Transaction authentication using a centrally generated transaction identifier
First Claim
1. In an information transmission system comprising an authentication agency, a primary transmission path, a switch in the primary transmission path, and an information generator with a station identifier, an authentication method comprising the steps of:
- introducing a first user identifier from a first user identifier source into a first authentication code generator within the information generator;
transmitting a transmission request from the information generator to the authentication agency;
transmitting the station identifier from the information generator to the authentication agency;
accessing a record in a second user identifier source of the user identifier corresponding to the station identifier in response to the transmission request;
forwarding the second user identifier from the second user identifier source to a second authentication code generator within the authentication agency;
generating a request identifier in a request identifier generator, in response to the transmission request;
transmitting the request identifier from the request identifier generator to the first and second authentication code generators;
generating a first authentication code in the first authentication code generator and a second authentication code in the second authentication code generator in response to the request identifier and the first and second user identifiers;
transmitting the first and second authentication codes to a comparator;
comparing the first and second authentication codes and generating a permit signal only if the comparison is successful, showing that the first user identifier and the request identifier have experienced the same total transformation as the second user identifier and the request identifier; and
transmitting the permit signal to the switch, enabling information flow through the primary transmission path, whereby information flow through the primary transmission path is permitted only after successful comparison of the first and second authentication codes.
0 Assignments
0 Petitions
Accused Products
Abstract
Each access attempt transmitted to an authentication agency causes the agency to produce a request identifier unique to that request. The request identifier is transmitted back to the authentication code generator of the user initiating the access attempt, and to an authentication code generator in the agency. The agency also retrieves a user identifier from a database and sends it to its authentication code generator. Both the user'"'"'s authentication code generator and the agency'"'"'s authentication code generator independently combine, through identical or complementary transformations, the user identifier and the request identifier to form a user authentication code and an agency authentication code. The two authentication codes are presented by a comparator, which issues a permit signal only if the comparison indicates a match between the two authentication codes. The permit signal is transmitted to a transaction control device to permit the transaction to proceed. Since the authentication code is unique to each transaction attempt, interception of an authentication code will not permit an unauthorized user to successfully initiate another transaction. As an additional security feature, the user of irreversible transformations in the authentication code generator would prevent decoding of an intercepted authentication code and would not allow an unauthorized user to derive the user identifier associated with the transaction. As required by a particular application, additional levels of security can be achieved by using encryption steps in combination with the irreversible transformations at selected points in the process.
306 Citations
37 Claims
-
1. In an information transmission system comprising an authentication agency, a primary transmission path, a switch in the primary transmission path, and an information generator with a station identifier, an authentication method comprising the steps of:
-
introducing a first user identifier from a first user identifier source into a first authentication code generator within the information generator; transmitting a transmission request from the information generator to the authentication agency; transmitting the station identifier from the information generator to the authentication agency;
accessing a record in a second user identifier source of the user identifier corresponding to the station identifier in response to the transmission request;forwarding the second user identifier from the second user identifier source to a second authentication code generator within the authentication agency; generating a request identifier in a request identifier generator, in response to the transmission request; transmitting the request identifier from the request identifier generator to the first and second authentication code generators; generating a first authentication code in the first authentication code generator and a second authentication code in the second authentication code generator in response to the request identifier and the first and second user identifiers; transmitting the first and second authentication codes to a comparator; comparing the first and second authentication codes and generating a permit signal only if the comparison is successful, showing that the first user identifier and the request identifier have experienced the same total transformation as the second user identifier and the request identifier; and transmitting the permit signal to the switch, enabling information flow through the primary transmission path, whereby information flow through the primary transmission path is permitted only after successful comparison of the first and second authentication codes. - View Dependent Claims (2, 3, 4, 5, 6, 12)
-
-
7. A method of claim i in which the first authentication code and the second authentication code are generated through use of identical transforms.
- 8. A method of claim i in which the first authentication code is generated through use of a first transform, comparison of the first authentication code includes use of a second transform, the second authentication code is generated through use of a third transform, and comparison of the second authentication code includes use of a fourth transform, the transforms being such that successive application of the first and second transform is identical to the successive application of the third and fourth transform.
-
10. A method of claim i in which the information generator communicates with the authentication agency by means of radio transmission.
-
11. A method of claim i in which introducing the user identifier into the first authentication code generator includes the step of introducing an enabling key into the information generator.
