WO2001084508A1 - Method to ascertain the identity of persons and/or things by processing a variable identification code, particularly for the authorisation of payment delegations, and relevant apparatuses - Google Patents

Method to ascertain the identity of persons and/or things by processing a variable identification code, particularly for the authorisation of payment delegations, and relevant apparatuses Download PDF

Info

Publication number
WO2001084508A1
WO2001084508A1 PCT/IT2000/000165 IT0000165W WO0184508A1 WO 2001084508 A1 WO2001084508 A1 WO 2001084508A1 IT 0000165 W IT0000165 W IT 0000165W WO 0184508 A1 WO0184508 A1 WO 0184508A1
Authority
WO
WIPO (PCT)
Prior art keywords
identification code
characterised
generation
agency
according
Prior art date
Application number
PCT/IT2000/000165
Other languages
French (fr)
Inventor
Daniele Francesco Ughi
Original Assignee
Daniele Francesco Ughi
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Daniele Francesco Ughi filed Critical Daniele Francesco Ughi
Priority to PCT/IT2000/000165 priority Critical patent/WO2001084508A1/en
Publication of WO2001084508A1 publication Critical patent/WO2001084508A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06KRECOGNITION OF DATA; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K9/00Methods or arrangements for reading or recognising printed or written characters or for recognising patterns, e.g. fingerprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual entry or exit registers
    • G07C9/00126Access control not involving the use of a pass
    • G07C9/00134Access control not involving the use of a pass in combination with an identity-check
    • G07C9/00142Access control not involving the use of a pass in combination with an identity-check by means of a pass-word

Abstract

The invention relates to a method to ascertain the identity of persons and/or things, used by a user, by a recogniser agency, particularly for the authorisation of payment delegations, providing that: person and/or user of the thing provides to the recogniser agency a first identification code; recogniser agency generates, according to a generation algorithm, a second identification code of a person and/or thing; the recogniser agency makes a comparison between the first identification code and the second identification code; and recogniser agency ascertains the identity of the person and/or thing on the basis of the outcome of the previous comparison. The invention also relates to a system and to the relevant apparatuses, and to a computer program suitable to implement said method.

Description

METHOD TO ASCERTAIN THE IDENTITY OF PERSONS

AND/OR THINGS BY PROCESSING A VARIABLE

IDENTIFICATION CODE, PARTICULARLY FOR THE

AUTHORISATION OF PAYMENT DELEGATIONS, AND RELEVANT APPARATUSES.

The present invention relates to a method to ascertain the identity of persons and/or things by processing a variable identification code, particularly for the authorisation of payment delegations, and relevant apparatuses, the method allowing a very high safety, higher than the presently available methods, and being simple and economical to be realised.

The use of said method, that can for example be used also to check the access to areas reserved to authorised persons, is particularly advantageous for the authorisation of payment delegations, such as those by credit cards, and in the following reference will be made, for illustrative and not limitative purposes, to this use to describe a preferred embodiment of the present invention.

Payment by the so-called credit cards is presently widely used all over the world.

This method of payment is employed by the occurrence of purchases, particularly from the Internet network, on which the electronic commerce, or e-commerce, is rapidly growing.

Payment by credit card, technically indicated as payment delegation, provides that the purchaser, named delegant, of a good or service, indicates to the seller, named delegatee, an intermediary, named delegated, who undertakes the engagement for the payment of the compensation for the good or service provided by the seller. The intermediary is an agency emitting credit cards who will take care of the payments due to the seller and to receive payment, in a moment subsequent with respect to the moment of purchase,- from the purchaser the due sum. The authorisation to the delegation is given by the emitting agency after having recognised as valid the data of the credit card, particularly the identification number of the card. Usually, the purchaser, owner of a credit card emitted by the emitting agency and provided with the registry data of the owner, of the identification number and of a lapsing date, undersigns a selling document, in which the data of the operation are indicated (such as, for example, the kind of good or service acquired, seller identification data, date and time of the operation) that is given to the seller. Particularly, the selling document is printed by a device automatically reading the card, usually by magnetic means. In case of payment operations carried out through Internet network, the purchaser limits to inform the seller about the emitting agency and the number of the credit card and, eventually, the lapsing date and the registry data of the owner.

It is known that the payment methods by credit cards are subjected to fraud. In fact, since the data of the credit card are printed, often in relief, on the same card and can be easily seen, it is sufficient that a swindler reads said data to be able to use them for purchases not authorised by the owner. Particularly, data necessary are the emitting agency, the card identification number, the lapsing date and the registry data of the owner. Knowing the data of the card it is for example possible make purchases by phone and Internet.

