WO2001079959A2 - System and method for the protection of electronic communications and data using multiple, single-use key codes - Google Patents

System and method for the protection of electronic communications and data using multiple, single-use key codes Download PDF

Info

Publication number
WO2001079959A2
WO2001079959A2 PCT/US2000/033660 US0033660W WO0179959A2 WO 2001079959 A2 WO2001079959 A2 WO 2001079959A2 US 0033660 W US0033660 W US 0033660W WO 0179959 A2 WO0179959 A2 WO 0179959A2
Authority
WO
WIPO (PCT)
Prior art keywords
code
memory medium
codes
sequence
issuing
Prior art date
Application number
PCT/US2000/033660
Other languages
French (fr)
Other versions
WO2001079959A3 (en
Inventor
Hugo Gabriel Martina
Original Assignee
Myers, Drewfus, Young, Jr.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Myers, Drewfus, Young, Jr. filed Critical Myers, Drewfus, Young, Jr.
Priority to AU2001220900A priority Critical patent/AU2001220900A1/en
Priority to EP00984247A priority patent/EP1269284A2/en
Publication of WO2001079959A2 publication Critical patent/WO2001079959A2/en
Publication of WO2001079959A3 publication Critical patent/WO2001079959A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0464Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Definitions

  • the present invention relates to the problems encountered in assuring the authenticity, confidentiality, and security of electronic communications and data transmissions between and among computer systems or "nodes,” especially with regard to the security of electronic messages and financial transactions such as confidential data transfers, bank funds transfers, electronic commercial transactions, message packet authentication to protect a network from unauthorized entry and use, virus protection, etc.
  • systems designed to insure the security of such electronic data transmission rely on the use of one or more security codes, timing mechanisms or other methods that can be and have been violated repeatedly by unauthorized elements, or complex, expensive and often restricted encryption techniques.
  • a single permanent code is employed that, once violated by an unauthorized party, can be used repeatedly until the violation is detected or a periodic code change is carried out.
  • U.S. Patent 5,948,103 teaches a method for the encryption and security of documents that uses a symbolic figure such as a signature or seal.
  • the electronic document is encrypted according to a confidential code and a predetermined characteristic that is extracted from the encrypted document.
  • the confidential code and the symbolic figure can be stored in a portable medium to increase security.
  • U.S. Patent 5,958,005 teaches a method and system to protect the security of message communications, data, and text such as e-mail between computers connected to a local area network (LAN) in which the degree or level of security can be selected for each communication.
  • the method is based on creating in the originating computer a message that contains an extra header that specifies, in addition to the address of the intended recipient computer, one or more security parameters that control the processing of the message in the receiving computer.
  • the security parameters include instructions for the erasure of the data message following its storage in the recipient computer.
  • the security parameters also include instruction as to whether or not copying, saving, forwarding and printing of the data message is allowed.
  • the recipient computer processes the data message in accord with the instructions. The erasure is of such a nature as to render the data message unrecoverable.
  • U.S. Patent 5,991,401 teaches a method for checking the security of data received by a computer within a LAN.
  • an incoming encrypted packet from a connected computer is first decrypted within a receiving communications adapter utilizing a master decryption key.
  • the decrypted incoming packet is then encrypted by utilizing a key identical to an encryption key employed by the sending computer.
  • a determination is made as to whether or not the packet produced by the second encryption is identical to the original incoming packet. If the re- encrypted packet is found to be identical to the original incoming packet, the decrypted package is forwarded to a system memory of the receiving computer system. Any incoming packet that does not meet this criterion is rejected as a security threat.
  • U.S. Patent 6,032,258 also discloses a method for validating a packet message communicated from a source node to a destination node in a LAN.
  • both the source and destination nodes in the LAN have access to a clock mechanism synchronized to a common time frame.
  • the method comprises generating a first security key using a time reference obtained from the clock mechanism and a password known by the source node and the destination node, communicating the first security key and the message packet from the source node to the destination node, generating a second security key using the password and the time reference, and comparing the second security key with the first security key.
  • the message packet is discarded if the second security key does not correspond with the first security key.
  • An alternative application of the method taught comprises communicating a first time reference obtained from the clock mechanism with a message packet, and when the first time reference and message packet are received by the destination node, comparing the first time reference with a second time reference obtained from the clock mechanism.
