Classifications

• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q30/00—Commerce
  • G06Q30/06—Buying, selling or leasing transactions
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
  • G06F21/31—User authentication
  • G06F21/36—User authentication by graphic or iconic representation

Definitions

• the Internet is rapidly changing the way the world communicates and conducts business There continues to be an exponential increase in the number of users who gain access to the Internet and who subsequently wish to purchase goods and services via this medium
• a user authentication method to authenticate a registered user of a service over a computer network, the method comprising the steps of
• the method may further comprise the step of
• step (h) may further comprise the step of (l) issuing said second password once the registered user has selected said first password, said second password issued according to said pre-defined relationship
• said method further comprising the step of
• the method may also comprise the step of randomly mapping input values with output values
• the pre-defined relationship may be determined according to the formula y - mx + c wherein said passwords are numerical and y is said first password, x is said second password and m and c are constant
• step (h) said registered user may select one or more calendar dates as a password and step (h) may further comprise the step of ( ⁇ ) issuing a random number associated with said selected one or more calendar dates and using said random number to identify said registered user
• the service may relate to credit card payment facilities
• the service provider may be a credit card payment authorisation service
• Z and C may be based on a number unique to the user such as their Driver's License or Social Security number, Medicare Card With such a nominated number as input, the values of Z and C can optionally be calculated according to a formula
• a date time stamp data may be issued to a registered user when they are issued with the unique graphic and this date time stamp is embedded within said unique graphic
• a transaction number may be issued to the registered user for each service request that is granted over the computer network
• a user authentication system to authenticate a registered user of a service over a communication network
• the authentication system comprising server means connected to said communications network having one or more information pages associated with a service provider, a client device adapted to interface with said server means via said communication network, said client device capable of accessing said one or more information pages to thereby permit said user to submit a first password and a unique graphic comprising embedded second password data, to the service provider via said one or more information pages, and authentication means adapted to interface with said server means to thereby extract the second password from the embedded second password data contained within the unique graphic, and compare the submitted first password and extracted second password to determine if a pre-defined relationship exists between the passwords, wherein in use, the client user is granted registered user status and is allowed access to said service if said pre-defined relationship exists
• a user authentication system to authenticate a registered user of a credit card service in an Internet environment, the authentication system comprising server connected to the Internet having one or more web pages associated with said vendor, said vendor web pages permitting purchase of goods/services therefrom, a client device operable by a user, said client device adapted to connect to said server via the Internet and download one or more of said web pages, said client user being thereby permitted to submit a first password and.
• a unique graphic including an embedded second password to the service provider via said web pages, and authentication software adapted to interface with said server to thereby extract the second password from the unique graphic and compare the submitted first password and second password to determine if a pre-defined relationship exists between the passwords, wherein in use, the client user is granted registered user status and is allowed access to said credit card service if said pre-defined relationship exists
• theie is provided a usei authentication method to authenticate a registered user of a service over a computer network, the method comprising the steps of (a) permitting a client user to request a service from a service provider accessible from said computer network,
• Fig 1 is a schematic illustration of a preferred system to authenticate a registered user of a credit card service
• Fig 1A is a display of a virtual form from a web page that a credit card user completes to obtain registration with the credit card authentication service
• Fig IB is a display of an email that is sent to a user once they have registered for the credit card authentication service
• Fig 2 is of a display of a virtual form from a vendor website which is downloaded by a client computer and viewed from the client's web browser software
• Fig 3 is a schematic illustration of a Birth Date chart used in the preferred embodiment
• Fig 3A is a schematic illustration of the fields associated with a credit card holders details recorded in the data base of the credit card authentication service of Fig 1
• Fig 4 is a schematic illustration of the steps which are involved in authenticating a credit card purchase from the credit card authentication service of Fig 1 ,
• Fig 5 is a schematic illustration of the virtual form of Fig 2 after an authentication check has determined that the purchase request is from a registered user of the credit card authentication service