Recently, some solutions have been developed, particularly directed to prevent that the data of the cards are intercepted and read during the transmission on the Internet network. Said solutions provide cryptographic methods, based on the use of specific keys, of alphanumeric codification of the transmitted data, and of corresponding decoding of the received data.

It implies a remarkable increase of the complexity of the transmission and reception of data, with consequent increase of costs and time.

Further, in case the cryptography keys are individuated, these methods completely loss their efficacy.

Finally, no sure method exists to prevent to third parties the direct reading of the data of a credit card, reading that can occur by observation of the same card or of a selling document having printed said data following a terminated transaction.

Therefore, the object of the present invention is that of providing a method providing a high confidential nature and safety while ascertaining the identity of persons and/or things, particularly for the authorisation of payment delegations, and that is simple and economical to be used and realised. Another object of the present invention is that of providing a method preventing the possibility of using the identification data of persons and/or things, such as credit cards data, read by unauthorised third parties by observing an identification document, such as the same card or a selling document having printed said data following a terminated transaction using the credit card.

Still another object of the present invention is that of providing an identification device, such as a credit card and/or apparatuses suitable to execute said method. It is specific object of the present invention a method to ascertain the identity of persons and/or things, used by a user, by a recogniser agency, particularly for the authorisation of payment delegations, providing that:

- person and/or user of the thing provides to the recogniser agency a first identification code;

- recogniser agency generates, according to a generation algorithm, a second identification code of the person and/or thing;

- the recogniser agency makes a comparison between the first identification code and the second identification code; and

- recogniser agency ascertains the identity of the person and/or thing on the basis of the outcome of the previous comparison. Preferably, according to the invention, the first identification code and the second identification code are alphanumeric codes.

Always according to the invention, the person and/or user of the thing can also provide to the recogniser agency one or more data.

Still according to the invention, the first identification code generated by said algorithm can depend on one or more initial generation seeds.

Preferably, according to the invention, the identification code generated by said generation algorithm is different with respect to the identification code generated during the previous positive identity ascertainment, or wherein the recogniser agency has recognised the identity of the person and/or thing. Furthermore, according to the invention, the identification code generated by said generation algorithm can be different with respect to all the identification codes generated during the preceding positive identity ascertainment. Always according to the invention, the recogniser agency can generate, for at least two different persons and/or things, the second identification code according to two different generation algorithms.

Still according to the invention, said generation algorithm can be a logic and/or mathematical algorithm functionally depending on one or more input data.

Furthermore, according to the invention, said generation algorithm can functionally depend on the number of previous identity ascertainments having a positive outcome.

Always according to the invention, said generation algorithm can functionally depend on registry data of the owner and/or of the date of the day when the identity ascertainment is carried out.

Still according to the invention, said generation algorithm can functionally depend on the input data according to an algebraic dependency, wherein the input data are used in arithmetical operations, and/or a functional mathematical dependency and/or a logic dependency and/or an assignment of a value taken within a data structure containing at least part of the identification codes that can be assigned to the person and/or thing. ι

Furthermore, according to the invention, the arithmetic operations can comprise sums and/or subtractions an/or multiplications and/or divisions and/or module operations.

Always according to the invention, the functional mathematical dependency can provide that at least part of the input data is used irkraaj functions and/or complex functions and/or trigonometrical functions. Still according to the invention, the logic dependency cart provide that at least some of the input data items are used as operands of boolean functions and/or processing functions of alphanumeric strings.

Furthermore, according to the invention, said generation algorithm can generate the second identification code as single portions, recombining said single portions at the end of the generation. Preferably, according to the invention, the first identification code and the second identification code comprise a series of characters belonging to a symbol alphabet.

Always according to the present invention, said symbol alphabet can comprise lowercase characters and/or capital characters of the English alphabet and/or the ten decimal digits.

It is still object of the present invention a system to ascertain the identity of persons and/or things, used by a user, by a recogniser agency, by the method according to the invention, comprising at least an identification code generation device, used by a person and/or the user of a thing to provide to the recogniser agency the first identification code, and one or more computers, used by the recogniser agency to generate the second identification code of the person and/or thing, to make the comparison between the first identification code and the second identification code, and to ascertain the identity of the person and/or thing on the basis of the outcome of the carried out comparison.

It is further object of the present invention an identification code generation device to be used into a system of the above kind, characterised in that it comprises a code generation unit and interfacing electronic means.

Preferably, according to the invention, the code generation unit of the generation device comprises a central processing unit and a memory unit.

Always according to the invention, the central processing unit in the generation device can comprise a digital signal processor, or DSP, and/or a microprocessor and/or an ASIC circuit, able to manage the electronics of the device and to carry out the generation of the first identification code according to the generation algorithm of the method according to the invention. Still according to the invention, in the generation device, the memory unit can be not accessible by said interfacing electronic means.