  • the message packet is discarded if the time difference between the first time reference and the second time reference is greater than a predetermined amount.
  • the predetermined amount of time may be based on a calculated normal packet transmission delay.
  • U.S. Patent 6,081,597 refers to a public key encryption system which entails encoding and decoding of data packets using programmed mathematical operations and claiming a high level of security for the encrypted information, including the use of disposable keys codes.
  • the method disclosed requires a specific program and processing capability not required in the invention herein disclosed.
  • Figure 1 A block diagram illustrating the basic components of the extensive computer network in which the system and method is designed to function.
  • FIG. 1 A flow chart illustrating the general application of the invention as applied to electronic data packet communications within a local area network (LAN) .
  • LAN local area network
  • Figure 3 A flow chart illustrating a preferred embodiment of the invention in the field of security for electronic financial transactions using a computer or other communications system in conjunction with an Internet site or other commercial entity.
  • Figure 4. A flow chart illustrating a preferred embodiment of the invention as used with a cellular telephone or remote satellite communications system.
  • the system and method of the present invention can be applied to the protection of any form of electronic communication of data or information packets, from a simple electronic message (e-mail) to highly confidential and complex information for international financial, economic or governmental applications.
  • a readable memory medium is provided on one end of communications to be protected, and an issuing and reading device is provided at the receiving or at an intermediate point for the communication.
  • a sequence of codes is selected, preferably by the issuing and reading device, and is stored at both the readable memory medium and the issuing and reading device.
  • the issuing and reading device is used with banking transactions and the like, wherein a single institution handles transactions for many different users.
  • different sequences of codes are preferably assigned to various users and identified utilizing specific identification number (SIN) and/or personal identification number (PIN) , preferably both, which are specific to that user.
  • SIN specific identification number
  • PIN personal identification number
  • the codes selected are preferably alpha-numeric codes, preferably having at least four characters. It is further preferred that each sequence of codes contain codes all having the same number of characters so as to simplify programming at both ends of the communications.
  • Alpha-numeric codes are preferred so as to expand the different values which could be assigned to each character and make random selection of the correct code all the more unlikely. It should of course be appreciated, however, that codes would be suitable for use within the invention be they purely alphabetic, purely numeric, or selected from some completely different series of identifiable and distinguishable characters. Thus, the term alpha-numeric codes as referred to and used herein should be interpreted so as to include all such codes, be they solely alphabetic, solely numerical, a combination of alphabetic and numeric, and/or generated from other sets of distinguishable characters as well.
  • the readable memory medium and issuing and reading devices of the present invention can readily be incorporated into both ends of communication in a wide variety of fields such as, for example, inter or intra office communication via LAN, Internet communications, financial transactions, and the like.
  • each authorized user in the LAN is issued a magnetically, electronically and/or optically readable device on which is recorded a sequence of alpha-numeric codes in a predetermined order.
  • the device also has associated with it a memory device or medium specific identification number, SIN, (such as a credit card number) that can be machine read or, if necessary, entered digitally, and a personal identification number (PIN) known only to the authorized user and the central processing node.
  • SIN medium specific identification number
  • the first code or codes in the sequence are transmitted to the receiving node as a preamble to the message or data packet.
  • the receiving node Upon receiving the packet, but before allowing it to be read, stored, forwarded or otherwise processed the receiving node will verify that the preamble code or codes correspond to the code or codes and sequence recorded in the central node as pertaining to the memory device or medium identified by the appropriate SIN and PIN. If the device SIN, PIN and code or codes (in proper order) correspond, processing of the packet is authorized and may proceed.
  • the message packet is rejected. If desired, a warning of such lack of correspondence may be forwarded to the authorized user and/or the appropriate authority advising of a possible security breach or remote device defect.
  • the system and method of the first preferred embodiment can be employed in a LAN in which all data packets must pass through the central processing node .or in a LAN in which each remote node is equipped to carry out the verification procedure, thus allowing direct remote-remote communication without passing through the central processing node.
