CA1270957A - Method and apparatus for synchronizing generation of separate, free running, time dependent equipment - Google Patents
Method and apparatus for synchronizing generation of separate, free running, time dependent equipmentInfo
- Publication number
- CA1270957A CA1270957A CA000523998A CA523998A CA1270957A CA 1270957 A CA1270957 A CA 1270957A CA 000523998 A CA000523998 A CA 000523998A CA 523998 A CA523998 A CA 523998A CA 1270957 A CA1270957 A CA 1270957A
- Authority
- CA
- Canada
- Prior art keywords
- time
- predictable
- code
- algorithm
- computer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired
Links
Abstract
ABSTRACT OF THE DISCLOSURE
In a system and method for comparing and matching non-predictable codes generated by separate computers on the basis of dynamic variables defined according to time, an apparatus and method for synchronizing the time definition of the dynamic variables by (a) calculating a first non-predictable code according to a secret predetermined algorithm, the algorithm generating the first non-predictable code on the basis of a first dynamic variable and a unique static variable; (b) automatically defining the first dynamic according to a first interval in which the static variable is input into the algorithm, the first interval of time having a predetermined duration; (c) calculating two or more second non-predictable codes according to the predetermined algorithm, the algorithm generating the second non-predictable codes on the basis of the two or more second dynamic variables and the unique static variable, (d) automatically defining the two or more second dynamic variables according to two or more cells of a second interval of time in which the static variable is input into the algorithm of the second computer, the second interval of time comprising a central cell of time having a predetermined duration and one or more cells of time bordering the central cell of time, each bordering cell of time having a predetermined duration, (e) comparing the first non-predictable code with the second non-predictable codes to determine a match, and (f) automatically synchronizing the clock mechanisms which define the first and second dynamic variables upon comparison and matching of the first non-predictable code with one of the second non-predictable codes.
In a system and method for comparing and matching non-predictable codes generated by separate computers on the basis of dynamic variables defined according to time, an apparatus and method for synchronizing the time definition of the dynamic variables by (a) calculating a first non-predictable code according to a secret predetermined algorithm, the algorithm generating the first non-predictable code on the basis of a first dynamic variable and a unique static variable; (b) automatically defining the first dynamic according to a first interval in which the static variable is input into the algorithm, the first interval of time having a predetermined duration; (c) calculating two or more second non-predictable codes according to the predetermined algorithm, the algorithm generating the second non-predictable codes on the basis of the two or more second dynamic variables and the unique static variable, (d) automatically defining the two or more second dynamic variables according to two or more cells of a second interval of time in which the static variable is input into the algorithm of the second computer, the second interval of time comprising a central cell of time having a predetermined duration and one or more cells of time bordering the central cell of time, each bordering cell of time having a predetermined duration, (e) comparing the first non-predictable code with the second non-predictable codes to determine a match, and (f) automatically synchronizing the clock mechanisms which define the first and second dynamic variables upon comparison and matching of the first non-predictable code with one of the second non-predictable codes.
Description
3~7 RllNN:I~æ, TIME DEPE;NDEN~ I~UIPI~
The present invention rela~es ~o an ap~aratus and method for the electronic generation o~ variable, non-predictable codes and the validation and comparison of such codes for the purpose of positively identifying an authorized individual or user of an apparatus or system and thereafter giving clearance to carry out a privileged transaction or access to a protected ~ystem or facility.
There often arises a need to prevent all bu~ selected authorized persons from being able to carry out some defined transaction (such as granting of credit) or to gain access to electronic equiFment or other system, facility or data ~ereinafter "clearance or accessn)~ Prior methods for preven~lng unauthorized clearance or access typically involve device~ whlch limit access to the subject data, facility, or tran~action to those wh~ possess a unique physical device, such as a key or who know a fixed or predictable (hereinafter ~fixedn) secret code. ffl e problem inherent in relying on a fixed code or unique physical device as the means to gain such selective clearance or access i~ that would-be un-authorized users need cnly obtain possession of the fixed oode or ., ".
'`' "',; ~'' ' ` ' ~ .. , L _ ~
~L~7(~9 ~7 unique device to gain such clearance or access. Typical mstances of fixed codes include card numbers, user n~nbers or passwords issued to customers of computer data retrieval services.
The principal object of the invention is to synchronize the generation of time-dependent non-predictable codes which are independently generated on the basis of date and time information which are generated on separate devices which over time may deviate out of time synchrony with each other. A further object of the invention is to provide a practical approach to generating identi-fication codes which are unique to the user and which change peri-odically without user intervention but which provide a readily verifiable means of identiication for providing clearance or ac-cess at any time.
The present invention eliminates the relatively easy ac-cess afforded to someone who copies or otherwise misappropriates a secret "fixed" code by periodically generating identification codes b~ using fixed codes, variable data, and a predetermined algoritbm which is unknown in advance and unknowable outside the administra-tion of the security system even to authorized users of the ap~ara-tus ùtili2ing the fixed secret code. Ihe predetermined algorithm constantly generates new unique and verifiable non-predictable codes, which are derived from the fixed data and at least one , .. . ,''" .:' . '' , ::
~L~ 7 0 ~
dynamic variable, such as the time of day (including the date) by the predetermined algorithm. m e constant changes in the dynamic variables when processed by the algorithm results in the generation of constantly changing non-predictable codes.
In accordance with the invention, in a system for com-paring and matching non-predictable codes generated by separate computers on the basis of dynamic variables defined by separate clock mechanisms according to time, there is provided an apparatus for synchronizing the time definition of the dynamic variables 1~ comprising: a first computer for calculating a first non-predict-able code according to a predetermined algorithm/ the algorithm generating the first non-predictable code on the basis of a first dynamic variable and a unique static variable; a first clock mechanism for automatiGally defining the first dynamic variable according to a first interval of time in which the static variable is input into the algorithm, the first interval of time having a irst predetermined duration; a second computer for calculating two or more second non-predictable codes according to the predetermined algorithm, the algorithm generating the second non-predictable codes on the basis of the two or more second dynamlc variables and the unique static variable; a second clock mechanism for automati-~lly defLning the two or more second dynamic variables according to two or more cells of a second interval of time in which the static variable is input into the algorithm of the second computer, - .
, ~ ~7~t7 the second interval of time comprising a central cell of time having a predetermined duration and one or more cells of time bordering the central cell of time, each bordering cell of time having a predetermined duration; a mechanism for comparing the first non-predictable code with the second non-predictable codes to determine a match; and, a mechanism for automatically synchronizing the first clock mechanism and the second clock mechanism upon c.omparison and matching of the first non-predictable code with one of the second non-predictable codes.
The central cell of time typically comprises the date and the minute in which the unique static variable i5 input into the second computer as defined by the second clock mechanism; and the bordering cells of time may comprise a cell of time comprising the date and the minute immediately preceding the central cell.
1~ Preferably the mechanism for synchronizing comprises- a counting mechanism for counting the difference in time between a central cell of time and a bordering cell of time from which a matching second non-predictable code may be generated; a summing mechanism connected to the counting mechanism for summing succes-~0 sive differences in time counted by the counting mechanism; a storage mechanism connected to the summlng mechanism for storing the output of the summing mechanism; and, a shifting mechanism connected to the storage mechanism for shif~ing a oentral cell and bordering cells of time by the output of the summing mechanism . . ; ,... .: . , . ,. , -,: ., : ~ . ,,:: . .
, , . :; ::. . . ~ .: :: , :: ,.
: : . . . , :.: ::: . : :
stored in the storage mechanism.
The bordering cells of time may comprise a selected number of cells of time immediately preceding the central cell and a selected number of cells of time immediately following the central cell; and the central and bordering cells of time are typically selected to be one minute in duration.
Preferably, the mechanism for synchronizing further com-prises: a second storage mechanism connected to the comparison mechanism for storing the date of the most recent comparison and matching by the comparison mechanism7 a second counting mechanism connected to the second storage mechanism for counting the dif-ference in time between the date s~ored and the date of present entry into the second computer; a dividing mechanism connected to the second counting mechanism for dividing the difference in time counted by the second counting mechanism by a selected value and prescribing the output as a first window opening number; a window opening mechanism connected to the dividing mechanism and the comparison mechanism for calculating as many extra second non-predictable codes on the basis of as many extra bordering cells of ~d time immediately preceding and following the selected number of bordering cells as prescribed by the first window opening number.
Most preferably, the mechanism for synchronizing further comprises: a sensing mechanism connected to the second clock mechanism for sensing a re-setting of the second clock mechanism; a -, : . .. .;:..~
. .
~7~3~3'~
third storage mechanism connected to ~he sensing mechanism pre-scribing and storing the occurrence of a sensed re-setting of the second clock mechanism as a selec~ed second window opening number;
and, a second window opening mechanism connected to the third s~orage mechanism for calculating as many additional second non-predictable codes on the basis of as many additional bordering cells of time immediately preceding and following the extra bor-dering cells of time as prescribed by the second window opening nun~er.
The first computer typically comprises a microprocessor wherein the algorithm is stored in volatile ~ynamic memory encapsu-lated with an energizing mechanism which when interrupted destroys all data including at least the algorithm and the static variable.
Most preferably, the algorithm of the second computer is stored in volatile dynamic memory encapsulated with an energizing mechanism which when interrupted destroys all da~a including at least the algorithm and the static variable.
In a method for comparing non-predictable codes generated by separate computers on the basis of dynamic variables defined by separate cloc~ mechanisms according to time wherein the codes match when the dynamic variables match, there is also provided a method for synchronizing the time definition of the dynamic variables co~prising the steps of: inputting a static variable into a first co~puter incl~ding a predetermined algorithm; employing the algo-:. :
. . ~ , .
~ f~ .
rithm of the first computer to calculate a first nonrpredictablecode on the basis of the static variable and a first dynamic vari-able defined by a first interval of time in which the step of inputting occurred according to a first clock mechanism; putting the static variable and the first non-predictable code into a second computer independently including the predetermined algo-rithm; using the algorithm of the second computer to independently calculate two or more second non-predictable codes on the basis of the static variable and two or more second dynamic variables de-fined by two or more cells of a second interval of time in whichthe step of putting occurred accordin~ to a second clock mechanism, the second interval of time comprising a oentral cell of time and one or more bordering cells of time; comparing the first non-predictable code with the second non~predictable codes to determine a match; and, syncbronizing the first clock mechanism and the second clock mechanism upon comparison and matching of the first non-predictable code with one of the second non-predictable codes.
e step of synchronizing preferably comprises the steps of: counting the difference in time between a central cell of time ~ and a bordering cell of time from which a matching second non-predictable code may be generated; summing successive differences in time counted during the step of counting; storing the summed successive differences in time; and, shifting the central and bordering cells of time by the summed successive differences in . ., . ~.~ ~ , , ~L~7 ~ ~ 5 time.
Most preferably, the step of synchronizing further com-prises the steps of: storing the date of the most recent comparison and determination of a match; counting the difference in time between the date stored and the date of present entry into the second computer dividing the difference in dates counted by a selected value and prescribing the output as a first window opening number; and, calculating as many extra second nonrpredictable codes on the basis of as many extra bordering cells of time immediately preceding and following the selected number of bordering cells as prescribed by the first window opening number.
Most preferably, the step of synchronizing further com prises the steps of: sensing a re-setting of the second clock mechanism; prescribing and storing the occurrenoe of a sensed re-setting of the second clock mechanism as a second selected windowopening number; and, calculating as many additional second non-predictable codes on the basis of as many additional bordering cells of time immediately preceding and following the extra bor-dering ceils of time as prescribed by the second window opening number.
~ he volatile dynamic memory included in either or both of the Eirst computer, the access control means, the host computer and the means for comparing preferably stores and maintains all pro-grams such as the predetermined algorithm, system operating pro-" , , ~ . ., ~ . , .: . -~7~
grams, code comparison and matching programs, and the like; and the volatile dynamic memory further preferably stores, maintains and makes available for use all data and results of operations such as fixed codes, resultant codes, dynamic variables and the like.
Also in accordance with the present invention, an identification system for iden-tifying an individual comprises a first computer means including a first clock means for generating a first time dependent dynamic 1~ variable. A means for storing a predetermined sta-tic variable is also provided as well as a first means for utilizing the first time dependent dynamic variable and the static variable to calculate a first non-predictable code in accordance with a predetermined algorithm. Also provided is a means for providing a visual display of the first non-predictable code calculated at at least a selected time interval. A second computer means includes a second clock means for generating a second time dependent dynamic variable. Also provided is a means for obtaining the predetermined static variable and a second means for utilizing the second time dependent dynamic variable and the static variable to calculate at a selected time interval a second non-predictable code in accordance with the pre-~5 determined algorithm. A means for obtaining the firstnon-predictable code displayed during the selected time interval is also provided. A match means is provided .~ .. , . . ~
3~7 for comparing the second non-predictable code generated during the selected time interval with the first non-predictable code obtained during the selected time interval. Also provided is a means responsive to a match between the first and second non-predictable codes in the match means for signifying identification. The first and second computer means independently generate the first and second non-predietable codes for comparison thereof without communication of the second eomputer means or the second clock means back to the first eomputer means there being no physical or eleetrical connection between the first and second eomputer means. A static variable is communicated to the means for obtaining at the seeond eomputer by an individual loeated at the first eomputer, the individual to be identified eommunicating the displayed first non-predietable eode and the static variable to the means for obtaining at the seeond computer.
In a more speeific eonstruetion of the above ~0 identifieation system, the first means to caleulate ineludes a stored program for performing the pre-determined algorithm. The program and the firs-t statie variable are stored in volatile dynamie memory whieh eauses the program and statie variable to be destroyed ~5 if an attempt is made to gain aeeess thereto.
lOa - - ~ :, . : ~ : . .
~L~7~3~3~j 7 In a still more specific construc-tion of the above identification system, the first computer means is incorporated in a portable, hand-held device.
Furthermore, the present invention also pro-vides for a portable, hand-held computing and indi-cating device for use in a security system of the type wherein a first mechanism generates a first non-predic-table code in accordance with a predetermined algorithm in response to both a unique static variable and a dyna-1~ mic variable inputted thereto. A second mechanismgenerates a second non-predictable code in accordance with the predetermined algorithm in response to both the uni~ue static variable and a second dynamic variable corresponding to the first dynamic variable. A means is provided for comparing the two non-predictable codes, the device forming the first mechanism and comprising a processor having the algorithm preprogrammed therein and a means for causing the program stored in the processor to be erased if an effort is made to gain access to the ~0 program to learn the algorithm. A means is also provided for storing a unique static variable in each device, the static variable being selected so that no two devices adapted for use with a second mechanism store the same static variable. Also provided is a means for generating a time varying dynamic variable which is adapted to generate the same dynamic variable as that generated at the second mechanism at substan-lOb :
- , ~ ,:,, ~ . , ~27~9~7 tially the same instant of time. A means is provided for applying the stored unique static variable and the currently generated dynamic variable to the processor.
