Integrated systems for simultaneous mutual authentication of database and user
First Claim
1. A method and apparatus for the authentication of a system to the holder of a data carrying device recording identification data and other data related to a registered user of that system, wherein subsequent to the introduction of the data carrying device at a device reading apparatus connected to the system and the sending of said identification data to the system, the system sends, from recorded data related to the registered system user, a first code to the device reading apparatus which is compared with a second code derived from the data carrying device, thereby providing for the authentication of the system by reference to a preset differential between the two codes.
0 Assignments
0 Petitions
Accused Products
Abstract
In the field of user authentication, the present invention provides an integrated system for the mutual authentication of a system database and a registered user with a view to increasing the security of remote authentication and the prevention of “phishing/man-in-the-middle” attacks, by one of several alternative means including Code matching, PIN verification, Image reproduction and recognition, Signature and personal data verification, DNA verification and Biometric verification, in each case by means of the differential between variable Codes computed at the database from data recorded for that user and at a remote terminal from replicate data retrieved from a data carrying device. The Codes are derived from the recorded data and a simple algorithm such that the Codes are not predicable.
43 Citations
20 Claims
- 1. A method and apparatus for the authentication of a system to the holder of a data carrying device recording identification data and other data related to a registered user of that system, wherein subsequent to the introduction of the data carrying device at a device reading apparatus connected to the system and the sending of said identification data to the system, the system sends, from recorded data related to the registered system user, a first code to the device reading apparatus which is compared with a second code derived from the data carrying device, thereby providing for the authentication of the system by reference to a preset differential between the two codes.
- 5. A method and apparatus for the authentication of a system to the holder of a data carrying device recording identification data and other data related to a registered user of that system, wherein subsequent to the introduction of the data carrying device at a device reading apparatus connected to the system and the sending of said identification data to the system, the system sends, from recorded data related to the system user, a first code to the device reading apparatus which is compared with a second code derived from the data carrying device, both such codes being determined by variations of elements of the recorded data by reference to an algorithm and determinant recorded on the data carrying device and on the system referenced in part to a specified time and date for the attempted authentication, thereby resulting in first and second codes which vary on every occasion of use and providing for the authentication of the system by reference to a preset differential between the two codes.
-
17. A method and apparatus for the simultaneous mutual biometric authentication of a system and a the registered user of that system by means of a data carrying device recording identification data and other data related to that system user comprising the following steps:
-
[a] the allocation of random codes to a data carrying device issued to the registered system user and to the system [b] the capture of a biometric image of the system user [c] the reduction of such image by means of an algorithm to a biometric template value in a format suited to comparison with other values in the same format [d] the amalgamation of such biometric template value to a part of a code recorded on the system but not on the data carrying device [e] the subsequent introduction of the data carrying device at a device reading apparatus connected to the system [f] the sending of said identification data together with a new random code to the system [g] the sending by the system of a first code derived from recorded data related to the system user to the device reading apparatus [h] the generation of a second code derived from the data carrying device both such codes being determined by variations of elements of the recorded data by reference to an algorithm and determinant recorded on the data carrying device and on the system referenced in part to a specified time and date for the attempted authentication and both incorporating the new random code by exclusive/or logic gate and thereby resulting in first and second codes which vary on every occasion of use [i] the comparison of first and second codes by exclusive/or logic gate and thereby deriving a differential between the two codes being the biometric template value [j] the recording of a session biometric image capture [k] the reduction of such image to a session template by application of the same algorithm as at [c] [l] the comparison of the biometric template value with the session template value [m] the evaluation of the difference between the two template values against preset criteria followed by acceptance as a biometric match or rejection as a non-match thereby providing for simultaneous mutual authentication by conventional biometric means at the device reading apparatus
-
Specification