Method and system for accepting a pass code
First Claim
Patent Images
1. A method of accepting a pass code, comprising:
- providing a user with a machine-generated challenge; and
receiving, from a user-input device, user input which represents a transformation of the machine-generated challenge into a pass code allocated to the user, wherein the user input is dependent on the machine-generated challenge such that the user input is different for different machine-generated challenges;
generating a response from the user input received from the user input device, wherein the user input does not include the pass code itself; and
transmitting the response to a remote authorisation unit to authenticate the response without transmitting the pass code to the remote authorisation unit and without generating the pass code from the user input prior to said transmitting, wherein said response allows the user to be validated at the remote authorisation unit dependent on said response compared to a predicted response based on knowledge of the challenge and a stored data record of the pass code.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for accepting a pass code such as a personal identification number (PIN) are disclosed. The method involves providing a user with a challenge, typically on some form of shielded display to prevent third party viewing. The user now enters a response which transforms the challenge into the pass code allocated to the user. The response allows the user to be validated against a stored record of the pass code allocated to the user.
-
Citations
52 Claims
-
1. A method of accepting a pass code, comprising:
-
providing a user with a machine-generated challenge; and receiving, from a user-input device, user input which represents a transformation of the machine-generated challenge into a pass code allocated to the user, wherein the user input is dependent on the machine-generated challenge such that the user input is different for different machine-generated challenges; generating a response from the user input received from the user input device, wherein the user input does not include the pass code itself; and transmitting the response to a remote authorisation unit to authenticate the response without transmitting the pass code to the remote authorisation unit and without generating the pass code from the user input prior to said transmitting, wherein said response allows the user to be validated at the remote authorisation unit dependent on said response compared to a predicted response based on knowledge of the challenge and a stored data record of the pass code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A terminal for use in accepting a pass code, comprising:
-
an output for providing a user with a machine-generated challenge; and a user-input device for receiving user input which represents a transformation of the machine-generated challenge into a pass code allocated to the user, wherein the user input is dependent on the machine-generated challenge such that the user input is different for different machine-generated challenges; wherein said terminal is further configured to; generate a response from the user input received from the user input device, wherein the user input does not include the pass code itself; and transmit the response to a remote authorisation unit to authenticate the response, wherein the response is transmitted without the pass code and without the terminal generating the pass code from the response prior to transmitting, wherein said response allows the user to be validated at the remote authorisation unit dependent on said response compared to a predicted response based on knowledge of the challenge and a stored data record of the pass code. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. An apparatus, comprising:
-
means for providing a user with a machine-generated challenge; means for receiving user input which represents a transformation of the machine-generated challenge into a pass code allocated to the user, wherein the user input is dependent on the machine-generated challenge such that the user input is different for different machine-generated challenges; means for generating a response from the user input received from the user input device, wherein the user input does not include the pass code itself; and means for transmitting the response to a remote authorisation unit to authenticate the response without transmitting the pass code to the remote authorisation unit and without generating the pass code from the user input prior to said transmitting.
-
-
36. A method for using a pass code to validate a user, comprising:
-
receiving a request from a user for validation; generating a challenge in response to said request; providing the user with the challenge; receiving, from a user-input device, user input which represents a transformation of the challenge into a pass code allocated to the user, wherein the user input is dependent on the challenge such that the user input is different for different challenges; generating a response from the user input received from the user input device, wherein the response is not the pass code, and wherein the user input does not include the pass code itself; generating a predicted response based on knowledge of the challenge and a stored version of the pass code; and validating the user on the basis of said response compared to the predicted response, wherein neither the response nor the predicted response is the pass code.
-
-
37. A computer program product comprising instructions encoded on a storage medium, said instructions when loaded into a machine causing the machine:
-
to provide a user with a machine-generated challenge; and receive, from a user-input device, user input which represents a transformation of the machine-generated challenge into a pass code allocated to the user, wherein the user input is dependent on the machine-generated challenge such that the user input is different for different machine-generated challenges; generate a response to the challenge from the user input received from the user input device, wherein the user input does not include the pass code itself; and transmitting the response to a remote authorisation unit to authenticate the response, without transmitting the pass code to the remote authorization unit and without generating the pass code from the response prior to said transmitting, wherein said response allows the user to be validated at the remote authorisation unit dependent on said response compared to a predicted response based on knowledge of the challenge and a stored data record of the pass code. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
-
Specification