Finally, a means is provided for visually displaying the non-predictable code currently being generated by the processor.
In a more specific construction, the above portable, hand-held computing and indicating device is in the form of a credit-card sized card having the pro-cessor encapsulated therein.
In a still more specific construction, thecard has a length of approximately 3.3 inches, a width of approximately 2.1 inches, and a depth of less than approximately 0.07 inches.
In another specific construction of the above portable,-hand-held computing and indicating device, the means for visually displaying is a liquid crystal display.
In a further specific construction of the above portable, hand-held computing and indicating device~ the means for generating a time varying dynamic variable is an electronic clock generator.
BRIEF DESCRIPTION OF THE DRAWINGS
Other objects, features and advantages will be apparent from the following detailed description of preferred embodiments thereof: taken in conjunction with the accompanying drawings in which: ~
lOc ~ ~
~ ~7C~5~
Fig. 1 is a block diagram of a basic apparatus and method according to the invention for generating and comparing non-predictable codes;
Fig. lA is a block diagram of a preferred apparatus and method for generating and comparing non-predictable codes where a means for comparing non-predictable codes is included in a calculator which generates a non-predictable code;
Fig. 2 is a front isometric view of a credit card sized calculator for calculating a first non-predictable code for use in gaining clearance or access according to the invention;
Fig. 3 is a flow chart demonstrating a most preferred series of steps carried out by an apparatus 1~ according to the invention and~or in a method according to the invention; and, Figs. 4 - 9 are diagrammatic representations of series of lOd .
:
... .. . ..
-- ~L270~3~A7 1--resultant code cells separately generated by separate computers according to exemplary situations described herein; each diagram sets forth the relationship ~ real time between resultant codes generated on the basis of time as kept by separate clock mechanisms in the separat~ computers generating the resultant codes according to the corresponding exemplary conditions described with reference to each figure.
DET~IIED DE~CgIPTIGN QF 19E INVENIICN
The following discussion describes the most preferred embcdiments of the invention.
In accordance with the invention an authorized person is provided with a fixed secret code or card seed 10, FIGS. 1, lA, 2, 3, typically a number, which is unique to that individual. In the case of a credit or bank/cash card 20, FIG. 2, that number 10 may be printed on the card itself such that if the authorized owner of the card forgets the number, it c~n be quickly retrieved by refer-ence to the card or other permanently printed form of the fixed code 10. Where the fixed code/card seed 10 is provided in per-manent printed form on or in close connection with the apparatus of ~0 the invention there is also preferably provided an additional portion of the fixed code 10, a so-called pin 45 (personal identi-fication number), which the authorized user memorizes in order to further guard against misappropriation of the fixed c~de/card seed 10. The fixed code/card seed 10 or pin 45 may alternatively be ~L~7(~5'~
used to identify an authorized terminal which has been issued by the authority presiding over the granting of clearance or access.
Such a fixed and/or memorized code (commonly referred to as a pin 45, FIG. 3, or personal identification number) is input into an access control module (~ACMn) or host computer 50, FIGS. 1, lA, 3 together with the unique static variable 10 and temporarily stored within the memory of the host or ACM, step 1001 FIG. 3.
Preferah]y on oe the card seed 10 and pin 45 are input into the host or ACM 50, each is separately compared against a library of authorized card pins, step 110, FIG. 3, and a library of authorized card seeds, step 120, FIG.3, stored in the host or ACM
memory to determine whether there is a match. If either of the pin 45 or card seed 10 which the user inputs into the host or ACM does not produce a match, clearance or access is denied and the card user m~st start over in order to gain access or clearance.
In order to ~enerate a non-predictable code 40, FIGS. 1 -3, which will ultimately give the user clearance or access, the fixed code or seed 10 and/or pin 45 must be input into a predeter-mined algorithm which manipulates the seed 10 and/or pin 45 as a 20 static variable. The algorithm is typically provided to the user in the form of a calculator 20, FIG. 2, which is loaded with a pro-gram for carrying out the predetermined algorithm. Ihe calculator 20 preferably comprises an electronic computer and most preferably co~prises a microprocessor having a sufficient amount of volatile . , .
;:: , .. . ... ..
~270~53~
dynamic memory to store and carry out the functions of the prede-termined algorithm. Ihe computer 20 is most preferably provided in a card 20, FIG. 2, having the apFearance and approximate size of a credit card.
Such credit card sized computer 20, FIG. 2, also pre-ferably includes a conventional liquid crystal display 44 for displaying the ultimate non-predictable code 40 generated by the algorithm (referred to in FIG. 3 as "caxd resultant coden). The nonrpredictable code 40 thus generated may be visually observed by l~ ~he user for eventual input into a host computer or ACM 50, FIGS.
1, lA. 3. As shown in FIG. 2, the preferred form of card computer 20 has a length L of about 3.3 inches, a width W of about 2.1 inches and a depth D of less than about .07 inches. In addition or as an alternative to providing microprocessor 20 with a li~uid crystal display 45 for visual observation of the first non pre-dictable code 40r computer 20 may include means for machine reading the first non-predictable (or card resultant) code 40 and/or pin 45 to the ACM or host 50, or may include sound producing or other means for personally sensing the first non-predictable csde 40.
With reference to FIG. 3, after the card and host pins are compared and found to match, step 110, the card ~eed 10 is typical-ly compared against a library of card seeds stored in the host or ACM me~ory in order to aetermine whether there is a match, step 120, FIG. 3. If the card seed 10 input into the host or ACM S0 " .
. - , ",~
. . .
does not match up with one of the seeds stored in the host library, access or clear~nce is denied, "no" step 120, FIG.3.
For purposes of initial explanation the discussion which follows with reference to FIGS. 1 and LA assumes an embodiment of 5 the invention whereby a single resultant code 70 is generated by the host or ACM 50. The most preferred embodiment of the invention wherein the clock mechanisms which generate the resultant ccdes 40 and 70, are synchronized and wher~in the host or ACM preferably generates a series of resultant, non-predictable codes, as opposed to a single code 70~ is described hereinafter with reference to FIGS. 4 - 9.
In addition to using the seed 10 and/or pin 45 as static variables the predetermined algorithm is designed to utilize a second variable, a dynamic variable 30, 60, FIGS.l, lA, to calcu-1~ late the non-predictable codes 40, 70 which may ultimately give access or clearance 90 to the userO A dynamic variable may com-prise any code, typically a number, which is defined and determined by the interval of time in which the card seed 10 and/or pin 45 is put into the algorithm of either the card computer 20 or the host
The present invention rela~es ~o an ap~aratus and method for the electronic generation o~ variable, non-predictable codes and the validation and comparison of such codes for the purpose of positively identifying an authorized individual or user of an apparatus or system and thereafter giving clearance to carry out a privileged transaction or access to a protected ~ystem or facility.
There often arises a need to prevent all bu~ selected authorized persons from being able to carry out some defined transaction (such as granting of credit) or to gain access to electronic equiFment or other system, facility or data ~ereinafter "clearance or accessn)~ Prior methods for preven~lng unauthorized clearance or access typically involve device~ whlch limit access to the subject data, facility, or tran~action to those wh~ possess a unique physical device, such as a key or who know a fixed or predictable (hereinafter ~fixedn) secret code. ffl e problem inherent in relying on a fixed code or unique physical device as the means to gain such selective clearance or access i~ that would-be un-authorized users need cnly obtain possession of the fixed oode or ., ".
'`' "',; ~'' ' ` ' ~ .. , L _ ~
~L~7(~9 ~7 unique device to gain such clearance or access. Typical mstances of fixed codes include card numbers, user n~nbers or passwords issued to customers of computer data retrieval services.
The principal object of the invention is to synchronize the generation of time-dependent non-predictable codes which are independently generated on the basis of date and time information which are generated on separate devices which over time may deviate out of time synchrony with each other. A further object of the invention is to provide a practical approach to generating identi-fication codes which are unique to the user and which change peri-odically without user intervention but which provide a readily verifiable means of identiication for providing clearance or ac-cess at any time.
The present invention eliminates the relatively easy ac-cess afforded to someone who copies or otherwise misappropriates a secret "fixed" code by periodically generating identification codes b~ using fixed codes, variable data, and a predetermined algoritbm which is unknown in advance and unknowable outside the administra-tion of the security system even to authorized users of the ap~ara-tus ùtili2ing the fixed secret code. Ihe predetermined algorithm constantly generates new unique and verifiable non-predictable codes, which are derived from the fixed data and at least one , .. . ,''" .:' . '' , ::
~L~ 7 0 ~
dynamic variable, such as the time of day (including the date) by the predetermined algorithm. m e constant changes in the dynamic variables when processed by the algorithm results in the generation of constantly changing non-predictable codes.
In accordance with the invention, in a system for com-paring and matching non-predictable codes generated by separate computers on the basis of dynamic variables defined by separate clock mechanisms according to time, there is provided an apparatus for synchronizing the time definition of the dynamic variables 1~ comprising: a first computer for calculating a first non-predict-able code according to a predetermined algorithm/ the algorithm generating the first non-predictable code on the basis of a first dynamic variable and a unique static variable; a first clock mechanism for automatiGally defining the first dynamic variable according to a first interval of time in which the static variable is input into the algorithm, the first interval of time having a irst predetermined duration; a second computer for calculating two or more second non-predictable codes according to the predetermined algorithm, the algorithm generating the second non-predictable codes on the basis of the two or more second dynamlc variables and the unique static variable; a second clock mechanism for automati-~lly defLning the two or more second dynamic variables according to two or more cells of a second interval of time in which the static variable is input into the algorithm of the second computer, - .
, ~ ~7~t7 the second interval of time comprising a central cell of time having a predetermined duration and one or more cells of time bordering the central cell of time, each bordering cell of time having a predetermined duration; a mechanism for comparing the first non-predictable code with the second non-predictable codes to determine a match; and, a mechanism for automatically synchronizing the first clock mechanism and the second clock mechanism upon c.omparison and matching of the first non-predictable code with one of the second non-predictable codes.
The central cell of time typically comprises the date and the minute in which the unique static variable i5 input into the second computer as defined by the second clock mechanism; and the bordering cells of time may comprise a cell of time comprising the date and the minute immediately preceding the central cell.
1~ Preferably the mechanism for synchronizing comprises- a counting mechanism for counting the difference in time between a central cell of time and a bordering cell of time from which a matching second non-predictable code may be generated; a summing mechanism connected to the counting mechanism for summing succes-~0 sive differences in time counted by the counting mechanism; a storage mechanism connected to the summlng mechanism for storing the output of the summing mechanism; and, a shifting mechanism connected to the storage mechanism for shif~ing a oentral cell and bordering cells of time by the output of the summing mechanism . . ; ,... .: . , . ,. , -,: ., : ~ . ,,:: . .
, , . :; ::. . . ~ .: :: , :: ,.
: : . . . , :.: ::: . : :
stored in the storage mechanism.
The bordering cells of time may comprise a selected number of cells of time immediately preceding the central cell and a selected number of cells of time immediately following the central cell; and the central and bordering cells of time are typically selected to be one minute in duration.
Preferably, the mechanism for synchronizing further com-prises: a second storage mechanism connected to the comparison mechanism for storing the date of the most recent comparison and matching by the comparison mechanism7 a second counting mechanism connected to the second storage mechanism for counting the dif-ference in time between the date s~ored and the date of present entry into the second computer; a dividing mechanism connected to the second counting mechanism for dividing the difference in time counted by the second counting mechanism by a selected value and prescribing the output as a first window opening number; a window opening mechanism connected to the dividing mechanism and the comparison mechanism for calculating as many extra second non-predictable codes on the basis of as many extra bordering cells of ~d time immediately preceding and following the selected number of bordering cells as prescribed by the first window opening number.
Most preferably, the mechanism for synchronizing further comprises: a sensing mechanism connected to the second clock mechanism for sensing a re-setting of the second clock mechanism; a -, : . .. .;:..~
. .
~7~3~3'~
third storage mechanism connected to ~he sensing mechanism pre-scribing and storing the occurrence of a sensed re-setting of the second clock mechanism as a selec~ed second window opening number;
and, a second window opening mechanism connected to the third s~orage mechanism for calculating as many additional second non-predictable codes on the basis of as many additional bordering cells of time immediately preceding and following the extra bor-dering cells of time as prescribed by the second window opening nun~er.
The first computer typically comprises a microprocessor wherein the algorithm is stored in volatile ~ynamic memory encapsu-lated with an energizing mechanism which when interrupted destroys all data including at least the algorithm and the static variable.
Most preferably, the algorithm of the second computer is stored in volatile dynamic memory encapsulated with an energizing mechanism which when interrupted destroys all da~a including at least the algorithm and the static variable.
In a method for comparing non-predictable codes generated by separate computers on the basis of dynamic variables defined by separate cloc~ mechanisms according to time wherein the codes match when the dynamic variables match, there is also provided a method for synchronizing the time definition of the dynamic variables co~prising the steps of: inputting a static variable into a first co~puter incl~ding a predetermined algorithm; employing the algo-:. :
. . ~ , .
~ f~ .
rithm of the first computer to calculate a first nonrpredictablecode on the basis of the static variable and a first dynamic vari-able defined by a first interval of time in which the step of inputting occurred according to a first clock mechanism; putting the static variable and the first non-predictable code into a second computer independently including the predetermined algo-rithm; using the algorithm of the second computer to independently calculate two or more second non-predictable codes on the basis of the static variable and two or more second dynamic variables de-fined by two or more cells of a second interval of time in whichthe step of putting occurred accordin~ to a second clock mechanism, the second interval of time comprising a oentral cell of time and one or more bordering cells of time; comparing the first non-predictable code with the second non~predictable codes to determine a match; and, syncbronizing the first clock mechanism and the second clock mechanism upon comparison and matching of the first non-predictable code with one of the second non-predictable codes.
e step of synchronizing preferably comprises the steps of: counting the difference in time between a central cell of time ~ and a bordering cell of time from which a matching second non-predictable code may be generated; summing successive differences in time counted during the step of counting; storing the summed successive differences in time; and, shifting the central and bordering cells of time by the summed successive differences in . ., . ~.~ ~ , , ~L~7 ~ ~ 5 time.
Most preferably, the step of synchronizing further com-prises the steps of: storing the date of the most recent comparison and determination of a match; counting the difference in time between the date stored and the date of present entry into the second computer dividing the difference in dates counted by a selected value and prescribing the output as a first window opening number; and, calculating as many extra second nonrpredictable codes on the basis of as many extra bordering cells of time immediately preceding and following the selected number of bordering cells as prescribed by the first window opening number.
