Secure transaction system and method utilized therein
First Claim
1. In a system wherein a party has a personal identification number from which first coded authentication information is generated, the first coded authentication information being derivable from a predetermined secret number and a predetermined non-secret number which have been previously stored in a storage means, a method for authenticating the party comprising the steps of:
- receiving the personal identification number from the party, the personal identification number being unrecoverable in the system;
generating second coded authentication information by using the received personal identification number, the step of generating the second coded authentication information comprises the steps of coding the received personal identification number to generate a coded personal identification number and coding an arbitrary number using the coded personal identification number to generate a first coded arbitrary number;
retrieving the secret and non-secret numbers from the storage means;
generating third coded authentication information by using the retrieved secret and non-secret numbers;
comparing the second coded authentication information and the third coded authentication information;
authenticating the party if the second coded authentication information corresponds to the third coded authentication information; and
generating at a first site an anti-duplication variable authentication number (ADVAN) by coding at least a transmission date and time with the first coded authentication information, and further including the step of transmitting the ADVAN, the first coded arbitrary number and the arbitrary number from a first site to a second site over an unsecured communication medium.
0 Assignments
0 Petitions
Accused Products
Abstract
A transaction system is disclosed wherein, when a transaction, document or thing needs to be authenticated, information associated with one or more of the parties involved is coded together to produce a joint code. This joint code is then utilized to code information relevant to the transaction, document or record, in order to produce a variable authentication number (VAN) at the initiation of the transaction. This VAN is thereafter associated with the transaction and is recorded on the document or thing, along with the original information that was coded. During subsequent stages of the transaction, only parties capable of reconstructing the joint code will be able to uncode the VAN properly in order to re-derive the information. The joint code serves to authenticate the parties, and the comparison of the re-derived information against the information recorded on the document serves to authenticate the accuracy of that information.
-
Citations
23 Claims
-
1. In a system wherein a party has a personal identification number from which first coded authentication information is generated, the first coded authentication information being derivable from a predetermined secret number and a predetermined non-secret number which have been previously stored in a storage means, a method for authenticating the party comprising the steps of:
-
receiving the personal identification number from the party, the personal identification number being unrecoverable in the system; generating second coded authentication information by using the received personal identification number, the step of generating the second coded authentication information comprises the steps of coding the received personal identification number to generate a coded personal identification number and coding an arbitrary number using the coded personal identification number to generate a first coded arbitrary number; retrieving the secret and non-secret numbers from the storage means; generating third coded authentication information by using the retrieved secret and non-secret numbers; comparing the second coded authentication information and the third coded authentication information; authenticating the party if the second coded authentication information corresponds to the third coded authentication information; and generating at a first site an anti-duplication variable authentication number (ADVAN) by coding at least a transmission date and time with the first coded authentication information, and further including the step of transmitting the ADVAN, the first coded arbitrary number and the arbitrary number from a first site to a second site over an unsecured communication medium. - View Dependent Claims (2)
-
-
3. In a transaction system wherein a party has a first personal identification number (PIN1) and an official has a second personal identification number (PIN2), a method for enrolling the party and issuing the party a credential, and then authenticating the party and the credential in a subsequent transaction, the method of enrolling and issuing comprising the steps of:
-
coding information associated with the party with information associated with the official to generate a joint code; storing the joint code in a first storage means, the joint code being retrievable from the first storage means only by a party who can provide the PIN1; storing the joint code in a second storage means, the joint code being retrievable from the second storage means only by a party who can provide the PIN2; coding information relevant to the credential with the joint code to generate a first variable authentication number (VAN1); recording the VAN1 on the credential; issuing the credential to the party; and the method of authenticating the party and the credential in a subsequent transaction comprising the steps of; receiving the PIN1 from the party to be authenticated; accessing the first storage means with the PIN1 to locate and retrieve the joint code; coding information relevant to the credential with the retrieved joint code to generate a second variable authentication number (VAN2); comparing the VAN2 to the VAN1; and authenticating the party and the credential if the VAN2 corresponds to the VAN1. - View Dependent Claims (4, 5, 6)
-
-
7. A transaction system for enrolling a party, wherein the party has a first personal identification number (PIN) and the system has an official, the system comprising:
-
means for coding information associated with the party with information associated with the official to generate a joint code, the joint code being subsequently associable with a transaction; a storage means being accessible only to a party with knowledge of the first PIN; means for storing the joint code in the storage means, such that if no party exists with knowledge of the first PIN, the joint code cannot be accessed from the storage means and, therefore, cannot be associated with a transaction; means for coding information relevant to the transaction with the joint code for generating a variable authentication number (VAN); means for recording the VAN on a credential associated with the transaction; and means for issuing the credential. - View Dependent Claims (9)
-
-
8. A transaction system for enrolling a party, wherein the party has a first personal identification number (PIN) and the system has an official, the system comprising:
-
means for coding information associated with the party with information associated with the official to generate a joint code, the joint code being subsequently associable with a transaction; a storage means being accessible only to a party with knowledge of the first PIN; and means for storing the joint code in the storage means, such that if no party exists with knowledge of the first PIN, the joint code cannot be accessed from the storage means and, therefore, cannot be associated with a transaction; means for storing the joint code in a second storage means accessible only to a party having knowledge of the second PIN; means for receiving the second PIN from the official; means for accessing the second storage means using at least the received second PIN for retrieving the joint code; means for coding information relevant to the transaction using the joint code for generating a variable authentication number (VAN); means for recording the VAN on a credential associated with the transaction; and means for issuing the credential such that a party without knowledge of the second PIN cannot access the second storage means or the joint code stored therein and, therefore, cannot legitimately issue the credential.
