CA1223075A - Personal identification system - Google Patents
Personal identification systemInfo
- Publication number
- CA1223075A CA1223075A CA000474716A CA474716A CA1223075A CA 1223075 A CA1223075 A CA 1223075A CA 000474716 A CA000474716 A CA 000474716A CA 474716 A CA474716 A CA 474716A CA 1223075 A CA1223075 A CA 1223075A
- Authority
- CA
- Canada
- Prior art keywords
- verifier
- fsr
- pan
- mapping
- card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired
Links
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
ABSTRACT OF THE DISCLOSURE
A verifier for use in a personal identification system of the type in which a generator receives at least a personal account number (PAN) and a secret personal identification number (PIN) and based thereon produces digits Ai's which are present in a feedback shift register (FSR) A and digits Ci's present in a feedback shift register (FSR) C respectively. The Ai's and Ci's are mapped into Di's which represent digits of an Offset Number which together with the PAN are recorded on the magnetic stripe of a card. To use the card, the Offset Number and the PAN are read off therefrom and an intended user enters a secret PIN. In the verifier, the PIN is operated upon to produce Ci's and the PAN is operated upon to produce Ai's. The latter together with the Di's of the received Offset Number are mapped by a processor to form C?'s. These are compared with the Ci's by a comparator to determine whether the intended card user is the rightful user.
A verifier for use in a personal identification system of the type in which a generator receives at least a personal account number (PAN) and a secret personal identification number (PIN) and based thereon produces digits Ai's which are present in a feedback shift register (FSR) A and digits Ci's present in a feedback shift register (FSR) C respectively. The Ai's and Ci's are mapped into Di's which represent digits of an Offset Number which together with the PAN are recorded on the magnetic stripe of a card. To use the card, the Offset Number and the PAN are read off therefrom and an intended user enters a secret PIN. In the verifier, the PIN is operated upon to produce Ci's and the PAN is operated upon to produce Ai's. The latter together with the Di's of the received Offset Number are mapped by a processor to form C?'s. These are compared with the Ci's by a comparator to determine whether the intended card user is the rightful user.
Description
~2~3~'7S
The present invention relates to a Personal Identification System and, more particularly, to an improved arrangement in the verification post-lion of such a system.
In Canadian Patent No. 1,173,925 issued on September 4, 1984, an advanced Personal Identification System is described. That patent entitled "Personal Identification System" was issued to Transcription Inc., inventors Marvin Perlman and Milton Gold fine.
Briefly, the system described in the above patent comprises a generator which generates an Offset Number which is recorded on the magnetic stripe of a card, together with the account number SPAN) of the person to whom the card its to be issued. The generator stores transformed digits Ox a sequence of digits ([N) which have boon secretly ontercd by on or more officers Ox the c~rd-issuin~ -institution. To genoratc the Oust Nulllbor tile PUN is entered and transformed before initializing a first feedback shift resistor.
The person to whom the card is to be issued enters a secretly chosen alpha-numeric sequence (PIN), known only to him. The PIN, after undergoing a trays-formation initializes a second feedback shift register. When both registers have been initialized they are reinitialized by different parts of the represent-anion of different digits of the transformed IN. The contents of a subset of the stages of the two registers are used to initialize a control feedback shift register which when reaching a selected state in its cycle Ox states assumes the timing and control of the generator during the derivation of the Offset Number, based on a selected mapping of the digits, then present, in the first and second feedback shift registers.
A credit card is entered into a verifier at the inception of a valid-lion test of identity. Therein the PAN and Offset Number on the magnetic , stripe on the card are read out. The user enters a secret PIN, and the Yen-lien, like the generator, generates an Offset Number. Only if the PIN, entered into the verifier, is identical to that originally entered into the generator, does the verifier produce an Offset Number which is identical to that read off the card, thereby verifying the identity of the card user as the one to whom the card was issued.
The above described system, as disclosed in Canadian Patent 1,173,925, represents a very significant break through in the state of the art in that it provides a higher degree of security than any attainable with any prior art system. Louvre, as harbor doscribocl, the verifier, to a very large degree, oporatcs as the generator lo that, like tllo gollerator, Kit gorier-autos all Oiliest Nunlbor. In aclcl;.t:i.oll, who verifier compares two lot Nllml)or Kit generates with the one, proselyte on two carols magnetic strop, all only when the two are identical is an indication given that the person who entered the secret PIN has been identified as the rightful user of the card.
It is believed that an added degree of security may be achieved if the verifier were to operate in a mode different from that of the generator.