Most preferably, the step of synchronizing further com prises the steps of: sensing a re-setting of the second clock mechanism; prescribing and storing the occurrenoe of a sensed re-setting of the second clock mechanism as a second selected windowopening number; and, calculating as many additional second non-predictable codes on the basis of as many additional bordering cells of time immediately preceding and following the extra bor-dering ceils of time as prescribed by the second window opening number.
~ he volatile dynamic memory included in either or both of the Eirst computer, the access control means, the host computer and the means for comparing preferably stores and maintains all pro-grams such as the predetermined algorithm, system operating pro-" , , ~ . ., ~ . , .: . -~7~
grams, code comparison and matching programs, and the like; and the volatile dynamic memory further preferably stores, maintains and makes available for use all data and results of operations such as fixed codes, resultant codes, dynamic variables and the like.
Also in accordance with the present invention, an identification system for iden-tifying an individual comprises a first computer means including a first clock means for generating a first time dependent dynamic 1~ variable. A means for storing a predetermined sta-tic variable is also provided as well as a first means for utilizing the first time dependent dynamic variable and the static variable to calculate a first non-predictable code in accordance with a predetermined algorithm. Also provided is a means for providing a visual display of the first non-predictable code calculated at at least a selected time interval. A second computer means includes a second clock means for generating a second time dependent dynamic variable. Also provided is a means for obtaining the predetermined static variable and a second means for utilizing the second time dependent dynamic variable and the static variable to calculate at a selected time interval a second non-predictable code in accordance with the pre-~5 determined algorithm. A means for obtaining the firstnon-predictable code displayed during the selected time interval is also provided. A match means is provided .~ .. , . . ~
3~7 for comparing the second non-predictable code generated during the selected time interval with the first non-predictable code obtained during the selected time interval. Also provided is a means responsive to a match between the first and second non-predictable codes in the match means for signifying identification. The first and second computer means independently generate the first and second non-predietable codes for comparison thereof without communication of the second eomputer means or the second clock means back to the first eomputer means there being no physical or eleetrical connection between the first and second eomputer means. A static variable is communicated to the means for obtaining at the seeond eomputer by an individual loeated at the first eomputer, the individual to be identified eommunicating the displayed first non-predietable eode and the static variable to the means for obtaining at the seeond computer.
In a more speeific eonstruetion of the above ~0 identifieation system, the first means to caleulate ineludes a stored program for performing the pre-determined algorithm. The program and the firs-t statie variable are stored in volatile dynamie memory whieh eauses the program and statie variable to be destroyed ~5 if an attempt is made to gain aeeess thereto.
lOa - - ~ :, . : ~ : . .
~L~7~3~3~j 7 In a still more specific construc-tion of the above identification system, the first computer means is incorporated in a portable, hand-held device.
Furthermore, the present invention also pro-vides for a portable, hand-held computing and indi-cating device for use in a security system of the type wherein a first mechanism generates a first non-predic-table code in accordance with a predetermined algorithm in response to both a unique static variable and a dyna-1~ mic variable inputted thereto. A second mechanismgenerates a second non-predictable code in accordance with the predetermined algorithm in response to both the uni~ue static variable and a second dynamic variable corresponding to the first dynamic variable. A means is provided for comparing the two non-predictable codes, the device forming the first mechanism and comprising a processor having the algorithm preprogrammed therein and a means for causing the program stored in the processor to be erased if an effort is made to gain access to the ~0 program to learn the algorithm. A means is also provided for storing a unique static variable in each device, the static variable being selected so that no two devices adapted for use with a second mechanism store the same static variable. Also provided is a means for generating a time varying dynamic variable which is adapted to generate the same dynamic variable as that generated at the second mechanism at substan-lOb :
- , ~ ,:,, ~ . , ~27~9~7 tially the same instant of time. A means is provided for applying the stored unique static variable and the currently generated dynamic variable to the processor.
Finally, a means is provided for visually displaying the non-predictable code currently being generated by the processor.
In a more specific construction, the above portable, hand-held computing and indicating device is in the form of a credit-card sized card having the pro-cessor encapsulated therein.
In a still more specific construction, thecard has a length of approximately 3.3 inches, a width of approximately 2.1 inches, and a depth of less than approximately 0.07 inches.
In another specific construction of the above portable,-hand-held computing and indicating device, the means for visually displaying is a liquid crystal display.
In a further specific construction of the above portable, hand-held computing and indicating device~ the means for generating a time varying dynamic variable is an electronic clock generator.
BRIEF DESCRIPTION OF THE DRAWINGS
Other objects, features and advantages will be apparent from the following detailed description of preferred embodiments thereof: taken in conjunction with the accompanying drawings in which: ~
lOc ~ ~
~ ~7C~5~
Fig. 1 is a block diagram of a basic apparatus and method according to the invention for generating and comparing non-predictable codes;
Fig. lA is a block diagram of a preferred apparatus and method for generating and comparing non-predictable codes where a means for comparing non-predictable codes is included in a calculator which generates a non-predictable code;
Fig. 2 is a front isometric view of a credit card sized calculator for calculating a first non-predictable code for use in gaining clearance or access according to the invention;
Fig. 3 is a flow chart demonstrating a most preferred series of steps carried out by an apparatus 1~ according to the invention and~or in a method according to the invention; and, Figs. 4 - 9 are diagrammatic representations of series of lOd .
:
... .. . ..
-- ~L270~3~A7 1--resultant code cells separately generated by separate computers according to exemplary situations described herein; each diagram sets forth the relationship ~ real time between resultant codes generated on the basis of time as kept by separate clock mechanisms in the separat~ computers generating the resultant codes according to the corresponding exemplary conditions described with reference to each figure.
DET~IIED DE~CgIPTIGN QF 19E INVENIICN
The following discussion describes the most preferred embcdiments of the invention.
In accordance with the invention an authorized person is provided with a fixed secret code or card seed 10, FIGS. 1, lA, 2, 3, typically a number, which is unique to that individual. In the case of a credit or bank/cash card 20, FIG. 2, that number 10 may be printed on the card itself such that if the authorized owner of the card forgets the number, it c~n be quickly retrieved by refer-ence to the card or other permanently printed form of the fixed code 10. Where the fixed code/card seed 10 is provided in per-manent printed form on or in close connection with the apparatus of ~0 the invention there is also preferably provided an additional portion of the fixed code 10, a so-called pin 45 (personal identi-fication number), which the authorized user memorizes in order to further guard against misappropriation of the fixed c~de/card seed 10. The fixed code/card seed 10 or pin 45 may alternatively be ~L~7(~5'~
used to identify an authorized terminal which has been issued by the authority presiding over the granting of clearance or access.
Such a fixed and/or memorized code (commonly referred to as a pin 45, FIG. 3, or personal identification number) is input into an access control module (~ACMn) or host computer 50, FIGS. 1, lA, 3 together with the unique static variable 10 and temporarily stored within the memory of the host or ACM, step 1001 FIG. 3.
Preferah]y on oe the card seed 10 and pin 45 are input into the host or ACM 50, each is separately compared against a library of authorized card pins, step 110, FIG. 3, and a library of authorized card seeds, step 120, FIG.3, stored in the host or ACM
memory to determine whether there is a match. If either of the pin 45 or card seed 10 which the user inputs into the host or ACM does not produce a match, clearance or access is denied and the card user m~st start over in order to gain access or clearance.
In order to ~enerate a non-predictable code 40, FIGS. 1 -3, which will ultimately give the user clearance or access, the fixed code or seed 10 and/or pin 45 must be input into a predeter-mined algorithm which manipulates the seed 10 and/or pin 45 as a 20 static variable. The algorithm is typically provided to the user in the form of a calculator 20, FIG. 2, which is loaded with a pro-gram for carrying out the predetermined algorithm. Ihe calculator 20 preferably comprises an electronic computer and most preferably co~prises a microprocessor having a sufficient amount of volatile . , .
;:: , .. . ... ..
~270~53~
dynamic memory to store and carry out the functions of the prede-termined algorithm. Ihe computer 20 is most preferably provided in a card 20, FIG. 2, having the apFearance and approximate size of a credit card.
Such credit card sized computer 20, FIG. 2, also pre-ferably includes a conventional liquid crystal display 44 for displaying the ultimate non-predictable code 40 generated by the algorithm (referred to in FIG. 3 as "caxd resultant coden). The nonrpredictable code 40 thus generated may be visually observed by l~ ~he user for eventual input into a host computer or ACM 50, FIGS.
1, lA. 3. As shown in FIG. 2, the preferred form of card computer 20 has a length L of about 3.3 inches, a width W of about 2.1 inches and a depth D of less than about .07 inches. In addition or as an alternative to providing microprocessor 20 with a li~uid crystal display 45 for visual observation of the first non pre-dictable code 40r computer 20 may include means for machine reading the first non-predictable (or card resultant) code 40 and/or pin 45 to the ACM or host 50, or may include sound producing or other means for personally sensing the first non-predictable csde 40.
With reference to FIG. 3, after the card and host pins are compared and found to match, step 110, the card ~eed 10 is typical-ly compared against a library of card seeds stored in the host or ACM me~ory in order to aetermine whether there is a match, step 120, FIG. 3. If the card seed 10 input into the host or ACM S0 " .
. - , ",~
. . .
does not match up with one of the seeds stored in the host library, access or clear~nce is denied, "no" step 120, FIG.3.
For purposes of initial explanation the discussion which follows with reference to FIGS. 1 and LA assumes an embodiment of 5 the invention whereby a single resultant code 70 is generated by the host or ACM 50. The most preferred embodiment of the invention wherein the clock mechanisms which generate the resultant ccdes 40 and 70, are synchronized and wher~in the host or ACM preferably generates a series of resultant, non-predictable codes, as opposed to a single code 70~ is described hereinafter with reference to FIGS. 4 - 9.
In addition to using the seed 10 and/or pin 45 as static variables the predetermined algorithm is designed to utilize a second variable, a dynamic variable 30, 60, FIGS.l, lA, to calcu-1~ late the non-predictable codes 40, 70 which may ultimately give access or clearance 90 to the userO A dynamic variable may com-prise any code, typically a number, which is defined and determined by the interval of time in which the card seed 10 and/or pin 45 is put into the algorithm of either the card computer 20 or the host
2~ or ACM 50. A dynamic variable is most preferably defined by the date and the minute in which the static variable is input into the predetermined alsorithm. A dy~amic vari2ble thus defined can be seen to change every minute. The dynamic variable could alterna-tively be defined according to any interval of time, e.g., 2 . ~
', :
,, . , ,,. . ,~ . ~ : : :, . . .
~L~ 7 O ~
minutes, 5 minutes, 1 hour and the like. A dynamic variable thus defined would alternatively change every l minute, 2 minutes, 5 minutes, l hour or with the passage of any other predetermined interval of time.
With reference to FIG. l the most preferred means of establishing such a dynamic variable is via a time keeping means, such as an electronic digital clock, which by conventional means automatically inputs, steps al or cl, the date and specific inter-val of time (e.g., l minute, 2 minutes, 5 minutes, etc.) into the predetermined algorithm of the card 20 or host or ACM 50 in res-ponse to the input, s~ep a or c, of the s~atic variable lO and/or pin 45. The date and time thus generated by the time keeping means may itself be independently manipulated according to another pre-determined algorithm prior to input into the first predetermined ~lgorithm of the dynamic variable. The fact that the dynamic variable 30 or ~0 being input into the predetermined algorithm constantly changes in absolute value with passage of successive intervals of time of predetermined duration means that the card code 40 or host or ACM code 70 generated according to the pr~deter-mined algorithm is also constantly changing with successive inter-vals of time and is thereby completely non-predictable.
The non-predictability of the codes 40, 70, ~IG.l, gene-rate~ in the manner described above may be enhanced by the fact that the predetermined algorithm (together with the static variable ~ .
, ~ : ;; ,: :: , - . . -: ~ -.: , . .
,.
~L~ 7 ~ ~'3~
10 and/or pin 45 and dynamic variable 30 inp~t thereinto) are preferably stored in the calculator 20 (and/or hos~ or ~CM 50) in volatile dynamic electronic memory which is encapsulated with an energizing means which destroys the algorithm, the card seed 10 , S and the dynamic variable 30 (or 60) when the electronic memory is invaded, interrupted or violated in any way. The predetermined algorithm thus stored in such volatile dynamic memory cannot be discovered by a would-be thief because the entire memory including the predetermined algorithm is destroyed upon invasion of the memory.
In a preferred embodiment of the invention therefor the card seed 10 is stored in such volatile dynamic memory and by conventional means is automatically input step a, FIGS. 1, lA, into the algorithm of the first computer 20 at regular intervals of time. Such automatic inputting of the card seed 10 may thereby work in conjunction with the automatic definition and inputti~g of the first dynamic variable 30 Lnto the predetermined algorithm of the first computer 20 to effect completely automatic generatiOn of the first non-predictable or resultant code 40 at regular intervals ~a of time.
The invention most preferably contemplates providing authorized personnel with a card computer 20, FIG. 2, only, but not with knowledge of the predetermined algorithm inclu~ed in the computer ~0. Authorized personnel are, therefore, provided with a , ~
~ , ; ,: - ;-. : ~. ... :
. :- : -.- ,.. .:. . . .
~ 7 V ~ 7 computer 20 capable of carr~Ying out an algorithm which is unknown to such authorized personnel.
In the most preferred embodiment of the invention where the predetermined algorithm provided to authorized users is stored in a volatile dynamic memory encapsulated with an energizing means which destroys the algorithm upon invasion of the memory, the only means of gaining unauthorized clearance or access is to misap-propriate possession of the original computer 20 itself and kno~-ledge of the fixed code~card seed l0 (and knowledge of the card pin 45 if employed in conjunction with the invention).
m e algorithm may alternatively be designed to manipulate more than one fixed code and/or more than one dynamic variable.
Several means for inputting each fixed code and dynamic variable may be included in the calculator 20 provided ~o users and in the host or ACM 50, FIG. 3. Each dynamic variable is preferably de-fined by the interval of time in which one or more of the fixed codes/card seeds are input into the algorithm~
It can be seen, therefore, that the predetermined algo-rithm can comprise any one of an infinite variety of algorithms.
~ m e only specific requirement for an algorithm to be suitable or use in the present invention is that such algorithm generate a non-predictable code on the basis of two classes of variables, static variables (the fixed codes) and dynamic variables such as des-cribed hereinabove. A non-predictable code C which is ultimately , : :, ,: :. ;.; :. .