• Fig 6 is a schematic illustration of the virtual form of Fig 2 after a authentication check has determined that the purchase is not from a registered user of the credit card authentication service and therefore the purchase has been denied, and
• Fig 7 is a schematic illustration of how passwords are extracted and compared by the system of Fig 1
• a preferred embodiment provides an authentication method and system to authenticate a registered user of a credit card service in an Internet environment
• the authentication system includes a server which is connected to the Internet and from which any number of web pages associated with an Internet vendor is available for the purchase of goods and services
• a personal computer connects to the Internet and downloads one of the web pages
• the user submits a purchase request which includes a first password and a graphic file having embedded password data when they wish to make a purchase request from the vendor
• the purchase request information sent to the vendor is routed to a server having authentication software which extracts the password data embedded in the graphic tile and compares this with the first password If a pre-defined relationship exists between the two passwords, the authentication software grants registered user status to the purchase request and the purchase is allowed to proceed
• the user authentication system 10 includes a Credit Card Authentication Centre (CCAC) 15 which includes a server 14 which is connected to the Internet 12
• the server 14 further includes a database 16 on which credit card information for a multiplicity of registered users is stored
• the credit card information includes registered user contact details, authentication data and the actual credit card details
• the server 14 also includes authentication software 18 for authenticating credit card data
• the authentication software 18 further includes random number software 20 in the form of a birth date chart comprising a table of random numbeis as will also be described in detail below
• a web site 21 is also accessible from the server 14 and is written in HTML code The web site 21 is used to register users in the data base 16 and to permit a registered user to change their contact details as required
• the authentication system 10 may further include a number of Internet vendors 23, 25 who operate respectiv e web sites 26, 28
• the web sites 26, 28 are Internet vendor web sites which offer goods and services to customers when the respective servers 22 and 24 are accessed via the Internet 12
• Fig 1 only two web site vendors are shown in Fig 1 , it should be understood that this is for illustrative purposes only and that any number of web site vendors could participate in the system
• a plurality of client computers 30 31 are shown which can access the Internet 12 via their ISP (not shown)
• client user 30 is a registered user of the CCAC 15 and client user 31 is not a registered user of the CCAC 15 system
• client user downloads the Credit Card
• Authentication Registration form 43 shown in Fig 1A, from the web site 21
• Joe Citizen enters his contact details, shown generally by arrow 44, in addition to
• a first birth date 48 preferably not the user's own and one that he will readily remember (in this case, 1 January),
• This two digit number 48' is used to create a unique graphic identifier (UGI) which is later issued to the user by the CCAC 15 system
• the client user 30 then sends the information contained within the of form 43 to the server 14 by clicking the SUBMIT button Should the client user not wish to proceed with registration, they click the CANCEL button
• the user could also input his/her credit card PIN number for authentication of the credit card as being properly registered with the CCAC 15
• Another alternative to the user inputting a two digit number in field 48" may involve the user inputting a number associated with his/her person, such as a drivers licence number. Medicare number, Social Security number etc This number can then be input into a pre-defined formula and a number derived to draw the UGI as will be explained below
• the authentication program Upon receiving the registration data referred to above, the authentication program reads the two digit number "10" selected by the client in field 48" This number is used to generate a UGI
• the UGI is preferably a fractal and more preferably is generated according to the Mandlebrot set
• Z +1 (Z N ) + C series of numbeis
• m Z and C are determined for each user according to a predefined algorithmic variation of two particular pieces of information, one for Z and one for C
• the authentication program then reads the two dates 48, 48' and sets a first password for the registered user as 010131 12, being the two dates selected in form 43 of Fig 1A
• the authentication software 18 When the client user 30 is registered as a user of the CCAC 15, the authentication software 18 records the date and time of when registration is issued to the client 30 and a Date Stamp is generated for the registered user This assists the CCAC 15 from distinguishing from different users of the CCAC 15 who have the same name, or the one registered user who has a number of credit cards registered with the service In this example, the registration was issued on 13 August 1999 at 3 03 25 PM, therefore the Date Stamp issued for the registration of this example
• the random number software 20 which is a part of the authentication software 18, generates a routine to assign a random number value related to the input password In this example, the random number value relates to the birth Day Chart 32, are shown in Fig 3
• the birthday chart 32 is a chart listing the dates of the sequential days of the year as shown in the birth date column 54, and having a corresponding assigned value called the UGI number shown in column 56 It will be appreciated that the numbers for the dates of the year are sequential in this diagram, but this is for illustrative purposes
