Secure transaction system and method utilized therein

US 5,646,998 A
Filed: 05/22/1995
Issued: 07/08/1997
Est. Priority Date: 11/17/1992
Status: Expired due to Fees

First Claim

Patent Images

1. In a system wherein a party has a personal identification number from which first coded authentication information is generated, the first coded authentication information being derivable from a predetermined secret number and a predetermined non-secret number which have been previously stored in a storage means, a method for authenticating the party comprising the steps of:

receiving the personal identification number from the party, the personal identification number being unrecoverable in the system;

generating second coded authentication information by using the received personal identification number, the step of generating the second coded authentication information comprises the steps of coding the received personal identification number to generate a coded personal identification number and coding an arbitrary number using the coded personal identification number to generate a first coded arbitrary number;

retrieving the secret and non-secret numbers from the storage means;

generating third coded authentication information by using the retrieved secret and non-secret numbers;

comparing the second coded authentication information and the third coded authentication information;

authenticating the party if the second coded authentication information corresponds to the third coded authentication information; and

generating at a first site an anti-duplication variable authentication number (ADVAN) by coding at least a transmission date and time with the first coded authentication information, and further including the step of transmitting the ADVAN, the first coded arbitrary number and the arbitrary number from a first site to a second site over an unsecured communication medium.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A transaction system is disclosed wherein, when a transaction, document or thing needs to be authenticated, information associated with one or more of the parties involved is coded together to produce a joint code. This joint code is then utilized to code information relevant to the transaction, document or record, in order to produce a variable authentication number (VAN) at the initiation of the transaction. This VAN is thereafter associated with the transaction and is recorded on the document or thing, along with the original information that was coded. During subsequent stages of the transaction, only parties capable of reconstructing the joint code will be able to uncode the VAN properly in order to re-derive the information. The joint code serves to authenticate the parties, and the comparison of the re-derived information against the information recorded on the document serves to authenticate the accuracy of that information.

Citations

23 Claims

1. In a system wherein a party has a personal identification number from which first coded authentication information is generated, the first coded authentication information being derivable from a predetermined secret number and a predetermined non-secret number which have been previously stored in a storage means, a method for authenticating the party comprising the steps of:
- receiving the personal identification number from the party, the personal identification number being unrecoverable in the system;
  
  generating second coded authentication information by using the received personal identification number, the step of generating the second coded authentication information comprises the steps of coding the received personal identification number to generate a coded personal identification number and coding an arbitrary number using the coded personal identification number to generate a first coded arbitrary number;
  
  retrieving the secret and non-secret numbers from the storage means;
  
  generating third coded authentication information by using the retrieved secret and non-secret numbers;
  
  comparing the second coded authentication information and the third coded authentication information;
  
  authenticating the party if the second coded authentication information corresponds to the third coded authentication information; and
  
  generating at a first site an anti-duplication variable authentication number (ADVAN) by coding at least a transmission date and time with the first coded authentication information, and further including the step of transmitting the ADVAN, the first coded arbitrary number and the arbitrary number from a first site to a second site over an unsecured communication medium.
- View Dependent Claims (2)
- - 2. The method of claim 1, further comprising the steps of:
    - deriving at the second site the first coded authentication information from the retrieved secret and non-secret numbers;
      
      uncoding the ADVAN at the second site using the derived first coded authentication information to regenerate the transmission date and time; and
      
      further authenticating the party if the regenerated transmission date and time correspond to a reception date and time.

3. In a transaction system wherein a party has a first personal identification number (PIN1) and an official has a second personal identification number (PIN2), a method for enrolling the party and issuing the party a credential, and then authenticating the party and the credential in a subsequent transaction, the method of enrolling and issuing comprising the steps of:
- coding information associated with the party with information associated with the official to generate a joint code;
  
  storing the joint code in a first storage means, the joint code being retrievable from the first storage means only by a party who can provide the PIN1;
  
  storing the joint code in a second storage means, the joint code being retrievable from the second storage means only by a party who can provide the PIN2;
  
  coding information relevant to the credential with the joint code to generate a first variable authentication number (VAN1);
  
  recording the VAN1 on the credential;
  
  issuing the credential to the party; and
  
  the method of authenticating the party and the credential in a subsequent transaction comprising the steps of;
  
  receiving the PIN1 from the party to be authenticated;
  
  accessing the first storage means with the PIN1 to locate and retrieve the joint code;
  
  coding information relevant to the credential with the retrieved joint code to generate a second variable authentication number (VAN2);
  
  comparing the VAN2 to the VAN1; and
  
  authenticating the party and the credential if the VAN2 corresponds to the VAN1.
- View Dependent Claims (4, 5, 6)
- - 4. The method of claim 3, further comprising the steps of:
    - retrieving the joint code from the second storage means;
      
      regenerating the joint code by coding information associated with the party with information associated with the official;
      
      comparing the retrieved joint code with the regenerated joint code; and
      
      authenticating the official if the retrieved joint code corresponds to the regenerated joint code.
  - 5. The method of claim 3, further comprising the steps of:
    - retrieving the joint code from the first storage means;
      
      retrieving the joint code from the second storage means;
      
      comparing the retrieved joint codes; and
      
      authenticating the official if the retrieved joint codes correspond.
  - 6. The method of claim 3 wherein the joint code is revised or erased from the second storage means after the VAN1 is recorded on the credential.

