Method and system for the secure communication of data

US 5,907,597 A
Filed: 02/23/1996
Issued: 05/25/1999
Est. Priority Date: 08/05/1994
Status: Expired due to Fees

First Claim

Patent Images

1. A remote access system comprising:

a generating device generating a predetermined signal;

a transmitter transmitting said predetermined signal to a user communication device;

a receiver receiving, from said user communication device, a response signal representing a response of a user of said communication device;

an analyzer determining if said response signal includes a signal substantially identical to said predetermined signal previously transmitted by said transmitter; and

a processor determining if said user is an authorized user based on the results of said determination and at least one other determination made by said analyzer.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user-authentication system includes an authorized user device (AUD) for transmission of dtmf tones to a user-verification system (UVS) over a telephone network, where user-verification is performed and authorized users are granted access to a desired service. In a memory module of the AUD, a plurality of passphrases and identifying data are stored for subsequent transmission to the UVS. The UVS includes a memory module for receiving and storing the passphrases and identifying data, and a processor for determining whether user-stated passphrases correspond to the stored passphrases, and for prompting the user with knowledge-based questions and determining whether the identifying data corresponds to answers given by a user in response to the knowledge-based questions. The UVS further includes security safeguards such a transmitter transmitting a signal relating to time while a user is stating a passphrase, to determine whether a user-stated passphrase comprises a previously recorded passphrase, and an analyzer device determining whether the access number used to reach the user-verification system are appropriate for the specific user-device.

Citations

27 Claims

1. A remote access system comprising:
- a generating device generating a predetermined signal;
  
  a transmitter transmitting said predetermined signal to a user communication device;
  
  a receiver receiving, from said user communication device, a response signal representing a response of a user of said communication device;
  
  an analyzer determining if said response signal includes a signal substantially identical to said predetermined signal previously transmitted by said transmitter; and
  
  a processor determining if said user is an authorized user based on the results of said determination and at least one other determination made by said analyzer.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The remote access system of claim 1, wherein said predetermined signal relates to time.
  - 3. The remote access system of claim 1, said response signal including identification information.
  - 4. The remote access system of claim 1, said generating device further comprising:
    - a timing module generating said predetermined signal, wherein said predetermined signal comprises a plurality of timing signals; and
      
      a memory module storing said timing signals.
  - 5. The remote access system of claim 4, wherein said analyzer analyzes said response signal to determine if one of said plurality of timing signals is present and corresponds to a recently transmitted timing signal stored in memory.
  - 6. The remote access system of claim 1, wherein said analyzer determines whether said response signal comprises an instantaneously rendered verbal response or a previously recorded verbal response.
  - 7. The remote access system of claim 1, wherein said user communication device comprises a telephone.

8. A method of performing user-verification comprising the steps of:
- transmitting to a user communication device from a user verification system a signal related to clock time;
  
  transmitting from said user communication device to said user verification system, a signal characteristic of a verbal response of a user of said user communication device;
  
  determining if said signal characteristic of a verbal response includes said signal related to clock time previously transmitted from said user verification system; and
  
  processing the results of said determining step and at least one other determination to determine if said user is an authorized user.
- View Dependent Claims (9, 10)
- - 9. The method of performing user-verification of claim 8, said user communication device comprising a telephone.
  - 10. The method of performing user-verification of claim 8, wherein said step of examining said signal related to clock time further comprises:
    - determining a clock time represented by said signal related to clock time;
      
      determining whether said clock time is different from a transmission time at which said user communication device transmitted to said user verification system said signal characteristic of a verbal response of an authorized user; and
      
      determining that said user is not an authorized user if said clock time is different from said transmission time.

11. A method of using a user-authentication system to perform password sufficiency screening comprising:
- receiving a signal at a verification system representing a passphrase stated by a user;
  
  determining whether an impairment adversely affecting said signal exists in said communications medium;
  
  determining if an audio characteristic of said passphrase stated by a user satisfies predetermined criteria, wherein said predetermined criteria is adjusted in response to the existence of an impairment in said communications medium; and
  
  validating said passphrase if said passphrase stated by a user satisfies said predetermined criteria.
- View Dependent Claims (12, 13, 14)
- - 12. The method of claim 11, further comprising the steps of:
    - determining if the spectral distribution and phonetic makeup of said passphrase stated by a user satisfies predetermined criteria.
  - 13. The method of claim 12, further comprising the steps of:
    - determining if the cadence of said passphrase stated by a user satisfies predetermined criteria.
  - 14. The method of claim 11, further comprising the steps of:
    - determining if the phonetic makeup of said passphrase stated by a user satisfies predetermined criteria;
      
      determining if the spectral distribution of said passphrase stated by a user satisfies predetermined criteria;
      
      determining if the cadence of said passphrase stated by a user satisfies predetermined criteria; and
      
      combining said determinations for phonetic makeup, spectral distribution, and cadence; and
      
      determining if said combination satisfies predetermined criteria.

15. A method for performing user-verification comprising:
- transmitting from a user device a plurality of tone signals, said plurality of tone signals representing a telephone number;
  
  receiving said plurality of tone signals at a user-verification system;
  
  comparing said plurality of tone signals with stored tone signals previously received, said stored tone signals representing telephone numbers previously used by said user-device;
  
  determining if said plurality of tone signals match said stored tone signals; and
  
  determining whether a user is an authorized user in response to a match between said plurality of tone signals and said stored tone signals.

