Method for securing information relevant to a transaction

US 5,936,541 A
Filed: 06/10/1997
Issued: 08/10/1999
Est. Priority Date: 11/17/1992
Status: Expired due to Term

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method for coding clear information comprising:

receiving a personal identification number (PIN) from an originator;

obtaining first coded authentication information by using the PIN;

generating at least two numbers using the first coded authentication information, at least one of the at least two numbers being an arbitrary number;

storing the at least two numbers in at least one storage means; and

coding the clear information using the first coded authentication information to derive coded information.

View all claims

0 Assignments

Timeline View

Assignment View

Litigations

2 Petitions

Accused Products

Abstract

A transaction system is disclosed wherein, when a transaction, document or thing needs to be authenticated, information associated with one or more of the parties involved is coded together to produce a joint code. This joint code is then utilized to code information relevant to the transaction, document or record, in order to produce a variable authentication number (VAN) at the initiation of the transaction. This VAN is thereafter associated with the transaction and is recorded on the document or thing, along with the original information that was coded. During subsequent stages of the transaction, only parties capable of reconstructing the joint code will be able to uncode the VAN properly in order to re-derive the information. The joint code serves to authenticate the parties, and the comparison of the re-derived information against the information recorded on the document serves to authenticate the accuracy of that information.

Citations

54 Claims

1. A method for coding clear information comprising:
- receiving a personal identification number (PIN) from an originator;
  
  obtaining first coded authentication information by using the PIN;
  
  generating at least two numbers using the first coded authentication information, at least one of the at least two numbers being an arbitrary number;
  
  storing the at least two numbers in at least one storage means; and
  
  coding the clear information using the first coded authentication information to derive coded information.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein the coded information is uncoded using second coded authentication information to recover the clear information, the method further comprising:
    - retrieving the at least two numbers stored in the at least one storage means;
      
      combining the retrieved at least two numbers to derive the second coded authentication information; and
      
      uncoding the coded information using the derived second coded authentication information to recover the clear information.
  - 3. The method of claim 1 wherein at an arbitrary time, the stored at least two numbers are revised and the stored at least two numbers are replaced by the revised numbers.
  - 4. The method of claim 1 wherein at least a first of the at least two numbers is stored in a first storage means at a first site, and at least a second of the at least two numbers is stored in a second storage means at a second site.
  - 5. The method of claim 1 wherein at least a first of the at least two numbers is secret, and at least a second of the at least two numbers is non-secret.

6. A method for securing the integrity of first information relevant to a transaction, and the integrity of second information associated with at least an originator party, by using a variable authentication number (VAN), the first information including a transaction sequence number which is previously stored in a storage means and is revised for each transaction, the method comprising:
- coding the first information using at least the second information to derive the VAN;
  
  appending the VAN to the first information;
  
  retrieving the transaction sequence number from the storage means;
  
  uncoding the VAN to recover the first information including the transaction sequence number by using at least third information associated with the originator party; and
  
  authenticating the integrity of the first and second information by comparing the recovered transaction sequence number with the retrieved transaction sequence number.
- View Dependent Claims (7, 8, 9, 10, 11, 12)
- - 7. The method of claim 6 wherein the first information is clear information.
  - 8. The method of claim 6 wherein the first information is coded information.
  - 9. The method of claim 6 wherein at least selected portions of the first information are coded to derive a compact error detection code, the compact error detection code being further coded using at least the second information to derive a compact VAN which is used to detect changes in at least the first information and at least the second information.
  - 10. The method of claim 6 wherein the VAN is generated at a first site using the first and second information, and the integrity of the first and second information is authenticated at a second site using the third information.
  - 11. The method of claim 6 wherein an uncoded identity and/or location of the originator party and/or a recipient party is appended to the first information.
  - 12. The method of claim 6 wherein the first information includes information associated with a recipient party.