Furthermore, according to the invention, the interfacing means in the generation device can provide an input/output, or I/O, unit comprising a plurality of electronic connections and/or a display, able to show the generated identification code, and/or one or more buttons for data entry and/or passive radiofrequency communication means of the transmitter - responder kind, or transponder, able to communicate with a base station.

Still according to the invention, the generation device can be a card of the smart card kind. Always according to the invention, the generation device can be a slim elementary processor of the slim calculator kind.

Preferably, according to the invention, the system to ascertain the identity of persons and/or things, used by a user, by a recogniser agency, provides at least two computers, used by the recogniser agency, connected each other by a network.

Further, according to the invention, the system to ascertain the identity of persons and/or things, used by a user, can also provide at least a reading device of generation devices.

It is further object of the present invention a reading device to be used in a system of the above kind, characterised in that it provides a central electronic unit, first electronic interfacing means and second electronic interfacing means.

Preferably, according to the invention, the central processing unit in the reading device comprises a DSP and/or a microprocessor and/or a ASIC circuit, able to manage the electronics of the reading device, and/or a memory unit.

Always according to the invention, the first electronic interfacing means in the reading device can provide a first device for the communication with a generation device according to the invention, comprising a plurality of electronic connections and/or a radiofrequency transceiver unit able to operate as base station for a transmitter - responder, or transponder.

Still according to the invention, the second interfacing electronic means in the reading device can provide a second communication device able to talk with at least one of said computers of the system that are used by the recogniser agency.

It is further object of the present invention a computer program comprising code means adapetd to perform, when run on a computer, the generation algorithm of the method according to the invention. Furthermore, according to the invention, the computer program can further comprise other code means adapetd to perform, when run on a computer, the comparison between the first identification code and the second identification code provided by the method according to the invention.

It is further object of the present invention a computer readable memory support having a program recorded thereon, characterised in that the program is the computer program according to the invention.

The present invention will be now described, for illustrative but not limitative purposes, according to its preferred embodiments, with particular reference to the sole figure of the enclosed drawing, wherein a flow chart is shown, relevant to the method according to the invention employed for the authorisation of payment delegations by credit cards performed through the Internet.

In the following it will be made explicit reference to the ascertainment of the identity of credit cards for the authorisation of payment delegations. In any case, it must be taken into account that the method according to the invention, and the relevant apparatuses, can be applied also to other kind of payment delegations and to other uses requiring the ascertainment of the identity of persons and/or things, for example the access authorisation to reserved areas or reserved access to Internet websites, always remaining within the scope of the present invention.

The method according to the invention provides that the credit card provides an alphanumeric identification code that can vary after each operation, such as a transaction, for which the same card is used. Particularly, the identification code is comprised of a series of alphanumeric characters.

The card is provided with at least a device able to generate, for each operation (such as a transaction), a new identification code according to a processing algorithm preferably depending on at least one initial seed. The emitting agency is provided with one or more apparatuses able to generate for the operation of any specific card the new identification code corresponding to the specific card according to the same processing algorithm. When the identification code generated by the emitting agency matches the one generated by the card, the emitting agency authorises the completion of the operation for which the card is used. Both the card and the emitting agency store at least the last generated alphanumeric code. The method according to the invention provides that the processing algorithm is any logic and/or mathematic algorithm for the calculation of an alphanumeric code, functionally depending on one or more input data, among which the progressive number of the operation for which the card is used is preferably included. In this regard, the alphanumeric code corresponding to the n-th operation cannot be used until the alphanumeric code corresponding to the (n-1)-th operation has not been used.

Particularly, the calculation algorithm can also depend on other input data, such as the owner registry data, e.g. the name and/or surname and/or birth date and/or residence and/or citizenship and/or a fixed identification code (for example, the set of codes already conventionally assigned by the emitting agency to the client). Furthermore, the input data can also comprise the date of authorisation request for the operation and/or data identifying the good or service seller for which the payment authorisation by credit card is required.

The kind of functional dependency can be:

1) an algebraic dependency, wherein input data are used for arithmetic operations, such as sums and/or subtractions and/or multiplications and/or divisions and/or module operations, wherein the coefficients and/or the operands can at least partially be also some input data; and/or

2) a functional mathematic dependency, wherein the input data can be for example employed in real functions and/or complex functions and/or trigonometric functions, wherein the coefficients and/or operands can at least partially be also some input data; and/or

3) a logic dependency, wherein the input data can be for example employed as operands of boolean functions and/or alphanumeric string processing functions, such as shift and/or rotation of characters; and/or

4) an assignment of a value extracted within a data structure containing at least part of the whole of identification alphanumeric codes that can be progressively assigned to the operations carried out employing the specific card, the index of the code to be assigned depending on the progressive number of the operation. Particularly, the calculation algorithm can generate the alphanumeric code also as single portions, combining them again at the end of the processing.

