Transaction authentication using a centrally generated transaction identifier

US 5,343,529 A
Filed: 09/28/1993
Issued: 08/30/1994
Est. Priority Date: 09/28/1993
Status: Expired due to Fees

First Claim

Patent Images

1. In an information transmission system comprising an authentication agency, a primary transmission path, a switch in the primary transmission path, and an information generator with a station identifier, an authentication method comprising the steps of:

introducing a first user identifier from a first user identifier source into a first authentication code generator within the information generator;

transmitting a transmission request from the information generator to the authentication agency;

transmitting the station identifier from the information generator to the authentication agency;

accessing a record in a second user identifier source of the user identifier corresponding to the station identifier in response to the transmission request;

forwarding the second user identifier from the second user identifier source to a second authentication code generator within the authentication agency;

generating a request identifier in a request identifier generator, in response to the transmission request;

transmitting the request identifier from the request identifier generator to the first and second authentication code generators;

generating a first authentication code in the first authentication code generator and a second authentication code in the second authentication code generator in response to the request identifier and the first and second user identifiers;

transmitting the first and second authentication codes to a comparator;

comparing the first and second authentication codes and generating a permit signal only if the comparison is successful, showing that the first user identifier and the request identifier have experienced the same total transformation as the second user identifier and the request identifier; and

transmitting the permit signal to the switch, enabling information flow through the primary transmission path, whereby information flow through the primary transmission path is permitted only after successful comparison of the first and second authentication codes.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Each access attempt transmitted to an authentication agency causes the agency to produce a request identifier unique to that request. The request identifier is transmitted back to the authentication code generator of the user initiating the access attempt, and to an authentication code generator in the agency. The agency also retrieves a user identifier from a database and sends it to its authentication code generator. Both the user'"'"'s authentication code generator and the agency'"'"'s authentication code generator independently combine, through identical or complementary transformations, the user identifier and the request identifier to form a user authentication code and an agency authentication code. The two authentication codes are presented by a comparator, which issues a permit signal only if the comparison indicates a match between the two authentication codes. The permit signal is transmitted to a transaction control device to permit the transaction to proceed. Since the authentication code is unique to each transaction attempt, interception of an authentication code will not permit an unauthorized user to successfully initiate another transaction. As an additional security feature, the user of irreversible transformations in the authentication code generator would prevent decoding of an intercepted authentication code and would not allow an unauthorized user to derive the user identifier associated with the transaction. As required by a particular application, additional levels of security can be achieved by using encryption steps in combination with the irreversible transformations at selected points in the process.

306 Citations

37 Claims

1. In an information transmission system comprising an authentication agency, a primary transmission path, a switch in the primary transmission path, and an information generator with a station identifier, an authentication method comprising the steps of:
- introducing a first user identifier from a first user identifier source into a first authentication code generator within the information generator;
  
  transmitting a transmission request from the information generator to the authentication agency;
  
  transmitting the station identifier from the information generator to the authentication agency;
  
  accessing a record in a second user identifier source of the user identifier corresponding to the station identifier in response to the transmission request;
  
  forwarding the second user identifier from the second user identifier source to a second authentication code generator within the authentication agency;
  
  generating a request identifier in a request identifier generator, in response to the transmission request;
  
  transmitting the request identifier from the request identifier generator to the first and second authentication code generators;
  
  generating a first authentication code in the first authentication code generator and a second authentication code in the second authentication code generator in response to the request identifier and the first and second user identifiers;
  
  transmitting the first and second authentication codes to a comparator;
  
  comparing the first and second authentication codes and generating a permit signal only if the comparison is successful, showing that the first user identifier and the request identifier have experienced the same total transformation as the second user identifier and the request identifier; and
  
  transmitting the permit signal to the switch, enabling information flow through the primary transmission path, whereby information flow through the primary transmission path is permitted only after successful comparison of the first and second authentication codes.
- View Dependent Claims (2, 3, 4, 5, 6, 12)
- - 2. A method of claim 1 in which the first authentication code and the second authentication code are generated through use of identical irreversible transforms.
  - 3. A method of claim 2 including a step of encrypting the user identifier.
  - 4. A method of claim 1 in which the first authentication code and the second authentication code are generated through use of encryption transforms.
  - 5. A method of claim 1 in which the request identifier includes the time and date of the transmission request.
  - 6. A method of claim 1 in which the request identifier is a number that is not repeated within the time span of the transmission request.
  - 12. A method of a claim 1 in which transmitting the request identifier includes transforming the request identifier together with the second user identifier.

7. A method of claim i in which the first authentication code and the second authentication code are generated through use of identical transforms.