This is partially based on the fact that whereas each generator will be located in a very secure location, where cards are to be issued, verifiers, however, will be present and transportable in the many thousands of establishments where cards can be used. Thus verifiers are accessible to unscrupulous people who may try to determine how the original generators produce valid PAN-PIN-O~SET
; combinations. As described in Canadian Patent 1,173,925, the verifier con-twins portions which make it practically impossible for one to open the verifier and completely analyze its mode of operation, and thereby determine the operation of the generator. It is believed, however, that an added degree of
The present invention relates to a Personal Identification System and, more particularly, to an improved arrangement in the verification post-lion of such a system.
In Canadian Patent No. 1,173,925 issued on September 4, 1984, an advanced Personal Identification System is described. That patent entitled "Personal Identification System" was issued to Transcription Inc., inventors Marvin Perlman and Milton Gold fine.
Briefly, the system described in the above patent comprises a generator which generates an Offset Number which is recorded on the magnetic stripe of a card, together with the account number SPAN) of the person to whom the card its to be issued. The generator stores transformed digits Ox a sequence of digits ([N) which have boon secretly ontercd by on or more officers Ox the c~rd-issuin~ -institution. To genoratc the Oust Nulllbor tile PUN is entered and transformed before initializing a first feedback shift resistor.
The person to whom the card is to be issued enters a secretly chosen alpha-numeric sequence (PIN), known only to him. The PIN, after undergoing a trays-formation initializes a second feedback shift register. When both registers have been initialized they are reinitialized by different parts of the represent-anion of different digits of the transformed IN. The contents of a subset of the stages of the two registers are used to initialize a control feedback shift register which when reaching a selected state in its cycle Ox states assumes the timing and control of the generator during the derivation of the Offset Number, based on a selected mapping of the digits, then present, in the first and second feedback shift registers.
A credit card is entered into a verifier at the inception of a valid-lion test of identity. Therein the PAN and Offset Number on the magnetic , stripe on the card are read out. The user enters a secret PIN, and the Yen-lien, like the generator, generates an Offset Number. Only if the PIN, entered into the verifier, is identical to that originally entered into the generator, does the verifier produce an Offset Number which is identical to that read off the card, thereby verifying the identity of the card user as the one to whom the card was issued.
The above described system, as disclosed in Canadian Patent 1,173,925, represents a very significant break through in the state of the art in that it provides a higher degree of security than any attainable with any prior art system. Louvre, as harbor doscribocl, the verifier, to a very large degree, oporatcs as the generator lo that, like tllo gollerator, Kit gorier-autos all Oiliest Nunlbor. In aclcl;.t:i.oll, who verifier compares two lot Nllml)or Kit generates with the one, proselyte on two carols magnetic strop, all only when the two are identical is an indication given that the person who entered the secret PIN has been identified as the rightful user of the card.
It is believed that an added degree of security may be achieved if the verifier were to operate in a mode different from that of the generator.
This is partially based on the fact that whereas each generator will be located in a very secure location, where cards are to be issued, verifiers, however, will be present and transportable in the many thousands of establishments where cards can be used. Thus verifiers are accessible to unscrupulous people who may try to determine how the original generators produce valid PAN-PIN-O~SET
; combinations. As described in Canadian Patent 1,173,925, the verifier con-twins portions which make it practically impossible for one to open the verifier and completely analyze its mode of operation, and thereby determine the operation of the generator. It is believed, however, that an added degree of
- 2 -~Z3~5 security may be attained by designing the verifier so that it does not mimic the behavior of the generator.
The invention will be described with reference to the accompanying drawings, in which:
Figure 1 is a general block diagram of a generator useful in ox-planning the invention and taken from Canadian Patent 1,173,925;
Figure 2 is a block diagram, also taken from Canadian Patent 1,173,925 in which it is numbered Figure 12, useful in explaining the role of a control feedback shift register in generating an Offset Number;
lo Figure 3 is a flow chart type diagram useful in explaining the genera-lion owe one Offset Number in a generator;
Figure n flow chart type Ingram useful inn oxp}c~ in tllo operation owe one embodiment ox the improved verifier;
Figure 5 is a multilane diagram of Airs and Swiss used in the genera-ion to form the Dips of the Offset Number;
Figure 6 is a diagram of a Latin Square to map corresponding Airs and Swiss into the Dips;
Figure 7 is a multilane diagram showing one example of mapped Airs and corresponding Dips into CCi's;
Figure 8 is a Latin Square to produce to mapping of corresponding Airs and Dips into the Swiss;
Figures 9, lo and 11 are diagrams useful in explaining other embody-mints of the invention;
Figure 12 is a block diagram useful in explaining another advantage of the invention.
