Secure transaction system and method utilized therein
First Claim
1. In a transaction system comprising a first storage means in possession of a first party, containing party information, the party information comprising a predetermined first non-secret code (ROC1), a predetermined arbitrary first transaction number (TN1), and predetermined party information used to form a predetermined address (PA), a second storage means, and party information stored in the second storage means, the second storage means party information comprising a predetermined arbitrary first secret number (RN1), and a predetermined second transaction number (TN2) corresponding to the TN1, a method for authenticating the first party, the first storage means, and transaction information comprising the steps of:
- receiving a personal identification number (PIN) from the first party, at a first site, and generating first coded authentication information using the received PIN;
retrieving the party information from the first storage means, at the first site;
coding the transaction information and the TN1 with the first coded authentication information to generate a first anti-duplication variable authentication number (ADVAN1), at the first site;
transmitting the ADVAN1, and a portion of the retrieved first storage means party information, said portion comprising the ROC1 and the predetermined party information used to form the PA, from the first site to a second site;
deriving the PA at the second site from the received predetermined party information;
accessing the second storage means using the derived PA to locate and retrieve RN1 and TN2;
generating second coded authentication information using the received ROC1 and the retrieved RN1;
uncoding the ADVAN1 using the second coded authentication information to derive the TN1 and the transaction information;
comparing the derived TN1 to the retrieved TN2;
authenticating the first party, the first storage means, and the transaction information if the derived TN1 corresponds to the retrieved TN2;
forming a revised third transaction number (TN3) and a revised second secret number (RN2);
storing the TN3 and the RN2 in the second storage means at the predetermined address (PA);
generating a revised second non-secret code (ROC2) using the second coded authentication information and the RN2;
coding the TN3 with the second coded authentication information to generate a second anti-duplication variable authentication number ADVAN2);
transmitting the ADVAN2 and the ROC2 from the second site to the first site;
uncoding the received ADVAN2 at the first site using the first coded authentication information to derive the TN3; and
storing the derived TN3 and the received ROC2 in the first storage means for use in a subsequent transaction.
0 Assignments
0 Petitions
Accused Products
Abstract
A transaction system is disclosed wherein, when a transaction, document or thing needs to be authenticated, information associated with one or more of the parties involved is coded together to produce a joint code. This joint code is then utilized to code information relevant to the transaction, document or record, in order to produce a variable authentication number (VAN) at the initiation of the transaction. This VAN is thereafter associated with the transaction and is recorded on the document or thing, along with the original information that was coded. During subsequent stages of the transaction, only parties capable of reconstructing the joint code will be able to uncode the VAN properly in order to re-derive the information. The joint code serves to authenticate the parties, and the comparison of the re-derived information against the information recorded on the document serves to authenticate the accuracy of that information.
-
Citations
17 Claims
-
1. In a transaction system comprising a first storage means in possession of a first party, containing party information, the party information comprising a predetermined first non-secret code (ROC1), a predetermined arbitrary first transaction number (TN1), and predetermined party information used to form a predetermined address (PA), a second storage means, and party information stored in the second storage means, the second storage means party information comprising a predetermined arbitrary first secret number (RN1), and a predetermined second transaction number (TN2) corresponding to the TN1, a method for authenticating the first party, the first storage means, and transaction information comprising the steps of:
-
receiving a personal identification number (PIN) from the first party, at a first site, and generating first coded authentication information using the received PIN; retrieving the party information from the first storage means, at the first site; coding the transaction information and the TN1 with the first coded authentication information to generate a first anti-duplication variable authentication number (ADVAN1), at the first site; transmitting the ADVAN1, and a portion of the retrieved first storage means party information, said portion comprising the ROC1 and the predetermined party information used to form the PA, from the first site to a second site; deriving the PA at the second site from the received predetermined party information; accessing the second storage means using the derived PA to locate and retrieve RN1 and TN2; generating second coded authentication information using the received ROC1 and the retrieved RN1; uncoding the ADVAN1 using the second coded authentication information to derive