WO2001079959A2 - Systeme et procede permettant la protection de communications electroniques et de donnees par utilisation de multiples codes de touche a usage unique - Google Patents

Systeme et procede permettant la protection de communications electroniques et de donnees par utilisation de multiples codes de touche a usage unique Download PDF

Info

Publication number
WO2001079959A2
WO2001079959A2 PCT/US2000/033660 US0033660W WO0179959A2 WO 2001079959 A2 WO2001079959 A2 WO 2001079959A2 US 0033660 W US0033660 W US 0033660W WO 0179959 A2 WO0179959 A2 WO 0179959A2
Authority
WO
WIPO (PCT)
Prior art keywords
code
memory medium
codes
sequence
issuing
Prior art date
Application number
PCT/US2000/033660
Other languages
English (en)
Other versions
WO2001079959A3 (fr
Inventor
Hugo Gabriel Martina
Original Assignee
Myers, Drewfus, Young, Jr.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Myers, Drewfus, Young, Jr. filed Critical Myers, Drewfus, Young, Jr.
Priority to AU2001220900A priority Critical patent/AU2001220900A1/en
Priority to EP00984247A priority patent/EP1269284A2/fr
Publication of WO2001079959A2 publication Critical patent/WO2001079959A2/fr
Publication of WO2001079959A3 publication Critical patent/WO2001079959A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0464Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Definitions