In accordance with the present invention, just like in the prior ~3~7'5 patent, the Offset Number together with the PAN are read off the card and fed to the verifier. The latter is also supplied with the secret PIN which the card user supplies. The PIN and PAN together with the digits of any Institution Number (IN) are processed so that feedback shift registers A and C store digits Al, Ann and Of, C2---C , generally referred to in the prior patent as At and Of. The digits of the Offset Number are designated Dip In the prior patent, when the feedback shift register B (See Figures 1 and 2) realizes a particular state, a decoder 40 see Figure 2) sensing that state actuates a processor 45 (See figure 2). The latter sequentially combines the Airs and the Swiss in accordance with a preselected procossillg function to generate and produce the l)j's of the east Nlmlbcr, which ore then compnrc~d wealth who Do 's which wore road off the cnrcl end stored in the verifier.
In accordance with the present invent:ioll, the Swiss are derived in the same manner as described in the prior patent. However, instead of mapping them with the Airs to produce the Dosage the derived Airs and the stored Dips are mapped into a set of computed digits, generally designated as CCi's where the superscript c designates computed Swiss, as the result of the mapping of the derived Ages and the stored Dips. The derived Swiss and the computed Sykes are compared and only when they are correspondingly identical is an indication given that the one who entered the secret PIN is the rightful card user. Thus, in the improved verifier an Offset Number, like the one stored on the card, is never generated.
Briefly stated, in the new improved verifier, Swiss are derived as a function of PIN, as in the generator. Also Airs are derived as a function of PAN, as in the generator. However, whereas in the prior verifier the Airs and Swiss are mapped into Dips which are the Offset Number, which is compared .., with the Dips of the Offset Number recorded on the card, in the present Yen-lien the Dips of the Offset Number are mapped with the corresponding Airs into CCi's which are compared with corresponding Swiss actually derived in the verifier from the secretly entered PIN.
The invention will now be described in greater detail.
The manner of generating the Offset Number in the generator as well as in the verifier described in the prior patent may best be summarized in connection with Figure 3.
Briefly in the generator 10 see Figure 1) the PAN is entered into lo and effectively initializes FUR A, the contents of which are designated by PAN'. Similarly, PIN is entered and effectively initializes SO C, the con-tents of which art designator PIN'. These opcratiolls are l)erforlnod syncllron~
ouzel. When both Illusory A END ISSUER C have bccll:i.lliti.alizo-l, two xysto~l ontQrs a synchronous mode, during which both FUR A AND FUR C are reinitialized, such as by selected portions of the representation of digits of the Institution Number (IN) in the IN STORAGE 15. The reinitialized PAN and YIN are designated by PAN" and PIN ", respectively. The stages of FUR B (35 95) are then initialized The Furs AHAB and C are clocked and assume successive states, until FUR B reaches a selected state. Thereafter, during a succession of clock periods the Swiss in FUR C and corresponding Airs in FUR A are mapped to goner-ate the Dips, which form the Offset Number, which is recorded on the card.
That is, Dyes. The mapping is provided by processor 45 see Figures 1 2).
As pointed out in the prior patent, the mapping may be a Latin Square, and a 10 x 10 Latin Square is specifically shown. As also pointed out in the prior patent, the number of possible 10 x 10 Latin Squares has not been computed as yet. The number of 9 x 9 Latin Squares is known to bethel greater ~23~
than 3.7 x loll.
The verifier, described in the prior patent, generates Dips just like the generator. Once the Dips are generated in the verifier, they are correspondingly compared with those read off the card.
Unlike the prior verifier, with an arrangement in accordance with the present invention, Dips are never generated in the verifier, for comparison with corresponding Dips which were recorded on the card. The mode of opera-lion in one embodiment of the improved verifier may best be explained in con-section with Figure 4. As shown -therein, the Dips of the Offset Number are read off the card and temporarily stored in the verifier. The PAN which is read off the card effectively initializes FUR A to -form PAN'. Likewise the PIN, which the user secretly enters into the verifier effectively initializes SO C to Eerily PUN 'Inn, both FUR A nlld SO C arc reillitiali~od to Eornl PAN"
and PIN", respectively. 'I've FUR B is effectively initialized by portions of PIN " and PAN" . Then Furs A, B and C are clocked synchronously until FUR B
reaches the particular state, which is sensed by the decoder 40 (See Figure 2).
At this point the contents of FUR A, i.e. the Airs and the stored Dips, are mapped by a processor 201 to form computed Swiss, hereafter referred to as Swiss.
