Method and apparatus for personal identification

US 5,023,908 A
Filed: 04/21/1989
Issued: 06/11/1991
Est. Priority Date: 11/30/1984
Status: Expired due to Term

First Claim

Patent Images

1. In a personal identification system of the type wherein a user is provided with a device generating a unique, time-varying, nonpredictable code, with a nonsecret identifying code and with a secret PIN, the nonpredictable code at a given instant and the PIN being provided to a central verification computer to effect verification;

apparatus for providing improved security of the PIN comprising;

means for mixing the nonpredictable code generated by the device at a given time with the PIN to generate a combined coded value;

means for separately communicating the nonsecret identifying code and the coded value form said means for mixing to the central verification computer; and

wherein the central verification computer includes means for utilizing the nonsecret identifying code to retrieve the PIN and appropriate nonpredictable code for the individual, means for stripping the PIN from the coded value from said means for communicating, the nonpredictable code remaining after the stripping of the PIN, and means for utilizing the retrieved PIN, and appropriate nonpredictable code, the stripped PIN and remaining nonpredictable code for performing a verification operation.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for providing improved security for a personal identification number (PIN) in a personal identification and verification system of the type wherein a time dependent nonpredictable code is generated at a device in the possession of the individual, which code is unique to the individual and this code is communicated to, and compared with a nonpredictable code generated at, a central verification computer. In this system, the PIN is mixed with the nonpredictable code before transmission of these values to the central verification computer. a nonsecret code is previously transmitted to the central verification computer and is used to retrieve the PIN and the appropriate nonpredictable code for the user. These values are used to strip the PIN from the transmitted nonpredictable code and the stripped PIN and remaining nonpredictable code are compared with the corresponding retrieved values in order to determine verification.

251 Citations

15 Claims

1. In a personal identification system of the type wherein a user is provided with a device generating a unique, time-varying, nonpredictable code, with a nonsecret identifying code and with a secret PIN, the nonpredictable code at a given instant and the PIN being provided to a central verification computer to effect verification;
- apparatus for providing improved security of the PIN comprising;
  
  means for mixing the nonpredictable code generated by the device at a given time with the PIN to generate a combined coded value;
  
  means for separately communicating the nonsecret identifying code and the coded value form said means for mixing to the central verification computer; and
  
  wherein the central verification computer includes means for utilizing the nonsecret identifying code to retrieve the PIN and appropriate nonpredictable code for the individual, means for stripping the PIN from the coded value from said means for communicating, the nonpredictable code remaining after the stripping of the PIN, and means for utilizing the retrieved PIN, and appropriate nonpredictable code, the stripped PIN and remaining nonpredictable code for performing a verification operation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. Apparatus as claimed in claim 1 wherein said means for performing a verification operation includes means for comparing the PIN and nonpredictable code obtained in response to the nonsecret code with the stripped PIN and remaining nonpredictable code.
  - 3. Apparatus as claimed in claim 1 wherein said verification computer includes means for utilizing the communicated nonsecret identifying code to obtain a unique challenge value for the individual;
    - andmeans for communicating the challenge value to the device.
  - 4. Apparatus as claimed in claim 3 wherein said challenge value communicating means includes means for communicating the challenge value to the individual;
    - andwherein the device includes means for permitting the individual to input the challenge value and his PIN to the device.
  - 5. Apparatus as claimed in claim 4 wherein said device includes means responsive to the challenge value for generating the nonpredictable code;
    - andwherein said mixing means includes means, included as part of the device, for receiving the inputted PIN and the generated nonpredictable value and for generating an output which is a predetermined function of the input.
  - 6. Apparatus as claimed in claim 5 wherein said mixing means adds the PIN to the nonpredictable code.
  - 7. Apparatus as claimed in claim 1 wherein said device includes means for permitting the individual to input his PIN to the device;
    - andwherein said means for mixing is included as part of said device and is adapted to receive the PIN inputted by the individual and the nonpredictable code and to generate an output which is a predetermined function of the input.
  - 8. Apparatus as claimed in claim 7 wherein said mixing means adds the PIN to the nonpredictable code.

9. A method for identifying an individual comprising the steps of:
- utilizing a device int he possession of the individual to generate a unique time-varying, nonpredictable code;
  
  mixing the nonpredictable code generated at a given time with a secret PIN for the individual to generate a combined code; and
  
  communicating a nonsecret identifying code for the individual and the combined code to a central verification computer;
  
  the verification computer utilizing the nonsecret identifying code to retrieve the PIN and appropriate nonpredictable code for the individual, stripping the PIN from the communicated combined code, and utilizing the retrieved PIN and nonpredictable code, the stripped PIN and the remaining nonpredictable code to perform a verification operation.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. A method as claimed in claim 9 wherein the verification computer also generates a unique challenge value in response to the nonsecret identifying code;
    - andincluding the step of communicating the challenge value to the device in possession of the individual.
  - 11. A method as claimed in claim 10 wherein the challenge value is communicated to the individual;
    - andincluding the step of the individual inputting the challenge value and his PIN to the device.
  - 12. A method as claimed in claim 11 wherein the device includes means responsive to the challenge value for generating the nonpredictable code;
    - andwherein the mixing step includes the device receiving the PIN and the nonpredictable code and generating an output which is a predetermined function of the inputs.
  - 13. A method as claimed in claim 12 wherein said predetermined function is a sum of said inputs.
  - 14. A method as claimed in claim 9 including the step of the individual inputting his PIN to the device;
    - andwherein the mixing step includes the steps of the device receiving the PIN inputted by the individual and the nonpredictable code and generating an output which is a predetermined function of the inputs.
  - 15. A method as claimed in claim 14 wherein said predetermined function is a sum of said input.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
EMC Corporation (Dell Technologies Inc.)
Original Assignee
Security Dynamics Technologies, Inc. (Symphony Technology Group LLC)
Inventors
Weiss, Kenneth
Primary Examiner(s)
Buczinski, Stephen C.
Assistant Examiner(s)
GREGORY, BERNARR E

Application Number

US07/341,932
Time in Patent Office

781 Days
Field of Search

380/3, 380/4, 380/23, 380/24, 380/25, 380/49, 380/50, 340/825.31, 340/825.34, 235/379, 235/380, 235/382
US Class Current

713/184
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/725   operating on a secure refer...

G06F 7/582   Pseudo-random number genera...

G06Q 20/346   Cards serving only as infor...

G06Q 20/385   using an alias or single-us...

G06Q 20/4012   Verifying personal identifi...

G07C 9/215   the system having a variabl...

G07F 7/10   together with a coded signa...

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

Y10S 379/903   Password

Method and apparatus for personal identification

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

251 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for personal identification

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

251 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links