7. A transaction system for enrolling a party, wherein the party has a first personal identification number (PIN) and the system has an official, the system comprising:
- means for coding information associated with the party with information associated with the official to generate a joint code, the joint code being subsequently associable with a transaction;
  
  a storage means being accessible only to a party with knowledge of the first PIN;
  
  means for storing the joint code in the storage means, such that if no party exists with knowledge of the first PIN, the joint code cannot be accessed from the storage means and, therefore, cannot be associated with a transaction;
  
  means for coding information relevant to the transaction with the joint code for generating a variable authentication number (VAN);
  
  means for recording the VAN on a credential associated with the transaction; and
  
  means for issuing the credential.
- View Dependent Claims (9)
- - 9. A transaction system according to claim 7 further including:
    - means for storing in the storage means the information associated with the party and the information associated with the official that are used to generate the joint code.

8. A transaction system for enrolling a party, wherein the party has a first personal identification number (PIN) and the system has an official, the system comprising:
- means for coding information associated with the party with information associated with the official to generate a joint code, the joint code being subsequently associable with a transaction;
  
  a storage means being accessible only to a party with knowledge of the first PIN; and
  
  means for storing the joint code in the storage means, such that if no party exists with knowledge of the first PIN, the joint code cannot be accessed from the storage means and, therefore, cannot be associated with a transaction;
  
  means for storing the joint code in a second storage means accessible only to a party having knowledge of the second PIN;
  
  means for receiving the second PIN from the official;
  
  means for accessing the second storage means using at least the received second PIN for retrieving the joint code;
  
  means for coding information relevant to the transaction using the joint code for generating a variable authentication number (VAN);
  
  means for recording the VAN on a credential associated with the transaction; and
  
  means for issuing the credential such that a party without knowledge of the second PIN cannot access the second storage means or the joint code stored therein and, therefore, cannot legitimately issue the credential.

10. In a system wherein a party has a personal identification number from which first coded authentication information is generated, the first coded authentication information being derivable from a predetermined secret number and a predetermined non-secret number which have been previously stored in a storage means, a method for authenticating the party and a transaction comprising the steps of:
- receiving at a first site a personal identification number from the party, the personal identification number being unrecoverable in the system;
  
  generating second coded authentication information using the received personal identification number;
  
  generating a first anti-duplication variable authentication number (ADVAN1) by coding at least a transmission date and time, and other transaction information using the second coded authentication information, the transmission date and time being unique and non-predetermined;
  
  transmitting at least the first anti-duplication variable authentication number (ADVAN1) and the transmission date and time from the first site to a second site;
  
  receiving at the second site at least the first anti-duplication variable authentication number (ADVAN1) and the transmission date and time;
  
  retrieving at the second site the secret and non-secret numbers from the storage means;
  
  generating third coded authentication information using the retrieved secret and non-secret numbers;
  
  uncoding the first anti-duplication variable number (ADVAN1) using the third coded authentication information to recover at least the transmission date and time and the other transaction information,comparing at least the transmission date and time recovered from the first anti-duplication variable authentication number (ADVAN1) with at least the transmission date and time received at the second site; and
  
  authenticating the party and the transaction if at least the transmission date and time recovered from the first anti-duplication variable authentication number (ADVAN1) corresponds to the transmission date and time received at the second site.
- View Dependent Claims (11)
- - 11. The method of claim 10 comprising the additional steps of:
    - coding the first transmission date and time received at the second site and the other transaction information recovered by uncoding the first anti-duplication variable authentication number (ADVAN1) using the third coded authentication information to generate a second anti-duplication variable authentication number (ADVAN2);
      
      comparing the first anti-duplication variable authentication number (ADVAN1) with the second anti-duplication variable authentication number (ADVAN2); and
      
      authenticating the party and the transaction if the first anti-duplication variable authentication number (ADVAN1) corresponds to the second anti-duplication variable authentication number (ADVAN2).

12. In a system wherein a party has a personal identification number from which first coded authentication information is generated, the first coded authentication information being derivable from a predetermined secret number and a predetermined non-secret number which have been previously stored in a storage means, a method for authenticating the party and a transaction comprising the steps of:
- receiving at a first site a personal identification number from the party, the personal identification number being unrecoverable in the system;
  
  generating second coded authentication information using the received personal identification number;
  
  generating an anti-duplication variable authentication number (ADVAN) by coding at least a first transmission date and time, and other transaction information using the second coded authentication information, the first transmission date and time being unique and non-predetermined;
  
  transmitting at least the anti-duplication variable authentication number (ADVAN) from the first site to a second site;
  
  receiving at the second site at least the anti-duplication variable authentication number (ADVAN);
  
  retrieving at the second site the secret and non-secret numbers from the storage means;
  
  generating third coded authentication information using the retrieved secret and non-secret numbers;
  
  uncoding the anti-duplication variable authentication number (ADVAN) received at the second site using the third coded authentication information to recover at least the first transmission date and time;
  
  comparing at least the first transmission date and time recovered from the anti-duplication variable authentication number (ADVAN) with at least a second date and time of receiving the anti-duplication variable authentication number (ADVAN); and
  
  authenticating the party and the transaction if at least the first transmission date and time recovered from the anti-duplication variable authentication number (ADVAN) compares favorably to the second date and time of receiving the anti-duplication variable authentication number (ADVAN).