They are subsequently compared with the correspondingly derived Swiss in FUR C
by a comparator 202. Only when corresponding CCi's and Swiss are identical is a valid signal provided, thereby indicating that the user who entered the secret PIN into the verifier is the rightful user. On the other hand if one or more corresponding CCi t S and Swiss are not identical, an invalid signal is produced.
The foregoing may further be explained in connection with a specific example. Let it be assumed that in the generator, the state of FUR B is de-coded by decoder 40 see Figure 2) and such state indicates that the processor
The invention will be described with reference to the accompanying drawings, in which:
Figure 1 is a general block diagram of a generator useful in ox-planning the invention and taken from Canadian Patent 1,173,925;
Figure 2 is a block diagram, also taken from Canadian Patent 1,173,925 in which it is numbered Figure 12, useful in explaining the role of a control feedback shift register in generating an Offset Number;
lo Figure 3 is a flow chart type diagram useful in explaining the genera-lion owe one Offset Number in a generator;
Figure n flow chart type Ingram useful inn oxp}c~ in tllo operation owe one embodiment ox the improved verifier;
Figure 5 is a multilane diagram of Airs and Swiss used in the genera-ion to form the Dips of the Offset Number;
Figure 6 is a diagram of a Latin Square to map corresponding Airs and Swiss into the Dips;
Figure 7 is a multilane diagram showing one example of mapped Airs and corresponding Dips into CCi's;
Figure 8 is a Latin Square to produce to mapping of corresponding Airs and Dips into the Swiss;
Figures 9, lo and 11 are diagrams useful in explaining other embody-mints of the invention;
Figure 12 is a block diagram useful in explaining another advantage of the invention.
In accordance with the present invention, just like in the prior ~3~7'5 patent, the Offset Number together with the PAN are read off the card and fed to the verifier. The latter is also supplied with the secret PIN which the card user supplies. The PIN and PAN together with the digits of any Institution Number (IN) are processed so that feedback shift registers A and C store digits Al, Ann and Of, C2---C , generally referred to in the prior patent as At and Of. The digits of the Offset Number are designated Dip In the prior patent, when the feedback shift register B (See Figures 1 and 2) realizes a particular state, a decoder 40 see Figure 2) sensing that state actuates a processor 45 (See figure 2). The latter sequentially combines the Airs and the Swiss in accordance with a preselected procossillg function to generate and produce the l)j's of the east Nlmlbcr, which ore then compnrc~d wealth who Do 's which wore road off the cnrcl end stored in the verifier.
In accordance with the present invent:ioll, the Swiss are derived in the same manner as described in the prior patent. However, instead of mapping them with the Airs to produce the Dosage the derived Airs and the stored Dips are mapped into a set of computed digits, generally designated as CCi's where the superscript c designates computed Swiss, as the result of the mapping of the derived Ages and the stored Dips. The derived Swiss and the computed Sykes are compared and only when they are correspondingly identical is an indication given that the one who entered the secret PIN is the rightful card user. Thus, in the improved verifier an Offset Number, like the one stored on the card, is never generated.
Briefly stated, in the new improved verifier, Swiss are derived as a function of PIN, as in the generator. Also Airs are derived as a function of PAN, as in the generator. However, whereas in the prior verifier the Airs and Swiss are mapped into Dips which are the Offset Number, which is compared .., with the Dips of the Offset Number recorded on the card, in the present Yen-lien the Dips of the Offset Number are mapped with the corresponding Airs into CCi's which are compared with corresponding Swiss actually derived in the verifier from the secretly entered PIN.
The invention will now be described in greater detail.
The manner of generating the Offset Number in the generator as well as in the verifier described in the prior patent may best be summarized in connection with Figure 3.
Briefly in the generator 10 see Figure 1) the PAN is entered into lo and effectively initializes FUR A, the contents of which are designated by PAN'. Similarly, PIN is entered and effectively initializes SO C, the con-tents of which art designator PIN'. These opcratiolls are l)erforlnod syncllron~
ouzel. When both Illusory A END ISSUER C have bccll:i.lliti.alizo-l, two xysto~l ontQrs a synchronous mode, during which both FUR A AND FUR C are reinitialized, such as by selected portions of the representation of digits of the Institution Number (IN) in the IN STORAGE 15. The reinitialized PAN and YIN are designated by PAN" and PIN ", respectively. The stages of FUR B (35 95) are then initialized The Furs AHAB and C are clocked and assume successive states, until FUR B reaches a selected state. Thereafter, during a succession of clock periods the Swiss in FUR C and corresponding Airs in FUR A are mapped to goner-ate the Dips, which form the Offset Number, which is recorded on the card.
That is, Dyes. The mapping is provided by processor 45 see Figures 1 2).
