template values against preset criteria followed by acceptance as a biometric match or rejection as a non-matchthereby providing for simultaneous mutual authentication by conventional biometric means at the device reading apparatus

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Richard Mervyn Gardner
Original Assignee
Richard Mervyn Gardner
Inventors
Gardner, Richard Mervyn

Application Number

US11/818,153
Publication Number

US 20080313726A1
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

H04L 9/3231 Biological data, e.g. finge...

H04L 9/3273 for mutual authentication n...

Integrated systems for simultaneous mutual authentication of database and user

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Integrated systems for simultaneous mutual authentication of database and user

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others