System and method for user authentication having clock synchronization
First Claim
1. A system for authentication of individuals and/or messages, including at least one first unit personalized for an individual and at least one second verification unit capable of delivering an authentication function authenticating said individual and/or said messages,(a) said first unit comprising:
- first generating means for generating at least a first variable;
first calculating means for producing a first password as a function of at least said first variable;
transmission means for transmitting said first password to said second unit;
(b) said second unit comprising;
second generating means for, in response to an authentication request made by way of a specified one of said first units, generating at least a second variable assigned to this first unit;
second calculating means for producing a second password as a function of at least said second variable, said first and second variables being produced in concert, but independently in said first and second units;
means for comparing said first and second passwords;
delivering means for, in the event of a predetermined consistency of said passwords, delivering said authentication function;
said transmission means being configured so as to transmit with said first password n digits having the least significant weight of said first variable from said first unit to said second unit;
(c) said second unit further comprising;
j) substituting means for, based on the current value of said second variable, generating a substituted value wherein n digits having the least significant weight are replaced by said n digits having the least significant weight of said first variable, said second variable thereby comprising a replaced first group of n least significant digits and a second group of m highest significant digits;
jj) third calculating means fork) retaining as second variable for the calculation of said second password said substituted variable, if said substituted variable and said current value of said second variable are consistent with at least a first predetermined condition,kk) if said first predetermined condition is not satisfied, adjusting in said substituted value by one unit said second group of m highest significant digits, said adjusting being dependent from a second predetermined condition, said adjusting generating a substituted and adjusted variable, andkkk) retaining as second variable for the calculation of said second password said substituted and adjusted variable.
3 Assignments
0 Petitions
Accused Products
Abstract
The system includes a first unit adapted to communicate with a second unit. The second unit grants conditional access to a function or service in accordance with an authentication operation. Both units are capable of running software for generating passwords by means of encryption of several dynamic variables as for example a time dependent variable and/or a variable representing the number of formulated authentication requests. The encryption may be performed using a dynamic key. In order to synchronize the values of the variables generated in concert but independently in the units, only some of the least significant digits of the variables are transferred from the card-like unit to the other unit, with the transfer being performed by adding the digits to the password. This synchronization information is combined with corresponding variables in the second unit and used to calculate therein a value which has to match with the password calculated in the second unit in order to gain access to the function or service. In a "virtual token" implementation, the first unit can be a smart card, which stores the dynamic key and the variable representing the number of formulated authentication requests and executes an encryption algorithm, a smart card reader and a personal computer. Either the smart card reader or the personal computer can generate the time dependent variable. In a "software token" implementation, the functions of the first unit are performed by a computer such as a personal computer, thus eliminating the need for a smart card or a smart card reader.
324 Citations
50 Claims
-
1. A system for authentication of individuals and/or messages, including at least one first unit personalized for an individual and at least one second verification unit capable of delivering an authentication function authenticating said individual and/or said messages,
(a) said first unit comprising: -
first generating means for generating at least a first variable; first calculating means for producing a first password as a function of at least said first variable; transmission means for transmitting said first password to said second unit; (b) said second unit comprising; second generating means for, in response to an authentication request made by way of a specified one of said first units, generating at least a second variable assigned to this first unit; second calculating means for producing a second password as a function of at least said second variable, said first and second variables being produced in concert, but independently in said first and second units; means for comparing said first and second passwords; delivering means for, in the event of a predetermined consistency of said passwords, delivering said authentication function; said transmission means being configured so as to transmit with said first password n digits having the least significant weight of said first variable from said first unit to said second unit; (c) said second unit further comprising; j) substituting means for, based on the current value of said second variable, generating a substituted value wherein n digits having the least significant weight are replaced by said n digits having the least significant weight of said first variable, said second variable thereby comprising a replaced first group of n least significant digits and a second group of m highest significant digits; jj) third calculating means for k) retaining as second variable for the calculation of said second password said substituted variable, if said substituted variable and said current value of said second variable are consistent with at least a first predetermined condition, kk) if said first predetermined condition is not satisfied, adjusting in said substituted value by one unit said second group of m highest significant digits, said adjusting being dependent from a second predetermined condition, said adjusting generating a substituted and adjusted variable, and kkk) retaining as second variable for the calculation of said second password said substituted and adjusted variable. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 20, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
17. A system for authentication of individuals and/or messages, including at least one first unit personalized for an individual and at least one second verification unit capable of delivering an authentication function authentifying said individual and/or said messages,
(a) said first unit comprising: -