  • a second preferred embodiment of the present invention relates to electronic financial and commercial operations with credit cards, financial funds transfers, purchases via Internet, etc.
  • the electronic network as being the central data processing computer of the bank or other entity issuing the credit or debit card to be used for an electronic purchase (the central node) and: (a) a remote node consisting of an appropriate hardware device for reading an encoded object such as a credit card magnet strip, a magnetic card, a holographic design, or other computer-readable memory medium that contains the security information necessary for the proper functioning of the invention;
  • the bank or other credit/debit card issuing entity emits an appropriate card or other suitable medium on or in which is recorded a series of alpha-numeric security codes, said codes being of a predetermined length (that is, a predetermined number of alpha-numeric symbols) and in a pre-established order or sequence.
  • the codes and sequence recorded on the card are also recorded in the central node computer in such a form that they are uniquely associated with the SIN and PIN assigned to the card.
  • the codes and their specific sequence are not known to the card holder and can only be read by the appropriate electronic means, and once read they are discarded. In that way any attempt to copy or "pirate" the codes will result in there being discarded and therefore invalidated.
  • one or more of the recorded codes is used as a security key for the identification and verification of the proper use of the card.
  • the codes are single-use codes.
  • the selling entity When the cardholder tries to carry out a commercial transaction the selling entity must verify the authenticity of the card. At that time the holder must supply the card SIN, which can also be machine-read where applicable, and the corresponding PIN, entered or transmitted manually. To complete the verification process, the readable medium of the card must be passed through or read by a remote hardware device attached to a remote computer that is in turn connected to the central node computer through a suitable network system.
  • the information on the recorded device or medium including one or more of the alpha-numeric security codes, is transmitted to the central node. If the code or codes and the sequence thus transmitted correspond to that or those recorded in the central node computer for the card the transaction is authorized by the central node computer and may be completed, assuming that the actual dollar or equivalent monetary value of the transaction is within the authorized limits for which the card is issued. Should the alpha-numeric code or codes or their exact sequence as read by the remote device not correspond to those registered in the central node computer the transaction will not be approved and the selling entity will be so advised.
  • the alpha-numeric code or codes used in the verification process are erased or discarded and are not available for further use.
  • the next code in sequence after the last code used becomes the first active code. For example, if the card or device being used has recorded the following sequence of four digit codes
  • a third preferred embodiment of the invention is its use in commercial transactions carried out with a cellular telephone, satellite telephone, palm-top computers or other similar communications device in the absence of a direct, hard-wired computer connection to a network, as described in the first and second preferred embodiments.
  • the cellular telephone, satellite telephone, palmtop computer or similar communications device may be equipped with a magnetic strip, card or other reading device.
  • the cellular telephone or similar communication device may be equipped with a removable or permanent re- writeable memory module in which is recorded by the emitting entity the predetermined sequence of alpha-numeric codes which are the subject of the present invention.
  • the bank or other emitting entity records the predetermined sequence of alpha-numeric codes on:
  • the selling entity When the ' card holder wishes to carry out a commercial transaction using the cellular telephone or similar communications device, the selling entity must verify the authenticity of the card holder and the approved credit limit. In order to carry out said verification, the card holder must enter the corresponding card SIN, through an attached card reader or by direct entry of the number using the normal number entry keys of the device, and the PIN.
  • the selling entity contacts the card issuing entity to obtain authorization for the transaction.
  • the selling entity creates a relay connection between the issuing entity and the cellular telephone or similar communications device at which time the issuing computer reads one or more of the alpha-numeric security codes. If the code or codes and the sequence, if more than one code is employed, correspond with those recorded in the issuing computer, the transaction is authorized, assuming that the value of the transaction falls within the pre-established credit or debit limits of the card. If the code or codes and/or the sequence of codes do not correspond to those recorded in the issuing computer, the transaction is not authorized and the selling entity is so informed. Once the code or codes are read from the card or other suitable memory medium, the codes employed are erased or inactivated in said memory medium as well as in the issuing computer and a new code becomes available for use in the next transaction.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Lock And Its Accessories (AREA)