-
13. An authenticating information transmission system comprising an information generator, an authentication agency and a primary transmission path, the information generator communicating with the authentication agency, said agency controlling the primary transmission path, wherein the information generator comprises:
-
requesting means for presenting a transmission request to the authentication agency; a first authentication code generator comprising a first user identifier access port, a first request identifier access port, a first transformer for combining a first user identifier and a first request identifier transmitted to the respective access port to produce a first authentication code, and a first transmitter for transmitting the first authentication code to the authentication agency; and an information source for introducing information into the primary transmission path, wherein the authentication agency comprises; a request identifier generator comprising a first transmission request access port and a second transmitter for transmitting the request identifier to the first authentication code generator and to a second authentication code generator; a user identifier source comprising a second transmission request access port and a third transmitter for transmitting a second user identifier to the second authentication code generator; the second authentication code generator comprising a second request identifier access port, a second user identifier access port, a second transformer for combining the second request identifier and the second user identifier, transmitted to the respective access port to produce a second authentication code, and a fourth transmitter for transmitting the second authentication code to a comparator; and the comparator comprising a first authentication code access port, a second authentication code access port, a comparing means for comparing the first authentication code and the second authentication code, transmitted to the respective access port, and producing a permit signal only if the first authentication code and the second authentication code, when compared by the comparing means, are equal, indicating a matching condition between the first and second authentication codes, and a fifth transmitter for transmitting the permit signal to the primary transmission path; and wherein the primary transmission path comprises a transmission controller with a permit signal access port for authorizing transmission when the permit signal is transmitted to the permit signal access port. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A transaction request authentication process comprising the steps of:
-
introducing a first user identifier into a first authentication code generator, within a user device; transmitting a transaction request to an authentication agency; in the authentication agency, generating a request identifier and a second user identifier in response to the transaction request; transmitting the request identifier to the first authentication code generator and to a second authentication code generator, within the authentication agency; transmitting the second user identifier to the second authentication code generator; generating a first authentication code in response to the first user identifier and the request identifier and a second authentication code in response to the second user identifier and the request identifier; transmitting the first authentication code and the second authentication code to a comparator, within the authentication agency; generating a permit signal in the comparator in response to the first and second authentication codes; and transmitting the permit signal to a transaction device, thereby authorizing a transaction to proceed. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
-
-
32. A transaction request authentication process comprising the steps of:
-
introducing a first user identifier into a first authentication code generator, within a user device; generating a request identifier in the user device;
transmitting a transaction request and the request identifier to an authentication agency;in the authentication agency, generating a second user identifier in response to the transaction request; transmitting the request identifier to the first authentication code generator and to a second authentication code generator, within the authentication agency; transmitting the second user identifier to the second authentication code generator; generating a first authentication code in response to the first user identifier and the request identifier and a second authentication code in response to the second user identifier and the request identifier; transmitting the first authentication code and the second authentication code to a comparator, within the authentication agency; generating a permit signal in the comparator in response to the first and second authentication codes; and transmitting the permit signal to a transaction device, thereby authorizing a transaction to proceed.
-
-
33. A transaction request authentication process comprising the steps of:
-
in an authentication agency, generating a request identifier and a user identifier in response to a transaction request from a user; transmitting the request identifier to the user and to an authentication code generator; transmitting the user identifier to the authentication code generator; generating a first authentication code in the authentication code generator in response to the request identifier and the user identifier; transmitting the first authentication code to a comparator;
receiving into the comparator a second authentication code produced by the user in response to the request identifier;generating a permit signal in the comparator in response to the first authentication code and the second authentication code; and
transmitting the permit signal to a transaction device, thereby authorizing a transaction to proceed.
-
-
34. An information generator for use in an authenticating information transmission system comprising:
-
requesting means for presenting a transmission request to an authentication agency; a first authentication code generator comprising a first user identifier access port, a first request identifier access port, a first transformer for combining a first user identifier and a first request identifier transmitted to the respective access port to produce a first authentication code, and a first transmitter for transmitting the first authentication code to the authentication agency; and an information source for introducing information into the primary transmission path. - View Dependent Claims (35)
-
-
36. An authentication agency for use in an authenticating transaction system comprising:
-
A request identifier generator comprising a first transaction request access port and a second transmitter for transmitting the request identifier to the first authentication code generator and to a second authentication code generator; a user identifier source comprising a second transaction request access port, a third transaction request access port and a third transmitter for transmitting the second user identifier to the second authentication code generator; the second authentication code generator comprising a second request identifier access port, a second user identifier access port, a second transformer for combining the second request identifier and the second user identifier, transmitted to the respective access port to produce a second authentication code, and a fourth transmitter for transmitting the second authentication code to a comparator; and the comparator comprising a first authentication code access port, a second authentication code access port, a comparing means for comparing the first authentication code and the second authentication code, transmitted to the respective access port, and producing a permit signal in response to the first and second authentication codes, and a fifth transmitter for transmitting the permit signal to the primary transaction path for authorizing the transaction to proceed.
-
-
37. A transaction access module for use in a authenticating transaction system comprising:
- requesting means for presenting a transaction request to an authentication agency; and
a first authentication code generator comprising a first user identifier access port, a first request identifier access port, a first transformer for combining a first user identifier and a first request identifier to produce a first authentication code, and a first transmitter for transmitting the first authentication code to the authentication agency.
- requesting means for presenting a transaction request to an authentication agency; and
Specification