  • the present invention relates to the problems encountered in assuring the authenticity, confidentiality, and security of electronic communications and data transmissions between and among computer systems or "nodes,” especially with regard to the security of electronic messages and financial transactions such as confidential data transfers, bank funds transfers, electronic commercial transactions, message packet authentication to protect a network from unauthorized entry and use, virus protection, etc.
  • systems designed to insure the security of such electronic data transmission rely on the use of one or more security codes, timing mechanisms or other methods that can be and have been violated repeatedly by unauthorized elements, or complex, expensive and often restricted encryption techniques.
  • a single permanent code is employed that, once violated by an unauthorized party, can be used repeatedly until the violation is detected or a periodic code change is carried out.
  • U.S. Patent 5,948,103 teaches a method for the encryption and security of documents that uses a symbolic figure such as a signature or seal.
  • the electronic document is encrypted according to a confidential code and a predetermined characteristic that is extracted from the encrypted document.
  • the confidential code and the symbolic figure can be stored in a portable medium to increase security.
  • U.S. Patent 5,958,005 teaches a method and system to protect the security of message communications, data, and text such as e-mail between computers connected to a local area network (LAN) in which the degree or level of security can be selected for each communication.
  • the method is based on creating in the originating computer a message that contains an extra header that specifies, in addition to the address of the intended recipient computer, one or more security parameters that control the processing of the message in the receiving computer.
  • the security parameters include instructions for the erasure of the data message following its storage in the recipient computer.
  • the security parameters also include instruction as to whether or not copying, saving, forwarding and printing of the data message is allowed.
  • the recipient computer processes the data message in accord with the instructions. The erasure is of such a nature as to render the data message unrecoverable.
  • U.S. Patent 5,991,401 teaches a method for checking the security of data received by a computer within a LAN.
  • an incoming encrypted packet from a connected computer is first decrypted within a receiving communications adapter utilizing a master decryption key.
  • the decrypted incoming packet is then encrypted by utilizing a key identical to an encryption key employed by the sending computer.
  • a determination is made as to whether or not the packet produced by the second encryption is identical to the original incoming packet. If the re- encrypted packet is found to be identical to the original incoming packet, the decrypted package is forwarded to a system memory of the receiving computer system. Any incoming packet that does not meet this criterion is rejected as a security threat.
  • U.S. Patent 6,032,258 also discloses a method for validating a packet message communicated from a source node to a destination node in a LAN.
  • both the source and destination nodes in the LAN have access to a clock mechanism synchronized to a common time frame.
  • the method comprises generating a first security key using a time reference obtained from the clock mechanism and a password known by the source node and the destination node, communicating the first security key and the message packet from the source node to the destination node, generating a second security key using the password and the time reference, and comparing the second security key with the first security key.
  • the message packet is discarded if the second security key does not correspond with the first security key.
  • An alternative application of the method taught comprises communicating a first time reference obtained from the clock mechanism with a message packet, and when the first time reference and message packet are received by the destination node, comparing the first time reference with a second time reference obtained from the clock mechanism.
  • the message packet is discarded if the time difference between the first time reference and the second time reference is greater than a predetermined amount.
  • the predetermined amount of time may be based on a calculated normal packet transmission delay.
  • U.S. Patent 6,081,597 refers to a public key encryption system which entails encoding and decoding of data packets using programmed mathematical operations and claiming a high level of security for the encrypted information, including the use of disposable keys codes.
  • the method disclosed requires a specific program and processing capability not required in the invention herein disclosed.
  • Figure 1 A block diagram illustrating the basic components of the extensive computer network in which the system and method is designed to function.
  • FIG. 1 A flow chart illustrating the general application of the invention as applied to electronic data packet communications within a local area network (LAN) .
  • LAN local area network
  • Figure 3 A flow chart illustrating a preferred embodiment of the invention in the field of security for electronic financial transactions using a computer or other communications system in conjunction with an Internet site or other commercial entity.
  • Figure 4. A flow chart illustrating a preferred embodiment of the invention as used with a cellular telephone or remote satellite communications system.
  • the system and method of the present invention can be applied to the protection of any form of electronic communication of data or information packets, from a simple electronic message (e-mail) to highly confidential and complex information for international financial, economic or governmental applications.
  • a readable memory medium is provided on one end of communications to be protected, and an issuing and reading device is provided at the receiving or at an intermediate point for the communication.
  • a sequence of codes is selected, preferably by the issuing and reading device, and is stored at both the readable memory medium and the issuing and reading device.
  • the issuing and reading device is used with banking transactions and the like, wherein a single institution handles transactions for many different users.
  • different sequences of codes are preferably assigned to various users and identified utilizing specific identification number (SIN) and/or personal identification number (PIN) , preferably both, which are specific to that user.
  • SIN specific identification number
  • PIN personal identification number
  • the codes selected are preferably alpha-numeric codes, preferably having at least four characters. It is further preferred that each sequence of codes contain codes all having the same number of characters so as to simplify programming at both ends of the communications.
  • Alpha-numeric codes are preferred so as to expand the different values which could be assigned to each character and make random selection of the correct code all the more unlikely. It should of course be appreciated, however, that codes would be suitable for use within the invention be they purely alphabetic, purely numeric, or selected from some completely different series of identifiable and distinguishable characters. Thus, the term alpha-numeric codes as referred to and used herein should be interpreted so as to include all such codes, be they solely alphabetic, solely numerical, a combination of alphabetic and numeric, and/or generated from other sets of distinguishable characters as well.
  • the readable memory medium and issuing and reading devices of the present invention can readily be incorporated into both ends of communication in a wide variety of fields such as, for example, inter or intra office communication via LAN, Internet communications, financial transactions, and the like.
  • each authorized user in the LAN is issued a magnetically, electronically and/or optically readable device on which is recorded a sequence of alpha-numeric codes in a predetermined order.
  • the device also has associated with it a memory device or medium specific identification number, SIN, (such as a credit card number) that can be machine read or, if necessary, entered digitally, and a personal identification number (PIN) known only to the authorized user and the central processing node.
  • SIN medium specific identification number
  • the first code or codes in the sequence are transmitted to the receiving node as a preamble to the message or data packet.
  • the receiving node Upon receiving the packet, but before allowing it to be read, stored, forwarded or otherwise processed the receiving node will verify that the preamble code or codes correspond to the code or codes and sequence recorded in the central node as pertaining to the memory device or medium identified by the appropriate SIN and PIN. If the device SIN, PIN and code or codes (in proper order) correspond, processing of the packet is authorized and may proceed.
  • the message packet is rejected. If desired, a warning of such lack of correspondence may be forwarded to the authorized user and/or the appropriate authority advising of a possible security breach or remote device defect.
  • the system and method of the first preferred embodiment can be employed in a LAN in which all data packets must pass through the central processing node .or in a LAN in which each remote node is equipped to carry out the verification procedure, thus allowing direct remote-remote communication without passing through the central processing node.
  • a second preferred embodiment of the present invention relates to electronic financial and commercial operations with credit cards, financial funds transfers, purchases via Internet, etc.
  • the electronic network as being the central data processing computer of the bank or other entity issuing the credit or debit card to be used for an electronic purchase (the central node) and: (a) a remote node consisting of an appropriate hardware device for reading an encoded object such as a credit card magnet strip, a magnetic card, a holographic design, or other computer-readable memory medium that contains the security information necessary for the proper functioning of the invention;
  • the bank or other credit/debit card issuing entity emits an appropriate card or other suitable medium on or in which is recorded a series of alpha-numeric security codes, said codes being of a predetermined length (that is, a predetermined number of alpha-numeric symbols) and in a pre-established order or sequence.
  • the codes and sequence recorded on the card are also recorded in the central node computer in such a form that they are uniquely associated with the SIN and PIN assigned to the card.
  • the codes and their specific sequence are not known to the card holder and can only be read by the appropriate electronic means, and once read they are discarded. In that way any attempt to copy or "pirate" the codes will result in there being discarded and therefore invalidated.
  • one or more of the recorded codes is used as a security key for the identification and verification of the proper use of the card.
  • the codes are single-use codes.
  • the selling entity When the cardholder tries to carry out a commercial transaction the selling entity must verify the authenticity of the card. At that time the holder must supply the card SIN, which can also be machine-read where applicable, and the corresponding PIN, entered or transmitted manually. To complete the verification process, the readable medium of the card must be passed through or read by a remote hardware device attached to a remote computer that is in turn connected to the central node computer through a suitable network system.
  • the information on the recorded device or medium including one or more of the alpha-numeric security codes, is transmitted to the central node. If the code or codes and the sequence thus transmitted correspond to that or those recorded in the central node computer for the card the transaction is authorized by the central node computer and may be completed, assuming that the actual dollar or equivalent monetary value of the transaction is within the authorized limits for which the card is issued. Should the alpha-numeric code or codes or their exact sequence as read by the remote device not correspond to those registered in the central node computer the transaction will not be approved and the selling entity will be so advised.
  • the alpha-numeric code or codes used in the verification process are erased or discarded and are not available for further use.
  • the next code in sequence after the last code used becomes the first active code. For example, if the card or device being used has recorded the following sequence of four digit codes
  • a third preferred embodiment of the invention is its use in commercial transactions carried out with a cellular telephone, satellite telephone, palm-top computers or other similar communications device in the absence of a direct, hard-wired computer connection to a network, as described in the first and second preferred embodiments.
  • the cellular telephone, satellite telephone, palmtop computer or similar communications device may be equipped with a magnetic strip, card or other reading device.
  • the cellular telephone or similar communication device may be equipped with a removable or permanent re- writeable memory module in which is recorded by the emitting entity the predetermined sequence of alpha-numeric codes which are the subject of the present invention.
  • the bank or other emitting entity records the predetermined sequence of alpha-numeric codes on:
  • the selling entity When the ' card holder wishes to carry out a commercial transaction using the cellular telephone or similar communications device, the selling entity must verify the authenticity of the card holder and the approved credit limit. In order to carry out said verification, the card holder must enter the corresponding card SIN, through an attached card reader or by direct entry of the number using the normal number entry keys of the device, and the PIN.
  • the selling entity contacts the card issuing entity to obtain authorization for the transaction.
  • the selling entity creates a relay connection between the issuing entity and the cellular telephone or similar communications device at which time the issuing computer reads one or more of the alpha-numeric security codes. If the code or codes and the sequence, if more than one code is employed, correspond with those recorded in the issuing computer, the transaction is authorized, assuming that the value of the transaction falls within the pre-established credit or debit limits of the card. If the code or codes and/or the sequence of codes do not correspond to those recorded in the issuing computer, the transaction is not authorized and the selling entity is so informed. Once the code or codes are read from the card or other suitable memory medium, the codes employed are erased or inactivated in said memory medium as well as in the issuing computer and a new code becomes available for use in the next transaction.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Lock And Its Accessories (AREA)

