Method for securing information relevant to a transaction
DC CAFCFirst Claim
1. A method for coding and storing information, comprising information associated with a party and other sensitive information, said information associated with a party being subsequently used to authenticate the party and authorize access, the method comprising:
- previously receiving a first personal identification number (PIN1) from the party;
previously deriving or accessing first coded authentication information by using the first PIN1;
previously generating at least two numbers using the first coded authentication information, wherein at least one of the at least two numbers is an arbitrary number;
previously storing each of the at least two numbers in one or more storage means;
retrieving each of the at least two numbers previously stored in the one or more storage means;
receiving a second personal identification number (PIN2) from a party to be authenticated;
deriving or accessing second coded authentication information by using the second PIN2;
combining each of the at least two numbers retrieved from the one or more storage means to derive third coded authentication information;
comparing the second coded authentication information with the third coded authentication information; and
authenticating the party and authorizing access if the second coded authentication information and third coded authentication information correspond to each other.
0 Assignments
Litigations
7 Petitions
Accused Products
Abstract
A transaction system wherein, when a transaction, document or thing needs to be authenticated, information associated with one or more of the parties involved is coded together to produce a joint code. This joint code is then utilized to code information relevant to the transaction, document or record, in order to produce a variable authentication number (VAN) at the initiation of the transaction. This VAN is thereafter associated with the transaction and is recorded on the document or thing, along with the original information that was coded. During subsequent stages of the transaction, only parties capable of reconstructing the joint code will be able to uncode the VAN properly in order to re-derive the information. The joint code serves to authenticate the parties, and the comparison of the re-derived information against the information recorded on the document serves to authenticate the accuracy of that information.
-
Citations
91 Claims
-
1. A method for coding and storing information, comprising information associated with a party and other sensitive information, said information associated with a party being subsequently used to authenticate the party and authorize access, the method comprising:
-
previously receiving a first personal identification number (PIN1) from the party; previously deriving or accessing first coded authentication information by using the first PIN1; previously generating at least two numbers using the first coded authentication information, wherein at least one of the at least two numbers is an arbitrary number; previously storing each of the at least two numbers in one or more storage means; retrieving each of the at least two numbers previously stored in the one or more storage means; receiving a second personal identification number (PIN2) from a party to be authenticated; deriving or accessing second coded authentication information by using the second PIN2; combining each of the at least two numbers retrieved from the one or more storage means to derive third coded authentication information; comparing the second coded authentication information with the third coded authentication information; and authenticating the party and authorizing access if the second coded authentication information and third coded authentication information correspond to each other. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for coding first information, the method comprising:
coding the first information using second information and then coding the result using third information, at least one of the second and third information being associated with at least one entity, the entity comprising a person or a computer program, wherein a credential having non-secret information stored therein is previously issued to at least one entity by a trusted entity, the non-secret information including the second or third information.
-
8. In a multi-party transaction system, a method for securing information relevant to a transaction, the method comprising:
-
coding the information relevant to the transaction using first information associated with a party to generate first coded transaction information; coding the first coded transaction information using second information associated with more than one party to generate second coded transaction information, wherein a credential having non-secret information stored therein is previously issued to at least one of the parties by a trusted party, the non-secret information including the first or second information. - View Dependent Claims (9)
-
-
10. A method for securing in escrow and in trust, a joint key associated with a first party and a second party and stored in a storage means associated with the second party, wherein escrowed or entrusted information was previously used for generating a variable authentication number (VAN), the joint key being derivable from information associated with the first party and information associated with the second party, the VAN being subsequently used in authenticating the first party, the first party being enrolled by the second party and being issued a credential, the VAN being stored in the credential, the method comprising:
-
previously receiving information associated with the first party and information associated with the second party; previously generating a joint key using the information associated with the first party, and the information associated with the second party; and retaining in the storage means, in trust, at least the joint key. - View Dependent Claims (11)
-
-
12. A method for enrolling and issuing a credential to a first party by a second party, and subsequently granting the first party access to a first storage means, wherein the first party has a first personal identification number (PIN1), and the second party is previously granted authority to issue a credential to the first party, the first storage means, being accessible only to a party with knowledge of the first PIN1, the method of enrollment and issuing a credential comprising:
-
receiving information associated with the first party; receiving information associated with the second party; storing in escrow and in trust the information associated with the first party and the information associated with the second party in a second storage means, wherein at least a portion of the information retrieved from the second storage means is used in enrolling the first party and issuing the credential; and subsequently granting the first party access to the first storage means by using the PIN1 or the credential. - View Dependent Claims (13)
-
-
14. A method for enrolling a first party by a second party, and subsequently granting the first party access to a first storage means, wherein the first party has a first personal identification number (PIN1), and the second party has a second personal identification number (PIN2), the first storage means, being accessible only to a party with knowledge of the first PIN1 or with knowledge of the second PIN2, the method of enrollment comprising:
-
receiving information associated with the first party; receiving information associated with the second party; coding the information associated with the first party and the information associated with the second party to generate a joint code; storing the joint code and the information associated with the second party in a second storage means; and subsequently receiving and using PIN1 or PIN2, and retrieving and using the joint code and the information associated with the second party in granting the first party access to the first storage means. - View Dependent Claims (15)
-
-
16. A method for granting a first party access to a first storage means, subsequent to being enrolled by a second party, wherein the first party has a personal identification number (PIN), and wherein information associated with the second party was previously stored during enrollment in a second storage means, and a first joint code was previously generated and stored during enrollment in the second storage means, wherein the joint code was previously generated by using first coded authentication information derived or accessed from the personal identification number (PIN) of the first party and information associated with the second party, the method comprising:
-
receiving a personal identification number (PIN) from the first party and generating or accessing second coded authentication information using the PIN; retrieving from the second storage means the information associated with the second party, and the first joint code; coding the second coded authentication information and the information associated with the second party to generate a second joint code; comparing the first joint code and the second joint code; and granting the first party access to the first storage means, if the first joint code corresponds to the second joint code.
-
-
17. A method for authenticating a first party at first site by a second party at a second site and granting the first party access to a first storage means at a second site, the second party being a person or a computer program, wherein the first party has a personal identification number (PIN), and wherein first information associated with the second party is generated and stored in a second storage means associated with the second party at the second site, and wherein first coded information previously derived or accessed by using the PIN of the first party was previously stored in the second storage means, the method comprising:
-
generating the first information, and storing the first information in the second storage means; receiving the PIN from the first party and deriving or accessing second coded information by using the PIN; retrieving from the second storage means the first information, the first information being previously derived or accessed by using the PIN; coding the first coded information previously derived or accessed by using the PIN and the first information associated with the second party to generate a first joint code; coding the second coded information derived or accessed by using the PIN and the first information associated with the second party to generate a second joint code; comparing the first joint code and the second joint code; and authenticating the first party by the second party, and granting the first party access to the first storage means, if the first joint code corresponds to the second joint code. - View Dependent Claims (18, 19, 20, 21)
-
-
22. In a computer system comprising a memory containing computer information or a first computer program stored in a controlled memory area to which access is granted only upon proper authentication of an authorized user of the computer system, the user including a person or a second computer program, the memory further including a stored control program for interacting with the user and for making a determination as to whether the user is an authorized user, the memory further including a first area not readily accessible to a user, the first area containing a first revisable code, and a second area containing a second revisable code, a method of authentication of a user comprising:
-
receiving in the computer system identification information associated with the user; generating or accessing first coded authentication information using the received identification information associated with the user; retrieving the first revisable code from the first memory area and the second revisable code from the second memory area and deriving therefrom second coded authentication information; comparing the first coded authentication information with the second coded authentication information; authenticating the user, and granting access to the computer information or a first computer program stored in the controlled memory area to the user only if the first and second coded authentication information compare favorably. - View Dependent Claims (23, 24)
-
-
25. In a computer system comprising a memory containing computer information or a first computer program stored in a controlled memory area to which access is granted only upon proper authentication of an authorized user of the computer system, the user including a person or a second computer program, the memory further including a stored control program for interacting with a user and for making a determination as to whether the user is an authorized user, the memory further including a first area not readily accessible to a user, the first area containing a first revisable codes and a second area containing a second revisable code, a method of authentication of a user comprising:
-
receiving in the computer system identification information associated with the user; generating or accessing first coded authentication information using the received identification information associated with the user; retrieving the first revisable code from the first memory area and the second revisable code from the second memory area; deriving a third revisable code using the retrieved first revisable code and the first coded authentication information; comparing the retrieved second revisable code with the derived third revisable code; authenticating the user and granting access to the computer information or first computer program stored in the controlled memory area to the user only if the second and third revisable codes compare favorably. - View Dependent Claims (26, 27)
-
-
28. A method for authenticating a first party by using information stored in a credential, the credential being previously issued to the first party by a second party, wherein information previously stored in the credential comprises at least a non-secret variable authentication number (VAN) and other non-secret credential information, the method comprising:
-
previously irreversibly coding at least a portion of the other non-secret credential information to derive an irreversibly coded number, and further coding the irreversibly coded number with first information associated with the second party to derive a variable authentication number (VAN); previously storing the VAN and the other non-secret credential information in the credential; retrieving the VAN and the other non-secret credential information stored in the credential; retrieving second information associated with the second party previously stored in a storage means associated with at least one of the parties; uncoding the VAN using the second information associated with the second party to derive the irreversibly coded number; and authenticating the first party if the irreversibly coded number derived from at least a portion of the other non-secret credential information retrieved from the credential corresponds to the irreversibly coded number uncoded from the VAN. - View Dependent Claims (29, 30)
-
-
31. A method for issuing a credential to a first party by a second party, the method comprising:
-
the second party receiving non-secret information associated with the first party; the second party authenticating at least a portion of the received non-secret information associated with the first party; denying issuance of the credential if at least a portion of the received non-secret information associated with the first party is determined not to be authentic; coding at least a portion of the received non-secret information associated with the first party with first information associated with the second party to derive a variable authentication number (VAN); storing in the credential the VAN and at least a portion of the received non-secret information associated with the first party, and other information associated with the second party; and issuing the credential to the first party. - View Dependent Claims (32)
-
-
33. A method for authenticating a first party by using information stored in a credential, the credential being previously issued to the first party by a second party, wherein information previously stored in the credential comprises at least a non-secret variable authentication number (VAN) and other non-secret credential information, the method comprising:
-
previously generating a first error detection code (EDC1) by using at least a portion the other non-secret credential information; previously coding the first error detection code (EDC1) with first information associated with the second party to derive a variable authentication number (VAN); previously storing the VAN and the other non-secret credential information in the credential; retrieving the VAN and the other non-secret credential information stored in the credential; deriving a second error detection code (EDC2) by using at least a portion of the retrieved other non-secret credential information; retrieving second information associated with the second party previously stored in a storage means associated with at least one of the parties; uncoding the VAN using the second information associated with the second party to derive a third error detection code (EDC3); and authenticating the first party and at least a portion of the non-secret information stored in the credential if the second error detection code (EDC2) corresponds to the third error detection code (EDC3). - View Dependent Claims (34, 35)
-
-
36. A method for issuing a credential to a first party by a second party, the method comprising:
-
the second party receiving non-secret information associated with the first party; the second party authenticating at least a portion of the received non-secret information associated with the first party; denying issuance of the credential if at least a portion of the received non-secret information associated with the first party is determined not to be authentic; generating an error detection code (EDC) by using at least a portion the received non-secret information associated with the first party; storing in the credential the EDC and at least a portion the received non-secret information associated with the first party, and other information associated with the second party; and issuing the credential to the first party. - View Dependent Claims (37, 38)
-
-
39. A method for authenticating a first party at a first site by a second party at a second site, the second party being a person or a computer program, by using a personal identification number (PIN) supplied by the first party at the first site, and further using a first random number (RN1) generated by the second party at the second site, the PIN being previously used to derive or access first coded authentication information, the first coded authentication information being previously stored in a storage means associated with the second party at the second site, the method comprising:
-