• the UGI number in the Birth Date chart has UGI No's 1 to 365 and is associated with respective calendar dates 1/1 to 31/12 (this example does not relate to a leap year) Therefore, as the user in Fig 1A, has selected the birth date 0101 and 31 12, they are assigned UGI number 1, and 365
• the UGI numbers could be used to also generate the UGI graphic in other embodiments without having the client user select the field 48" as shown in Fig
• the UGI data is broken down into binary format and the UGI No, 1 and 365, are formatted into binary format from an ASCII text character to binary format
• the UGI Numbers are then embedded within the binary data of the UGI
• the authentication program sends an encrypted email as shown in Fig IB
• the email confirms the registration and provides the client user 30 with the first password (010131 12) and the UGI graphic which includes the embedded UGI numbers 1 and 365 Alternativel ⁇ the first password could be communicated verbally over the phone to the client user 30 or alternatively could be sent via the postal service for added security so that both first password and UGI are not sent in the same communication
• the actual UGI shown in Fig IB is shown as an example of a UGI and is not a UGI determined according to the formula above
• the data associated with the registered user Joe Citizen which is recorded in the CCAC 15 database 16, is shown in Fig 3A, including the Date Stamp 130899-150325 referred to above
• a client user 30 wishes to purchase a product from an Internet vendor such as vendor 23 who operates website 26, they typically select the product and download an order form page, an example of which is shown in Fig 2
• the client user wishes to purchase 'Book X' for $89 95 (refer to field 38)
• the virtual form 32 has a number of fields which the client user 30 enters, such as title, first name, last name, address, suburb, postcode, state, country etc
• the user also enters their credit card number into field 34, the expiry date of their credit card in field 36, the purchase amount in field 38, their eight digit designated password '01013112' (field 40) and their designated UGI with embedded UGI number in field 44
• the UGI is copied from the client 30 and pasted in the Internet browser application in field 44 In other embodiments, this may be executed automatically by
• the website server 22 automatically routes the purchase request information including the UGI from field 44 and the eight digit password from filed 40 to the CCAC 15 server 14
• the authentication program 18 Upon receipt of the purchase request by the server 14, the authentication program 18 then begins the process of authenticating the user Firstly, the UGI is decrypted by the authentication software 18 and extracts according to an encryption key, UGI numbers encrypted within the UGI which are recorded as UGI#1 and UGI#2
• the authentication program 18 refers to the random number software 20 having the birth Date chart table 52 shown in Fig 3, to obtain the respective corresponding birth dates
• the authentication software 18 reads the password
• the authentication software 18 determines if the person making the purchase request is a registered user of the CCAC 15 by determining if there is a pre-defined relationship. In this embodiment if:
• Fig. 7 provides a schematic illustration of how PI .
• P2, UGI#1 and UGI#2 are extracted and compared with P3 and P4. Therefore, the pre-defined relationship in this example is:
• the authentication software 18 determines that the purchase request details entered on form 32 are correct by first reading the Date Stamp "130899-150325" submitted with the UGI data and comparing it with the Date Stamp recorded in the Database 16 to first verify the identity of the person making the purchase request
• P1 -P3 and P2-P4 is '0'
• the client user 30 is deemed to be the authentic owner of the Credit Card and the transaction is allowed to proceed as shown in Fig. 5
• a transaction number may be issued to the person making the request to verify the time that the authorisation request has been made If either of these two sums had yielded a result that is greater or less than zero, due to a purchase request by the unregistered client user 31 , the authentication program 18 determines that the purchase request is not from an authentic card holder or registered user and access is denied as shown in Fig 6.
• Authorisation is then declined and the Issuer advised of a possible fraudulent attack against the card
• the authentication program sends a message to the server 22 of the Internet vendor 23, that the credit card number is an authorised registered user of the authentication system.
• the Internet vendor can then ensure that an authorised person is making the purchase request and thereby approve the sale
• a credit card holder Upon registration, a credit card holder is issued with a UGI and a password which he/she has nominated as shown in Fig. IB.
• the password and UGI are used to authenticate a purchase request via the Internet from his/her credit card.
• the credit card holder submits a purchase requests from a Internet vendor and fills in a virtual form 32 (Fig. 2) which is accessed from an Internet vendor's web site. Upon receipt, this information is routed to the credit card authentication server 14 (Fig 1).
• Step 90 The credit card authentication server 14 receives the information routed from the vendor which includes the first password and the UGI
• the authentication software 18 is initiated and the first password is stored in the RAM of the server 14 Step 110
• the authentication software 18 then extracts the password embedded within the UGI and the Date Stamp and also stores this in RAM