,. ,", ~L~ 7 generated by the predetermined algorithm, f (x,y), may be expressed mathematically as:
~(x,y) = C
where x is a static variable/fixed code and y is a dynamic vari-able. ~qhere several (n) static variables (xl, x2, ...xn) andseveral (n) dynamic variables (Yl~ Y2- .~.Yn) are intended for use in generating non-predictable codes, a nonrpr~dictable code thus generated may be expressed mathematically as f(xl, x2~ ~..xn, Yl~
Y2, ..Yn) ~ C.
The specific form of the algorithm only assumes special importance as part of the invention, therefore, when the algorithm is capable of being discovered by would-ke unauthorized users. In the most preferred embodiment of the invention where the algorithm is c~mpletely undiscoverable by virtue of its storage in a volatile dynamic electronic memory which destroys the algorithm upon at-tempted invasion of the encapsulated memory, the specific form of the algorithm comprises only an incidental part of the invention.
Ihe mere ~act of the use of some algorithm to manipulate the fixed code and the dynamic variable does, however, comprise a necessary ~ part o~ the invention insofar as such an algorithm generates the ultimately important non-predictable code~
As the term "fixed code" or card seed" or "seed" is used herein such terms include within their meaning numbers, codes, or the like ~hich are themselves manipulated or changed, mathematical-~L~ 7 ~ ~ ~ 7 ly or otherwise, in some non-dynamic manner prior to or during the generation of a second non-predictable c~de 40, FIG. 3. The first 20 or second computer 50 may, for example, be provided with a static program/algorithm utilizing the fixed code or seed as a variable and generating a new fixed code or seed which is ultimate-ly input as the fixed code or seed lO variable in the secret algorithm which generates the nonrpredictable codes. for example, for purposes of added security, a fixed code or seed lO may be first added to another number and the result thereof used as the fixed code or seed lO used to generate the non-predictable codes.
mus, the term fixed code or seed includes within its meaning the result of any non-dynamic operation performed on any fixed code or seed. It c n be seen, therefore, that essentially any algorithm or operation may be performed on the fixed code lO to generate another fi~ed code or seed, the algorithm or operation most preferably comprising a static algorithm or operationr i.e., one not utilizing ~ynamic variables so as to generate a static result.
With reference to FIG. l, after a first non-predictable ~ode 40 is generated as described above, such first non-predictable ~0 code 40 is compared 80 with the "second" non-predictable code 70 which is also generated by the user by putting, step c, the fixed code/card seed lO (and the pin 45, if employed~ into the host or hC~ ~0 ~hich contains the same predetermined alsorithm used to generate the first non-predictable code 40.
..: ,.. ,-,: :
; , .. .: :
. :: .
'. ;, '' ~ , .. ~ . , . ~.
,,, ~.: ~ :
~~ ~L~ 7 ~ 5~7 with reference to FIG. lA, (a schematic diagram which assumes the host or ACM 50 includes the predetermined algorithm and the mechanism for comparing and matching ~he non-predictable codes) the first non-pcedlctable code 40 is put, step e~, into the host or ACM 50 essentially immediately after the fix2d secret code 10 is put into the host or ACM 50 (i.e., step e2 is carried out essen-tially immediately after step e) in order to gain clearance or access 90. If steps e and e2 are not carried out within the same interval of time as steps a and al, were carried out, (i.e., the same interval of time on which code 40 is based), then the host or ACM will not generate a second dynamic variable ~0 which will allow the predetermined algorithm of the host or AC~ 50 to generate a second non-predictable code which matches the 1st non-predictable code 40.
The necessity for carrying out steps e and e2, FIG. lA, within the same minute or other selected interval of time (ncelln) is obviated in a most preferred embodiment of the invention. With reference to FIGS. 3 - 4, the card 20 generates a resultant code 40, on the basis o~ a cell of time in which the code 40 was generated as deflned by the card clock. Assuming for the sake of explanation that the card clock and the host or ACM clock 125 are s~nchronized with each other and with real time and assuming the user inpLtS the correct card seed 10 and resultant code 40 into the host or AC~5 50 within the sa~e cell of tire as the resultant code - . :. :,, :.. .., ~ , .
: ,, .: . :.. ~ ..., . : ::
: :: .. : . :
~ 3L~ 7 ~4~ ~7 40 was generated by the card 20 the host 50 is preferably provided with a program which generates a series or ~windown of resultant codes (as opposed to a single non-predictable code 70, FIG. 1)~ [As used hereinafter, the term "celln is, depending on the context, intended to refer to an interval of time of predetermined duration on which the generation of a resultant code is based or to the resultant code itself.] The various second non-predictable codes which comprise the ~window~ are calculated by the host or ACM 50 on the basis of the cell of time in which the user correctly entered the seed 10, code 40, and pin 45 into the host or ACM 50 as defined by the host clock 125, FIG. 3, and one or more bordering cells of time, e.g., -2, -1, and +1, ~2 as shown in FIG. 4. An ACM or host computer 50 program then compares the card resultant code 40 with all of the individual resultant codes computed as the window of host cells shown in FIG. 4 to determine whether there is a match between any of the host cells and the card code 40. In the example stated, the card code 40 will of course match up, step 172, FIG. 3, with the zero cell based host code, FIG. 4 because the user input the seed 10, pin 45 and code 40 within ~he same cell of time as the ~ c~rd code 40 was generated.
[AS used hereinafter, "input" or ~inputting" or ~entry"
into the host or ACM 50 refers to input of the correct card ~eed 10, card resultant code 40 and card pin 45 into the host or ACM 50 and positi~e matching of the card seed 10, step 120, FIG. 3, and :~ - . .
' .: :. ': ' ' , - :; - .~
s~ ~i card pin 45, step 110, with a host seed and host pin which are stored in the Fermanent memory in the host or ACM 50]0 Assuming in the example stated above with reference to FIG. 4, however, that the user had input the card code 40 and seed 10 (and pin 45), FIG. 3, one minute later than the card had generated the code 40, the host or ACM 50 will have generated a different window of codes as shown in FIG. 5; that is, the host will have generated a oentral cell correspoding to a +1 cell code ~ased on real time) as if the ~1 cell code is the zero cell of the window of cell (as shown in parenthesis in FIG. 5) and further generate the predetermined number of bordering cell codes (e.g.r real time -1,0 and ~2, ~3 as shown in FIG.5). Thus although the user inputs the card seed 10 and the card resultant code 40 into the host or ACM 50 one minute late, the host computer 50 still gener~tes a matching cell code, the real time zero oell coae which Yborders" the central cell, i.e., the ~1 oentral cell code as shown in parenthesis inr FIG.5.
Provision of the host or ACM 50, FIGS. 3 - 5 with a mechanism for generating a series or window of second nonrpredict-able codes, as opposed to a single second code 70rFIG~l,thereby allows a card user a selected amount of lee~ay of time ~yond the time length of the interval of time on which code 40 is based) in which to input a correct seed 10, pin 45 and card code 40 into the host or ACM 50 and still generate a matching host resultant code.
~ 7 ~ ~'J'~
The examples stated above assumed that the card clock andthe host clock 125, FIG.3 were both synchronized with real time.
~ssuming the card clock and the host clock remain synchronized at all times, it would only be necessary to provide the host or ACM 50 with a mechanism for generating a selected number of bordering cells which "precede" the central cell of the window, e.g., with reference to FIG. 5, the (-2), (-1), (O) cells. In those applications where the card clock and the host clock are maintained in synchrony with each other at all times, the host or ACM clock 125 preferably defines only two dynamic time variables so as to generate a oentral cell code and a -1 host window cell code. Such embodiment allows the user to input to seed 10, pin 45 and code 40 one cell code late but only one cell code late for security enhancement.
In the more typical case, however, where the card clock and the host clock 125 may be out of synchrony with real time, e.g~, where the card clock is running fast relative to the host clock~ the generation of cells which "follow" the cen~iral cell of the host window may be required to generate a matching host resul-?O tant code.
With reference to FIGS. 3, 6 ~he invention most preferablyprovides a mech~nism for s~nchronizing the card and host clocks in the case where such independent clocks more typically run fast or slow relative to real time and/or relative to each other.
.
.. . . .
,, ~, " :.
., ~,~, ;, . .
~. . . . ..
~ 7 ~ 9~
m e following examples assume for purposes of explanation that the time`equivalent len~th of all cell codes are one minute in duration. Assuming that the card clock is one minute slow and the host clock 125, FIG~ 3 is correct relative to real ~ime, the card will generate a resultant code 40 based on a real time of -1 minute (relative to the host clock 125) and, if the user inputs the card resultant code 40 (and the correct seed 10 and pin 45) into the host or AC~I 50 within the same minute as the code 40 is senerated, the host or ACM 50 will generate a window of resultant codes ac-cording to the series of cells shown in FIG 6 (assuming the prede-termined number of bordering cells is selected as 2 cells im-mediately preceding and 2 cells immediately following). Matching resultant codes, i.e., the card -1 cell code and the host -1 cell code, will thus have been generated.
Although the card clock was one minute slow in the example just described, the host computer is provided with a program mechanism which will automatically adjust (i.e., synchronize) the host clock time with the card clock time when the card user next enters a correct card seed 10 and card pin 4~ (and code 40) into the host or ACM 50. m e host accomplishes such synchronization by storing a difference in matching cell time in the permanent memory of the host, step 190, FIG.3; e.g., in the example just describedr the last matching transaction, step 180, FIG. 3 fell in the -1 cell of the host "window" as shown in parenthesis in FIG. 6. Such cell .
. ~.
- , ,":: , , .
:. ; ~,, ,: , : -:: - , :.
~q~ 5~
time differen~e is referred to herein as the "time offset" which is stored in the permanent host memory, step 190, FIG. 3. The time offset is the difference in time between the central cell and the bordering cell from which a matching second non-predictable code was generated.
Upon the next entry of the card user into the host 50 (assuming the card clock has not run any slower since the last entry and assuming the hos~ clock has remained synchroniz~d with real time and assuming the user next enters the host 50 within the same minute as the card generates resultant code 40), the host computer 50 will aùtomatically algebraically add the stored time offset, steps 135, 140, FIG. 3, to the temporarily stored host clock time, step 130, and generate the series of relative real time host cell codes shown in FIG. 7 wherein the card code cell whlch is one minute slow in real time, is now treated in the host window as a zero cell (as shown in parenthesis in FIG. 7), i.e., the central cell of the host window of cells, is adjusted to subtract one minute therefrom, via subtraction of the one-minute stored time offset 135, FIG.3. As shown in FIG. 7, the bordering cells of the host window ~ are similarly adjusted by the one-minute stored time offset~ Fur-ther, in all future entries by the user into the host 50. the temporarily stored time and date of entry, step 130, FIG. 3, will be adjusted by the perm~nently recorded one-minute stored time offset.
~s to the example described above with reference to FIG. 5 , . . . : ;.~ . ,.. , .
., . ~ , ;, . .
.. .. . , .; - .~ : .
. . ~ .
- -. . .
:.~ , . .,. , :,. ; . : -. :
~7~9~7 wherein the card and host clocks were assumed to be synchronized with real time and wherein the user entered the host one minute late, it is noted that even though the host clock was synchronized with real time, the host will nevertheless compute a time offset, step 180, FIG. 3, to be stored, step 190, and ~sed in adjusting the temporarily stored ~ime of entry, step 130, FIG.3, in future transactions by the user, because the matching cell of the host window, as shown in parenthesis FIG. 5, was not the central cell code of the window (i.e., was not the real time +l cell code) but 1~ rather was a bordering real time cell code, iOe., the bordering real time zero cell code.
Simply stated, therefore, a stored time offset will be computed step 180, FIG.3, and stored, step 190, FIG.3,for use in adjusting the time of entry into the host in all future entries, step 140, FIG.3, whenever on a given entry, step 130, FIG., 3, a ~ordering" cell code of the host window (as opposed to the central cell code) produces a match with the input card resultant code 40.
In storing, step 190, FIGo 3, a time offset which is computed, step 180, during any given transaction, the presently computed time offset is algebraically added or summed to any time ofsets previously computed and stored as a result of previous entries and grantings of access, step 173.
Inasmuch as a clock mechanism, once beginning to run fast or slow, will continue to run fast or slow during all future uses .: :
:: .
.
- :,,.~ .. `'' :,;; . .
.....
7~5'7 of the system of the invention, the host or ACM 50 will add or subtract all time offsets recorded during successive uses of the system to the stored time offset(s) recorded and permanently stored from previous transactions, step 180, FIG.3. Most preferably, a newly computed time offset will not be permanently stored, step l90. in the host or ACM memory 200r unless and until access or clearance has already been granted, step 173.
As described and shown in the examples of FIGS. 4 - 7 the host or ACM is typically programmed to compute four (4) cell codes bordering the central cell code (i.e., two cells immediately pre-ceding and two cells immediately following the central cell) as the ~window" within which the user is allowed to deviate in inputting the card seed lO, the pin 451 and, the card resultant code 40 into the host or ACM. Such bordering cells have been described as corresponding to codes corresponding to one-minute intervals. It ~s noted that the number and time equivalent length of the bor-dering cells may be increased or decreased as desired.
The absolute degree by which the card clock and the host or ACM clock 125 may run fast or slow relative to real time typi-cally increases with the passage of time. For example, if the card clock is running slow by 30 seconds per month and the host clock is running fast at 30 seconds per month, the two clocks will run the time equivalent of one minute out of synchrony after one month, two minutes out of synchrony after two months, three minutes out of .
..
~. .
:: .~ :.. ,. -' .'' ' 3L~7 ~
synchrony after three months, etc. If the authorized card user uses the card each monthr the automatic synchronizing means des-cribed above with reference to FIGS.4 - 7 will have adj~sted the host or ACM time window upon each ~sage to account ~or such lack of synchrony with real time. If, however, the card user does not actually use the card for, for example, six months, the card clock and the host clock will be six minutes out of synchrony, and even if the user correctly uses the system by inputting the pin 45, card seed lO and card code 40, FIG. 3, in~o the host or ACM within the same minute (or other selected time cell interval) as the pin 45, the seed lO and co~e 40 were generated by the card, the user would not be able to gain access or clearance (i.e., cause the host or ACM to generate a matching resultant code) in the typical situation where the "window" of bordering cell times is selected as two one-minute cells immediately preceding and two one-miniute cells imr mediately following the central host cell. FIG. 8 depicts such an exemplary situation as just described, wherein it can be seen that the card clock, after six months of non-usage, generates a resul-tant code 40, FIG. 3, which is based on -3 minutes in real time, and the host clock, after six months o~ non-usage, causes the generation o~ the typically selected five cell window comprising cell codes corresponding to +l, +2. +3, ~4. and ~5 minutes in relative real time. In the t~ical case, therefore, where the selected window comprises four bordering cells, matching second .
.,.
~ ` :
: ,, :
.