As pointed out in the prior patent, the mapping may be a Latin Square, and a 10 x 10 Latin Square is specifically shown. As also pointed out in the prior patent, the number of possible 10 x 10 Latin Squares has not been computed as yet. The number of 9 x 9 Latin Squares is known to bethel greater ~23~
than 3.7 x loll.
The verifier, described in the prior patent, generates Dips just like the generator. Once the Dips are generated in the verifier, they are correspondingly compared with those read off the card.
Unlike the prior verifier, with an arrangement in accordance with the present invention, Dips are never generated in the verifier, for comparison with corresponding Dips which were recorded on the card. The mode of opera-lion in one embodiment of the improved verifier may best be explained in con-section with Figure 4. As shown -therein, the Dips of the Offset Number are read off the card and temporarily stored in the verifier. The PAN which is read off the card effectively initializes FUR A to -form PAN'. Likewise the PIN, which the user secretly enters into the verifier effectively initializes SO C to Eerily PUN 'Inn, both FUR A nlld SO C arc reillitiali~od to Eornl PAN"
and PIN", respectively. 'I've FUR B is effectively initialized by portions of PIN " and PAN" . Then Furs A, B and C are clocked synchronously until FUR B
reaches the particular state, which is sensed by the decoder 40 (See Figure 2).
At this point the contents of FUR A, i.e. the Airs and the stored Dips, are mapped by a processor 201 to form computed Swiss, hereafter referred to as Swiss.
They are subsequently compared with the correspondingly derived Swiss in FUR C
by a comparator 202. Only when corresponding CCi's and Swiss are identical is a valid signal provided, thereby indicating that the user who entered the secret PIN into the verifier is the rightful user. On the other hand if one or more corresponding CCi t S and Swiss are not identical, an invalid signal is produced.
The foregoing may further be explained in connection with a specific example. Let it be assumed that in the generator, the state of FUR B is de-coded by decoder 40 see Figure 2) and such state indicates that the processor
3~5 I should be activated to map the Airs in SO A and the Swiss in FUR C and that the Airs and Swiss are as shown in lines a and b of Figure 5. Let it further be assumed that processor 45 provides a mapping, based on the Latin Square shown in Figure 6. That is, Dyes. It should be apparent that the Dips of the Offset Number would be as shown in line c of Figure 5. These Dips are recorded on the magnetic stripe of the card.
As to the verifier, these Dips are stored therein, as shown in line c of Figure 7. In the verifier the Airs and Swiss are generated as they were in the generator. They are shown in lines b and a, respectively of Figure 7.
As to the processor 201 (See Figure I) as previously pointed out it maps eon-responding Al's and the stored Vi's into the CCi's. Who processor 2()1 products a mapping based on a preselected Litton Squealer Weakly is relighted to tllo Lotte Square in the processor I of the genercltor. Such a Latin Sqllclro in processor 2~1 is shown in Figure 8. With such a Latin Square, the mapping can be ox-pressed as CCi=AiDi, resulting in computed CCi's as shown in line d of Figure 7, at the time the CCi's are produced. Swiss are present in FUR C, as shown in line a of Figure 7.
The comparator 202 see Figure I) compares each Of with a cores-pounding Of. Only if respective components are identical, does the comparator 202 produce a valid signal. The Swiss lone a of Figure 7) do not match cores-pounding CCi's whenever the PIN which was entered is not the correct secret PIN.
Thus, the comparator produces an invalid signal.
To further increase the security provided by the system traps may be introduced in the verifier to prevent unauthorized use of the system. For example, the Swiss generated in the verifier as a function of PIN may undergo a transformation T in a transformation unit 205 (See Figure 9). Let it be assumed that the transformation is as follows:
digit 0 1 2 3 4 5 6 7 8 9 T transformed digit 7 2 8 6 0 3 5 9 1 4 Thus 7 comparator 202 figure 9) will no longer be provided with Swiss but rather with transformed Swiss, designated Cites. Let it be assumed that in the follow-in example the Airs, Swiss and Dips in the generator are the same as in the previous example, as shown in lines a, b and c, respectively, in Figure 5. As to the verifier the Swiss generated therein as a function of a correct PIN would be the same, i.e. 8 1 0 3 6 6 1 9 3 1, as shown in line a of Figure 10. However, after undergoing the transformation T the Swiss are converted into the Cites as shown in fine b.