It is well evident to those skilled in the art that in case of assignment of a value extracted within a data structure, the latter preferably contains univocal alphanumeric codes, this meaning that duplication of the same code are not admitted. This kind of functional dependency is extremely simple to be realised, since it is sufficient to have a memory, containing the data structure, where a suitable device progressively access for reading at any required operation. Further, in this case the processing algorithm can be run on a single computer, preferably with the emitting agency, to calculate all the identification codes to be stored in the memory before the card is used, and said processing can be carried out also by assignment of random univocal values. In this regard, in the present specification and in the claims by generation of the code it is meant both its processing, by calculation of a value, and its reading by a memory, by assignment of a value.

Obviously, in the present specification it is not possible to indicate which are the specific algorithm employed by the method according to the invention, since it is possible to use many different algorithms, being also possible to make each card corresponding to a specific processing algorithm for the identification alphanumeric code.

The identification variable alphanumeric of the card can comprise a set of alphanumeric characters the number of which varies in function of the size of the simple alphabet from which the characters are selected and in function of the necessary identification range. This means that, in case the card is recognised on the basis of^ both the registry data of the owner and the variable code, the identification range is limited to the maximum number of operations that can be foreseeably carried out by the specific card, while, in case the card is recognised only on the basis of the variable code, the identification range comprises the sum of maximum numbers of operations that can foreseeably be carried out by all the cards emitted by a certain emitting agency. Further, the number of alphanumeric characters comprising the variable code is preferably redundant with respect to the identification range, so as to make even more complex the fraudulent determination of the same code. For illustrative but not limitative purposes, the alphanumeric character alphabet can comprises 26 lowercase characters and 26 capital characters of the English alphabet, and the ten decimal digits, for a total amount of 62 alphanumeric symbols. Assuming that cards of a certain emitting agency are recognised only on the basis of the variable alphanumeric code, it could be provided that such code comprises twelve characters of the 62 symbols alphabet. In this way 6212 (> 3,22x1021) different alphanumeric codes are possible. Assuming to manage 1000 billions of cards (about 200 times the present world population), more than 3,22x109 different alphanumeric codes are possible, that can be generated for each card (corresponding to the ratio 6212/1012). Assuming that each card can make 10 operations per day per 100 years (corresponding to 3,65x105 total operations), each card can generate for any operation a code selectable among more than 8800 codes (corresponding to the ratio between alphanumeric codes that can be generated for each card and total operations for each card). In the example, redundancy is sufficient to guarantee both univocity of all codes that can be foreseeably generated by all the cards (3,65x105x1012) and a substantial unforeseeability of the variable code, which is generated by an algorithm that preferably does not provide regular code sequences, so as not to show any repetitiveness from a code to another one, in order not to be replicated by swindlers.

Assuming that the credit cards of a certain emitting agency are recognised on the basis both of the registry data of the owner, i.e. of fixed identification data of the card, and of the variable alphanumeric code, it could be provided that said code comprises a number with less characters, for example six characters, of the alphabet of 62 symbols. In this case, for each card 626 (> 5,68x1010) different alphanumeric codes are possible. Assuming that each card can make 10 operations per day per 100 years (3,65x105 total operations), each card can generate for each operation a selectable code among 155000 codes (corresponding to the ratio among alphanumeric codes that can be generated for each card and total operations per card). Further, in this case the alphanumeric codes must be univocal only with reference to the same card, being it possible that they are identical to those employed for other cards, since the registry data of the owner, i.e. the identification fixed data of the card, are able to discriminate the codes of different cards. Obviously the symbol alphabet can also be different with respect to the one indicated in the above, for example comprising any subset of the symbols comprising the 10 decimal digits, the 26 lowercase characters and the 26 capital characters of the English alphabet. Still, the alphabet can comprise any other set of symbols (for example one or more ASCII characters), preferably easily readable in case of verbal communication of the alphanumeric code.

Preferably, for the calculation of the first alphanumeric code, the generation algorithm of the identification code needs at least one initial value, or seed, that can be memorised directly within the card, or that can be manually inputted into the card by the owner and/or automatically, by suitable interfacing means. Analogously, in case the alphanumeric codes are already memorised in a data structure, said at least one initial seed can provide the first index and/or the output order of the codes from the memory.

The method according to the invention can be implemented employing some products, designed according to the present invention, and that will be described in the following.