'` , ' ' ' '' "~ ~ ` " ` ` ''' ~ ' ', ' ` .. '. 1' . , '. . , ' ` ' "' '~ , `
~ 70957 ~-nonrpredictable codes will not b~ generated under any circumstances after six months of non-use.
The invention most preferably provides a mechanism by which the host window of bordering cells is o~ened wider than the 5 preselected window by an amount which varies with the length of time of non-use of the card. Such window opening is accomplished by storing the most recent date of comparison and matching, determing the difference in time between such date and the present date of entry into the second computer and calculating as many additional bordering cells as may be predetermined according to the difference in time between the dates.
Typically the window is opened by two one minute bordering cells per month of non-use (e.g., one cell immediately preceding and one cell immediately following the preselected window) but the number of cells by which the window is opened and the time equiva-lent length of each cell may be predetermined to comprise any other desired number and length.
Assuming the exemplary situation described above where the card clock and the host clock 125, FIG. 3, are running slow and fast respectively by 30 seconds per month and the user has not used the card for six months, the host or ACM compares, step 1501 the temporarily stored date of the present entry, step 130, with the permanently stored date of the last access, step 175 and computes the number of months X, step 160, between the date of last access 2~
.
''::. ,.~: . .
: " .
, `: ~ .~; ~,;',;`; ,' ' :
~ 7()~'7 and the date of present entry. In the present example six months of non-use is calculated step 160, ~IG. 3, and the window is opened by six additional one-min~te bordering cells on either side of the preselected four cell window as shown in FIG~ 9 to give an overall window of sixteen minutes. The card resultant code 40 based on -3 minutes in relative real time thus matches, step 172, FIG.3A, as shown in FIG. 9 with the -6 host bordering cell code (-3 in real time) and access or clearance is ultimately granted. As described above with xeference to FIGS. 4 - 7, because the matching host cell la code is a bordering cell code of the host window and not the central host cell (i.e., the zero cell), a new stored time offset of -6 minutes will be computed (i.e., added to the permanently stored time offset), step 180, FIG. 3, and stored, step 190, and the host clock thereafter will adjust the zero cell of the host window (and accompanying bordering cells) each time the user of the card having the particular card seed 10 and pin 45 which was used in the present transaction uses the card to gain access in future transactions.
Lastly the invention further includes a failsafe window opening mechanism to provide for the contingency where the host or ACM 50 and its clock 125, FIG. 3, may shut down between card usages. In the event of such a shut down, the host or ACM clock 125 must typiQ lly be reset and re-synchronized, and in the course of such re-setting an error may be made in the resynchronization.
.1 ~ :.: : :
- ;, . . ,: . .:. ~., . . .. .
:.,;.. :, : ::
~L~7q~
In order to insure that the card user may reasonably gain access in the event of such an error in re-setting the hos~ clock 125, the host or ~CM 50 is preferably provided with a mechanism for sensing such a re-setting and for storing a predetermined window opening S nu~ber upon each re-setting of the host or ACM 125. Such window open~ng number is typically selected as six additional one-minute bordering cells ~e~., three additional cells imm~diately pr~ceding and three additional cells immediately following the existing win-dow) but may be selected as more or fewer cells of other selected length.
The re-setting window openlng number is typically added, step 165, FIG. 3, to the result of non-usage step lÇ0 and the total addi~ional number o~ cells comprising ~he window is computed, step 170, FIG, 3, i.e., all bordering cells surrounding the oentral cell are computed including (a) the preselected window allowing for user delay in inputting and~or card and host clock asynchrony, (b) the non-usage window allowing for card and host clock asynchrony over long periods of time of non-usage and ~c~ the re-setting window opening number.
Assuming the exemplary situat~on described above with reference to FIG. 9, if the hos~ or AC~ had shut down wi~hin the six month period o~ non-use, the host window as depicted in FIG 9 would be ~urther opened by an additional six bordering cells such that -11, -10, -9 and +9, +10, +11 host window cells would also , ., ~, - ,.
~ ~7~9 ~7 have been computed, step 170, FIG. 3, and made available for com-Farison and potential matching with card resultant code 40 in step 172, FIG. 3. As described with reference to FIGS. 5 - 9, where a new time offset is computed and stored, s~eps 180 190, FIG. 3, as a result of a match found in a bordering cell of a window generated by virtue of non-usage and/or the preselected window, a new time offset will similarly be computed and stored, steps 180, 190, if a match is ound in a bordering cell generated as a result of shut-down.
Unlike the non-usage window opening number, the re-set window openi~g number is typically stored in the permanent memory 200 of the host or ACM 50, FIG. 3, such that once the host clock 125 is re-set, the selected window opening number is available in permanent memory 200 to open the window upon the next attempted entry by the user. Although the re-set window opening number is established and stored in permanent memory 200, such re-set window oFening number is preferably eventually closed down or eliminated ~or security enhancement after it is established upon successive attempted entries by a variety of card users that the host clock ~0 1~5 was correctly reset or after the host clock 125 is otherwise re-synchronized with real time to ~orrect any errors which may have occurred as a result of the re-setting. The use of the re-set window opening number is, therefore, preferably temporary.
In the practical application of the invention, many cards , . :., ~ . :~ . -.,., :.. , ;,... . : : . , ~ 7 are issued to many users and each card includes its own card clock.
Recogni~ing that the avera~e of th~ times being kep~ by the indi-vicual clocks of a statistically significant sample of a ~ariety of cards, will prcduce an accurate or very nearly accurate representa-tion of real time, the invention most preferably includes amechanism for permanently adjusting the time kept by the host clock 125, FIG. 3, after the clock 125 has been re-set, to the average of the times of entry (after re-setting of the host clock 125) of a selected number of different cards or card users. For example, assuming that host clock 125 has been reset, the next time of entry of the next five (or other selected number of) separate card users is averaged, the host clock 125 is permanently adjusted or re-synchronized to such an averaged time, and the re-set window opening number is thereafter eliminated from the permanent host memory 200. Re-adjusting or re-synchronization of the host clock 125 to the averaged time o the card clocks is typically carried out by the host 50 by computing another master time offset which is algebraically added to the time offsets peculiar to each card 20.
The computation of such a master offset assumes that a selected 2~ number o~ separate cards 20 were able to ~ain access, step 173, FIG.
', :
,, . , ,,. . ,~ . ~ : : :, . . .
~L~ 7 O ~
minutes, 5 minutes, 1 hour and the like. A dynamic variable thus defined would alternatively change every l minute, 2 minutes, 5 minutes, l hour or with the passage of any other predetermined interval of time.
With reference to FIG. l the most preferred means of establishing such a dynamic variable is via a time keeping means, such as an electronic digital clock, which by conventional means automatically inputs, steps al or cl, the date and specific inter-val of time (e.g., l minute, 2 minutes, 5 minutes, etc.) into the predetermined algorithm of the card 20 or host or ACM 50 in res-ponse to the input, s~ep a or c, of the s~atic variable lO and/or pin 45. The date and time thus generated by the time keeping means may itself be independently manipulated according to another pre-determined algorithm prior to input into the first predetermined ~lgorithm of the dynamic variable. The fact that the dynamic variable 30 or ~0 being input into the predetermined algorithm constantly changes in absolute value with passage of successive intervals of time of predetermined duration means that the card code 40 or host or ACM code 70 generated according to the pr~deter-mined algorithm is also constantly changing with successive inter-vals of time and is thereby completely non-predictable.
The non-predictability of the codes 40, 70, ~IG.l, gene-rate~ in the manner described above may be enhanced by the fact that the predetermined algorithm (together with the static variable ~ .
, ~ : ;; ,: :: , - . . -: ~ -.: , . .
,.
~L~ 7 ~ ~'3~
10 and/or pin 45 and dynamic variable 30 inp~t thereinto) are preferably stored in the calculator 20 (and/or hos~ or ~CM 50) in volatile dynamic electronic memory which is encapsulated with an energizing means which destroys the algorithm, the card seed 10 , S and the dynamic variable 30 (or 60) when the electronic memory is invaded, interrupted or violated in any way. The predetermined algorithm thus stored in such volatile dynamic memory cannot be discovered by a would-be thief because the entire memory including the predetermined algorithm is destroyed upon invasion of the memory.
In a preferred embodiment of the invention therefor the card seed 10 is stored in such volatile dynamic memory and by conventional means is automatically input step a, FIGS. 1, lA, into the algorithm of the first computer 20 at regular intervals of time. Such automatic inputting of the card seed 10 may thereby work in conjunction with the automatic definition and inputti~g of the first dynamic variable 30 Lnto the predetermined algorithm of the first computer 20 to effect completely automatic generatiOn of the first non-predictable or resultant code 40 at regular intervals ~a of time.
The invention most preferably contemplates providing authorized personnel with a card computer 20, FIG. 2, only, but not with knowledge of the predetermined algorithm inclu~ed in the computer ~0. Authorized personnel are, therefore, provided with a , ~
~ , ; ,: - ;-. : ~. ... :
. :- : -.- ,.. .:. . . .
~ 7 V ~ 7 computer 20 capable of carr~Ying out an algorithm which is unknown to such authorized personnel.
In the most preferred embodiment of the invention where the predetermined algorithm provided to authorized users is stored in a volatile dynamic memory encapsulated with an energizing means which destroys the algorithm upon invasion of the memory, the only means of gaining unauthorized clearance or access is to misap-propriate possession of the original computer 20 itself and kno~-ledge of the fixed code~card seed l0 (and knowledge of the card pin 45 if employed in conjunction with the invention).
m e algorithm may alternatively be designed to manipulate more than one fixed code and/or more than one dynamic variable.
Several means for inputting each fixed code and dynamic variable may be included in the calculator 20 provided ~o users and in the host or ACM 50, FIG. 3. Each dynamic variable is preferably de-fined by the interval of time in which one or more of the fixed codes/card seeds are input into the algorithm~
It can be seen, therefore, that the predetermined algo-rithm can comprise any one of an infinite variety of algorithms.
~ m e only specific requirement for an algorithm to be suitable or use in the present invention is that such algorithm generate a non-predictable code on the basis of two classes of variables, static variables (the fixed codes) and dynamic variables such as des-cribed hereinabove. A non-predictable code C which is ultimately , : :, ,: :. ;.; :. .
,. ,", ~L~ 7 generated by the predetermined algorithm, f (x,y), may be expressed mathematically as:
~(x,y) = C
where x is a static variable/fixed code and y is a dynamic vari-able. ~qhere several (n) static variables (xl, x2, ...xn) andseveral (n) dynamic variables (Yl~ Y2- .~.Yn) are intended for use in generating non-predictable codes, a nonrpr~dictable code thus generated may be expressed mathematically as f(xl, x2~ ~..xn, Yl~
Y2, ..Yn) ~ C.
The specific form of the algorithm only assumes special importance as part of the invention, therefore, when the algorithm is capable of being discovered by would-ke unauthorized users. In the most preferred embodiment of the invention where the algorithm is c~mpletely undiscoverable by virtue of its storage in a volatile dynamic electronic memory which destroys the algorithm upon at-tempted invasion of the encapsulated memory, the specific form of the algorithm comprises only an incidental part of the invention.
Ihe mere ~act of the use of some algorithm to manipulate the fixed code and the dynamic variable does, however, comprise a necessary ~ part o~ the invention insofar as such an algorithm generates the ultimately important non-predictable code~
As the term "fixed code" or card seed" or "seed" is used herein such terms include within their meaning numbers, codes, or the like ~hich are themselves manipulated or changed, mathematical-~L~ 7 ~ ~ ~ 7 ly or otherwise, in some non-dynamic manner prior to or during the generation of a second non-predictable c~de 40, FIG. 3. The first 20 or second computer 50 may, for example, be provided with a static program/algorithm utilizing the fixed code or seed as a variable and generating a new fixed code or seed which is ultimate-ly input as the fixed code or seed lO variable in the secret algorithm which generates the nonrpredictable codes. for example, for purposes of added security, a fixed code or seed lO may be first added to another number and the result thereof used as the fixed code or seed lO used to generate the non-predictable codes.
mus, the term fixed code or seed includes within its meaning the result of any non-dynamic operation performed on any fixed code or seed. It c n be seen, therefore, that essentially any algorithm or operation may be performed on the fixed code lO to generate another fi~ed code or seed, the algorithm or operation most preferably comprising a static algorithm or operationr i.e., one not utilizing ~ynamic variables so as to generate a static result.
With reference to FIG. l, after a first non-predictable ~ode 40 is generated as described above, such first non-predictable ~0 code 40 is compared 80 with the "second" non-predictable code 70 which is also generated by the user by putting, step c, the fixed code/card seed lO (and the pin 45, if employed~ into the host or hC~ ~0 ~hich contains the same predetermined alsorithm used to generate the first non-predictable code 40.
..: ,.. ,-,: :
; , .. .: :
. :: .
'. ;, '' ~ , .. ~ . , . ~.
,,, ~.: ~ :
~~ ~L~ 7 ~ 5~7 with reference to FIG. lA, (a schematic diagram which assumes the host or ACM 50 includes the predetermined algorithm and the mechanism for comparing and matching ~he non-predictable codes) the first non-pcedlctable code 40 is put, step e~, into the host or ACM 50 essentially immediately after the fix2d secret code 10 is put into the host or ACM 50 (i.e., step e2 is carried out essen-tially immediately after step e) in order to gain clearance or access 90. If steps e and e2 are not carried out within the same interval of time as steps a and al, were carried out, (i.e., the same interval of time on which code 40 is based), then the host or ACM will not generate a second dynamic variable ~0 which will allow the predetermined algorithm of the host or AC~ 50 to generate a second non-predictable code which matches the 1st non-predictable code 40.
The necessity for carrying out steps e and e2, FIG. lA, within the same minute or other selected interval of time (ncelln) is obviated in a most preferred embodiment of the invention. With reference to FIGS. 3 - 4, the card 20 generates a resultant code 40, on the basis o~ a cell of time in which the code 40 was generated as deflned by the card clock. Assuming for the sake of explanation that the card clock and the host or ACM clock 125 are s~nchronized with each other and with real time and assuming the user inpLtS the correct card seed 10 and resultant code 40 into the host or AC~5 50 within the sa~e cell of tire as the resultant code - . :. :,, :.. .., ~ , .
: ,, .: . :.. ~ ..., . : ::
: :: .. : . :
~ 3L~ 7 ~4~ ~7 40 was generated by the card 20 the host 50 is preferably provided with a program which generates a series or ~windown of resultant codes (as opposed to a single non-predictable code 70, FIG. 1)~ [As used hereinafter, the term "celln is, depending on the context, intended to refer to an interval of time of predetermined duration on which the generation of a resultant code is based or to the resultant code itself.] The various second non-predictable codes which comprise the ~window~ are calculated by the host or ACM 50 on the basis of the cell of time in which the user correctly entered the seed 10, code 40, and pin 45 into the host or ACM 50 as defined by the host clock 125, FIG. 3, and one or more bordering cells of time, e.g., -2, -1, and +1, ~2 as shown in FIG. 4. An ACM or host computer 50 program then compares the card resultant code 40 with all of the individual resultant codes computed as the window of host cells shown in FIG. 4 to determine whether there is a match between any of the host cells and the card code 40. In the example stated, the card code 40 will of course match up, step 172, FIG. 3, with the zero cell based host code, FIG. 4 because the user input the seed 10, pin 45 and code 40 within ~he same cell of time as the ~ c~rd code 40 was generated.