The Al's, produced yin tile vcrlE;ior, and the stroll Isle weakly worry read off the card arc mulled by processor 201x, which is similar to processor 201, heretofore described. However, its output, i.e. the Swiss, have to be compared not with corresponding Swiss, but with corresponding transformed Swiss, namely with Cites. Therefore, a Latin Square, different from that shown in Figure 8, must be employed to account err the transformation owe the Swiss, into Cites. Such a Latin Square is shown in Figure 11. Its mapping can be ox-pressed as Chit = At Do = (Audit to account for the transformation of the Swiss in the verifier, as shown in line a of Figure 10 into the Cites, as shown in line b. The Airs and Dips are unaffected as shown in lines c and d. Also, once mapped by processor 201x, the output would be Chits as shown in line e.
It is the Chits which are compared with the corresponding Cites by comparator 202.
It should be stressed that in either embodiment, the verifier never generates an Offset Number to be compared with that on the card. Rather the ~3g~S
digits of the Offset Number (the Dips) which are supplied to the verifier are mapped with the Airs, derived therein as a function of PAN, to produce Sykes (or Cites), which are compared, with corresponding Swiss (or Cites) to verify whether or not the one using the card is the rightful card owner.
At present, in establishments where cards are used, little, if any, effort is devoted to validate the identity of the card user. More often only the account status is checked to determine if charges can be made. To this end, establishments have a small unit with a keyboard. The proprietor enters the account number via a keyboard or it is read off from the card by a card reader. This number is then communicated to a computer wherein the status of all accosts art stored. An indication of the account status is sent back to two proprlotor. Ilowover, i-t must by stressed that this prococlllr~3 only checks two account status. Cut yin no way validates the usurious :idelltity.
In accordance with an improved embodiment of the invention, the existing unit may be eliminated and its functions incorporated in the verifier as diagramed in Figure 12. Therein numeral 210 designates a card reader which reads at least the PAN i.e. the Airs and the Offset Number i.e. the Dips and stores them into the verifier 215. Once the secret PIN is entered by the user, the verifier validates the identity of the user. Only if he (or she) is the rightful user will comparator 202 provide a valid signal (Of = CCi or Cut = Chit).
Only a valid signal output from comparator 215 enables the automatic trays-mission of PAN, which is stored in the verifier, to a location wherein the status of all accounts are stored, e.g., a remotely located computer via lines 216. If the account status is good an appropriate indication is return-Ed e.g. a green light 217 is illuminated. On the other hand, if the account status is bad by one or more criteria, a red light 218 is turned on. It , ,.
9 _ 3~3~S
should be stressed, that the return indication corresponding to a good account status can be used as a secure enabling signal which permits the come pletion of the transaction.
It should be pointed out that the determination of the account status may be done at the same time the person's identity is being validated. How-ever, since for each inquiry of account status the proprietor is charged a fee it is preferable to determine the account status only after the identity of the card user has been validated.
.,,
As to the verifier, these Dips are stored therein, as shown in line c of Figure 7. In the verifier the Airs and Swiss are generated as they were in the generator. They are shown in lines b and a, respectively of Figure 7.
As to the processor 201 (See Figure I) as previously pointed out it maps eon-responding Al's and the stored Vi's into the CCi's. Who processor 2()1 products a mapping based on a preselected Litton Squealer Weakly is relighted to tllo Lotte Square in the processor I of the genercltor. Such a Latin Sqllclro in processor 2~1 is shown in Figure 8. With such a Latin Square, the mapping can be ox-pressed as CCi=AiDi, resulting in computed CCi's as shown in line d of Figure 7, at the time the CCi's are produced. Swiss are present in FUR C, as shown in line a of Figure 7.
The comparator 202 see Figure I) compares each Of with a cores-pounding Of. Only if respective components are identical, does the comparator 202 produce a valid signal. The Swiss lone a of Figure 7) do not match cores-pounding CCi's whenever the PIN which was entered is not the correct secret PIN.
Thus, the comparator produces an invalid signal.
To further increase the security provided by the system traps may be introduced in the verifier to prevent unauthorized use of the system. For example, the Swiss generated in the verifier as a function of PIN may undergo a transformation T in a transformation unit 205 (See Figure 9). Let it be assumed that the transformation is as follows:
digit 0 1 2 3 4 5 6 7 8 9 T transformed digit 7 2 8 6 0 3 5 9 1 4 Thus 7 comparator 202 figure 9) will no longer be provided with Swiss but rather with transformed Swiss, designated Cites. Let it be assumed that in the follow-in example the Airs, Swiss and Dips in the generator are the same as in the previous example, as shown in lines a, b and c, respectively, in Figure 5. As to the verifier the Swiss generated therein as a function of a correct PIN would be the same, i.e. 8 1 0 3 6 6 1 9 3 1, as shown in line a of Figure 10. However, after undergoing the transformation T the Swiss are converted into the Cites as shown in fine b.