8. A method of claim i in which the first authentication code is generated through use of a first transform, comparison of the first authentication code includes use of a second transform, the second authentication code is generated through use of a third transform, and comparison of the second authentication code includes use of a fourth transform, the transforms being such that successive application of the first and second transform is identical to the successive application of the third and fourth transform.
- View Dependent Claims (9)
- - 9. A method of claim 8 in which the first transform and the third transform are irreversible transforms.

10. A method of claim i in which the information generator communicates with the authentication agency by means of radio transmission.

11. A method of claim i in which introducing the user identifier into the first authentication code generator includes the step of introducing an enabling key into the information generator.

13. An authenticating information transmission system comprising an information generator, an authentication agency and a primary transmission path, the information generator communicating with the authentication agency, said agency controlling the primary transmission path, wherein the information generator comprises:
- requesting means for presenting a transmission request to the authentication agency;
  
  a first authentication code generator comprising a first user identifier access port, a first request identifier access port, a first transformer for combining a first user identifier and a first request identifier transmitted to the respective access port to produce a first authentication code, and a first transmitter for transmitting the first authentication code to the authentication agency; and
  
  an information source for introducing information into the primary transmission path,wherein the authentication agency comprises;
  
  a request identifier generator comprising a first transmission request access port and a second transmitter for transmitting the request identifier to the first authentication code generator and to a second authentication code generator;
  
  a user identifier source comprising a second transmission request access port and a third transmitter for transmitting a second user identifier to the second authentication code generator;
  
  the second authentication code generator comprising a second request identifier access port, a second user identifier access port, a second transformer for combining the second request identifier and the second user identifier, transmitted to the respective access port to produce a second authentication code, and a fourth transmitter for transmitting the second authentication code to a comparator; and
  
  the comparator comprising a first authentication code access port, a second authentication code access port, a comparing means for comparing the first authentication code and the second authentication code, transmitted to the respective access port, and producing a permit signal only if the first authentication code and the second authentication code, when compared by the comparing means, are equal, indicating a matching condition between the first and second authentication codes, and a fifth transmitter for transmitting the permit signal to the primary transmission path; and
  
  wherein the primary transmission path comprises a transmission controller with a permit signal access port for authorizing transmission when the permit signal is transmitted to the permit signal access port.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 14. A device of claim 13 in which the requesting means includes a key port for accepting an enabling key with the first user identifier.
  - 15. A device of claim 14 in which the first authentication code generator includes first encryption means for encrypting the first user identifier.
  - 16. A device of claim 15 in which the user identifier source includes a second encryption means for encrypting the user identifier.
  - 17. A device of claim 16 in which successive application of the first encryption means and the first transformer produces an identical transformation to successive application of the second encryption means and the second transformer.
  - 18. A device of claim 16 in which the information generator further includes a third transformation/encryption means for combining the first authentication code and the first user identifier, the authentication agency further includes a fourth transformation/encryption means for combining the second authentication code and the second user identifier, the comparator includes a fifth encryption means at the first authentication code access port and a sixth encryption means at the second authentication code access port, wherein successive application of the first encryption means, the first transformer, the third transformation/encryption means and the fifth encryption means produces an identical transformation to the successive application of the second encryption means, the second transformer, the fourth transformation/encryption means and the sixth encryption means.
  - 19. A device of claim 13 in which the first transformer and the second transformer produce the same irreversible transform.
  - 20. A device of claim 13 in which the first transformer and the second transformer produce reversible encryption transforms.
  - 21. A device of claim 13 in which the request identifier generator transmits a request identifier including the time and date of the transmission request.
  - 22. A device of claim 13 in which the request identifier generator transmits a request identifier that is not repeated within the time span of the transmission request.
  - 23. A device of claim 13 in which the third transmitter is also adapted for transmitting the second user identifier to the second transmitter and the second transmitter includes a third transformer for transforming the request identifier together with the second user identifier.

24. A transaction request authentication process comprising the steps of:
- introducing a first user identifier into a first authentication code generator, within a user device;
  
  transmitting a transaction request to an authentication agency;
  
  in the authentication agency, generating a request identifier and a second user identifier in response to the transaction request;
  
  transmitting the request identifier to the first authentication code generator and to a second authentication code generator, within the authentication agency;
  
  transmitting the second user identifier to the second authentication code generator;
  
  generating a first authentication code in response to the first user identifier and the request identifier and a second authentication code in response to the second user identifier and the request identifier;
  
  transmitting the first authentication code and the second authentication code to a comparator, within the authentication agency;
  
  generating a permit signal in the comparator in response to the first and second authentication codes; and
  
  transmitting the permit signal to a transaction device, thereby authorizing a transaction to proceed.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
- - 25. A method of claim 24 including the step of encrypting the first user identifier and the second user identifier.
  - 26. A method of claim 24 in which the first authentication code and the second authentication code are generated using an irreversible transform.
  - 27. A method of claim 24 in which the request identifier includes the time and date of the transaction request.
  - 28. A method of claim 24 in which the request identifier is a number that is not repeated within the time span of the transmission request.
  - 29. A method of claim 24 in which the first and second authentication codes are generated using an encryption transform.
  - 30. A method of claim 24 including the steps of encrypting the first and second authentication codes.
  - 31. A method of claim 24 including transforming the request identifier together with the second user identifier.