Abstract

A system and method for the protection of electronic communications and data transmission using multiple, single-use key codes is described. When a data transmission or other transaction is initiated through the use of a device or medium specific identification number (SIN) and a personal identification number (PIN) by the central or a remote node, the first code in the recorded sequence is transmitted to the receiving node. If the code received corresponds, to the first available in the recorded sequence, the requested communication or transaction is verified and approved. If the key codes do not correspond, the communication or transaction is rejected. Once the first code in the sequence is used, it is erased or otherwise inactivated in both the central and remote nodes, and the subsequent code is activated for use in the following communication or transaction.

Description

System and Method for the Protection of Electronic Communications and Data Using Multiple, Single-Use Key Codes
BACKGROUND OF THE INVENTION
The present invention relates to the problems encountered in assuring the authenticity, confidentiality, and security of electronic communications and data transmissions between and among computer systems or "nodes," especially with regard to the security of electronic messages and financial transactions such as confidential data transfers, bank funds transfers, electronic commercial transactions, message packet authentication to protect a network from unauthorized entry and use, virus protection, etc. At the present time, systems designed to insure the security of such electronic data transmission rely on the use of one or more security codes, timing mechanisms or other methods that can be and have been violated repeatedly by unauthorized elements, or complex, expensive and often restricted encryption techniques. With most common electronic security systems, a single permanent code is employed that, once violated by an unauthorized party, can be used repeatedly until the violation is detected or a periodic code change is carried out.
Rapid advances in the capacity of electronic, magnetic, and optical storage media make it possible for a magnetic strip, disk, hologram or other machine readable medium to contain large amounts of data in small areas such as credit card strips, magnetic chips, holograms, etc. Because of this increased storage capacity, it has become possible to greatly increase the amount of information that can be stored in such media, thereby increasing the potential for increased security in electronic media. While many patents have been issued related to the security of electronic data transfer, communications, financial transactions, etc., all rely on the use of fixed codes and counter signs, encryption, or time-of-transmission correlations.
As an example, U.S. Patent 5,948,103 teaches a method for the encryption and security of documents that uses a symbolic figure such as a signature or seal. The electronic document is encrypted according to a confidential code and a predetermined characteristic that is extracted from the encrypted document. The confidential code and the symbolic figure can be stored in a portable medium to increase security.
U.S. Patent 5,958,005 teaches a method and system to protect the security of message communications, data, and text such as e-mail between computers connected to a local area network (LAN) in which the degree or level of security can be selected for each communication. The method is based on creating in the originating computer a message that contains an extra header that specifies, in addition to the address of the intended recipient computer, one or more security parameters that control the processing of the message in the receiving computer. The security parameters include instructions for the erasure of the data message following its storage in the recipient computer. The security parameters also include instruction as to whether or not copying, saving, forwarding and printing of the data message is allowed. The recipient computer processes the data message in accord with the instructions. The erasure is of such a nature as to render the data message unrecoverable.
U.S. Patent 5,991,401 teaches a method for checking the security of data received by a computer within a LAN. In the method, an incoming encrypted packet from a connected computer is first decrypted within a receiving communications adapter utilizing a master decryption key. The decrypted incoming packet is then encrypted by utilizing a key identical to an encryption key employed by the sending computer. A determination is made as to whether or not the packet produced by the second encryption is identical to the original incoming packet. If the re- encrypted packet is found to be identical to the original incoming packet, the decrypted package is forwarded to a system memory of the receiving computer system. Any incoming packet that does not meet this criterion is rejected as a security threat.
U.S. Patent 6,032,258 also discloses a method for validating a packet message communicated from a source node to a destination node in a LAN. In the disclosure, both the source and destination nodes in the LAN have access to a clock mechanism synchronized to a common time frame. The method comprises generating a first security key using a time reference obtained from the clock mechanism and a password known by the source node and the destination node, communicating the first security key and the message packet from the source node to the destination node, generating a second security key using the password and the time reference, and comparing the second security key with the first security key. The message packet is discarded if the second security key does not correspond with the first security key. An alternative application of the method taught comprises communicating a first time reference obtained from the clock mechanism with a message packet, and when the first time reference and message packet are received by the destination node, comparing the first time reference with a second time reference obtained from the clock mechanism. The message packet is discarded if the time difference between the first time reference and the second time reference is greater than a predetermined amount. The predetermined amount of time may be based on a calculated normal packet transmission delay.
U.S. Patent 6,081,597 refers to a public key encryption system which entails encoding and decoding of data packets using programmed mathematical operations and claiming a high level of security for the encrypted information, including the use of disposable keys codes. The method disclosed requires a specific program and processing capability not required in the invention herein disclosed.
Similar techniques have been described for insuring the security of electronic data transfers. As in the prior art cited, however, most are designed for use in limited LAN applications and rely on complex encryption techniques, critical time synchronization techniques, special external hardware, etc. In comparison, the system and method disclosed in the present invention provides a simple, highly portable mechanism by which the security of electronic data transmission and the authenticity of such transmission can be assured.
BRIEF DESCRIPTION OF THE DRAWINGS
The system and method for insuring the security and authenticity of electronic data communications taught by the present invention may be better understood by reference to the attached figures, including:
Figure 1. A block diagram illustrating the basic components of the extensive computer network in which the system and method is designed to function.
Figure 2. A flow chart illustrating the general application of the invention as applied to electronic data packet communications within a local area network (LAN) .