Abstract

La présente invention concerne un système et un procédé permettant la protection de communications électroniques et de transmissions de données, par utilisation de multiples codes de touche à usage unique. Lorsqu'une transmission de données ou une autre transaction est initiée par l'utilisation d'un numéro d'identification spécifique au support ou au dispositif (SIN) et d'un numéro d'identification personnel (PIN) par le noeud central ou par un noeud distant, le premier code dans la séquence enregistrée est transmis au noeud de réception. Si le code reçu correspond au premier disponible dans la séquence enregistrée, la communication ou la transaction demandée est vérifiée et approuvée. Si les codes de touche ne correspondent pas, la communication ou la transaction est rejetée. Une fois que le premier code dans la séquence est utilisé, il est effacé ou inactivé à la fois dans le noeud central et dans le noeud distant et le code suivant est activé, afin d'être utilisé dans la communication ou la transaction suivante.
PCT/US2000/033660 2000-04-04 2000-12-12 Systeme et procede permettant la protection de communications electroniques et de donnees par utilisation de multiples codes de touche a usage unique WO2001079959A2 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AU2001220900A AU2001220900A1 (en) 2000-04-04 2000-12-12 System and method for the protection of electronic communications and data usingmultiple, single-use key codes
EP00984247A EP1269284A2 (fr) 2000-04-04 2000-12-12 Systeme et procede permettant la protection de communications electroniques et de donnees par utilisation de multiples codes de touche a usage unique