the TN1 and the transaction information; comparing the derived TN1 to the retrieved TN2; authenticating the first party, the first storage means, and the transaction information if the derived TN1 corresponds to the retrieved TN2; forming a revised third transaction number (TN3) and a revised second secret number (RN2); storing the TN3 and the RN2 in the second storage means at the predetermined address (PA); generating a revised second non-secret code (ROC2) using the second coded authentication information and the RN2; coding the TN3 with the second coded authentication information to generate a second anti-duplication variable authentication number ADVAN2); transmitting the ADVAN2 and the ROC2 from the second site to the first site; uncoding the received ADVAN2 at the first site using the first coded authentication information to derive the TN3; and storing the derived TN3 and the received ROC2 in the first storage means for use in a subsequent transaction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. In a computer system comprising a memory containing computer information stored in a controlled memory area to which access is granted only upon proper authentication of an authorized user of the computer system, the memory further including a stored control program for interacting with a user and for making a determination as to whether the user is an authorized user, the memory further including a first area, not readily accessible to a user, the first memory area containing a first revisable code (RN) and a second revisable code (TSN1) and a second area containing a third revisable code (ROC) and a fourth revisable code (TSN2), the fourth revisable code (TSN2) being identical to the second revisable code (TSN1), a method of authentication of a user comprising the steps of:
-
receiving in the computer system a personal identification number IPIN) from a user; generating first encoded authentication information (CPN1) using the received personal identification number (PIN); retrieving the fourth revisable code (TSN2) and encoding the fourth revisable code (TSN2) with the first encoded authentication information (CPN1) to obtain a first anti-duplication variable number (ADVAN1); retrieving the first revisable code (RN) from the first memory area and the third revisable code (ROC) from the second memory area and deriving therefrom second encoded authentication information (CPN2); retrieving the second revisable code (TSN1) from the first memory area and encoding the second revisable code (TSN1) with the second encoded authentication information (CPN2) to obtain a second anti-duplication variable number (ADVAN2); comparing the first anti-duplication variable number (ADVAN1) with the second anti-duplication variable number (ADVAN2); granting access to the computer information stored in the controlled memory area to the user only if the first and second anti-duplication variable numbers (ADVAN1 and ADVAN2) are identical; and revising and storing the first, second, third and fourth revisable codes (RN, TSN1, ROC and TSN2) in the original respective memory areas only if the first and second anti-duplication variable numbers (ADVAN1 and ADVAN2) are identical. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. In a transaction system comprising a first storage means at a first site in possession of a first party containing party information, the party information comprising a predetermined first non-secret code (ROC) and a predetermined arbitrary first transaction number (TN1), a second storage means at a second site, and party information stored in the second storage means, the second storage means party information comprising a predetermined arbitrary second number (RN), a method for authenticating the first party, the first storage means and transaction information comprising the steps of:
-
previously receiving a personal identification number (PIN) from the first party at a first site and generating coded authentication information (CPN) using the received personal identification number (PIN); previously storing the coded authentication information (CPN) in the first storage means; retrieving the stored coded authentication information (CPN) and the stored first party information (ROC and TN1) from the first storage means; coding the transaction information and the first transaction number (TN1) with the coded authentication information (CPN) to generate a first anti-duplication variable authentication number (ADVAN) at the first site; transmitting the first anti-duplication variable authentication number (ADVAN) and at least a portion of the first party information retrieved from the first storage means comprising at least a portion of the first transaction number (TN1) and at least a portion of the first non-secret code (ROC) from the first site to the second site; retrieving the predetermined arbitrary second number (RN) from the second storage means at the second site; uncoding the anti-duplication variable authentication number (ADVAN) using the first non-secret code (ROC) and the retrieved predetermined second arbitrary number (RN) to derive the first transaction number (TN1) and the transaction information; comparing the derived first transaction number (TN1) and the received first transaction number (TN1); and authenticating the first party, the first storage means, and the transaction information if the derived first transaction number (TN1) corresponds to the received first transaction number (TN1). - View Dependent Claims (16, 17)
-
Specification