Figure 3. A flow chart illustrating a preferred embodiment of the invention in the field of security for electronic financial transactions using a computer or other communications system in conjunction with an Internet site or other commercial entity. Figure 4. A flow chart illustrating a preferred embodiment of the invention as used with a cellular telephone or remote satellite communications system.
DETAILED DESCRIPTION OF THE INVENTION
The system and method of the present invention can be applied to the protection of any form of electronic communication of data or information packets, from a simple electronic message (e-mail) to highly confidential and complex information for international financial, economic or governmental applications.
In accordance with the present invention, a readable memory medium is provided on one end of communications to be protected, and an issuing and reading device is provided at the receiving or at an intermediate point for the communication. In accordance with the present invention, a sequence of codes is selected, preferably by the issuing and reading device, and is stored at both the readable memory medium and the issuing and reading device. In one embodiment of the invention, the issuing and reading device is used with banking transactions and the like, wherein a single institution handles transactions for many different users. In this embodiment, different sequences of codes are preferably assigned to various users and identified utilizing specific identification number (SIN) and/or personal identification number (PIN) , preferably both, which are specific to that user. Thus, a selected sequence of codes provided to a particular user having SIN and PIN is preferably stored at the issuing and reading device and specifically identified to that particular SIN and PIN.
The codes selected are preferably alpha-numeric codes, preferably having at least four characters. It is further preferred that each sequence of codes contain codes all having the same number of characters so as to simplify programming at both ends of the communications.
Alpha-numeric codes are preferred so as to expand the different values which could be assigned to each character and make random selection of the correct code all the more unlikely. It should of course be appreciated, however, that codes would be suitable for use within the invention be they purely alphabetic, purely numeric, or selected from some completely different series of identifiable and distinguishable characters. Thus, the term alpha-numeric codes as referred to and used herein should be interpreted so as to include all such codes, be they solely alphabetic, solely numerical, a combination of alphabetic and numeric, and/or generated from other sets of distinguishable characters as well.
As will be further explained with reference to Figures 1-4 below, the readable memory medium and issuing and reading devices of the present invention can readily be incorporated into both ends of communication in a wide variety of fields such as, for example, inter or intra office communication via LAN, Internet communications, financial transactions, and the like.
The security of electronic data packet transmissions serves as an example of a first preferred embodiment of the present invention. Referring to Figure 1, this preferred embodiment contemplates the use of the system and method of the present invention for message security in a local area network (LAN) . In the application, each authorized user in the LAN is issued a magnetically, electronically and/or optically readable device on which is recorded a sequence of alpha-numeric codes in a predetermined order. The device also has associated with it a memory device or medium specific identification number, SIN, (such as a credit card number) that can be machine read or, if necessary, entered digitally, and a personal identification number (PIN) known only to the authorized user and the central processing node.
When the authorized remote user initiates the transmission of a message or other data packet to the central processing node or to another remote node, the first code or codes in the sequence are transmitted to the receiving node as a preamble to the message or data packet. Upon receiving the packet, but before allowing it to be read, stored, forwarded or otherwise processed the receiving node will verify that the preamble code or codes correspond to the code or codes and sequence recorded in the central node as pertaining to the memory device or medium identified by the appropriate SIN and PIN. If the device SIN, PIN and code or codes (in proper order) correspond, processing of the packet is authorized and may proceed. If one of the security elements, the device SIN, the user PIN, the recorded code or codes, and sequence if more than one code is employed, does not correspond, the message packet is rejected. If desired, a warning of such lack of correspondence may be forwarded to the authorized user and/or the appropriate authority advising of a possible security breach or remote device defect.
The system and method of the first preferred embodiment can be employed in a LAN in which all data packets must pass through the central processing node .or in a LAN in which each remote node is equipped to carry out the verification procedure, thus allowing direct remote-remote communication without passing through the central processing node.
A second preferred embodiment of the present invention relates to electronic financial and commercial operations with credit cards, financial funds transfers, purchases via Internet, etc. In this preferred embodiment, one defines the electronic network as being the central data processing computer of the bank or other entity issuing the credit or debit card to be used for an electronic purchase (the central node) and: (a) a remote node consisting of an appropriate hardware device for reading an encoded object such as a credit card magnet strip, a magnetic card, a holographic design, or other computer-readable memory medium that contains the security information necessary for the proper functioning of the invention;
(b) a magnetic stripped credit or debit card, magnetic card, holographic symbol or other media suitable to be read electronically by the aforementioned device, said media having been previously recorded with the security codes and sequence disclosed in the present invention by the system of which the central node is a part, said card or other medium having also assigned and recorded a specific identification number (SIN) ;
(c) a user personal identification number (PIN) maintained separate from the device or medium described in (b) .
As an example of security for an electronic credit/debit card purchase, the system described, and illustrated schematically in Figure 2, functions in the following way:
The bank or other credit/debit card issuing entity emits an appropriate card or other suitable medium on or in which is recorded a series of alpha-numeric security codes, said codes being of a predetermined length (that is, a predetermined number of alpha-numeric symbols) and in a pre-established order or sequence. The codes and sequence recorded on the card are also recorded in the central node computer in such a form that they are uniquely associated with the SIN and PIN assigned to the card. The codes and their specific sequence are not known to the card holder and can only be read by the appropriate electronic means, and once read they are discarded. In that way any attempt to copy or "pirate" the codes will result in there being discarded and therefore invalidated.
In the process of carrying out a commercial transaction, one or more of the recorded codes is used as a security key for the identification and verification of the proper use of the card. When one or more of the codes is used in the processing of a transaction, that or those codes are discarded. That is, the codes are single-use codes. When an attempt is made to carry out an electronic commercial transaction using the card, it will be necessary to have both the card SIN and the PIN associated with it.