13. A method for authenticating the integrity of first transaction information and second transaction information, and a first party associated with the first and second transaction information, the integrity of the first and second transaction information being authenticated with a variable authentication number (VAN), the method comprising:
- coding the first transaction information to generate a first error detection code (EDC1);
  
  coding the second transaction information to generate a second error detection code (EDC2);
  
  coding, or otherwise combining, EDC1 and EDC2 to generate a third error detection code (EDC3);
  
  coding EDC3 and first information associated with the first party to derive the variable authentication number (VAN);
  
  associating the VAN and EDC2 with the first transaction information to form a first information group;
  
  associating the VAN and EDC1 with the second transaction information to form a second information group; and
  
  subsequently authenticating the integrity of the first transaction information, and the second transaction information by;
  
  recovering the VAN from the first information group, and uncoding the recovered VAN by using second information associated with the first party to derive the third error detection code (EDC3);
  
  recovering the first transaction information from the first information group, and coding the recovered first transaction information to generate a fourth error detection code (EDC4);
  
  recovering the EDC2 from the first information group, and coding, or otherwise combining, EDC4 and the recovered EDC2 to generate a sixth error detection code (EDC6);
  
  authenticating the integrity of the first transaction information if EDC6 compares favorably with the EDC3 recovered from the VAN;
  
  recovering the VAN from the second information group, and uncoding the recovered VAN by using second information associated with the first party to derive the third error detection code (EDC3);
  
  recovering the second transaction information from the second information group, and coding the recovered second transaction information to generate a fifth error detection code (EDC5);
  
  recovering the EDC1 from the second information group, and coding, or otherwise combining, the recovered EDC1 and EDC5 to generate a seventh error detection code (EDC7); and
  
  authenticating the integrity of the second transaction information if EDC7 compares favorably with the EDC3 recovered from the VAN.

14. In a multi-party transaction system, a method for securing information relevant to a transaction by using information associated with a present party and information associated with an absent party, wherein a credential is previously issued to at least one of the present party and the absent party by an entity authorized to issue a credential, the credential including a variable authentication number (VAN), the method comprising:
- creating the VAN by coding credential information with a secret key of the credential issuing entity;
  
  authenticating at least one of the present party and the absent party by using the VAN; and
  
  coding the information relevant to the transaction using the information associated with the present party, and then coding the result using the information associated with the absent party.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The method of claim 14 wherein the information associated with the present party or the absent party includes a personal key, the method further comprising:
    - using the credential issuing entity to create the personal key, and including the personal key in the credential information.
  - 16. The method of claim 15 further comprising:
    - the credential issuing entity previously verifying that the personal key is unused by another party.
  - 17. The method of claim 14 further comprising:
    - uncoding the coded information relevant to the transaction using information associated with the absent party and using information associated with the present party to recover the relevant transaction information.
  - 18. The method of claim 14 wherein the information relevant to the transaction comprises coded or non-coded information.
  - 19. The method of claim 14 wherein the credential information further includes secret information associated with the present or absent party only if a predetermined personal identification number (PIN), or password, or other personal information or characteristic is used by the present or absent party to access the secret information.

20. In a multi-party transaction system, a method for securing information relevant to a transaction by using information associated with at least two parties, wherein a credential is previously issued to at least one of the parties by an entity authorized to issue a credential, the credential including a variable authentication number (VAN), the method comprising:
- creating the VAN by coding credential information with a secret key of the credential issuing entity;
  
  authenticating at least one of the parties by using the VAN;
  
  coding information associated with the at least two parties to generate a joint code; and
  
  coding the information relevant to the transaction with the joint code to generate coded information relevant to the transaction.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 29)
- - 21. The method of claim 20 wherein the information associated with the at least two parties includes a personal key, the method further comprising:
    - the credential issuing entity creating the personal key, and including the personal key in the credential information.
  - 22. The method of claim 21 further comprising:
    - the credential issuing entity previously verifying that the personal key is unused by another party.
  - 23. The method of claim 20 further comprising:
    - uncoding the coded information relevant to the transaction with a joint code generated from other information associated with the at least two parties.
  - 24. The method of claim 20 wherein the information associated with the at least two parties used to generate the joint code comprises information associated with at least one present party and information associated with at least one absent party.
  - 25. The method of claim 20 wherein the information relevant to the transaction comprises coded or non-coded information.
  - 26. The method of claim 20 wherein the credential information further includes secret information associated with at least one of the parties only if a predetermined personal identification number (PIN), or password, or other personal information or characteristic is used by the at least one party to access the secret information.
  - 27. The method of claim 20 wherein the information relevant to the transaction comprises at least one information group which was previously coded to enable detection of a change in the content or structure of the information group.
  - 29. The method of claim 20 further comprising:
    - uncoding the coded information relevant to the transaction with a joint code generated from third information associated with at least one party, and fourth information accessed from a second one or more data storage means.