• the UGI numbei is then compared on the random table number 20 and the corresponding birth date is then determined from the birthday chart of Fig 3
• the date stamp from the UGI graphic is compared with the date stamp recorded in the data base 16 to determine if they are matching and thereby identify who the person making the purchase request is meant to be
• the first password (P1 ,P2) of Step 100 is then compared with the second password (P3,P4) from the extracted UGI number of Step 1 10 (UGI#1 ,UGI#2) to determine if they are equal
• the transaction is authorised and the authentication program verifies that the purchaser's request is made by a registered user of the system as shown in Fig 5
• the transaction authorisation is denied and a message displayed to the person making the request is displayed as shown in Fig 6
• the CCAC 15 advises the credit card issuing authority that the an unauthorised purchase attempt has been made with the card If the relationship does not exist, the transaction is not approved and a GIF graphic "ACCESS DENIED" is posted in the field 44 of foim 32 as shown in Fig 6 from client 30 Internet browser Approval for the purchase request is not granted and this information is then sent to the server 22 of the Internet vendor 23
• any relationship may be used to compare the first password (P1,P2) with the second password (P3,P4)
• the embodiment described above requires a user to register with the CCAC 15 by filling in the form located on CCAC 15 web site 21, in other embodiments, the user may be required to register the information shown in Fig 1A first with the credit card issuing authority who will authenticate the user from personal information held on the database 16 and may obtain the information from their own web site, via a form, or over the telephone
• the UGI graphic and the password are not sent in the same email for added security purposes
• the embodiment above was shown with the UGI graphic and the password in the one email for illustrative purposes
• more than one server 14 may be involved with the credit card authentication centre and furthermore the database and server 16 and server 14 may not be placed in the same location tor added security
• it is preferable that all transactions between the internet vendor and the credit card authentication centre 15 are encrypted
• the credit card authentication centre may be the credit card issuing body It will be realised that the system may be implemented for other security applications such as verifying that a particular authorised user has access to particular computer files
• the client 30 31 shown in this embodiment has been a personal computer having access to the internet
• the client of the computer network may take the form of a mobile phone with WAP capabilities for accessing the Internet
• the computer network may not be the Internet but could be an organisation's LAN which is used to grant access to particular files
• the UGI graphic is any graphic which is unique and may be created according to the Mandlebrot set, any graphic image or alternatively it could be a thermal image of a person to whom the image is assigned to
• a copy of a UGI and password may be issued to two or more authorised users so that groups within an organisation may gain access to files on the computer network
• the embodiment provides a method and system whereby an Internet vendor is able to authenticate that a person making a purchase request via the Internet is in fact the authentic credit card holder Because the person making the purchase request must submit both a UGI and a password, this substantially enhances the security of the system rather than using an alphanumeric password on its own which a third party could easily copy
• UGI User Datagram Protocol
• Other embodiments may require that a new UGI is generated for each registered user over a pre-defined time period, such as on a monthly or annual basis
• a number of UGI's may be issued to a registered user in which one of them will be a valid UGI (known to the registered user) and the other UGI's will be fake so as to make it difficult for a fraudster to know which UGI is the correct UGI
• a UGI without the password could be issued to a person, such as the thermal image of that person referred to above This thermal image could be used to allow a person to access the computer system as described above without the steps of comparing the password This would allow a registered user of the system to gain access to files remotely rather than relying on a password
• the UGI submitted by an access request would be compared with one recorded in the database 16 to determine whether a correct UGI has been presented Should a correct UGI be presented, the person making the request is granted registered user status
• the service request may be for electronic mail services
• a client user would prepare an email to be sent to another email account and before sending the email the client user would submit with the email, the UGI and password in fields created in the client's electronic mail application, such as in Outlook ExpressTM by Mircosoft Corporation or Lotus NotesTM by Lotus Development Corporation
• the email would be routed to the CCAC 15 rather than directly to the recipients email account and thereby authenticated as an actual email from the sender
• a message could be displaved in the email on presentation to the recipient stating that the email has been verified as authentic by the CCAC 15

Applications Claiming Priority (5)

Publications (1)

Family

ID=25646121

Family Applications (1)

Country Status (2)

Families Citing this family (3)

Family Cites Families (5)

• 2000
  • 2000-08-11 WO PCT/AU2000/000972 patent/WO2001013243A1/en not_active Application Discontinuation
  • 2000-08-11 EP EP00955955A patent/EP1214658A1/de not_active Withdrawn

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events