When the cardholder tries to carry out a commercial transaction the selling entity must verify the authenticity of the card. At that time the holder must supply the card SIN, which can also be machine-read where applicable, and the corresponding PIN, entered or transmitted manually. To complete the verification process, the readable medium of the card must be passed through or read by a remote hardware device attached to a remote computer that is in turn connected to the central node computer through a suitable network system.
When the card is read by the remote device the information on the recorded device or medium, including one or more of the alpha-numeric security codes, is transmitted to the central node. If the code or codes and the sequence thus transmitted correspond to that or those recorded in the central node computer for the card the transaction is authorized by the central node computer and may be completed, assuming that the actual dollar or equivalent monetary value of the transaction is within the authorized limits for which the card is issued. Should the alpha-numeric code or codes or their exact sequence as read by the remote device not correspond to those registered in the central node computer the transaction will not be approved and the selling entity will be so advised.
Once the transaction has taken place, the alpha-numeric code or codes used in the verification process are erased or discarded and are not available for further use. The next code in sequence after the last code used becomes the first active code. For example, if the card or device being used has recorded the following sequence of four digit codes
A429 23B5 ZPIL 34SS 671x N90 88HJ 32LP XCOW and a requested transaction requires the use of two codes, the central node will read and compare the codes A429 and 23B5. If they correspond to the codes and the order in the central node the transaction will be approved and the new sequence in the card will be
ZPIL 34SS 671x MN90 88HJ 32LP XCOW If, on the other hand, the central node reads the sequence 23B5 and ZPIL from the card while the first two codes in the sequence registered in the central node are A429 and 23B5, the transactions will be rejected by the central node.
As indicated previously, in the case that an unauthorized party attempts to read the codes and sequence from the card, the act of reading said information will cause the information to be erased or discarded from the card, but not from the central node, thereby making the attempt to breach the security system futile since any attempt to obtain verification and authorization will result in a mismatch between the card and central node. In such a case, the card issuing entity would have to issue a new card with a new series of alpha-numeric codes.
It may, under some circumstances, be useful to have added security by carrying out an automatic re-ordering or "shuffling" of the code sequence based on, for example, a pre-established date change, or on request by the card holder or the issuing entity. Said re-ordering would require the use of a more sophisticated remote hardware device capable of writing to, as well as reading, the recorded media.
A third preferred embodiment of the invention is its use in commercial transactions carried out with a cellular telephone, satellite telephone, palm-top computers or other similar communications device in the absence of a direct, hard-wired computer connection to a network, as described in the first and second preferred embodiments. In this third preferred embodiment, the cellular telephone, satellite telephone, palmtop computer or similar communications device may be equipped with a magnetic strip, card or other reading device. Alternatively, the cellular telephone or similar communication device may be equipped with a removable or permanent re- writeable memory module in which is recorded by the emitting entity the predetermined sequence of alpha-numeric codes which are the subject of the present invention.
The operational characteristics of this third preferred embodiment, as illustrated in Figure 4, would be the following:
1. The bank or other emitting entity records the predetermined sequence of alpha-numeric codes on:
(a) the magnetic strip of a credit card, in a holographic recording medium, or other suitable device or medium for the purpose that can be read by the cellular telephone, satellite telephone or other suitable communication device, or
(b) into a portable memory module that can be inserted into or connected to said communication device, or
(c) directly in a fixed memory module in said device through a suitable port provided in the communications device.
2. When the ' card holder wishes to carry out a commercial transaction using the cellular telephone or similar communications device, the selling entity must verify the authenticity of the card holder and the approved credit limit. In order to carry out said verification, the card holder must enter the corresponding card SIN, through an attached card reader or by direct entry of the number using the normal number entry keys of the device, and the PIN.
3. Once the SIN and PIN are entered into the system, the selling entity contacts the card issuing entity to obtain authorization for the transaction. Once the connection is made between the selling entity and the issuing entity, the selling entity creates a relay connection between the issuing entity and the cellular telephone or similar communications device at which time the issuing computer reads one or more of the alpha-numeric security codes. If the code or codes and the sequence, if more than one code is employed, correspond with those recorded in the issuing computer, the transaction is authorized, assuming that the value of the transaction falls within the pre-established credit or debit limits of the card. If the code or codes and/or the sequence of codes do not correspond to those recorded in the issuing computer, the transaction is not authorized and the selling entity is so informed. Once the code or codes are read from the card or other suitable memory medium, the codes employed are erased or inactivated in said memory medium as well as in the issuing computer and a new code becomes available for use in the next transaction.
Since the codes and sequence can only be read once, any attempt to read the codes and sequence from the card or other memory medium by a device other than the issuing computer will result in their erasure or deactivation in said medium, but not in the issuing computer. There will thereby be created a sequence shift that will effectively nullify the entire sequence and result in an invalidation of the card or other medium for use in electronic commercial operations until such time as a new sequence of codes is issued by the issuing entity.
In the course of the foregoing description, various devices have been referred to as including one form or another of readable memory medium and/or issuing and reading devices. The software, hardware and configuration of these devices is considered to be well within the skill of a personal of ordinary skill in the art. Thus, specific disclosure of device, software and the like is not included herein. Through this invention of a system and method for using pre- established alpha-numeric codes and sequences, a system approves a communication, purchase or other financial transaction electronically in a manner that is immune to unauthorized exploitation by a third party, the security of which is limited only by the security of the information recorded in the issuing computer. Such a level of security as provided by the present invention will facilitate the growing levels of electronic financial transactions while greatly increasing the security of the same.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. It is intended that the specification and examples be considered as exemplary only, with the true scope and spirit of the invention being indicated by the following claims.