16. The method of claim 16, further comprising the step of:
- performing voice verification when said plurality of tone signals do not match said stored tone signals.
- View Dependent Claims (17)
- - 17. The method of claim 16, the step of performing voice verification further comprising:
    - obtaining a user'"'"'s electronic voice file, said voice file comprising data relating to a recorded passphrase;
      
      prompting the user to speak a passphrase into a microphone;
      
      receiving signals representing said passphrase at said user verification system;
      
      comparing said signals with said data relating to a recorded passphrase to determine if said signals match said data relating to a recorded passphrase; and
      
      if said signals match said passphrase, indicating that the user is an authorized user.

18. A method for performing user verification comprising:
- obtaining a user'"'"'s electronic verification file in response to a signal received from a user device, said file comprising data relating to at least one recorded passphrase and data identifying the user;
  
  prompting said user to speak a passphrase into a microphone;
  
  receiving signals relating to said passphrase at said user verification system;
  
  retrieving data relating to prior receipt of signals relating to said passphrase;
  
  creating a predetermined degree of match in response to said data relating to prior receipt of said signals relating to said passphrase;
  
  determining a degree of match between said data relating to said recorded passphrase and said signals relating to said passphrase; and
  
  comparing said degree of match with said predetermined degree of match.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The method of claim 18, further comprising the steps of:
    - indicating that said user is authorized if said degree of match is greater than said predetermined degree of match.
  - 20. The method of claim 18, further comprising the steps of:
    - prompting said user to answer questions relating to said data identifying said user if said degree of match is below a first predetermined degree of match and above a second predetermined degree of match.
  - 21. The method of claim 18, further comprising the steps of:
    - indicating that a user is not authorized if said degree of match is less than said predetermined degree of match.
  - 22. The method of claim 18, wherein said signal received from said user device represents said user'"'"'s electronic voice file.
  - 23. The method of claim 18, wherein said data relating to said at least one recorded passphrase comprises a pointer for locating said user'"'"'s electronic verification file on a telephone network.
  - 24. The method of claim 18, wherein said data relating to prior receipt of said signals relating to said passphrase includes data relating to prior fraudulent use of said passphrase.

25. A method of performing user verification comprising:
- transmitting tone signals from a user device in communication with a user verification system;
  
  receiving tone signals at said user verification system, said tone signals representing a number transmitted to reach said user verification system;
  
  determining a security level associated with said number;
  
  determining whether a degree of noise accompanies said tone signals; and
  
  adjusting a stringency requirement for user verification in response to said security level or said degree of noise.

26. A user-verification system comprising:
- a storage module storing identifying data relating to a user, said identifying data comprising a plurality of characteristics identifying said user;
  
  a processor communicating a query signal to a transmitter;
  
  said transmitter in communication with said processor transmitting said query signal to the user, said query signal comprising a prompt to the user to answer a question relating to one of said plurality characteristics;
  
  a receiver receiving user-stated information responsive to said query signal;
  
  an analyzer in communication with said receiver, comparing said user-stated information with said one of said plurality of characteristics; and
  
  a repeater in communication with said analyzer, assigning said one of said plurality of characteristics for a repetition in a successive query signal when said user-stated information does not match said one of said plurality of characteristics.
- View Dependent Claims (27)
- - 27. The user verification system of claim 26, wherein said plurality of characteristics comprises data relating to name, sex, date of birth, social security number, and mother'"'"'s maiden name.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Smart Tone Incorporated
Original Assignee
Smart Tone Authentication, Inc.
Inventors
Mark, Andrew R.
Primary Examiner(s)
Wolinsky, Scott

Application Number

US08/606,151
Time in Patent Office

1,187 Days
Field of Search

379/67, 379/77, 379/88.02, 379/91, 379/95, 379/188, 379/192, 379/190, 379/355, 379/283, 379/189, 379/361, 379/93.03, 395/2.82, 395/2.4, 395/2.55, 395/2.6, 380/9, 380/19, 380/20, 380/21, 380/23, 340/825.34, 764/246, 704/273
US Class Current

379/93.03
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/346   Cards serving only as infor...

G07F 7/0886   the card reader being porta...

G07F 7/1008   Active credit-cards provide...

G10L 17/00   Speaker identification or v...

H04M 1/271   controlled by voice recogni...

H04M 1/275   implemented by means of por...

H04M 1/2757   by data transmission, e.g. ...

H04M 1/50   by generating or selecting ...

H04M 1/66   with means for preventing u...

H04M 1/67   by electronic means

H04M 15/00   Arrangements for metering, ...

H04M 17/00   Prepayment of wireline comm...

H04M 17/02   Coin-freed or check-freed s...

H04M 2201/40   using speech recognition

H04M 3/16   with lock-out or secrecy pr...

H04M 3/382   using authorisation codes o...

H04M 3/44   Additional connecting arran...

H04M 3/493   Interactive information ser...

H04Q 1/453   in which m-out-of-n signall...

Method and system for the secure communication of data

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for the secure communication of data

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links