28. In a transaction system, a method for securing information relevant to a transaction, the transaction including at least one party, wherein a credential is previously issued to the at least one party by an entity authorized to issue a credential, the credential including a variable authentication number (VAN), the method comprising:
- creating the VAN by coding credential information with a secret key of the credential issuing entity;
  
  authenticating the at least one of the party by using the VAN;
  
  generating a joint code by coding first information accessed from a first one or more data storage means with second information associated with the at least one party to the transaction; and
  
  coding the information relevant to the transaction with the joint code to generate coded information relevant to the transaction.
- View Dependent Claims (30, 31)
- - 30. The method of claim 28 wherein the information relevant to the transaction comprises coded or non-coded information.
  - 31. The method of claim 28 wherein the credential information further includes secret information associated with the at least one party only if a predetermined personal identification number (PIN), or password, or other personal information or characteristic is used by the at least one party to access the secret information.

32. A method for coding clear information by using information associated with at least one party, wherein a credential is previously issued to the at least one party by an entity authorized to issue a credential, the credential including a variable authentication number (VAN), the method comprising:
- creating the VAN by coding credential information with a secret key of the credential issuing entity;
  
  authenticating the at least one of the party by using the VAN;
  
  coding a first information group with a second information group to generate a third information group, at least one of the first and second information groups being associated with the at least one party; and
  
  coding the clear information with the third information group to generate coded information.
- View Dependent Claims (33, 34)
- - 33. The method of claim 32 further comprising:
    - uncoding the coded information with a fourth information group.
  - 34. The method of claim 32 wherein the credential information further includes secret information associated with the at least one party only if a predetermined personal identification number (PIN), or password, or other personal information or characteristic is used by the at least one party to access the secret information.

35. In a multi-party transaction system, a method for securing information relevant to a transaction, the transaction including a first party and a second party, wherein a credential is previously issued to at least one of the first party and the second party by an entity authorized to issue a credential, the credential including a variable authentication number (VAN), the method comprising:
- creating the VAN by coding credential information with a secret key of the credential issuing entity;
  
  authenticating at least one of the first and second parties by using the VAN;
  
  coding the information relevant to the transaction with first information associated with the first party to derive first coded information; and
  
  coding the first coded information with first information associated with the second party to derive second coded information relevant to the transaction.
- View Dependent Claims (36, 37)
- - 36. The method of claim 35 further comprising:
    - uncoding the second coded information with second information associated with the second party to derive third coded information; and
      
      uncoding the third coded information with second information associated with the first party to derive the information relevant to the transaction.
  - 37. The method of claim 35 wherein the credential information further includes secret information associated with the first party or the second party only if a predetermined personal identification number (PIN), or password, or other personal information or characteristic is used by the first party or the second party to access the secret information.

38. In a transaction system, a method for securing information relevant to a transaction, the transaction including at least one party, wherein a credential is previously issued to the at least one party by an entity authorized to issue a credential, the credential including a variable authentication number (VAN), the method comprising:
- creating the VAN by coding credential information with a secret key of the credential issuing entity;
  
  authenticating the at least one of the party by using the VAN;
  
  coding information relevant to the transaction using information accessed from one or more data storage means to derive first coded information; and
  
  coding the first coded information using information associated with the at least one party to the transaction to derive second coded information relevant to the transaction.
- View Dependent Claims (39, 40)
- - 39. The method of claim 38 further comprising:
    - uncoding the second coded information using information associated with the at least one party to the transaction to derive the first coded information; and
      
      uncoding the first coded information using information associated with information accessed from the one or more data storage means to derive the information relevant to the transaction.
  - 40. The method of claim 38 wherein the credential information further includes secret information associated with the at least one party only if a predetermined personal identification number (PIN), or password, or other personal information or characteristic is used by the at least one party to access the secret information.