A first implementation product for the inventive method is a code generation device that, in case of use of the method to the payment delegations by credit cards, replaces the traditional credit cards, usually magnetic band credit card.

A first embodiment of the generation device provides a smart card provided with a code generation unit and interfacing electronic means.

The code generation unit comprises a central processing unit and a memory unit. The central processing unit can comprise a digital signal processor, or DSP, and/or a microprocessor and/or an ASIC circuit able to manage the electronics of the smart card and, in case the generation algorithm must calculate the variable alphanumeric code for each operation, to carry out the specific processing algorithm for the card. In case the alphanumeric codes assigned to the card have already been stored into the memory unit, the central processing unit can simply have a read access to the memory unit, wherein the alphanumeric codes are memorised within a corresponding data structure; preferably, in this situation, the memorised alphanumeric codes are not directly accessible from outside the card by said interfacing electronic means. The interfacing means can provide an input/output unit, or I/O, comprising a plurality of electronic connections, such as pins and/or bump contacts. Furthermore, the interfacing means can provide a display, preferably a flat display, able to show the identification alphanumeric code generated for the present operation. Still, the interfacing means can provide one or more buttons, so as to allow the data entry by the user.

Other embodiments of the generation device can provide that the interfacing means of the smart card comprises passive radiofrequency communication means of the transmitter - responder kind, or transponder, able to communicate with a base station. Particularly, in this case the generation device lacks the power supply and receives the required power for its operation directly from the base station, talking with the same and providing the generated alphanumeric code.

Further embodiments of the generation device provide a slim elementary processor, such as a slim calculator, provided, as for the smart card embodiment, with a code generation unit and interfacing electronic means.

A further implementation product of the method according to the invention is a code acquisition device that, in case of use of the method for payment delegations by credit card, replaces the traditional credit card reading devices, usually carrying out the reading by a magnetic band. Obviously, each good and/or services seller operating with the card emitting agency will be provided with its own code acquisition device.

A first embodiment of the acquisition device provides a central processing unit, first electronic interfacing means and second electronic interfacing means.

The central processing unit can comprise a digital signal processor, or DSP, and/or a microprocessor and/or an ASIC circuit, able to manage the electronics of the device, and preferably can be provided with a memory unit.

The first electronic interfacing means can provide a first device communicating with a smart card, able to talk with the same and to read the alphanumeric code generated by the same. Particularly, the first communication device can comprise a plurality of electronic connections, such as pins and/or bump contacts.

The second electronic interfacing means can provide a second communication device able to talk with a central processor, preferably located with a seat of the emitting agency, or with a local or geographically distributed network, located with corresponding seats of the emitting agency.

Other embodiments of the acquisition device can provide that the first interfacing means comprise a radiofrequency transceiver able to operate as base station for a transmitter-responder, or transponder.

Still, other products necessary for the implementation of the method according to the invention are one or more computers, eventually connected through a network, located in corresponding seats of the emitting agency.

At least one of said computers is provided with a central unit able to carry out the code processing algorithms for each card emitted by the agency and/or to execute a read access to a memory unit containing the alphanumeric codes assigned to each card emitted by the agency. Each computer is also provided with interfacing means able to talk with the code acquisition devices to receive the acquired code and to send an authorisation or refusal message for the required operation, after that the central unit has verified that the received code matches or not one of the valid codes for the cards emitted by the agency. In case a computer local or geographically distributed network is provided, it can be provided that the code generation operation, by executing the algorithm or reading the memory, and the check operation of the validity of the code received from one of the acquisition devices are carried out by a single central computer or in combination by a central computer and a plurality of peripheral computers, or indifferently from any network computer, with a contemporaneous communication among the computers of the network about the fact that the code corresponding to a card has been updated.

For illustrative, but not limitative purposes, in case the cards are recognised on the basis both of the owner registry data, i.e. of fixed identification data of the card, and of the variable alphanumeric code, the operation of generation of a code corresponding to a card can be performed by a single central computer following to a request by a peripheral computer that received both the identification data of the card and the alphanumeric code, read by an acquisition device. Central computer, once generated the code, sends it to the peripheral computer that performs the validity check of the read alphanumeric code, comparing the same with the alphanumeric code generated by the central computer, and then sends the authorisation or refusal message for the required operation to the acquisition device .

In a further embodiment, each computer of the network can carry out both the code generation operation and validity check operation of the code received form an acquisition device, sending to the other computers of the network an updating message of the code relevant to a specific card each time it recognises the variable alphanumeric code acquired as a valid code. Advantageously, each one of said computers can be placed in correspondence of a geographically and/or administratively homogenous area, such as a city, a region or a nation. Particularly, the computers can be directly connected to a whole of acquisition devices, or by interposition of further computers, to which the operation of check of the acquired code, by comparison with the generated code, and the sending of the authorisation or refusal message for the required operation can be eventually assigned.

