Secure transaction system and method utilized therein
First Claim
1. In a system comprising a first storage means addressable using a secret predetermined address and party information associated with a party and stored in the first storage means, the party information comprising first coded authentication information previously generated by using a personal identification number (PIN) associated with the party, a method for authenticating the party comprising the steps of:
- (a) receiving a (PIN) from the party to be authenticated;
(b) addressing the first storage means using the secret predetermined address to locate the party information and to retrieve the first coded authentication information;
(c) generating second coded authentication information using the received PIN;
(d) comparing at least part of the retrieved first coded authentication information to at least part of the generated second coded authentication information; and
(e) authenticating the party if said at least part of the retrieved first coded authentication information corresponds to said at least part of the generated second coded authentication information;
wherein the step of addressing the first storage means comprises the steps of;
(1) accessing a second storage means using a non-secret predetermined address to locate and to retrieve a coded address previously stored in the second storage means, the coded address having been previously generated by coding the secret predetermined address of the first storage means using the PIN;
(2) uncoding the coded address using the received PIN to generate the secret predetermined address; and
(3) accessing the first storage means using the generated secret predetermined address to retrieve the first coded authentication information.
0 Assignments
0 Petitions
Accused Products
Abstract
A transaction system is disclosed wherein, when a transaction, document or thing needs to be authenticated, information associated with one or more of the parties involved is coded together to produce a joint code. This joint code is then utilized to code information relevant to the transaction, document or record, in order to produce a variable authentication number (VAN) at the initiation of the transaction. This VAN is thereafter associated with the transaction and is recorded on the document or thing, along with the original information that was coded. During subsequent stages of the transaction, only parties capable of reconstructing the joint code will be able to uncode the VAN properly in order to re-derive the information. The joint code serves to authenticate the parties, and the comparison of the re-derived information against the information recorded on the document serves to authenticate the accuracy of that information.
-
Citations
22 Claims
-
1. In a system comprising a first storage means addressable using a secret predetermined address and party information associated with a party and stored in the first storage means, the party information comprising first coded authentication information previously generated by using a personal identification number (PIN) associated with the party, a method for authenticating the party comprising the steps of:
-
(a) receiving a (PIN) from the party to be authenticated; (b) addressing the first storage means using the secret predetermined address to locate the party information and to retrieve the first coded authentication information; (c) generating second coded authentication information using the received PIN; (d) comparing at least part of the retrieved first coded authentication information to at least part of the generated second coded authentication information; and (e) authenticating the party if said at least part of the retrieved first coded authentication information corresponds to said at least part of the generated second coded authentication information; wherein the step of addressing the first storage means comprises the steps of; (1) accessing a second storage means using a non-secret predetermined address to locate and to retrieve a coded address previously stored in the second storage means, the coded address having been previously generated by coding the secret predetermined address of the first storage means using the PIN; (2) uncoding the coded address using the received PIN to generate the secret predetermined address; and (3) accessing the first storage means using the generated secret predetermined address to retrieve the first coded authentication information. - View Dependent Claims (2, 3, 4)
-
-
5. A method for enrolling and authenticating a party, comprising the steps of:
-
receiving a personal identification number (PIN) from the party; generating coded authentication information using the received PIN; generating first and second numbers such that the coded authentication information is derivable from the first and second numbers, the first number being secret and the second number being non-secret; storing information comprising the secret number in a first storage means addressable using a predetermined secret address; generating a coded secret address using at least part of the predetermined secret address and the received PIN; and storing the coded secret address and the non-secret number in a second storage means addressable using a predetermined non-secret address. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for authenticating a party and for authorizing access to a storage means associated with the party, the storage means being addressable using a secret predetermined address, the method comprising the steps of:
-
receiving a personal identification number (PIN) from a party to be authenticated; generating coded authentication information using the PIN, the coded authentication information being derivable from a secret number previously stored in the storage means and a non-secret number previously stored in a storage medium in possession of the party; retrieving from the storage medium at least a coded address and the non-secret number, the coded address having been previously generated by coding at least a portion of the secret predetermined address using the coded authentication information; generating said at least a portion of the secret predetermined address by uncoding the coded address using the coded authentication information; transmitting at least the generated said at least a portion of the secret predetermined address and the retrieved non-secret number from a first site to a second site over a communication link; generating at the second site the secret predetermined address using the transmitted said at least a portion of the secret predetermined address; addressing the storage means using the generated secret predetermined address to retrieve the secret number; deriving the coded authentication information using the retrieved secret number and the transmitted non-secret number; and authenticating the party and authorizing further access to the storage means by using at least the derived coded authentication information. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A system for authenticating a party comprising:
-
means for receiving a personal identification number (PIN) from the party; means for generating coded authentication information using the received PIN; means for generating first and second numbers such that the coded authentication information is derivable from the first and second numbers, the first number being secret and the second number being non-secret; means for storing the secret number in a first storage means addressable using a predetermined secret address; means for generating a coded secret address using at least a part of the predetermined secret address and the received PIN; and means for storing the coded secret address and the non-secret number in a second storage means addressable using a predetermined non-secret address. - View Dependent Claims (21)
-
-
22. In a system comprising a storage means addressable using a secret predetermined address and a first coded number previously stored in the storage means and derivable from the secret predetermined address and a coded address generated by coding the secret predetermined address with first coded authentication information associated with a party to be authenticated, a method for authenticating the party comprising the steps of:
-
receiving a PIN from the party to be authenticated; generating second coded authentication information using the received PIN; deriving the secret predetermined address by uncoding the coded address using the second coded authentication information; generating a second coded number by coding the derived secret predetermined address with the coded address; using the derived secret predetermined address to access the storage means and retrieve the first coded number; and authenticating the party if the retrieved first coded number corresponds to the generated second coded number.
-
Specification