41. A method for coding clear information by using information associated with at least one party, wherein a credential is previously issued to the at least one party by an entity authorized to issue a credential, the credential including a variable authentication number (VAN), the method comprising:
- creating the VAN by coding credential information with a secret key of the credential issuing entity;
  
  authenticating the at least one of the party by using the VAN;
  
  coding clear information with a first information group to generate a second information group, wherein the first information group is secret; and
  
  coding the second information group with a third information group to generate a fourth information group, wherein the third information group is non-secret, at least the first or third information groups being associated with the at least one party.
- View Dependent Claims (42, 43, 44, 45)
- - 42. The method of claim 41 wherein the first or third information group includes a personal key, the method further comprising:
    - the credential issuing entity creating the personal key, and including the personal key in the credential information.
  - 43. The method of claim 42 further comprising:
    - the credential issuing entity previously verifying that the personal key is unused by another party.
  - 44. The method of claim 41 further comprising:
    - uncoding the fourth information group by using a fifth information group to derive the second information group; and
      
      uncoding the second information group by using a sixth information group to recover the clear information.
  - 45. The method of claim 41 wherein the credential information further includes secret information associated with the at least one party only if a predetermined personal identification number (PIN), or password, or other personal information or characteristic is used by the at least one party to access the secret information.

46. In a multi-party transaction system, a method for securing information relevant to a transaction, the transaction including a first party and a second party, wherein a credential is previously issued to at least one of the first party and the second party by an entity authorized to issue a credential, the credential including a variable authentication number (VAN), the method comprising:
- creating the VAN by coding credential information with a secret key of the credential issuing entity;
  
  authenticating at least one of the first and second parties by using the VAN; and
  
  coding the information relevant to the transaction with information associated with the first party to derive coded information relevant to the transaction, wherein the information relevant to the transaction includes information associated with the second party.
- View Dependent Claims (47, 48, 49, 50)
- - 47. The method of claim 46 wherein the information associated with the first party includes a personal key, the method further comprising:
    - the credential issuing entity creating the personal key, and including the personal key in the credential information.
  - 48. The method of claim 47 further comprising:
    - the credential issuing entity previously verifying that the personal key is unused by another party.
  - 49. The method of claim 46 further comprising:
    - uncoding the coded information relevant to the transaction with other information associated with the first party to recover the information relevant to the transaction.
  - 50. The method of claim 46 wherein the information stored in the credential further includes secret information associated with the first party or the second party only if a predetermined personal identification number (PIN), or password, or other personal information or characteristic is used by the first party or the second party to access the secret information.

51. In a multi-party transaction system, a method for securing information relevant to a transaction, wherein coded information relevant to the transaction is transmitted from a first party at a first site to a second party at a second site, and a credential is previously issued to at least one of the first party and the second party by an entity authorized to issue a credential, the credential including a variable authentication number (VAN), the method comprising:
- creating the VAN by coding credential information with a secret key of the credential issuing entity;
  
  authenticating at least one of the first and second parties by using the VAN;
  
  the first party using first information associated with a second party to code the information relevant to the transaction to derive the coded information relevant to the transaction; and
  
  uncoding the coded information relevant to the transaction by the second party by using second information associated with the second party to recover the information relevant to the transaction.
- View Dependent Claims (52, 53, 54)
- - 52. The method of claim 51 wherein the first or second information associated with the second party includes a personal key, the method further comprising:
    - the credential issuing entity creating the personal key, and including the personal key in the credential information.
  - 53. The method of claim 52 further comprising:
    - the credential issuing entity previously verifying that the personal key is unused by another party.
  - 54. The method of claim 51 wherein the information relevant to the transaction includes joint information used subsequently by the first party and the second party for coding and uncoding information transmitted between the first and second parties.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Leon Stambler
Original Assignee
Leon Stambler
Inventors
Stambler, Leon
Primary Examiner(s)
ZIMMERMAN, BRIAN A

Application Number

US08/872,116
Time in Patent Office

791 Days
Field of Search

340/825.3, 340/825.31, 340/825.33, 340/825.34, 380/23, 380/24, 380/25, 380/4, 380/43, 380/45, 235/382
US Class Current

340/5.22
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/347   Passive cards

G06Q 20/3821   Electronic credentials

G06Q 20/385   using an alias or single-us...

G06Q 20/401   Transaction verification

G07F 7/08   by coded identity card or c...

G07F 7/10   together with a coded signa...

G07F 7/1016   Devices or methods for secu...

G07F 7/1066   PIN data being compared to ...

G07F 7/12   Card verification

G07F 7/125   Offline card verification

G16H 20/10   relating to drugs or medica...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3226   using a predetermined code,...

Method for securing information relevant to a transaction

First Claim

0 Assignments

Litigations

2 Petitions

Accused Products

Abstract

Citations

54 Claims

Specification

Solutions

Use Cases

Quick Links

Method for securing information relevant to a transaction

First Claim

0 Assignments

Subscription Required

Subscription Required

Litigations

2 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

54 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links