Finally, further products necessary to the implementation of the method according to the invention can be suitable computer programs, stored on memory supports, such as CDROM or floppy discs, or provided directly download from Internet, suitable to realise the method according to the invention when run on a computer. Particularly, said computer programs can be directly memorised in the smart cards, in the slim calculators, in the cellular phones or in computers, such as personal computers (or PC).

To better understand the present invention, the operation mode of the preferred embodiment are described making reference to a use for the payment delegation authorisation by credit cards made through the Internet, similar modes being valid for other embodiments of the method and for the other uses of the same.

A user can electronically stipulate on the Internet an agreement with an emitting agency to obtain a "virtual" credit card, giving the necessary information, such as its registry and bank data. Said agreement can also be stipulated with a seat of the emitting agency.

The emitting agency sends by post mail to the user one or more identification codes, such as identification code and password, to download from Internet the computer program adapted to perform the variable alphanumeric code generation algorithm. Moreover, further information may be provided such as initial generation seeds. Particularly, the program can be also physically given, by post or directly, to the user, by memory support, e.g. a CDROM or a floppy-disc containing the program.

The program is memorised within the user computer, e.g. a PC, and at the moment of the first execution, requires the introduction of the initial seeds.

The program can also be simply provided with a data structure wherein the alphanumeric codes assigned to the virtual card (really in this case they are user identification codes) are stored and the generation seeds can be simply used to determine the first index and the output order of consecutive codes. Alternatively, the program can not require any seed and simply provide the direct extraction of consecutive codes from the memorised data structure.

Making reference to figure 1 , it can be noted that when PC 1 of the user is connected with an Internet website 2 to make a purchase, the program 3 loaded within the PC 1 provides the variable identification alphanumeric code with which the purchase request 4 is made.

The Internet website 2, receiving said request, sends an authorisation request 5 for the purchasing operation, along with the variable identification alphanumeric code and, eventually, with the user identification data and/or the card identification data received from PC 1 , to a central computer 6 of the emitting agency. Said central computer 6 is provided with a program 7 performing the alphanumeric code generation corresponding to the user and/or to the card, by execution of the generation algorithm or reading within the memory the code corresponding to the present operation, making the comparison between the latter code and the code generated by the program 3 of PC 1. Depending on the positive or negative outcome of the comparison, the central computer 6 sends to the Internet website 2 an authorisation or refusal message 8 for the required purchasing operation. In turn, Internet website 2 sends to the PC 1 a communication 9 of the positive conclusion of the operation or its refusal.

The method according to the invention can also be used by a cellular radiotelephone, that can generate (thus meaning either the processing and the reading from internal memory) the variable identification alphanumeric code. Said code could also be directly communicated to the emitting agency by digital message sent to the same radiotelephone.

Other embodiments of the present invention can provide that the authorisation of the required operations (e.g. a purchase) are carried out by a recognising agency different with respect to the emitting agency, operating as intermediary between the user and the emitting agency, ascertaining the validity of the variable alphanumeric identification code provided by the user, thus authorising or refusing the operation required and communicating to the emitting agency the eventually authorised operation.

The present invention has been described for illustrative but not limitative purposes, according to its preferred embodiments, but it is to be understood that modifications and/or changes can be introduced by those skilled in the art without departing from the relevant scope as defined in the enclosed claims.