-
-
10. In a system wherein a party has a personal identification number from which first coded authentication information is generated, the first coded authentication information being derivable from a predetermined secret number and a predetermined non-secret number which have been previously stored in a storage means, a method for authenticating the party and a transaction comprising the steps of:
-
receiving at a first site a personal identification number from the party, the personal identification number being unrecoverable in the system; generating second coded authentication information using the received personal identification number; generating a first anti-duplication variable authentication number (ADVAN1) by coding at least a transmission date and time, and other transaction information using the second coded authentication information, the transmission date and time being unique and non-predetermined; transmitting at least the first anti-duplication variable authentication number (ADVAN1) and the transmission date and time from the first site to a second site; receiving at the second site at least the first anti-duplication variable authentication number (ADVAN1) and the transmission date and time; retrieving at the second site the secret and non-secret numbers from the storage means; generating third coded authentication information using the retrieved secret and non-secret numbers; uncoding the first anti-duplication variable number (ADVAN1) using the third coded authentication information to recover at least the transmission date and time and the other transaction information, comparing at least the transmission date and time recovered from the first anti-duplication variable authentication number (ADVAN1) with at least the transmission date and time received at the second site; and authenticating the party and the transaction if at least the transmission date and time recovered from the first anti-duplication variable authentication number (ADVAN1) corresponds to the transmission date and time received at the second site. - View Dependent Claims (11)
-
-
12. In a system wherein a party has a personal identification number from which first coded authentication information is generated, the first coded authentication information being derivable from a predetermined secret number and a predetermined non-secret number which have been previously stored in a storage means, a method for authenticating the party and a transaction comprising the steps of:
-
receiving at a first site a personal identification number from the party, the personal identification number being unrecoverable in the system; generating second coded authentication information using the received personal identification number; generating an anti-duplication variable authentication number (ADVAN) by coding at least a first transmission date and time, and other transaction information using the second coded authentication information, the first transmission date and time being unique and non-predetermined; transmitting at least the anti-duplication variable authentication number (ADVAN) from the first site to a second site; receiving at the second site at least the anti-duplication variable authentication number (ADVAN); retrieving at the second site the secret and non-secret numbers from the storage means; generating third coded authentication information using the retrieved secret and non-secret numbers; uncoding the anti-duplication variable authentication number (ADVAN) received at the second site using the third coded authentication information to recover at least the first transmission date and time; comparing at least the first transmission date and time recovered from the anti-duplication variable authentication number (ADVAN) with at least a second date and time of receiving the anti-duplication variable authentication number (ADVAN); and authenticating the party and the transaction if at least the first transmission date and time recovered from the anti-duplication variable authentication number (ADVAN) compares favorably to the second date and time of receiving the anti-duplication variable authentication number (ADVAN).
-
-
13. A method for authenticating a credential and a first party who was issued the credential, and a second party associated with issuing the credential, the method comprising the steps of:
-
retrieving first information previously stored in the credential, wherein the first information previously stored in the credential includes a first variable authentication number (VAN1); retrieving second information previously stored in a storage means associated with at least one of the parties, wherein the second information includes a joint code; receiving third information from at least one of the parties; coding the third information from at least one of the parties, and the joint code retrieved from the storage means to generate a second variable authentication number (VAN2); and authenticating the credential, and the first party who was issued the credential, and the second party associated with issuing the credential, if the first variable authentication number (VAN1) retrieved from the credential corresponds to the generated second variable authentication number (VAN2). - View Dependent Claims (14, 15)
-
-
16. A method for enrolling and issuing a credential to a first party by a second party, the information stored in the credential comprising first non-secret information associated with the first party, and second non-secret information associated with the second party, and other information associated with the credential, and a variable authentication number (VAN) derived from at least third information associated with one of the parties, and fourth information associated with the other party, the method comprising the steps of;
-
receiving first non-secret information associated with the first party, and second non-secret information associated with the second party, and the other information associated with the credential; receiving third information associated with one of the parties, and fourth information associated with the other party; coding the third information associated with one of the parties, and the fourth information associated with the other party to generate a variable authentication number (VAN); storing the first non-secret information associated with the first party, and the second non-secret information associated with the second party, and the other information associated with the credential, and the variable authentication number (VAN) in the credential; and issuing the credential to the first party. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A method for securing in escrow, and in trust, information associated with a first party in a storage means associated with a second party, wherein at least a portion of the escrowed information is used for generating a joint key, wherein the joint key is derivable from information associated with the first party and information associated with a second party, the first party being enrolled by the second party and issued a credential, wherein the escrowed information comprises at least a variable authentication number(VAN), the VAN being previously derived from the information used to generate the joint key and other information, the method comprising the steps of:
-
previously receiving information associated with the first party and information associated with the second party; previously generating a joint key using information associated with the first party and information associated with the second party; and retaining in the storage means, in trust, at least the information associated with the first party and information associated with the second party which was previously used to generate the joint key.
-
Specification