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
AR000101531 2000-04-04
ARP000101531 2000-04-04
US64918500A 2000-08-28 2000-08-28
US09/649,185 2000-08-28

Publications (2)

Publication Number Publication Date
WO2001079959A2 true WO2001079959A2 (fr) 2001-10-25
WO2001079959A3 WO2001079959A3 (fr) 2002-03-07

Family

ID=25590782

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/033660 WO2001079959A2 (fr) 2000-04-04 2000-12-12 Systeme et procede permettant la protection de communications electroniques et de donnees par utilisation de multiples codes de touche a usage unique

Country Status (3)

Country Link
EP (1) EP1269284A2 (fr)
AU (1) AU2001220900A1 (fr)
WO (1) WO2001079959A2 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7784086B2 (en) * 2006-03-08 2010-08-24 Panasonic Corporation Method for secure packet identification
US20120154147A1 (en) * 2010-12-18 2012-06-21 Zhiheng Cao Method and Apparatus for Preventing Person, Animals or Items from Getting Lost

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4800590A (en) * 1985-01-14 1989-01-24 Willis E. Higgins Computer key and computer lock system
US5606614A (en) * 1993-10-15 1997-02-25 British Telecommunications Public Limited Company Personal identification systems
US5751812A (en) * 1996-08-27 1998-05-12 Bell Communications Research, Inc. Re-initialization of an iterated hash function secure password system over an insecure network connection

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4800590A (en) * 1985-01-14 1989-01-24 Willis E. Higgins Computer key and computer lock system
US5606614A (en) * 1993-10-15 1997-02-25 British Telecommunications Public Limited Company Personal identification systems
US5751812A (en) * 1996-08-27 1998-05-12 Bell Communications Research, Inc. Re-initialization of an iterated hash function secure password system over an insecure network connection

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7784086B2 (en) * 2006-03-08 2010-08-24 Panasonic Corporation Method for secure packet identification
US20120154147A1 (en) * 2010-12-18 2012-06-21 Zhiheng Cao Method and Apparatus for Preventing Person, Animals or Items from Getting Lost
US8659419B2 (en) * 2010-12-18 2014-02-25 Zhiheng Cao Method and apparatus for preventing person, animals or items from getting lost

Also Published As

Publication number Publication date
EP1269284A2 (fr) 2003-01-02
AU2001220900A1 (en) 2001-10-30
WO2001079959A3 (fr) 2002-03-07

Similar Documents

Publication Publication Date Title
EP1302018B1 (fr) Transactions securisees avec support de stockage passif
US5694471A (en) Counterfeit-proof identification card
EP2801061B1 (fr) Protection de données avec traduction
RU2300844C2 (ru) Персональный криптозащитный комплекс
US6230267B1 (en) IC card transportation key set
KR100346615B1 (ko) 복수의 보안 체크포인트를 가진 스마트 자바 카드 상의전자 상거래를 위한 개인 웹 싸이트
EP2143028B1 (fr) Gestion securisee d'un pin
EP0402301A1 (fr) Méthode et dispositif de transfert de données
US20070168291A1 (en) Electronic negotiable documents
CN102696047A (zh) 加密切换处理
USRE36310E (en) Method of transferring data, between computer systems using electronic cards
GB2297856A (en) Electronic negotiable documents
CN113595714A (zh) 带有多个旋转安全密钥的非接触式卡
CA2212457C (fr) Documents electroniques negociables
KR100406009B1 (ko) 각다중화 홀로그램을 이용한 스마트 카드의 위·변조 방지방법 및 시스템
WO2001079959A2 (fr) Systeme et procede permettant la protection de communications electroniques et de donnees par utilisation de multiples codes de touche a usage unique
JP3693709B2 (ja) 携帯可能情報記録媒体に対する情報書込/読出方法
WO1998029983A1 (fr) Systeme de generation de cles de transaction
EP1129436A1 (fr) Procede de cryptage et appareil associe
WO1998032260A1 (fr) Systeme de tables destine a une messagerie protegee
US20240127242A1 (en) Methods and systems for processing customer-initiated payment transactions
EP1733328B1 (fr) Steganographie dirigee non algorithmique
CA2913381C (fr) Methode de verification d'authenticite d'un terminal de paiement et terminal ainsi securise
JP2003174442A (ja) 暗号鍵生成処理方法
CA2605569C (fr) Documents electroniques negociables

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

WWE Wipo information: entry into national phase

Ref document number: 2000984247

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2000984247

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Ref document number: 2000984247

Country of ref document: EP