receiving a PIN at the first site from a first party to be authenticated; generating or accessing second coded authentication information using the received PIN; generating a first random number (RN1) at a second site by the second party; storing the first random number (RN1) in the second storage means at the second site; transmitting the first random number (RN1) from the second site to the first site; receiving the first random number (RN1) at the first site by the first party; coding the received first random number (RN1) and the second coded authentication information to derive a first anti-duplication variable authentication number (ADVAN1); transmitting the first anti-duplication variable authentication number (ADVAN1) from the first site to the second site; receiving the first anti-duplication variable authentication number (ADVAN1) at the second site by the second party; retrieving the first coded authentication information from the storage means at the second site; coding the first random number (RN1) and the first coded authentication information to generate a second anti-duplication variable authentication number (ADVAN2); comparing the first anti-duplication variable authentication number (ADVAN1) and the second anti-duplication variable authentication number (ADVAN2); and authenticating the first party by the second party if the first anti-duplication variable authentication number (ADVAN1) and the second anti-duplication variable authentication number (ADVAN2) correspond. - View Dependent Claims (40)
-
-
41. A method for authenticating the transfer of funds from a first account associated with a first party to a second account associated with a second party, the first account information being stored in a first storage means, and the second account information being stored in a second storage means, the method comprising:
-
receiving funds transfer information from the first party, including at least information for identifying the first account of the first party, and information for identifying the second account of the second party, and a transfer amount; generating a variable authentication number (VAN) using at least a portion of the received funds transfer information; a third party for determining whether the at least a portion of the received funds transfer information is authentic by using the VAN; and transferring funds from the first account of the first party to the second account of the second party if the at least a portion of the received funds transfer information and the VAN are determined to be authentic. - View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50)
-
-
51. A method for authenticating the transfer of funds from an account associated with a first party to an account associated with a second party, a credential being previously issued to at least one of the parties by a trusted party, the information stored in the credential being non-secret, the method comprising:
-
receiving funds transfer information, including at least information for identifying the account of the first party, and information for identifying the account of the second party, and a transfer amount; generating a variable authentication number (VAN) using at least a portion of the received funds transfer information; determining whether the at least a portion of the received funds transfer information is authentic by using the VAN and the credential information; and transferring funds from the account of the first party to the account of the second party if the at least a portion of the received funds transfer information and the VAN are determined to be authentic. - View Dependent Claims (52, 53, 54, 55, 56)
-
-
57. A method for authenticating the transfer of funds from an account associated with a first party to an account associated with a second party, at least a part of the transfer being carried out by a third party, comprising:
-
receiving funds transfer information, including at least information for identifying the account of the first party, and information for identifying the account of the second party, and information for identifying the account of the third party, and a transfer amount; generating a first variable authentication number (VAN1) using at least a portion of the received funds transfer information, the VAN1 being associated with the transfer of funds from the account of the third party to the account of the second party; determining whether the at least a portion of the received funds transfer information is authentic by using VAN1; transferring the funds from the account of the third party to the account of the second party if the at least a portion of the received funds transfer information and the VAN1 are determined to be authentic; generating a second variable authentication number (VAN2) using at least a portion of the received funds transfer information, the VAN2 being associated with the transfer of funds from the account of the first party to the account of the third party; determining whether the at least a portion of the received funds transfer information is authentic by using VAN2; and transferring the funds from the account of the first party to the account of the third party if the at least a portion of the received funds transfer information and the VAN2 are determined to be authentic. - View Dependent Claims (58, 59, 60, 61, 62)
-
-
63. A method for authenticating and securing the integrity of relevant information transmitted from a first party at a first site to a second party at a second site by using first information associated with the first party, the first information comprising a secret first key, a non-secret second key, and first credential information, the first information being previously stored in a first storage means at the first site, and the first credential information comprising non-secret information for securing the second key to the first party, the first credential information including a third error detection code (EDC3) being previously stored in the first credential by a third party during prior issuance of the first credential to the first party, and the second key associated with the first party being previously stored in a second storage means at the second site, and the first key being used by the first party to generate a first variable authentication number (VAN1), the VAN1 and the second key being used by the second party to authenticate the first party and the integrity of the relevant information received from the first party, the method comprising:
-
receiving relevant information from the first party; deriving a first error detection code (EDC1) by using the relevant information; retrieving the first information previously stored in the first storage means; coding the EDC1 with the retrieved first key to generate the first variable authentication number (VAN1); forming a first message including at least the VAN1, the first credential information, and the relevant information; transmitting the first message from the first party at the first site to the second party at the second site, and receiving the first message at the second site; extracting the VAN1, the first credential information, and the relevant information from the first message at the second site; retrieving the second key from the second storage means at the second site; determining if the first party is secured to the second key by using the first credential information and the third error detection code (EDC3); rejecting the first message if the first party is determined not to be secured to the second key; uncoding the VAN1 using the second key to recover the first error detection code (EDC1); deriving a second error detection code (EDC2) by using the relevant information; comparing the first error detection code (EDC1) with the second error detection code (EDC2); and authenticating the first party and the integrity of the relevant information if the first error detection code (EDC1) and the second error detection code (EDC2) correspond. - View Dependent Claims (64, 65, 66, 67, 68, 69)
-
-
70. A method of issuing a credential to a first party at a first site, by a second party at a second site, wherein the first party is authenticated during at least one stage of a subsequent transaction by using the credential, wherein the information stored in the credential comprises at least a first variable authentication number VAN1, information for identifying the first party, a non-secret key associated with the first party, and information for identifying the second party, and first and second storage means at the first site, the first storage means being used to store a secret key associated with the first party, the secret key being accessible to a party with knowledge of a pre-determined personal identification number (PIN), the second storage means being used to store the non-secret key associated with the first party, and third and fourth storage means at the second site, the third storage means being used to store a secret key associated with the second party, the secret key being accessible to an authorized party, the fourth storage means being used to store a non-secret key associated with the second party, the method comprising:
-
receiving information for identifying the first party, and a pre-determined personal identification number (PIN) from the first party; retrieving the secret key associated with the first party from the first storage means, only if the personal identification number (PIN) is determined to be authentic; coding at least a portion of the information for identifying the first party to derive a first error detection code (EDC1); generating a second variable authentication number VAN2 by coding the EDC1 with the secret key associated with the first party; retrieving the non-secret key associated with the first party from the second storage means; forming a message including at least the VAN2, the non-secret key associated with the first party, the EDC1, and the information for identifying the first party; transmitting the message from the first party at the first site to the second party at the second site, and receiving the message at the second site; extracting the VAN2, the non-secret key associated with the first party, the EDC1, and the information for identifying the first party from the message at the second site; using at least a portion of the information for identifying the first party to authenticate the identity of the first party; denying issuance of the credential if at least a portion of the information for identifying the first party is determined not to be authentic; retrieving the secret key associated with the second party from the third storage means at the second site; generating a first variable authentication number VAN1 by coding the second variable authentication number VAN2 with the secret key associated with the second party; storing in the credential at least the VAN1, the EDC1, the non-secret key associated with the first party, and information for identifying the second party; issuing the credential to the first party;
wherein the method for authenticating the first party and the credential during at least one stage of a subsequent transaction, comprises;retrieving the information previously stored in the credential; receiving or retrieving the non-secret key associated with the first party and the non-secret key associated with the second party; uncoding the first variable authentication number VAN1 using the non-secret key associated with the second party to recover the second variable authentication number VAN2; uncoding the second variable authentication number VAN2 using the non-secret key associated with the first party to recover the EDC1; authenticating the credential, and the first party who was issued the credential, if the EDC1 retrieved from the credential corresponds to the EDC1 recovered from the second variable authentication number VAN2. - View Dependent Claims (71, 72)
-
-
73. A method for determining if an unauthorized duplication or alteration occurred in first transaction information (FXI) and in second transaction information (SXI), the FXI being originated by a second entity at a second site, and being transmitted to a first entity at a first site, the first entity and the second entity being a person, or a computer program, and the SXI being originated at the first site and being combined with the FXI to form first combined transaction information (FCX) at the first site, an anti-duplication variable authentication number (ADVAN1) being derived from the FCX and first information (FK1) associated with the first entity, the FK1 being previously stored in a first storage means at the first site and being solely accessible to the first entity, the ADVAN1, and the SXI being transmitted from the first site to the second the FXI and the SXI being authenticated at the second site, by using the ADVAN1, FXI, SXI, and second information (FK2) associated with the first entity, the FK2 being previously stored in a second storage means at the second site, a first transaction record storage means (FXR) being used at the first site, and a second transaction record storage means (SXR) being used at the second site, the FXR and SXR being used to store at least the FXI and the SXI, the method comprising:
-
generating or receiving first transaction information (FXI) at the second site, and storing the FXI in the second transaction record (SXR) storage means at the second site; transmitting the FXI from the second site to the first site, and receiving the FXI at the first site; storing the FXI in the first transaction record (FXR) storage means at the first site; generating or receiving second transaction information (SXI) at the first site; storing the SXI in the FXR storage means at the first site; combining the FXI and the SXI to form first combined transaction information (FCX); retrieving the first information (FK1) associated with the first entity from the first storage means, the FK1 being accessible only to the first entity; coding the FCX with the retrieved FK1 to derive a first anti-duplication variable authentication number (ADVAN1); transmitting the first anti-duplication variable authentication number (ADVAN1) and the SXI, from the first site to the second site, and receiving the ADVAN1 and the SXI at the second site; storing the received ADVAN1 and the SXI in the SXR storage means at the second site; and the second entity subsequently using the ADVAN1, the FXI, the SXI, and second information (FK2) associated with the first entity to determine if an unauthorized duplication or alteration occurred in the first transaction information (FXI) or in the second transaction information (SXI). - View Dependent Claims (74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87)
-
-
88. A method for authenticating a first party at a first site by a second party at a second site, the second party being a person or a computer program, by using a personal identification number (PIN) supplied by the first party at the first site, and further using a first random number (RN1) generated by the second party at the second site, the PIN being previously used to derive or access first coded authentication information, the first coded authentication information being previously stored in a storage means associated with the second party at the second site, the method comprising:
-
receiving a PIN at the first site from a first party to be authenticated; generating or accessing second coded authentication information using the received PIN; generating a first random number (RN1) at a second site by the second party; storing the first random number (RN1) in the second storage means at the second site; transmitting the first random number (RN1) from the second site to the first site; receiving the first random number (RN1) at the first site by the first party; coding the received first random number (RN1) and the second coded authentication information to derive a first anti-duplication variable authentication number (ADVAN1), the first anti-duplication variable authentication number (ADVAN1) further being derived by irreversibly coding the received first random number (RN1) to derive a first error detection code (EDC1), and coding the first error detection code (EDC1) with the second coded authentication information to thereby derive the first anti-duplication variable authentication number (ADVAN1); transmitting the first anti-duplication variable authentication number (ADVAN1) from the first site to the second site; receiving the first anti-duplication variable authentication number (ADVAN1) at the second site by the second party; retrieving the first coded authentication information from the storage means at the second site; uncoding the received first anti-duplication variable authentication number (ADVAN1) by using the first coded authentication information to recover the first error detection code (EDC1); retrieving the first random number (RN1) from the storage means at the second site; irreversibly coding the retrieved first random number (RN1) to derive a second error detection code (EDC2); comparing the first error detection code (EDC1) and the second error detection code (EDC2); and authenticating the first party by the second party if the first error detection code (EDC1) and the second error detection code (EDC2) correspond.
-
-
89. In a check or payment instrument transaction system, a method for issuing a check or payment instrument by an originator to a recipient, information associated with the check or payment instrument comprising (1) information associated with the originator, (2) information associated with the recipient, and (3) other information which includes at least an amount of the check or payment instrument, the method comprising:
-
receiving the information associated with the originator and the recipient, and the other information including at least the amount; deriving a variable authentication number (VAN) using at least a portion of the received information; associating the received information and the VAN with the check or payment instrument; and issuing the check or payment instrument. - View Dependent Claims (90)
-
-
91. A method for securing in escrow and in trust, a portion of information used to derive a joint key, the joint key being associated with a first party and a second party and being stored in a storage means associated with the second party, wherein escrowed or entrusted information was previously used for generating a variable authentication number (VAN), the joint key being derivable from information associated with the first party and information associated with the second party, the VAN being subsequently used in authenticating the first party, the first party being enrolled by the second party and being issued a credential, the VAN being stored in the credential, the method comprising:
-
previously receiving information associated with the first party and information associated with the second party; previously generating a joint key using the information associated with the first party, and the information associated with the second party; and retaining in the storage means, in trust, at least a portion of information used to derive the joint key.
-
Specification