[AS used hereinafter, "input" or ~inputting" or ~entry"
into the host or ACM 50 refers to input of the correct card ~eed 10, card resultant code 40 and card pin 45 into the host or ACM 50 and positi~e matching of the card seed 10, step 120, FIG. 3, and :~ - . .
' .: :. ': ' ' , - :; - .~
s~ ~i card pin 45, step 110, with a host seed and host pin which are stored in the Fermanent memory in the host or ACM 50]0 Assuming in the example stated above with reference to FIG. 4, however, that the user had input the card code 40 and seed 10 (and pin 45), FIG. 3, one minute later than the card had generated the code 40, the host or ACM 50 will have generated a different window of codes as shown in FIG. 5; that is, the host will have generated a oentral cell correspoding to a +1 cell code ~ased on real time) as if the ~1 cell code is the zero cell of the window of cell (as shown in parenthesis in FIG. 5) and further generate the predetermined number of bordering cell codes (e.g.r real time -1,0 and ~2, ~3 as shown in FIG.5). Thus although the user inputs the card seed 10 and the card resultant code 40 into the host or ACM 50 one minute late, the host computer 50 still gener~tes a matching cell code, the real time zero oell coae which Yborders" the central cell, i.e., the ~1 oentral cell code as shown in parenthesis inr FIG.5.
Provision of the host or ACM 50, FIGS. 3 - 5 with a mechanism for generating a series or window of second nonrpredict-able codes, as opposed to a single second code 70rFIG~l,thereby allows a card user a selected amount of lee~ay of time ~yond the time length of the interval of time on which code 40 is based) in which to input a correct seed 10, pin 45 and card code 40 into the host or ACM 50 and still generate a matching host resultant code.
~ 7 ~ ~'J'~
The examples stated above assumed that the card clock andthe host clock 125, FIG.3 were both synchronized with real time.
~ssuming the card clock and the host clock remain synchronized at all times, it would only be necessary to provide the host or ACM 50 with a mechanism for generating a selected number of bordering cells which "precede" the central cell of the window, e.g., with reference to FIG. 5, the (-2), (-1), (O) cells. In those applications where the card clock and the host clock are maintained in synchrony with each other at all times, the host or ACM clock 125 preferably defines only two dynamic time variables so as to generate a oentral cell code and a -1 host window cell code. Such embodiment allows the user to input to seed 10, pin 45 and code 40 one cell code late but only one cell code late for security enhancement.
In the more typical case, however, where the card clock and the host clock 125 may be out of synchrony with real time, e.g~, where the card clock is running fast relative to the host clock~ the generation of cells which "follow" the cen~iral cell of the host window may be required to generate a matching host resul-?O tant code.
With reference to FIGS. 3, 6 ~he invention most preferablyprovides a mech~nism for s~nchronizing the card and host clocks in the case where such independent clocks more typically run fast or slow relative to real time and/or relative to each other.
.
.. . . .
,, ~, " :.
., ~,~, ;, . .
~. . . . ..
~ 7 ~ 9~
m e following examples assume for purposes of explanation that the time`equivalent len~th of all cell codes are one minute in duration. Assuming that the card clock is one minute slow and the host clock 125, FIG~ 3 is correct relative to real ~ime, the card will generate a resultant code 40 based on a real time of -1 minute (relative to the host clock 125) and, if the user inputs the card resultant code 40 (and the correct seed 10 and pin 45) into the host or AC~I 50 within the same minute as the code 40 is senerated, the host or ACM 50 will generate a window of resultant codes ac-cording to the series of cells shown in FIG 6 (assuming the prede-termined number of bordering cells is selected as 2 cells im-mediately preceding and 2 cells immediately following). Matching resultant codes, i.e., the card -1 cell code and the host -1 cell code, will thus have been generated.
Although the card clock was one minute slow in the example just described, the host computer is provided with a program mechanism which will automatically adjust (i.e., synchronize) the host clock time with the card clock time when the card user next enters a correct card seed 10 and card pin 4~ (and code 40) into the host or ACM 50. m e host accomplishes such synchronization by storing a difference in matching cell time in the permanent memory of the host, step 190, FIG.3; e.g., in the example just describedr the last matching transaction, step 180, FIG. 3 fell in the -1 cell of the host "window" as shown in parenthesis in FIG. 6. Such cell .
. ~.
- , ,":: , , .
:. ; ~,, ,: , : -:: - , :.
~q~ 5~
time differen~e is referred to herein as the "time offset" which is stored in the permanent host memory, step 190, FIG. 3. The time offset is the difference in time between the central cell and the bordering cell from which a matching second non-predictable code was generated.
Upon the next entry of the card user into the host 50 (assuming the card clock has not run any slower since the last entry and assuming the hos~ clock has remained synchroniz~d with real time and assuming the user next enters the host 50 within the same minute as the card generates resultant code 40), the host computer 50 will aùtomatically algebraically add the stored time offset, steps 135, 140, FIG. 3, to the temporarily stored host clock time, step 130, and generate the series of relative real time host cell codes shown in FIG. 7 wherein the card code cell whlch is one minute slow in real time, is now treated in the host window as a zero cell (as shown in parenthesis in FIG. 7), i.e., the central cell of the host window of cells, is adjusted to subtract one minute therefrom, via subtraction of the one-minute stored time offset 135, FIG.3. As shown in FIG. 7, the bordering cells of the host window ~ are similarly adjusted by the one-minute stored time offset~ Fur-ther, in all future entries by the user into the host 50. the temporarily stored time and date of entry, step 130, FIG. 3, will be adjusted by the perm~nently recorded one-minute stored time offset.
~s to the example described above with reference to FIG. 5 , . . . : ;.~ . ,.. , .
., . ~ , ;, . .
.. .. . , .; - .~ : .
. . ~ .
- -. . .
:.~ , . .,. , :,. ; . : -. :
~7~9~7 wherein the card and host clocks were assumed to be synchronized with real time and wherein the user entered the host one minute late, it is noted that even though the host clock was synchronized with real time, the host will nevertheless compute a time offset, step 180, FIG. 3, to be stored, step 190, and ~sed in adjusting the temporarily stored ~ime of entry, step 130, FIG.3, in future transactions by the user, because the matching cell of the host window, as shown in parenthesis FIG. 5, was not the central cell code of the window (i.e., was not the real time +l cell code) but 1~ rather was a bordering real time cell code, iOe., the bordering real time zero cell code.
Simply stated, therefore, a stored time offset will be computed step 180, FIG.3, and stored, step 190, FIG.3,for use in adjusting the time of entry into the host in all future entries, step 140, FIG.3, whenever on a given entry, step 130, FIG., 3, a ~ordering" cell code of the host window (as opposed to the central cell code) produces a match with the input card resultant code 40.
In storing, step 190, FIGo 3, a time offset which is computed, step 180, during any given transaction, the presently computed time offset is algebraically added or summed to any time ofsets previously computed and stored as a result of previous entries and grantings of access, step 173.
Inasmuch as a clock mechanism, once beginning to run fast or slow, will continue to run fast or slow during all future uses .: :
:: .
.
- :,,.~ .. `'' :,;; . .
.....
7~5'7 of the system of the invention, the host or ACM 50 will add or subtract all time offsets recorded during successive uses of the system to the stored time offset(s) recorded and permanently stored from previous transactions, step 180, FIG.3. Most preferably, a newly computed time offset will not be permanently stored, step l90. in the host or ACM memory 200r unless and until access or clearance has already been granted, step 173.
As described and shown in the examples of FIGS. 4 - 7 the host or ACM is typically programmed to compute four (4) cell codes bordering the central cell code (i.e., two cells immediately pre-ceding and two cells immediately following the central cell) as the ~window" within which the user is allowed to deviate in inputting the card seed lO, the pin 451 and, the card resultant code 40 into the host or ACM. Such bordering cells have been described as corresponding to codes corresponding to one-minute intervals. It ~s noted that the number and time equivalent length of the bor-dering cells may be increased or decreased as desired.
The absolute degree by which the card clock and the host or ACM clock 125 may run fast or slow relative to real time typi-cally increases with the passage of time. For example, if the card clock is running slow by 30 seconds per month and the host clock is running fast at 30 seconds per month, the two clocks will run the time equivalent of one minute out of synchrony after one month, two minutes out of synchrony after two months, three minutes out of .
..
~. .
:: .~ :.. ,. -' .'' ' 3L~7 ~
synchrony after three months, etc. If the authorized card user uses the card each monthr the automatic synchronizing means des-cribed above with reference to FIGS.4 - 7 will have adj~sted the host or ACM time window upon each ~sage to account ~or such lack of synchrony with real time. If, however, the card user does not actually use the card for, for example, six months, the card clock and the host clock will be six minutes out of synchrony, and even if the user correctly uses the system by inputting the pin 45, card seed lO and card code 40, FIG. 3, in~o the host or ACM within the same minute (or other selected time cell interval) as the pin 45, the seed lO and co~e 40 were generated by the card, the user would not be able to gain access or clearance (i.e., cause the host or ACM to generate a matching resultant code) in the typical situation where the "window" of bordering cell times is selected as two one-minute cells immediately preceding and two one-miniute cells imr mediately following the central host cell. FIG. 8 depicts such an exemplary situation as just described, wherein it can be seen that the card clock, after six months of non-usage, generates a resul-tant code 40, FIG. 3, which is based on -3 minutes in real time, and the host clock, after six months o~ non-usage, causes the generation o~ the typically selected five cell window comprising cell codes corresponding to +l, +2. +3, ~4. and ~5 minutes in relative real time. In the t~ical case, therefore, where the selected window comprises four bordering cells, matching second .
.,.
~ ` :
: ,, :
.
'` , ' ' ' '' "~ ~ ` " ` ` ''' ~ ' ', ' ` .. '. 1' . , '. . , ' ` ' "' '~ , `
~ 70957 ~-nonrpredictable codes will not b~ generated under any circumstances after six months of non-use.
The invention most preferably provides a mechanism by which the host window of bordering cells is o~ened wider than the 5 preselected window by an amount which varies with the length of time of non-use of the card. Such window opening is accomplished by storing the most recent date of comparison and matching, determing the difference in time between such date and the present date of entry into the second computer and calculating as many additional bordering cells as may be predetermined according to the difference in time between the dates.
Typically the window is opened by two one minute bordering cells per month of non-use (e.g., one cell immediately preceding and one cell immediately following the preselected window) but the number of cells by which the window is opened and the time equiva-lent length of each cell may be predetermined to comprise any other desired number and length.
Assuming the exemplary situation described above where the card clock and the host clock 125, FIG. 3, are running slow and fast respectively by 30 seconds per month and the user has not used the card for six months, the host or ACM compares, step 1501 the temporarily stored date of the present entry, step 130, with the permanently stored date of the last access, step 175 and computes the number of months X, step 160, between the date of last access 2~
.
''::. ,.~: . .
: " .
, `: ~ .~; ~,;',;`; ,' ' :
~ 7()~'7 and the date of present entry. In the present example six months of non-use is calculated step 160, ~IG. 3, and the window is opened by six additional one-min~te bordering cells on either side of the preselected four cell window as shown in FIG~ 9 to give an overall window of sixteen minutes. The card resultant code 40 based on -3 minutes in relative real time thus matches, step 172, FIG.3A, as shown in FIG. 9 with the -6 host bordering cell code (-3 in real time) and access or clearance is ultimately granted. As described above with xeference to FIGS. 4 - 7, because the matching host cell la code is a bordering cell code of the host window and not the central host cell (i.e., the zero cell), a new stored time offset of -6 minutes will be computed (i.e., added to the permanently stored time offset), step 180, FIG. 3, and stored, step 190, and the host clock thereafter will adjust the zero cell of the host window (and accompanying bordering cells) each time the user of the card having the particular card seed 10 and pin 45 which was used in the present transaction uses the card to gain access in future transactions.
Lastly the invention further includes a failsafe window opening mechanism to provide for the contingency where the host or ACM 50 and its clock 125, FIG. 3, may shut down between card usages. In the event of such a shut down, the host or ACM clock 125 must typiQ lly be reset and re-synchronized, and in the course of such re-setting an error may be made in the resynchronization.
.1 ~ :.: : :
- ;, . . ,: . .:. ~., . . .. .
:.,;.. :, : ::
~L~7q~
In order to insure that the card user may reasonably gain access in the event of such an error in re-setting the hos~ clock 125, the host or ~CM 50 is preferably provided with a mechanism for sensing such a re-setting and for storing a predetermined window opening S nu~ber upon each re-setting of the host or ACM 125. Such window open~ng number is typically selected as six additional one-minute bordering cells ~e~., three additional cells imm~diately pr~ceding and three additional cells immediately following the existing win-dow) but may be selected as more or fewer cells of other selected length.
The re-setting window openlng number is typically added, step 165, FIG. 3, to the result of non-usage step lÇ0 and the total addi~ional number o~ cells comprising ~he window is computed, step 170, FIG, 3, i.e., all bordering cells surrounding the oentral cell are computed including (a) the preselected window allowing for user delay in inputting and~or card and host clock asynchrony, (b) the non-usage window allowing for card and host clock asynchrony over long periods of time of non-usage and ~c~ the re-setting window opening number.
Assuming the exemplary situat~on described above with reference to FIG. 9, if the hos~ or AC~ had shut down wi~hin the six month period o~ non-use, the host window as depicted in FIG 9 would be ~urther opened by an additional six bordering cells such that -11, -10, -9 and +9, +10, +11 host window cells would also , ., ~, - ,.
~ ~7~9 ~7 have been computed, step 170, FIG. 3, and made available for com-Farison and potential matching with card resultant code 40 in step 172, FIG. 3. As described with reference to FIGS. 5 - 9, where a new time offset is computed and stored, s~eps 180 190, FIG. 3, as a result of a match found in a bordering cell of a window generated by virtue of non-usage and/or the preselected window, a new time offset will similarly be computed and stored, steps 180, 190, if a match is ound in a bordering cell generated as a result of shut-down.