Claims

WHAT IS CLAIMED:
1. A system for insuring security of electronic communications or transactions, comprising a readable memory medium associated with an issuing and reading device, said memory medium having recorded thereon a specific sequence of alpha-numeric codes, said sequence of alpha-numeric codes also being recorded in the issuing and reading device in such a way that they are specifically associated with said readable memory medium.
2. A system according to Claim 1, wherein said readable memory medium is associated with a financial transaction medium
3. A system according to Claim 1, wherein said readable memory medium is selected from the group consisting of electronically, magnetically and optically readable memory devices.
4. A system according to Claim 1, wherein said readable memory medium is communicated with said issuing and reading device by a communication network.
5. A system according to Claim 1 in which said alpha-numeric codes comprise at least four (4) alpha-numeric characters.
6. A system according to Claim 5 in which the sequence of alpha-numeric codes recorded in both said readable memory medium and said issuing and reading device is fixed so that said codes are available for reading and verification only in said sequence.
7. A system according to Claim 6, wherein said issuing and reading device is adapted to validate a communication from a device having said readable memory medium, wherein said device is adapted to include a next readable code from said codes with said communication, and wherein said issuing and reading device is programmed to validate communications including said next readable code and to invalidate communications which do not include said next readable code.
8. A system according to Claim 7, wherein said readable memory medium and said issuing and reading device are adapted to each deactivate a particular code value from said codes after use and to assign a sequentially next value of said codes to said next readable code.
9. A system according to Claim 1 in which the alpha-numeric codes and sequence recorded in both said readable memory medium and said issuing and reading device are readable on a one-time- only basis after which read codes are deactivated leaving a next code in said sequence as an active code for verification or authorization of a next transmission using said readable memory medium.
10. A system according to Claim 1 wherein said readable memory medium is a magnetic strip of a credit or debit card, said codes being readable by a reading device connected to a communications system.
11. A system according to Claim 1 wherein said readable memory medium is a magnetic memory chip, said chip being readable by a reading device connected to a communications system.
12. A system according to Claim 1 wherein said readable memory medium is a holographic memory medium, said medium being readable by a reading device connected to a communications system.
13. A system according to Claim 1 wherein said readable memory medium is a volatile memory in a communications device.
14. A system according to Claim 1 wherein said readable memory is a portable, independent memory medium that can be operatively associated with a port at a computer and subsequently read by said computer.
15. A system according to Claim 1 wherein at least one of said codes and sequence of said codes can be modified in both said readable memory medium and said issuing and reading device.
16. A system according to Claim 1 in which an information packet sent from a remote device having said readable memory medium has a preamble including a next readable code, and wherein a receiving device including said issuing and reading device is adapted to prevent introduction of said information packet into said receiving device should lack of correspondence in said next readable code be detected.
17. A method for insuring security of electronic communications or transactions, comprising the steps of providing a readable memory medium storing a sequence of alpha-numeric codes; providing an issuing and reading device storing said sequence and adapted to receive communications from a device including said readable memory medium; sending a communication from said device to said issuing and reading device wherein said communication includes a next available code from said sequence; validating said communication with said issuing and reading device by comparing said next available code from said communication with a next available code of said sequence from said issuing and reading device; inactivating a code from said sequence stored in said readable memory medium after said code is used as said next available code whereby a new code becomes said next available code; and inactivating a code from said reading device when said code is received in said communication.
18. A method Claim 17 wherein said issuing and reading device is adapted to generate said sequence and communicate said sequence to said readable memory medium.
PCT/US2000/033660 2000-04-04 2000-12-12 System and method for the protection of electronic communications and data using multiple, single-use key codes WO2001079959A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AU2001220900A AU2001220900A1 (en) 2000-04-04 2000-12-12 System and method for the protection of electronic communications and data usingmultiple, single-use key codes
EP00984247A EP1269284A2 (en) 2000-04-04 2000-12-12 System and method for the protection of electronic communications and data using multiple, single-use key codes