Claims

1. Method to ascertain the identity of persons and/or things, used by a user, by a recogniser agency, particularly for the authorisation of payment delegations, providing that:
- person and/or user of the thing provides to the recogniser agency a first identification code;
- recogniser agency generates, according to a generation algorithm, a second identification code of the person and/or thing;
- the recogniser agency makes a comparison between the first identification code and the second identification code; and
- recogniser agency ascertains the identity of the person and/or thing on the basis of the outcome of the previous comparison.
2. Method according to claim 1, characterised in that the first identification code and the second identification code are alphanumeric codes.
3. Method according to claim 1 or 2, characterised in that the person and/or user of the thing provides to the recogniser agency one or more data.
4. Method according to any one of the preceding claims, characterised in that the first identification code generated by said algorithm depends on one or more initial generation seeds.
5. Method according to any one of the preceding claims, characterised in that the identification code generated by said generation algorithm is different with respect to the identification code generated during the previous positive identity ascertainment, or wherein the recogniser agency has recognised the identity of the person and/or thing.
6. Method according to claim 5, characterised in that the identification code generated by said generation algorithm is different with respect to all the identification codes generated during the preceding positive identity ascertainment.
7. Method according to any one of the preceding claims, characterised in that the recogniser agency generates, for at least two different persons and/or things, the second identification code according to two different generation algorithms.
8. Method according to any one of the preceding claims, characterised in that said generation algorithm is a logic and/or mathematical algorithm, functionally depending on one or more input data.
9. Method according to claim 8, characterised in that said generation algorithm functionally depends on the number of previous identity ascertainments having a positive outcome.
10. Method according to claim 8 or 9, characterised in that said generation algorithm functionally depends on registry data of the owner and/or of the date of the day when the identity ascertainment is carried out.
11. Method according to any one of the claims 8 - 10, characterised in that said generation algorithm functionally depends on the input data according to an algebraic dependency, wherein the input data are used in arithmetical operations, and/or a functional mathematical dependency and/or a logic dependency and/or an assignment of a value taken within a data structure containing at least part of the identification codes that can be assigned to the person and/or thing.
12. Method according to claim 11, characterised in that the arithmetic operations comprise sums and/or subtractions an/or multiplications and/or divisions and/or module operations.
13. Method according to claim 11 , characterised in that the functional mathematical dependency provides that at least part of the input data is used in real functions and/or complex functions and/or trigonometrical functions.
14. Method according to claim 11, characterised in that the logic dependency provides that at least some of the input data items are used as operands of boolean functions and/or processing functions of alphanumeric strings.
15. Method according to any one of the preceding claims, characterised in that said generation algorithm generates the second identification code as single portions, recombining said single portions at the end of the generation.
16. Method according to any one of the preceding claims, characterised in that the first identification code and the second identification code comprise a series of characters belonging to a symbol alphabet.
17. Method according to claim 16, characterised in that said symbol alphabet comprises lowercase characters and/or capital characters of the English alphabet and/or the ten decimal digits.
18. System to ascertain the identity of persons and/or things, used by a user, by a recogniser agency, by the method according to any one of the preceding claims, comprising at least an identification code generation device, used by a person and/or the user of a thing to provide to the recogniser agency the first identification code, and one or more computers, used by the recogniser agency to generate the second identification code of the person and/or thing, to make the comparison between the first identification code and the second identification code, and to ascertain the identity of the person and/or thing on the basis of the outcome of the carried out comparison.
19. Identification code generation device to be used into a system according to claim 18, characterised in that it comprises a code generation unit and interfacing electronic means.
20. Identification code generation device according to claim 19, characterised in that the code generation unit of the generation device comprises a central processing unit and a memory unit.
21. Identification code generation device according to claim 20, characterised in that the central processing unit comprises a digital signal processor, or DSP, and/or a microprocessor and/or an ASIC circuit, able to manage the electronics of the device and to carry out the generation of the first identification code according to the generation algorithm of the method according to any one of the claims 1 - 17.
22. Identification code generation device according to claim 20 or 21, characterised in that the memory unit is not accessible by said interfacing electronic means.
23. Identification code generation device according to any one of the claims 19 - 22, characterised in that the interfacing means in the generation device provides a input/output unit, or I/O, comprising a plurality of electronic connections and/or a display, able to show the generated identification code, and/or one or more buttons for data entry and/or passive radiofrequency communication means of the transmitter - responder kind, or transponder, able to communicate with a base station.
24. Identification code generation device according to any one of the claims 19 - 23, characterised in that the generation device is a card of the smart card kind.
25. Identification code generation device according to any one of the claims 19 - 23, characterised in that the generation device is a slim elementary processor of the slim calculator kind.
26. System according to claim 18, characterised in that it provides at least two computers used by the recogniser agency connected each other by a network.
27. System according to claim 18 or 26, characterised in that it provides at least a reading device of generation devices according to any one of the claims 19 - 25.
28. Reading device to be used in a system according to claim 27, characterised in that it provides a central electronic unit, first electronic interfacing means and second electronic interfacing means.
29. Reading device according to claim 28, characterised in that the central processing unit in the reading device comprises a DSP and/or a microprocessor and/or a ASIC circuit, able to manage the electronics of the reading device, and/or a memory unit.
30. Reading device according to claim 28 or 29, characterised in that the first electronic interfacing means in the reading device provides a first device for the communication with a generation device according to any one of the claims 19 - 25, comprising a plurality of electronic connections and/or a radiofrequency transceiver unit able to operate as base station for a transmitter - responder, or transponder.
31. Reading device according to any one of the preceding claims 28 - 30, characterised in that the second interfacing electronic means in the reading device provides a second communication device able to talk with at least one of said computers of the system that are used by the recogniser agency.
32. Computer program comprising code means adapted to perform, when run on a computer, the generation algorithm of the method according to any one of the claims 1 - 17.
33. Computer program according to claim 32, characterised in that it further comprises other code means adapted to perform, when run on a computer, the comparison between the first identification code and the second identification code provided by the method according to any one of the claims 1 - 17.
34. Computer readable memory support having a program stored thereon, characterised in that the program is the computer program according to claim 32 or 33.
PCT/IT2000/000165 2000-04-28 2000-04-28 Method to ascertain the identity of persons and/or things by processing a variable identification code, particularly for the authorisation of payment delegations, and relevant apparatuses WO2001084508A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/IT2000/000165 WO2001084508A1 (en) 2000-04-28 2000-04-28 Method to ascertain the identity of persons and/or things by processing a variable identification code, particularly for the authorisation of payment delegations, and relevant apparatuses