Unlike the non-usage window opening number, the re-set window openi~g number is typically stored in the permanent memory 200 of the host or ACM 50, FIG. 3, such that once the host clock 125 is re-set, the selected window opening number is available in permanent memory 200 to open the window upon the next attempted entry by the user. Although the re-set window opening number is established and stored in permanent memory 200, such re-set window oFening number is preferably eventually closed down or eliminated ~or security enhancement after it is established upon successive attempted entries by a variety of card users that the host clock ~0 1~5 was correctly reset or after the host clock 125 is otherwise re-synchronized with real time to ~orrect any errors which may have occurred as a result of the re-setting. The use of the re-set window opening number is, therefore, preferably temporary.
In the practical application of the invention, many cards , . :., ~ . :~ . -.,., :.. , ;,... . : : . , ~ 7 are issued to many users and each card includes its own card clock.
Recogni~ing that the avera~e of th~ times being kep~ by the indi-vicual clocks of a statistically significant sample of a ~ariety of cards, will prcduce an accurate or very nearly accurate representa-tion of real time, the invention most preferably includes amechanism for permanently adjusting the time kept by the host clock 125, FIG. 3, after the clock 125 has been re-set, to the average of the times of entry (after re-setting of the host clock 125) of a selected number of different cards or card users. For example, assuming that host clock 125 has been reset, the next time of entry of the next five (or other selected number of) separate card users is averaged, the host clock 125 is permanently adjusted or re-synchronized to such an averaged time, and the re-set window opening number is thereafter eliminated from the permanent host memory 200. Re-adjusting or re-synchronization of the host clock 125 to the averaged time o the card clocks is typically carried out by the host 50 by computing another master time offset which is algebraically added to the time offsets peculiar to each card 20.
The computation of such a master offset assumes that a selected 2~ number o~ separate cards 20 were able to ~ain access, step 173, FIG.
3- as a result of the re-set window opening or otherwise. The averaqe of the time offsets computed as to the selected number of cards which enter the host 50 (after the host clock 125 is re-set) is preferably stored as a master time offset (i.e., as a re-syn-, , : - .
.
: . : : .':, ` ' ., ;: ':
, . . . .
.. . . . .
: .,: .. ;.
; - ,. ..
.. .:
~ ~ 7 ~
chronization of the host clock 125), the re-set window opening number is then elimin~ted aS ~o all future entrie~ by card users, and the master time offset is u.sed ~in addition to permanently stored time offsets p~culiar to each card) to adjust t~e card clock 125 m transactions as to all card entries thereafter.
As a practical matter a limit is typically placed on the total number of bordering cells by which the window is opened regardless of the length of time of non-usage by the card user or the number oE times the host or ACM 50 is reset as a result of re-setting of clock 125. For security reasons, such a limit is ty-pioally selected as ten one-minute bordering cells -- as stated in step 170, FIG. 3 the number of codes comprising the window are the lesser of (a) 4 bordering cell codes, the preferred selected win~
dow, plus X, the number of months or other selected non-usage periods, plus Y, the shut down window opening number, or (b) lO, the maximum number of additional cell codes. Such a maximum window may, of course, be selected as more or less than lO dependin~ on the degree of security desired.
It is noted that FIG. 3 depicts a prefer~ed sequence of operations and not necessarily the only sequence. Steps llO and 120 could, for example, be interchanged or, for example, the step of automatically inputting the re-set window ope~ing number, step 167 could prece~e any of steps 140 160.
me host or ACM 50, FIGS. 1. lA, 3. typically includes one , , .,. -. ... ~ :
- :.:: :: . .. . :.
, :; . :. ::: ;.: : - ::.. . ,. :. ,.. : . :
:,. .. ... :
. : :: .: :
-- - - -: : - - ,: ~.::. : :
f ~ 7~39~7 _~
or mor~ programs and sufficient memory to carry out all of the steps shown in FIG. 3, although one or more of those functions may be carried out by a device separate from and communicating with or connected to the host or ACM 50.
With respect to the computation, storage and retrieval of time offsets, the host or ACM 50 is provided with mechanisms for recognizing, storing, retrieving and computing time offsets which are peculiar to each càrd seed lO and/or pin 45 and responsive to the input of the same into the host or ACM 50.
FIG. 2 depicts the most preferred form of the calculator 20 which is provided to authorized users for generating the first non-predictable or card resultant code 40. As shown in FIG. 2 the calculator 20 is of substantially the same si~e as a conventional credit card and includes a conventional liquid crystal display 44 fo~ displaying the code 40 to the user. The credit/card computer 20, FIG. 2, may bear the identity of the card seed/fixed code lO
printed on its face, and includes a digital clock means, an energi-zing means. a microprocessor and sufficient memory for storing the predetermined secret algorithm, a program for generating a dynamic variable if desired, and the card seed lO and pin 45 if desired.
In an embodiment of the invention where the goal is to grant access to a physical facility, the ACM 50 may comprise a portable device such that it may be carried by a security guard stationed at a central access location leading to a guarded , . . ..
.. ...... ,- .. - . : - ...
- \
7l1:)53S'7 building or other facility. A security guard thus in possession of such an ACM would typically read the card seed lO and the non-predictable code 40 appearing on the card 20, FIG. 2, of authorized person and input such codes lO, 40 ~in addition to the pin 45 --otherwise provided to the guard by the card bearer) into the port-able ACM 50 to determine whether the card bearer is truly in pos-session of a card 20 which was issued by the authority establishing the secret predetermined algorithm.
As described herein protection of the secrecy of the predetermined algorithm is preferably accomplished in the calcula-tors provided to authorized personnel by virtue of its storage in volatile dynamic memory and encapsulation with a volatile dynamic energizing means. With respect to the algorithm provided in the AC~1 secrecy may be maintained in a similar manner or other conven-tional manner, e.g., by physically guarding the ACM or requiringadditional access/user codes to gain direct acce~s. Where all programs, data and results of operation are stored in such volatile dynamic memory, the same are similarly protected against invasion.
Although the invention contemplates some form o~ communi-2~ cation of the result of operation 40 carried out on the card 20,FIG~ 2, to the host or ACM 50 or any other electronic device, a talking between the computer 20 and the host 50 is not required or contemplated by the invention. Therefore, after the first computer 20 has calculated the first non-predictable code 40 and the code 40 ~ . . .
::::. .: . :~:. . -::: ~ ., ~ . .. . .
~: , . ;: , ::: . . . .::
-- ~i ~ O ~7 has been input into the host 50, no other information need be communicated back to the first computer 20 from the host 50 or another device in order to gain clearance or access.
Lastly it is noted that the fixed code or seed lO and/or pin 45, FIG. 3, may be employed to identify a computer terminal or other piece of equipment or device as opposed to a card 20. For example, a terminal or a space satellite or other device may be provided with a computer 20 which is assigned a code or seed lO
and/or a pin 45 (and, of course, provided with the secret predeter-1~ mined algorithm and a clock and conventional electronic mechanismsfor computing the code 40 and inputting the code lO, pin 45, and resultant code 40 to the host or ~CM 50) in order to identify such terminal, satellite or the like in the same manner as a card compu-ter 20 is identifiable as described hereinabove.
It will now be apparent to those skilled in the art that other embodim`ents, improvements, details, and uses can be made consistent with the letter and spirit of the foregoing disclosure and within the scope of this patent, which is limited only by the following claims, construed in accordance with the patent law, including the doctrine of equivalents.
What is claimed is:
.
: . : : .':, ` ' ., ;: ':
, . . . .
.. . . . .
: .,: .. ;.
; - ,. ..
.. .:
~ ~ 7 ~
chronization of the host clock 125), the re-set window opening number is then elimin~ted aS ~o all future entrie~ by card users, and the master time offset is u.sed ~in addition to permanently stored time offsets p~culiar to each card) to adjust t~e card clock 125 m transactions as to all card entries thereafter.
As a practical matter a limit is typically placed on the total number of bordering cells by which the window is opened regardless of the length of time of non-usage by the card user or the number oE times the host or ACM 50 is reset as a result of re-setting of clock 125. For security reasons, such a limit is ty-pioally selected as ten one-minute bordering cells -- as stated in step 170, FIG. 3 the number of codes comprising the window are the lesser of (a) 4 bordering cell codes, the preferred selected win~
dow, plus X, the number of months or other selected non-usage periods, plus Y, the shut down window opening number, or (b) lO, the maximum number of additional cell codes. Such a maximum window may, of course, be selected as more or less than lO dependin~ on the degree of security desired.
It is noted that FIG. 3 depicts a prefer~ed sequence of operations and not necessarily the only sequence. Steps llO and 120 could, for example, be interchanged or, for example, the step of automatically inputting the re-set window ope~ing number, step 167 could prece~e any of steps 140 160.
me host or ACM 50, FIGS. 1. lA, 3. typically includes one , , .,. -. ... ~ :
- :.:: :: . .. . :.
, :; . :. ::: ;.: : - ::.. . ,. :. ,.. : . :
:,. .. ... :
. : :: .: :
-- - - -: : - - ,: ~.::. : :
f ~ 7~39~7 _~
or mor~ programs and sufficient memory to carry out all of the steps shown in FIG. 3, although one or more of those functions may be carried out by a device separate from and communicating with or connected to the host or ACM 50.
With respect to the computation, storage and retrieval of time offsets, the host or ACM 50 is provided with mechanisms for recognizing, storing, retrieving and computing time offsets which are peculiar to each càrd seed lO and/or pin 45 and responsive to the input of the same into the host or ACM 50.
FIG. 2 depicts the most preferred form of the calculator 20 which is provided to authorized users for generating the first non-predictable or card resultant code 40. As shown in FIG. 2 the calculator 20 is of substantially the same si~e as a conventional credit card and includes a conventional liquid crystal display 44 fo~ displaying the code 40 to the user. The credit/card computer 20, FIG. 2, may bear the identity of the card seed/fixed code lO
printed on its face, and includes a digital clock means, an energi-zing means. a microprocessor and sufficient memory for storing the predetermined secret algorithm, a program for generating a dynamic variable if desired, and the card seed lO and pin 45 if desired.
In an embodiment of the invention where the goal is to grant access to a physical facility, the ACM 50 may comprise a portable device such that it may be carried by a security guard stationed at a central access location leading to a guarded , . . ..
.. ...... ,- .. - . : - ...
- \
7l1:)53S'7 building or other facility. A security guard thus in possession of such an ACM would typically read the card seed lO and the non-predictable code 40 appearing on the card 20, FIG. 2, of authorized person and input such codes lO, 40 ~in addition to the pin 45 --otherwise provided to the guard by the card bearer) into the port-able ACM 50 to determine whether the card bearer is truly in pos-session of a card 20 which was issued by the authority establishing the secret predetermined algorithm.
As described herein protection of the secrecy of the predetermined algorithm is preferably accomplished in the calcula-tors provided to authorized personnel by virtue of its storage in volatile dynamic memory and encapsulation with a volatile dynamic energizing means. With respect to the algorithm provided in the AC~1 secrecy may be maintained in a similar manner or other conven-tional manner, e.g., by physically guarding the ACM or requiringadditional access/user codes to gain direct acce~s. Where all programs, data and results of operation are stored in such volatile dynamic memory, the same are similarly protected against invasion.
Although the invention contemplates some form o~ communi-2~ cation of the result of operation 40 carried out on the card 20,FIG~ 2, to the host or ACM 50 or any other electronic device, a talking between the computer 20 and the host 50 is not required or contemplated by the invention. Therefore, after the first computer 20 has calculated the first non-predictable code 40 and the code 40 ~ . . .
::::. .: . :~:. . -::: ~ ., ~ . .. . .
~: , . ;: , ::: . . . .::
-- ~i ~ O ~7 has been input into the host 50, no other information need be communicated back to the first computer 20 from the host 50 or another device in order to gain clearance or access.
Lastly it is noted that the fixed code or seed lO and/or pin 45, FIG. 3, may be employed to identify a computer terminal or other piece of equipment or device as opposed to a card 20. For example, a terminal or a space satellite or other device may be provided with a computer 20 which is assigned a code or seed lO
and/or a pin 45 (and, of course, provided with the secret predeter-1~ mined algorithm and a clock and conventional electronic mechanismsfor computing the code 40 and inputting the code lO, pin 45, and resultant code 40 to the host or ~CM 50) in order to identify such terminal, satellite or the like in the same manner as a card compu-ter 20 is identifiable as described hereinabove.
It will now be apparent to those skilled in the art that other embodim`ents, improvements, details, and uses can be made consistent with the letter and spirit of the foregoing disclosure and within the scope of this patent, which is limited only by the following claims, construed in accordance with the patent law, including the doctrine of equivalents.
What is claimed is:
Claims (24)
1. In a system for comparing and matching non-predictable codes generated by separate computers on the basis of dynamic variables defined by separate first and second clock means according to time, an apparatus for effectively synchronizing the first and second clock means comprising:
a first computer for calculating a first non-predictable code according to a predetermined algorithm, the algorithm generating the first non-predictable code on the basis of a first dynamic variable and a unique static variable;
said first clock means automatically defining the first dynamic variable according to a first interval of time in which the static variable is input into the algorithm, the first interval of time having a first predetermined duration;
a second computer for calculating two or more second non-predictable codes according to the predetermined algorithm, the algorithm generating the second non-predictable codes on the basis of two or more second dynamic variables and the unique static variable;
said second clock means automatically defining the two or more second dynamic variables according to two or more time cells for which the static variable is input into the algorithm of the second computer, the time cells comprising a central cell of time having a predetermined duration and one or more cells of time bordering the central cell of time, each bordering cell of time having a pre-determined duration;
means for comparing the first non-predictable code with the second non-predictable codes to determine a match; and means for automatically synchronizing the first clock means and the second clock means upon comparison and matching of the first non-predictable code with one of the second non-predictable codes.
a first computer for calculating a first non-predictable code according to a predetermined algorithm, the algorithm generating the first non-predictable code on the basis of a first dynamic variable and a unique static variable;
said first clock means automatically defining the first dynamic variable according to a first interval of time in which the static variable is input into the algorithm, the first interval of time having a first predetermined duration;
a second computer for calculating two or more second non-predictable codes according to the predetermined algorithm, the algorithm generating the second non-predictable codes on the basis of two or more second dynamic variables and the unique static variable;
said second clock means automatically defining the two or more second dynamic variables according to two or more time cells for which the static variable is input into the algorithm of the second computer, the time cells comprising a central cell of time having a predetermined duration and one or more cells of time bordering the central cell of time, each bordering cell of time having a pre-determined duration;
means for comparing the first non-predictable code with the second non-predictable codes to determine a match; and means for automatically synchronizing the first clock means and the second clock means upon comparison and matching of the first non-predictable code with one of the second non-predictable codes.
2. The system of Claim 1 wherein the central cell of time comprises the date and the minute in which the unique static variable is input into the second computer as defined by the second clock means.