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
AR000101531 2000-04-04
ARP000101531 2000-04-04
US64918500A 2000-08-28 2000-08-28
US09/649,185 2000-08-28

Publications (2)

Publication Number Publication Date
WO2001079959A2 true WO2001079959A2 (en) 2001-10-25
WO2001079959A3 WO2001079959A3 (en) 2002-03-07

Family

ID=25590782

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/033660 WO2001079959A2 (en) 2000-04-04 2000-12-12 System and method for the protection of electronic communications and data using multiple, single-use key codes

Country Status (3)

Country Link
EP (1) EP1269284A2 (en)
AU (1) AU2001220900A1 (en)
WO (1) WO2001079959A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7784086B2 (en) * 2006-03-08 2010-08-24 Panasonic Corporation Method for secure packet identification
US20120154147A1 (en) * 2010-12-18 2012-06-21 Zhiheng Cao Method and Apparatus for Preventing Person, Animals or Items from Getting Lost

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4800590A (en) * 1985-01-14 1989-01-24 Willis E. Higgins Computer key and computer lock system
US5606614A (en) * 1993-10-15 1997-02-25 British Telecommunications Public Limited Company Personal identification systems
US5751812A (en) * 1996-08-27 1998-05-12 Bell Communications Research, Inc. Re-initialization of an iterated hash function secure password system over an insecure network connection

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4800590A (en) * 1985-01-14 1989-01-24 Willis E. Higgins Computer key and computer lock system
US5606614A (en) * 1993-10-15 1997-02-25 British Telecommunications Public Limited Company Personal identification systems
US5751812A (en) * 1996-08-27 1998-05-12 Bell Communications Research, Inc. Re-initialization of an iterated hash function secure password system over an insecure network connection

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7784086B2 (en) * 2006-03-08 2010-08-24 Panasonic Corporation Method for secure packet identification
US20120154147A1 (en) * 2010-12-18 2012-06-21 Zhiheng Cao Method and Apparatus for Preventing Person, Animals or Items from Getting Lost
US8659419B2 (en) * 2010-12-18 2014-02-25 Zhiheng Cao Method and apparatus for preventing person, animals or items from getting lost

Also Published As

Publication number Publication date
WO2001079959A3 (en) 2002-03-07
AU2001220900A1 (en) 2001-10-30
EP1269284A2 (en) 2003-01-02

Similar Documents

Publication Publication Date Title
EP1302018B1 (en) Secure transactions with passive storage media
US5694471A (en) Counterfeit-proof identification card
EP2801061B1 (en) Data protection with translation
RU2300844C2 (en) Personal cryptoprotection system
US6230267B1 (en) IC card transportation key set
KR100346615B1 (en) A personal website for electronic commerce on a smart java card with multiple security check points
EP2143028B1 (en) Secure pin management
EP0402301A1 (en) A method of transferring data and a system for transferring data
US20070168291A1 (en) Electronic negotiable documents
CN102696047A (en) Encryption switch processing
USRE36310E (en) Method of transferring data, between computer systems using electronic cards
GB2297856A (en) Electronic negotiable documents
CN113595714A (en) Contactless card with multiple rotating security keys
CA2212457C (en) Electronic negotiable documents
KR100406009B1 (en) Method for protecting forgery and alteration of smart card using angular multiplexing hologram and system thereof
WO2001079959A2 (en) System and method for the protection of electronic communications and data using multiple, single-use key codes
JP3693709B2 (en) Information writing / reading method for portable information recording medium
WO1998029983A1 (en) Transaction key generation system
EP1129436A1 (en) A method of encryption and apparatus therefor
WO1998032260A1 (en) Secure messaging table system
US20240127242A1 (en) Methods and systems for processing customer-initiated payment transactions
EP1733328B1 (en) Non-algorithmic vectored steganography
CA2913381C (en) Method for control of authenticity of a payment terminal and terminal thus secured
JP2003174442A (en) Cryptographic key generation processing method
CA2605569C (en) Electronic negotiable documents

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

WWE Wipo information: entry into national phase

Ref document number: 2000984247

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2000984247

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Ref document number: 2000984247

Country of ref document: EP