32. A transaction request authentication process comprising the steps of:
- introducing a first user identifier into a first authentication code generator, within a user device;
  
  generating a request identifier in the user device;
  
  transmitting a transaction request and the request identifier to an authentication agency;
  
  in the authentication agency, generating a second user identifier in response to the transaction request;
  
  transmitting the request identifier to the first authentication code generator and to a second authentication code generator, within the authentication agency;
  
  transmitting the second user identifier to the second authentication code generator;
  
  generating a first authentication code in response to the first user identifier and the request identifier and a second authentication code in response to the second user identifier and the request identifier;
  
  transmitting the first authentication code and the second authentication code to a comparator, within the authentication agency;
  
  generating a permit signal in the comparator in response to the first and second authentication codes; and
  
  transmitting the permit signal to a transaction device, thereby authorizing a transaction to proceed.

33. A transaction request authentication process comprising the steps of:
- in an authentication agency, generating a request identifier and a user identifier in response to a transaction request from a user;
  
  transmitting the request identifier to the user and to an authentication code generator;
  
  transmitting the user identifier to the authentication code generator;
  
  generating a first authentication code in the authentication code generator in response to the request identifier and the user identifier;
  
  transmitting the first authentication code to a comparator;
  
  receiving into the comparator a second authentication code produced by the user in response to the request identifier;
  
  generating a permit signal in the comparator in response to the first authentication code and the second authentication code; and
  
  transmitting the permit signal to a transaction device, thereby authorizing a transaction to proceed.

34. An information generator for use in an authenticating information transmission system comprising:
- requesting means for presenting a transmission request to an authentication agency;
  
  a first authentication code generator comprising a first user identifier access port, a first request identifier access port, a first transformer for combining a first user identifier and a first request identifier transmitted to the respective access port to produce a first authentication code, and a first transmitter for transmitting the first authentication code to the authentication agency; and
  
  an information source for introducing information into the primary transmission path.
- View Dependent Claims (35)
- - 35. A device of claim 34 in which the first transformer is adapted for producing an irreversible transform.

36. An authentication agency for use in an authenticating transaction system comprising:
- A request identifier generator comprising a first transaction request access port and a second transmitter for transmitting the request identifier to the first authentication code generator and to a second authentication code generator;
  
  a user identifier source comprising a second transaction request access port, a third transaction request access port and a third transmitter for transmitting the second user identifier to the second authentication code generator;
  
  the second authentication code generator comprising a second request identifier access port, a second user identifier access port, a second transformer for combining the second request identifier and the second user identifier, transmitted to the respective access port to produce a second authentication code, and a fourth transmitter for transmitting the second authentication code to a comparator; and
  
  the comparator comprising a first authentication code access port, a second authentication code access port, a comparing means for comparing the first authentication code and the second authentication code, transmitted to the respective access port, and producing a permit signal in response to the first and second authentication codes, and a fifth transmitter for transmitting the permit signal to the primary transaction path for authorizing the transaction to proceed.

37. A transaction access module for use in a authenticating transaction system comprising:
- requesting means for presenting a transaction request to an authentication agency; and
  
  a first authentication code generator comprising a first user identifier access port, a first request identifier access port, a first transformer for combining a first user identifier and a first request identifier to produce a first authentication code, and a first transmitter for transmitting the first authentication code to the authentication agency.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Marvin Perlman, Milton Goldfine, Robert A. Montgomery
Original Assignee
Marvin Perlman, Milton Goldfine, Robert A. Montgomery
Inventors
Montgomery, Robert A., Goldfine, Milton, Perlman, Marvin
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/127,893
Time in Patent Office

336 Days
Field of Search

380/23-25, 380/4, 380/30, 380/49, 380/50, 235/379, 235/380, 340/825.31, 340/825.34
US Class Current

705/75
CPC Class Codes

G06F 21/31   User authentication

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/385   using an alias or single-us...

G06Q 20/401   Transaction verification

G06Q 20/4012   Verifying personal identifi...

G06Q 20/4093   Monitoring of device authen...

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3226   using a predetermined code,...

Transaction authentication using a centrally generated transaction identifier

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

306 Citations

37 Claims

Specification

Use Cases

Quick Links

Others

Transaction authentication using a centrally generated transaction identifier

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

306 Citations

37 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others