The Al's, produced yin tile vcrlE;ior, and the stroll Isle weakly worry read off the card arc mulled by processor 201x, which is similar to processor 201, heretofore described. However, its output, i.e. the Swiss, have to be compared not with corresponding Swiss, but with corresponding transformed Swiss, namely with Cites. Therefore, a Latin Square, different from that shown in Figure 8, must be employed to account err the transformation owe the Swiss, into Cites. Such a Latin Square is shown in Figure 11. Its mapping can be ox-pressed as Chit = At Do = (Audit to account for the transformation of the Swiss in the verifier, as shown in line a of Figure 10 into the Cites, as shown in line b. The Airs and Dips are unaffected as shown in lines c and d. Also, once mapped by processor 201x, the output would be Chits as shown in line e.
It is the Chits which are compared with the corresponding Cites by comparator 202.
It should be stressed that in either embodiment, the verifier never generates an Offset Number to be compared with that on the card. Rather the ~3g~S
digits of the Offset Number (the Dips) which are supplied to the verifier are mapped with the Airs, derived therein as a function of PAN, to produce Sykes (or Cites), which are compared, with corresponding Swiss (or Cites) to verify whether or not the one using the card is the rightful card owner.
At present, in establishments where cards are used, little, if any, effort is devoted to validate the identity of the card user. More often only the account status is checked to determine if charges can be made. To this end, establishments have a small unit with a keyboard. The proprietor enters the account number via a keyboard or it is read off from the card by a card reader. This number is then communicated to a computer wherein the status of all accosts art stored. An indication of the account status is sent back to two proprlotor. Ilowover, i-t must by stressed that this prococlllr~3 only checks two account status. Cut yin no way validates the usurious :idelltity.
In accordance with an improved embodiment of the invention, the existing unit may be eliminated and its functions incorporated in the verifier as diagramed in Figure 12. Therein numeral 210 designates a card reader which reads at least the PAN i.e. the Airs and the Offset Number i.e. the Dips and stores them into the verifier 215. Once the secret PIN is entered by the user, the verifier validates the identity of the user. Only if he (or she) is the rightful user will comparator 202 provide a valid signal (Of = CCi or Cut = Chit).
Only a valid signal output from comparator 215 enables the automatic trays-mission of PAN, which is stored in the verifier, to a location wherein the status of all accounts are stored, e.g., a remotely located computer via lines 216. If the account status is good an appropriate indication is return-Ed e.g. a green light 217 is illuminated. On the other hand, if the account status is bad by one or more criteria, a red light 218 is turned on. It , ,.
9 _ 3~3~S
should be stressed, that the return indication corresponding to a good account status can be used as a secure enabling signal which permits the come pletion of the transaction.
It should be pointed out that the determination of the account status may be done at the same time the person's identity is being validated. How-ever, since for each inquiry of account status the proprietor is charged a fee it is preferable to determine the account status only after the identity of the card user has been validated.
.,,
Claims (11)
PROPERTY OR PRIVILEGE IS CLAIMED ARE DEFINED AS FOLLOWS:
1. A verifier for use in a personal identification system of the type in which a card is issued to a person by an entity with a personal assigned number, definable as PAN, which is recorded on the card, and a number definable as an Offset Number, which is also recorded on the card, said Offset Number being generated by a generator of said system as a function of at least said PAN and a secret code in the form of a digital sequence secretly chosen by and known only by said person, definable as PIN, the verifier comprising:
first means for receiving said PAN and said Offset Number, recorded on said card, for processing said PAN and thereafter mapping said PAN and the digits of the Offset Number, definable as Di's, to provide a sequence of digits, definable as C?'s;
second means for receiving a PIN from a person the identity of which is to be verified and for processing said PIN to provide a sequence of digits, definable as Ci's; and comparing means for comparing corresponding C?'s and Ci's to provide a valid signal when C?'s = Ci's for each i and for providing an invalid signal when C?'s ? Ci's for one or more i's.
first means for receiving said PAN and said Offset Number, recorded on said card, for processing said PAN and thereafter mapping said PAN and the digits of the Offset Number, definable as Di's, to provide a sequence of digits, definable as C?'s;
second means for receiving a PIN from a person the identity of which is to be verified and for processing said PIN to provide a sequence of digits, definable as Ci's; and comparing means for comparing corresponding C?'s and Ci's to provide a valid signal when C?'s = Ci's for each i and for providing an invalid signal when C?'s ? Ci's for one or more i's.