3. The system of Claim 2 wherein the bordering cells of time comprise a cell of time comprising the date and the minute immediately preceding the central cell.
4. The system of Claim 1 wherein the means for synchronizing comprises:
counting means for counting the difference in time between a central cell of time and a bordering cell of time from which a matching second non-predictable code may be generated;
summing means connected to the counting means for summing successive differences in time counted by the counting means;
storage means connected to the summing means for storing the output of the summing means;
and, shifting means connected to the storage means for shifting a central cell and bordering cells of time by the summed times stored in the storage means.
counting means for counting the difference in time between a central cell of time and a bordering cell of time from which a matching second non-predictable code may be generated;
summing means connected to the counting means for summing successive differences in time counted by the counting means;
storage means connected to the summing means for storing the output of the summing means;
and, shifting means connected to the storage means for shifting a central cell and bordering cells of time by the summed times stored in the storage means.
5. The system of Claim 4 wherein the bordering cells of time comprise a selected number of cells of time immediately preceding the central cell and a selected number of cells of time immediately following the central cell.
6. The system of Claim 5 wherein the central and bordering cells of time are selected to be one minute in duration.
7. The system of Claim 5 wherein the means for synchronizing further comprises:
second storage means connected to the com-parison means for storing the date of the most recent comparison and matching by the comparison means;
second counting means connected to the second storage means for counting the difference in time between the date stored and the date of present entry into the second computer;
dividing means connected to the second counting means for dividing the difference in time counted by the second counting means by a selected value and prescribing the output as a first window opening number;
window opening means connected to the dividing means and the comparison means for calcu-lating as many extra second non-predictable codes on the basis of as many extra bordering cells of time immediately preceding and following the selected number of bordering cells as prescribed by the first window opening number.
second storage means connected to the com-parison means for storing the date of the most recent comparison and matching by the comparison means;
second counting means connected to the second storage means for counting the difference in time between the date stored and the date of present entry into the second computer;
dividing means connected to the second counting means for dividing the difference in time counted by the second counting means by a selected value and prescribing the output as a first window opening number;
window opening means connected to the dividing means and the comparison means for calcu-lating as many extra second non-predictable codes on the basis of as many extra bordering cells of time immediately preceding and following the selected number of bordering cells as prescribed by the first window opening number.
8. The system of Claim 7 wherein the means for synchronizing further comprises:
sensing means connected to the second clock means for sensing a re-setting of the second clock means;
third storage means connected to the sensing means for prescribing and storing the occur-rence of a sensed re-setting of the second clock means as a selected second window opening number; and second window opening means connected to the third storage means for calculating as many addi-tional second non-predictable codes on the basis of as many additional bordering cells of time immediate-ly preceding and following the extra bordering cells of time as prescribed by the second window opening number.
sensing means connected to the second clock means for sensing a re-setting of the second clock means;
third storage means connected to the sensing means for prescribing and storing the occur-rence of a sensed re-setting of the second clock means as a selected second window opening number; and second window opening means connected to the third storage means for calculating as many addi-tional second non-predictable codes on the basis of as many additional bordering cells of time immediate-ly preceding and following the extra bordering cells of time as prescribed by the second window opening number.
9. The system of Claim 8 wherein the first computer comprises a microprocessor wherein the algorithm is stored in volatile dynamic memory encap-sulated with an energizing means which when inter-rupted destroys all data including at least the algorithm and the static variable.
10. The system of Claim 9 wherein the first computer and the first clock means are incorporated into a card of about the same size as a credit card.
11. The system of Claim 10 wherein the algo-rithm of the second computer is stored in volatile dynamic memory encapsulated with an energizing means which when interrupted destroys all data including at least the algorithm and the static variable.
12. In a method for comparing non-predictable codes generated by separate computers on the basis of dynamic variables defined by separate clock means according to time wherein the codes match when the dynamic variables match, a method for effectively synchronizing the separate clock means comprising the steps of:
inputting the static variable into a first computer including a predetermined algorithm;
employing the algorithm of the first com-puter to calculate a first non-predictable code on the basis of the static variable and a first dynamic variable defined by a first interval of time in which the step of inputting occurred according to a first clock means;
putting the static variable and the first non-predictable code into a second computer, the second computer independently including the predeter-mined algorithm;
using the algorithm of the second computer to independently calculate two or more second non-predictable codes on the basis of the static variable and two or more second dynamic variables defined by two or more cells of time in which the step of input-ting occurs according to a second clock means, the cells of time comprising a central cell of time and one or more bordering cells of time;
comparing the first non-predictable code with the second non-predictable codes to determine a match; and synchronizing the first clock means and the second clock means upon comparison and matching of the first non-predictable code with one of the second non-predictable codes.
inputting the static variable into a first computer including a predetermined algorithm;
employing the algorithm of the first com-puter to calculate a first non-predictable code on the basis of the static variable and a first dynamic variable defined by a first interval of time in which the step of inputting occurred according to a first clock means;
putting the static variable and the first non-predictable code into a second computer, the second computer independently including the predeter-mined algorithm;
using the algorithm of the second computer to independently calculate two or more second non-predictable codes on the basis of the static variable and two or more second dynamic variables defined by two or more cells of time in which the step of input-ting occurs according to a second clock means, the cells of time comprising a central cell of time and one or more bordering cells of time;
comparing the first non-predictable code with the second non-predictable codes to determine a match; and synchronizing the first clock means and the second clock means upon comparison and matching of the first non-predictable code with one of the second non-predictable codes.
13. The method according to Claim 12 wherein the step of synchronizing comprises the steps of:
counting the difference in time between a central cell of time and a bordering cell of time from which a matching second non-predictable code may be generated;
summing successive differences in time counted during the step of counting;
storing the summed successive differences in time; and, shifting the central and bordering cells of time by the summed successive differences in time.
counting the difference in time between a central cell of time and a bordering cell of time from which a matching second non-predictable code may be generated;
summing successive differences in time counted during the step of counting;
storing the summed successive differences in time; and, shifting the central and bordering cells of time by the summed successive differences in time.
14. The method according to Claim 13 wherein the step of synchronizing further comprises the steps of:
storing the date of the most recent compa-rison and determination of a match;
counting the difference in time between the date stored and the date of present entry into the second computer;
dividing the difference counted during the step of counting the difference in dates by a selected value and prescribing the output as a first window opening number; and calculating as many extra second non-predictable codes on the basis of as many extra bordering cells of time immediately preceding and following the selected number of bordering cells as prescribed by the first window opening number.
storing the date of the most recent compa-rison and determination of a match;
counting the difference in time between the date stored and the date of present entry into the second computer;
dividing the difference counted during the step of counting the difference in dates by a selected value and prescribing the output as a first window opening number; and calculating as many extra second non-predictable codes on the basis of as many extra bordering cells of time immediately preceding and following the selected number of bordering cells as prescribed by the first window opening number.
15. The method according to Claim 13 wherein the step of synchronizing further comprises the steps of:
sensing a re-setting of the second clock means;
prescribing and storing the occurrence of a sensed re-setting of the second clock means as a second selected window opening number; and, calculating as many additional second non-predictable codes on the basis of as many additional bordering cells of time immediately preceding and following the extra bordering cells of time as prescribed by the second window opening number.
sensing a re-setting of the second clock means;
prescribing and storing the occurrence of a sensed re-setting of the second clock means as a second selected window opening number; and, calculating as many additional second non-predictable codes on the basis of as many additional bordering cells of time immediately preceding and following the extra bordering cells of time as prescribed by the second window opening number.
16. The method of Claim 12 wherein the central and bordering cells of time are selected to be one minute in duration.
17. An identification system for identifying an individual comprising:
first computer means including first clock means for generating a first time dependent dynamic variable, means for storing a predetermined static variable, first means for utilizing said first time dependent dynamic variable and said static variable to calculate a first non-predictable code in accordance with a predetermined algorithm, and means for providing a visual display of the first non-predictable code calculated at at least a selected time interval;
second computer means including second clock means for generating a second time dependent dynamic variable, means for obtaining said predeter-mined static variable, second means for utilizing said second time dependent dynamic variable and said static variable to calculate at a selected time interval a second non-predictable code in accordance with said predetermined algorithm, means for obtaining the first non-predictable code displayed during said selected time interval, match means for comparing the second non-predictable code generated during said selected time interval with the first non-predictable code obtained during said selected time interval, and means responsive to a match bet-ween said first and second non-predictable codes in said match means for signifying identification;
said first and second computer means inde-pendently generating said first and second non-predictable codes for comparison thereof without communication of the second computer means or the second clock means back to the first computer means there being no physical or electrical connection between said first and second computer means; and wherein a static variable is communicated to the means for obtaining at the second computer by an individual located at the first computer, the individual to be identified communicating the dis-played first non-predictable code and the static variable to the means for obtaining at the second computer.
first computer means including first clock means for generating a first time dependent dynamic variable, means for storing a predetermined static variable, first means for utilizing said first time dependent dynamic variable and said static variable to calculate a first non-predictable code in accordance with a predetermined algorithm, and means for providing a visual display of the first non-predictable code calculated at at least a selected time interval;
second computer means including second clock means for generating a second time dependent dynamic variable, means for obtaining said predeter-mined static variable, second means for utilizing said second time dependent dynamic variable and said static variable to calculate at a selected time interval a second non-predictable code in accordance with said predetermined algorithm, means for obtaining the first non-predictable code displayed during said selected time interval, match means for comparing the second non-predictable code generated during said selected time interval with the first non-predictable code obtained during said selected time interval, and means responsive to a match bet-ween said first and second non-predictable codes in said match means for signifying identification;
said first and second computer means inde-pendently generating said first and second non-predictable codes for comparison thereof without communication of the second computer means or the second clock means back to the first computer means there being no physical or electrical connection between said first and second computer means; and wherein a static variable is communicated to the means for obtaining at the second computer by an individual located at the first computer, the individual to be identified communicating the dis-played first non-predictable code and the static variable to the means for obtaining at the second computer.
18. A system as claimed in Claim 17 wherein said first means to calculate includes a stored pro-gram for performing said predetermined algorithm, and wherein said program and said first static variable are stored in volatile dynamic memory which causes said program and static variable to be destroyed if an attempt is made to gain access thereto.
19. A system as claimed in Claim 17 wherein said first computer means is incorporated in a portable, hand-held device.
20. A portable, hand-held computing and indi-cating device for use in a security system of the type wherein a first mechanism generates a first non-predictable code in accordance with a predeter-mined algorithm in response to both a unique static variable and a dynamic variable inputted thereto, a second mechanism generates a second non-predictable code in accordance with the predetermined algorithm in response to both the unique static variable and a second dynamic variable corresponding to the first dynamic variable, and means for comparing the two non-predictable codes, the device forming the first mechanism and comprising:
a processor having said algorithm pre-programmed therein;
means for causing the program stored in said processor to be erased if an effort is made to gain access to the program to learn the algorithm;
means for storing a unique static variable in each device, the static variable being selected so that no two devices adapted for use with a second mechanism store the same static variable;
means for generating a time varying dynamic variable, said means being adapted to generate the same dynamic variable as that generated at said second mechanism at substantially the same instant of time;
means for applying the stored unique static variable and the currently generated dynamic variable to said processor; and means for visually displaying the non-predictable code currently being generated by said processor.
a processor having said algorithm pre-programmed therein;
means for causing the program stored in said processor to be erased if an effort is made to gain access to the program to learn the algorithm;
means for storing a unique static variable in each device, the static variable being selected so that no two devices adapted for use with a second mechanism store the same static variable;
means for generating a time varying dynamic variable, said means being adapted to generate the same dynamic variable as that generated at said second mechanism at substantially the same instant of time;
means for applying the stored unique static variable and the currently generated dynamic variable to said processor; and means for visually displaying the non-predictable code currently being generated by said processor.
21. A device as claimed in Claim 20 where the device is in the form of a credit-card sized card having the processor encapsulated therein.
22. A device as claimed in Claim 21 wherein said card has a length of approximately 3.3 inches, a width of approximately 2.1 inches, and a depth of less than approximately .07 inches.
23. A device as claimed in Claim 20 wherein said means for visually displaying is a liquid crys-tal display.
24. A device as claimed in Claim 20 wherein said means for generating a time varying dynamic variable is an electronic clock generator.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA000523998A CA1270957A (en) | 1986-11-27 | 1986-11-27 | Method and apparatus for synchronizing generation of separate, free running, time dependent equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CA000523998A CA1270957A (en) | 1986-11-27 | 1986-11-27 | Method and apparatus for synchronizing generation of separate, free running, time dependent equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA1270957A true CA1270957A (en) | 1990-06-26 |
Family
ID=4134447
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA000523998A Expired CA1270957A (en) | 1986-11-27 | 1986-11-27 | Method and apparatus for synchronizing generation of separate, free running, time dependent equipment |
Country Status (1)
| Country | Link |
|---|---|
| CA (1) | CA1270957A (en) |
-
1986
- 1986-11-27 CA CA000523998A patent/CA1270957A/en not_active Expired
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US4885778A (en) | Method and apparatus for synchronizing generation of separate, free running, time dependent equipment | |
| US4720860A (en) | Method and apparatus for positively identifying an individual | |
| US4998279A (en) | Method and apparatus for personal verification utilizing nonpredictable codes and biocharacteristics | |
| US4856062A (en) | Computing and indicating device | |
| US4621334A (en) | Personal identification apparatus | |
| JP3530185B2 (en) | Personal identification mechanism and access control system | |
| US3862716A (en) | Automatic cash dispenser and system and method therefor | |
| US5168520A (en) | Method and apparatus for personal identification | |
| US5097504A (en) | Method and device for qualitative saving of digitized data | |
| US4588991A (en) | File access security method and means | |
| US4304990A (en) | Multilevel security apparatus and method | |
| EP0555219B1 (en) | Method and apparatus for personal identification | |
| Bowers | Access control and personal identification systems | |
| CA1270957A (en) | Method and apparatus for synchronizing generation of separate, free running, time dependent equipment | |
| Browne | Data privacy and integrity: an overview | |
| WO1996030875A1 (en) | Improvements in or relating to the control or monitoring of electrical equipment | |
| SE9202427L (en) | Methods and devices for preventing unauthorized access to computer systems | |
| GB2190775A (en) | Preventing unauthorised access to information | |
| WO1997023846A1 (en) | A security system for the recognition of data, in particular personal identity data | |
| JP2829986B2 (en) | Electronic device stop function release system | |
| Jacobson | Infiltrating the system-part II counter measures | |
| JPH09198351A (en) | User authentication device | |
| Slivka et al. | Methods and Problems in Computer Security | |
| JP2000020631A (en) | Electronic money maintenance management system and ic card used for the same | |
| JPH01120662A (en) | Foul application preventing system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MKEX | Expiry |