13. A method for authenticating a credential and a first party who was issued the credential, and a second party associated with issuing the credential, the method comprising the steps of:
- retrieving first information previously stored in the credential, wherein the first information previously stored in the credential includes a first variable authentication number (VAN1);
  
  retrieving second information previously stored in a storage means associated with at least one of the parties, wherein the second information includes a joint code;
  
  receiving third information from at least one of the parties;
  
  coding the third information from at least one of the parties, and the joint code retrieved from the storage means to generate a second variable authentication number (VAN2); and
  
  authenticating the credential, and the first party who was issued the credential, and the second party associated with issuing the credential, if the first variable authentication number (VAN1) retrieved from the credential corresponds to the generated second variable authentication number (VAN2).
- View Dependent Claims (14, 15)
- - 14. The method of claim 13, wherein the third information received from at least one of the parties comprises identification information associated with at least one of the parties.
  - 15. The method of claim 13 wherein the second party is an agent, or an agency, or an official of an agency, or an authority, or an administrator, or an entity entrusted with issuing a credential.

16. A method for enrolling and issuing a credential to a first party by a second party, the information stored in the credential comprising first non-secret information associated with the first party, and second non-secret information associated with the second party, and other information associated with the credential, and a variable authentication number (VAN) derived from at least third information associated with one of the parties, and fourth information associated with the other party, the method comprising the steps of;
- receiving first non-secret information associated with the first party, and second non-secret information associated with the second party, and the other information associated with the credential;
  
  receiving third information associated with one of the parties, and fourth information associated with the other party;
  
  coding the third information associated with one of the parties, and the fourth information associated with the other party to generate a variable authentication number (VAN);
  
  storing the first non-secret information associated with the first party, and the second non-secret information associated with the second party, and the other information associated with the credential, and the variable authentication number (VAN) in the credential; and
  
  issuing the credential to the first party.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The method of claim 16 comprising the additional step of;
    - storing at least a portion of the information stored in the credential, and at least a portion of the information used to derive the VAN in at least one storage means associated with at least one of the parties.
  - 18. The method of claim 16 wherein the fourth information associated with one of the parties is stored in the storage means associated with at least one of the parties and comprises a secret number.
  - 19. The method of claim 16 wherein the third information associated with one of the parties comprises a coded number derived in conjunction with the PIN of that party.
  - 20. The method of claim 16 wherein the fourth information associated with one of the parties comprises a coded number derived in conjunction with the PIN of that party.
  - 21. The method of claim 16 wherein a first joint key is generated and stored in at least one storage means associated with the at least one of the parties, the method comprising the steps of;
    - coding the third information associated with one of the parties, and the fourth information associated with the other party to generate the first joint key; and
      
      storing the first joint key in at least one storage means associated with the at least one of the parties.
  - 22. The method of claim 16 wherein the second party is an agent, or an agency, or an official of an agency, or an authority, or an administrator, or an entity entrusted with issuing a credential.

23. A method for securing in escrow, and in trust, information associated with a first party in a storage means associated with a second party, wherein at least a portion of the escrowed information is used for generating a joint key, wherein the joint key is derivable from information associated with the first party and information associated with a second party, the first party being enrolled by the second party and issued a credential, wherein the escrowed information comprises at least a variable authentication number(VAN), the VAN being previously derived from the information used to generate the joint key and other information, the method comprising the steps of:
- previously receiving information associated with the first party and information associated with the second party;
  
  previously generating a joint key using information associated with the first party and information associated with the second party; and
  
  retaining in the storage means, in trust, at least the information associated with the first party and information associated with the second party which was previously used to generate the joint key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Leon Stambler
Original Assignee
Leon Stambler
Inventors
Stambler, Leon
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US08/445,477
Time in Patent Office

778 Days
Field of Search

380/23-25, 340/825.34
US Class Current

705/76
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/347   Passive cards

G06Q 20/3821   Electronic credentials

G06Q 20/385   using an alias or single-us...

G06Q 20/401   Transaction verification

G07F 7/08   by coded identity card or c...

G07F 7/10   together with a coded signa...

G07F 7/1016   Devices or methods for secu...

G07F 7/1066   PIN data being compared to ...

G07F 7/12   Card verification

G07F 7/125   Offline card verification

G16H 20/10   relating to drugs or medica...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3226   using a predetermined code,...

Secure transaction system and method utilized therein

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Secure transaction system and method utilized therein

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links