first generating means for generating at least first and second variables, first calculating means for producing a first password as a function of at least said first and second variables; transmission means for transmitting said first password to said second unit; (b) said second unit comprises; second generating means for, in response to an authentication request made by way of a specified one of said first units, generating at least third and fourth variables assigned to this first unit; second calculating means for producing a second password as a function of at least said third and fourth variables, said first and second variables and said third and fourth variables being respectively produced in concert, but independently in said first and second units; means for comparing said first and second passwords; delivering means for, in the event of a predetermined consistency of said passwords, deliver said authentication function; said transmission means being configured so as to transmit with said first password n digits having the least significant weight of said first and second variables from said first unit to said second unit; (c) said second unit further comprising; j) substituting means for, based on the current value of said third and fourth variables respectively, generate first and second substituted values each wherein n digits having the least significant weight are replaced respectively by said n digits having the least significant weight of said first and second variables, said third and fourth variables thereby each comprising a replaced first group of n least significant digits and a second group of m highest significant digits; jj) third calculating means for; k) retaining respectively as third variable for the calculation of said second password said first substituted variable, if said first substituted variable and said current value of said third variable are consistent with at least a first predetermined condition, kk) if said first predetermined condition is not satisfied, adjusting in said first substituted value by one unit said second group of m highest significant digits, said adjusting being dependent from a second predetermined condition, said adjusting generating a first substituted and adjusted variable, and kkk) retaining as third variable for the calculation of said second password said first substituted and adjusted variable. jjj) said third calculating means being also arranged so as to; l) retain as fourth variable for the calculation of said second password said second substituted variable, if said second substituted variable and said current value of said fourth variable are consistent with at least a third predetermined condition, ll) if said third predetermined condition is not satisfied, adjust in said second substituted value by one unit said second group of m highest significant digits, said adjusting being dependent from a fourth predetermined condition, said adjusting generating a second substituted and adjusted variable, and lll) retain as fourth variable for the calculation of said second password said second substituted and adjusted variable. - View Dependent Claims (18, 19, 21)
-
-
30. A method for authentication of at least one user or a message from said at least one user, said method comprising:
-
(a) generating at least a first variable; (b) producing a first password as a function of at least said first variable; (c) in response to an authentication request made by a specified one of said at least one user, generating at least a second variable assigned to this at least one user; (d) producing a second password as a function of at least said second variable, said first and second variables being produced in concert, but independently in steps (a) and (c); (e) comparing said first and second passwords; (f) in the event of a predetermined consistency of said passwords, delivering said authentication function; said first password being transmitted with n digits having the least significant weight of said first variable; step (c) comprising; (i) based on the current value of said second variable, generating a substituted value wherein n digits having the least significant weight are replaced by said n digits having the least significant weight of said first variable, said second variable thereby comprising a replaced first group of n least significant digits and a second group of m highest significant digits; (ii) retaining as second variable for the calculation of said second password said substituted variable, if said substituted variable and said current value of said second variable are consistent with at least a first predetermined condition; (iii) if said first predetermined condition is not satisfied, adjusting in said substituted value by one unit said second group of m highest significant digits, said adjusting being dependent from a second predetermined condition, said adjusting generating a substituted and adjusted variable; and (iv) retaining as second variable for the calculation of said second password said substituted and adjusted variable. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 49)
-
-
46. A method for authentication of a least one user or a message from said at least one user, said method comprising:
-
(a) generating at least first and second variables; (b) producing a first password as a function of at least said first and second variables; (c) in response to an authentication request made by a specified one of said at least one user, generating at least third and fourth variables assigned to this at least one user; (d) producing a second password as a function of at least said third and fourth variables, said first and second variables and said third and fourth variables being respectively produced in concert, but independently in steps (a) and (c); (e) comparing said first and second passwords; (f) in the event of a predetermined consistency of said passwords, delivering said authentication function; said first password being transmitted with n digits having the least significant weight of said first and second variables; step (c) comprising; (i) based on the current value of said third and fourth variables respectively, generating first and second substituted values each wherein n digits having the least significant weight are replaced respectively by said n digits having the least significant weight of said first and second variables, said third and fourth variables thereby each comprising a replaced first group of n least significant digits and a second group of m highest significant digits; (ii) retaining respectively as the third variable for the calculation of said second password said first substituted variable, if said first substituted variable and said current value of said third variable are consistent with at least a first predetermined condition; (iii) if said first predetermined condition is not satisfied, adjusting in said first substituted value by one unit said second group of m highest significant digits, said adjusting being dependent from a second predetermined condition, said adjusting generating a first substituted and adjusted variable; (iv) retaining as the third variable for the calculation of said second password said first substituted and adjusted variable; (v) retaining as the fourth variable for the calculation of said second password said second substituted variable, if said second substituted variable and said current value of said fourth variable are consistent with at least a third predetermined condition; (vi) if said third predetermined condition is not satisfied, adjusting in said second substituted value by one unit said second group of m highest significant digits, said adjusting being dependent from a fourth predetermined condition, said adjusting generating a second substituted and adjusted variable; and (vii) retaining as the fourth variable for the calculation of said second password said second substituted and adjusted variable. - View Dependent Claims (47, 48, 50)
-
Specification