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AU46100/00A AU4610000A (en) 2000-04-28 2000-04-28 Method to ascertain the identity of persons and/or things by processing a variable identification code, particularly for the authorisation of payment delegations, and relevant apparatuses
PCT/IT2000/000165 WO2001084508A1 (en) 2000-04-28 2000-04-28 Method to ascertain the identity of persons and/or things by processing a variable identification code, particularly for the authorisation of payment delegations, and relevant apparatuses

Publications (1)

Publication Number Publication Date
WO2001084508A1 true WO2001084508A1 (en) 2001-11-08

Family

ID=11133515

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IT2000/000165 WO2001084508A1 (en) 2000-04-28 2000-04-28 Method to ascertain the identity of persons and/or things by processing a variable identification code, particularly for the authorisation of payment delegations, and relevant apparatuses

Country Status (2)

Country Link
AU (1) AU4610000A (en)
WO (1) WO2001084508A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2389950A (en) * 2002-05-24 2003-12-24 Iskraemeco Merjenje In Upravlj Pre-payment of the supply of goods or utilities using codes

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4885778A (en) * 1984-11-30 1989-12-05 Weiss Kenneth P Method and apparatus for synchronizing generation of separate, free running, time dependent equipment
US4998279A (en) * 1984-11-30 1991-03-05 Weiss Kenneth P Method and apparatus for personal verification utilizing nonpredictable codes and biocharacteristics
US5937068A (en) * 1996-03-22 1999-08-10 Activcard System and method for user authentication employing dynamic encryption variables

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4885778A (en) * 1984-11-30 1989-12-05 Weiss Kenneth P Method and apparatus for synchronizing generation of separate, free running, time dependent equipment
US4998279A (en) * 1984-11-30 1991-03-05 Weiss Kenneth P Method and apparatus for personal verification utilizing nonpredictable codes and biocharacteristics
US5937068A (en) * 1996-03-22 1999-08-10 Activcard System and method for user authentication employing dynamic encryption variables

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2389950A (en) * 2002-05-24 2003-12-24 Iskraemeco Merjenje In Upravlj Pre-payment of the supply of goods or utilities using codes

Also Published As

Publication number Publication date
AU4610000A (en) 2001-11-12

Similar Documents

Publication Publication Date Title
RU2520392C2 (en) Electronic payment system and payment authorisation method
KR100953232B1 (en) Electronic transaction methods therefor
EP0418328B1 (en) Card-computer moderated systems
CA2669320C (en) Secure financial transactions
EP1479052B1 (en) Authentication arrangement and method for use with financial transactions
US8893967B2 (en) Secure Communication of payment information to merchants using a verification token
US8656180B2 (en) Token activation
JP4221680B2 (en) Authentication system using a smart card
JP5050066B2 (en) Portable electronic billing / authentication device and method thereof
JP5108034B2 (en) Electronic transfer system
AU2010248794B2 (en) Verification of portable consumer devices
CA2577333C (en) Method and system for authorizing a transaction using a dynamic authorization code
US8511547B2 (en) Methods and systems for two-factor authentication using contactless chip cards or devices and mobile devices or dedicated personal readers
US6915279B2 (en) System and method for conducting secure payment transactions
US7478068B2 (en) System and method of selecting consumer profile and account information via biometric identifiers
US8595812B2 (en) Tokenized data security
US8688990B2 (en) Method for personalizing an authentication token
US8327141B2 (en) Centralized authentication system with safe private data storage and method
US8972719B2 (en) Passcode restoration
US20110191248A1 (en) Methods and Apparatus for Conducting Electronic Transactions
US20050187883A1 (en) Methods and apparatus for conducting electronic transactions using biometrics
US7200577B2 (en) Method and apparatus for secure online transactions
US5485519A (en) Enhanced security for a secure token code
CN1307594C (en) Payment system
US20090172402A1 (en) Multi-factor authentication and certification system for electronic transactions

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP