Method and system for accepting a pass code

US 7,882,361 B2
Filed: 02/05/2004
Issued: 02/01/2011
Est. Priority Date: 02/05/2004
Status: Active Grant

First Claim

Patent Images

1. A method of accepting a pass code, comprising:

providing a user with a machine-generated challenge; and

receiving, from a user-input device, user input which represents a transformation of the machine-generated challenge into a pass code allocated to the user, wherein the user input is dependent on the machine-generated challenge such that the user input is different for different machine-generated challenges;

generating a response from the user input received from the user input device, wherein the user input does not include the pass code itself; and

transmitting the response to a remote authorisation unit to authenticate the response without transmitting the pass code to the remote authorisation unit and without generating the pass code from the user input prior to said transmitting, wherein said response allows the user to be validated at the remote authorisation unit dependent on said response compared to a predicted response based on knowledge of the challenge and a stored data record of the pass code.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for accepting a pass code such as a personal identification number (PIN) are disclosed. The method involves providing a user with a challenge, typically on some form of shielded display to prevent third party viewing. The user now enters a response which transforms the challenge into the pass code allocated to the user. The response allows the user to be validated against a stored record of the pass code allocated to the user.

Citations

52 Claims

1. A method of accepting a pass code, comprising:
- providing a user with a machine-generated challenge; and
  
  receiving, from a user-input device, user input which represents a transformation of the machine-generated challenge into a pass code allocated to the user, wherein the user input is dependent on the machine-generated challenge such that the user input is different for different machine-generated challenges;
  
  generating a response from the user input received from the user input device, wherein the user input does not include the pass code itself; and
  
  transmitting the response to a remote authorisation unit to authenticate the response without transmitting the pass code to the remote authorisation unit and without generating the pass code from the user input prior to said transmitting, wherein said response allows the user to be validated at the remote authorisation unit dependent on said response compared to a predicted response based on knowledge of the challenge and a stored data record of the pass code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein said challenge is independent of said pass code.
  - 3. The method of claim 1, further comprising generating a new challenge for each user validation.
  - 4. The method of claim 3, wherein said challenge is generated on a random basis.
  - 5. The method of claim 3, wherein the challenge is generated in response to receiving a request from a user for validation.
  - 6. The method of claim 1, wherein providing a user with a challenge comprises displaying the challenge to the user.
  - 7. The method of claim 6, wherein the challenge is displayed to the user in such a manner as to prevent third parties from viewing the challenge.
  - 8. The method of claim 1, wherein the user input from the user-input device is received as a set of one or more modifications to be applied to the challenge so that it matches the pass code allocated to the user.
  - 9. The method of claim 8, wherein said set of one or more modifications is received as directional input from the user.
  - 10. The method of claim 9, wherein said directional input is received as the result of the user pressing one or more arrow keys that increment or decrement the challenge by a fixed amount.
  - 11. The method of claim 1, wherein said challenge has the same number of characters as the pass code allocated to the user.
  - 12. The method of claim 11, wherein said transformation is specified individually for each character of the challenge.
  - 13. The method of claim 12, further comprising receiving an indication from the user that the transformation for a different character is about to be entered.
  - 14. The method of claim 1, further comprising receiving an indication from the user that the user input to transform the challenge has been completely entered.
  - 15. The method of claim 1, further comprising generating a pass code from the challenge and from the response.
  - 16. The method of claim 15, wherein the response is validated by comparing the generated pass code with the stored data record of the pass code.
  - 17. The method of claim 1, further comprising:
    - receiving a communications challenge from the remote authorisation unit that has access to said stored data record of the pass code;
      
      using the response to encrypt said communications challenge; and
      
      transmitting the encrypted communications challenge to the remote authorisation unit;
      
      thereby allowing the response to be validated by said remote authorisation unit using said stored data record of, the pass code.

18. A terminal for use in accepting a pass code, comprising:
- an output for providing a user with a machine-generated challenge; and
  
  a user-input device for receiving user input which represents a transformation of the machine-generated challenge into a pass code allocated to the user, wherein the user input is dependent on the machine-generated challenge such that the user input is different for different machine-generated challenges;
  
  wherein said terminal is further configured to;
  
  generate a response from the user input received from the user input device, wherein the user input does not include the pass code itself; and
  
  transmit the response to a remote authorisation unit to authenticate the response, wherein the response is transmitted without the pass code and without the terminal generating the pass code from the response prior to transmitting, wherein said response allows the user to be validated at the remote authorisation unit dependent on said response compared to a predicted response based on knowledge of the challenge and a stored data record of the pass code.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 19. The terminal of claim 18, wherein said challenge is independent of said pass code.
  - 20. The terminal of claim 18, wherein a new challenge is generated for each user validation.
  - 21. The terminal of claim 20, wherein said challenge is generated on a random basis.
  - 22. The terminal of claim 20, wherein the challenge is generated in response to receiving a request from a user for validation.
  - 23. The terminal of claim 18, further comprising a display, wherein the challenge is provided to the user on the display.
  - 24. The terminal of claim 23, wherein the terminal is configured to prevent parties other than the user from viewing the challenge on the display.
  - 25. The terminal of claim 18, wherein the user input from the user-input device is received as a set of one or more modifications to be applied to the challenge so that it matches the pass code allocated to the user.
  - 26. The terminal of claim 25, wherein said set of one or more modifications is received as directional input from the user.
  - 27. The terminal of claim 26, wherein the user-input device comprises one or more arrow keys that increment or decrement the challenge by a fixed amount.
  - 28. The terminal of claim 18, wherein said challenge has the same number of characters as the pass code allocated to the user.
  - 29. The terminal of claim 28, wherein said transformation is specified individually for each character of the challenge.
  - 30. The terminal of claim 29, wherein the user-input device comprises a key for receiving an indication from the user that the transformation for a different character is about to be entered.
  - 31. The terminal of claim 18, wherein the user-input device comprises a key for receiving an indication from the user that the user input to transform the challenge has been completely entered.
  - 32. The terminal of claim 18, wherein the pass code is generated from the challenge and from the user input from the user-input device.
  - 33. The terminal of claim 32, wherein the user is validated by comparing the generated pass code with a stored data record of the pass code.
  - 34. The terminal of claim 18, further comprising a communications link with the remote authorisation unit that has access to a stored data record of the pass code, wherein the terminal receives a communications challenge from said remote authorisation unit and uses a response generated from the user input to encrypt said communications challenge, and wherein the encrypted communications challenge is transmitted to the remote authorisation unit, thereby allowing the response to be validated by said remote authorisation unit against said stored data record of the pass code.

35. An apparatus, comprising:
- means for providing a user with a machine-generated challenge;
  
  means for receiving user input which represents a transformation of the machine-generated challenge into a pass code allocated to the user, wherein the user input is dependent on the machine-generated challenge such that the user input is different for different machine-generated challenges;
  
  means for generating a response from the user input received from the user input device, wherein the user input does not include the pass code itself; and
  
  means for transmitting the response to a remote authorisation unit to authenticate the response without transmitting the pass code to the remote authorisation unit and without generating the pass code from the user input prior to said transmitting.

36. A method for using a pass code to validate a user, comprising:
- receiving a request from a user for validation;
  
  generating a challenge in response to said request;
  
  providing the user with the challenge;
  
  receiving, from a user-input device, user input which represents a transformation of the challenge into a pass code allocated to the user, wherein the user input is dependent on the challenge such that the user input is different for different challenges;
  
  generating a response from the user input received from the user input device, wherein the response is not the pass code, and wherein the user input does not include the pass code itself;
  
  generating a predicted response based on knowledge of the challenge and a stored version of the pass code; and
  
  validating the user on the basis of said response compared to the predicted response, wherein neither the response nor the predicted response is the pass code.

37. A computer program product comprising instructions encoded on a storage medium, said instructions when loaded into a machine causing the machine:
- to provide a user with a machine-generated challenge; and
  
  receive, from a user-input device, user input which represents a transformation of the machine-generated challenge into a pass code allocated to the user, wherein the user input is dependent on the machine-generated challenge such that the user input is different for different machine-generated challenges;
  
  generate a response to the challenge from the user input received from the user input device, wherein the user input does not include the pass code itself; and
  
  transmitting the response to a remote authorisation unit to authenticate the response, without transmitting the pass code to the remote authorization unit and without generating the pass code from the response prior to said transmitting, wherein said response allows the user to be validated at the remote authorisation unit dependent on said response compared to a predicted response based on knowledge of the challenge and a stored data record of the pass code.
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
- - 38. The computer program product of claim 37, wherein said challenge is independent of said pass code.
  - 39. The computer program product of claim 37, wherein said instructions further cause the machine to generate a new challenge for each user validation.
  - 40. The computer program product of claim 39, wherein the challenge is generated in response to receiving a request from a user for validation.
  - 41. The of computer program product of claim 39, wherein said challenge is generated on a random basis.
  - 42. The computer program product of claim 37, wherein providing a user with a challenge comprises displaying the challenge to the user.
  - 43. The computer program product of claim 42, wherein the challenge is displayed to the user in such a manner as to prevent third parties from viewing the challenge.
  - 44. The computer program product of claim 37, wherein the user input from the user-input device is received as a set of one or more modifications to be applied to the challenge so that it matches the pass code allocated to the user.
  - 45. The computer program product of claim 44, wherein said set of one or more modifications is received as directional input from the user.
  - 46. The computer program product of claim 45, wherein said directional input is received as the result of the user pressing one or more arrow keys that increment or decrement the challenge by a fixed amount.
  - 47. The computer program product of claim 37, wherein said challenge has the same number of characters as the pass code allocated to the user.
  - 48. The computer program product of claim 47, wherein said transformation is specified individually for each character of the challenge.
  - 49. The computer program product of claim 48, wherein said instructions further cause the machine to receive an indication from the user-input device that the transformation for a different character is about to be entered.
  - 50. The computer program product of claim 37, wherein said instructions further cause the machine to receive an indication from the user that the user input to transform the challenge has been completely entered.
  - 51. The computer program product of claim 37, wherein said instructions further cause the machine to generate the pass code from the challenge and from the user input from the user-input device.
  - 52. The computer program product of claim 37, wherein the instructions further cause the machine:
    - to receive a communications challenge from the remote authorisation unit that has access to a stored data record of the pass code;
      
      to use the a response generated from the user input to encrypt said communications challenge; and
      
      to transmit the encrypted communications challenge to the remote authorisation unit, thereby allowing the response to be validated by said remote authorisation unit using said stored data record of the pass code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Oracle America, Inc. (Oracle Corporation)
Inventors
Williams, Emrys
Primary Examiner(s)
Dada; Beemnet W

Application Number

US10/773,069
Publication Number

US 20050177522A1
Time in Patent Office

2,553 Days
Field of Search

713182-185, 713/171, 713/172, 713/193, 726 2- 10
US Class Current

713/185
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2103   Challenge-response

G06Q 20/4012   Verifying personal identifi...

G07F 7/1008   Active credit-cards provide...

G07F 7/1025   Identification of user by a...

Method and system for accepting a pass code

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

52 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for accepting a pass code

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

52 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links