2. A verifier as recited in Claim 1 wherein said first means include first feedback shift register means, definable as FSR A, and means for trans-forming the PAN into transformed digits, prior to storing them in said FSR A, and said second means include second feedback shift register means, definable as FSR C and means for transforming the PIN digits prior to storing them in said FSR C, said verifier further including third feedback shift register means definable as FSR B, means for clocking said FSR's A, B and C, means for initializing said FSR B with at least portions of digits in said FSR's A and C, said first means producing said C?'s only during a sequence of clock periods following a selected sensed state of FSR B and said comparing means comparing said C?'s with said Ci's which are provided from FSR C during said sequence of clock periods.
3. A verifier as recited in Claim 2 wherein said first means include mapping means for providing said C?'s during said sequence of clock pulses by mapping Ai's, provided by said FSR A during said sequence, with Di's stored in said verifier, whereby C? = Ai * Di, where * signifies the mapping operation.
4. A verifier as recited in Claim 3 wherein said mapping means include means for mapping said Ai's and Di's based on a preselected criteria, which is related to mapping in the generator of the outputs of said FSR's A and C
into the Di's comprising said Offset Number.
into the Di's comprising said Offset Number.
5. A verifier as recited in Claim 4 wherein the mapping is based on a Latin Square of nxn, where n is an integer.
6. A verifier as recited in Claim 5 wherein n = 10.
7. A verifier as recited in Claim 4 wherein said verifier includes transformation means for transforming the outputs of said FSR C, definable as Ci's, into CiT's (corresponding to Ci transformed) and said mapping means includes means for mapping said Ai's and Di's based on a preselected criteria which is related to mapping, in the generator of the outputs of said FSR's A
and C to generate the Di's, comprising said Offset Number and is further related to the transformation performed by said transformation means.
and C to generate the Di's, comprising said Offset Number and is further related to the transformation performed by said transformation means.
8. A verifier as recited in Claim 7 wherein the mapping is based on a Latin Square of N x N where N is an integer.
9. A verifier as recited in Claim 8 wherein N = 10.
10. A verifier as recited in Claim 1 further including means for indicat-ing whether said comparing means provides a valid signal or an invalid signal.
11. A verifier as recited in Claim 1 further including means responsive to a valid signal from said comparing means for transmitting the PAN received from a card, to a location whereat the status of accounts, including the account represented by said PAN, are present, and means in said verifier for enabling the transaction involving the use of said card to be completed only if a signal is received from said location, indicating that the status of the account, identified by said PAN, is good.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US44591584A | 1984-09-28 | 1984-09-28 | |
| US06/445,915 | 1984-09-28 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA1223075A true CA1223075A (en) | 1987-06-16 |
Family
ID=23770683
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA000474716A Expired CA1223075A (en) | 1984-09-28 | 1985-02-20 | Personal identification system |
Country Status (1)
| Country | Link |
|---|---|
| CA (1) | CA1223075A (en) |
-
1985
- 1985-02-20 CA CA000474716A patent/CA1223075A/en not_active Expired
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US4501957A (en) | Verifier for a personal indentification system | |
| US4906828A (en) | Electronic money purse and fund transfer system | |
| USRE30579E (en) | Check authorization system | |
| US5181245A (en) | Machine incorporating an accounts verification system | |
| US5585787A (en) | Programmable credit card | |
| CA1103352A (en) | Transaction execution system with secure encryption key storage and communications | |
| RU2108620C1 (en) | Values transfer system | |
| US3544769A (en) | Electronic identification and credit card system | |
| US4016405A (en) | Card validation, method and system | |
| US4304990A (en) | Multilevel security apparatus and method | |
| US5214699A (en) | System for decoding and displaying personalized indentification stored on memory storage device | |
| US4650978A (en) | Off line cash card system and method | |
| CA1104256A (en) | Identity verification method and apparatus | |
| US3859508A (en) | Method of control of legitimacy safe against forgery | |
| EP0962875A2 (en) | Electronic money apparatus, method, card and computer readable record medium having electronic money processing program recorded thereon | |
| EP0172670A2 (en) | An apparatus for effecting and recording monetary transactions | |
| US7006998B2 (en) | Payment system | |
| WO1998026376A3 (en) | Postpaid traveler's checks | |
| JPS5911950B2 (en) | personal identification system | |
| EP0533829A1 (en) | Security of objects or documents. | |
| CA1267729A (en) | Ic card system employing remote pin entry card | |
| DK0753185T3 (en) | Procedure for charging parking fees using parking meters or payment meters | |
| JPH1196363A (en) | Account settling method based on fingerprinter certification | |
| CA1223075A (en) | Personal identification system | |
| GB2130412A (en) | Electronic money purse |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MKEX | Expiry |