WO2002005476A1 - Automatic authentication system that cross-verifies digital identities - Google Patents

Automatic authentication system that cross-verifies digital identities Download PDF

Info

Publication number
WO2002005476A1
WO2002005476A1 PCT/IL2001/000620 IL0100620W WO0205476A1 WO 2002005476 A1 WO2002005476 A1 WO 2002005476A1 IL 0100620 W IL0100620 W IL 0100620W WO 0205476 A1 WO0205476 A1 WO 0205476A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
information
user
authentication
personal
Prior art date
Application number
PCT/IL2001/000620
Other languages
French (fr)
Inventor
Rami Cohen
Igal Kalish
Original Assignee
Verifox Technologies Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Verifox Technologies Ltd. filed Critical Verifox Technologies Ltd.
Priority to AU2001270959A priority Critical patent/AU2001270959A1/en
Publication of WO2002005476A1 publication Critical patent/WO2002005476A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2119Authenticating web pages, e.g. with suspicious links

Definitions

  • the present invention relates to a secure automatic authentication system for cross-verifying digital identities of transaction or information sharing partners, without a need for transferring personal information.
  • the present invention facilitates secure online transactions and communications by verifying all the involved parties on a dynamic basis. For example, the current invention is able to verify both the buyer and seller, on every page where a possible transaction or sensitive exchange of information is required, without the need to transfer personal information between them.
  • Users of the current invention may possibly execute secure Internet transactions from any Internet enable device that the smart-key can connect to, with no need to download any specific software or install any specific hardware.
  • the key will connect to all major hardware communication components, such as USB's, RS232 etc., as well alternative information transfer means such as radio waves, infra red etc.
  • the key will have an internal computer that is able to receive, store, process and send the necessary information in order to ensure secure, cross-verified communications and transactions.
  • a system for automatically cross verifying all partners involved in transactions and information transfer using the Internet comprising: i) A smart-key authentication device with software programs based on trap door algorithms and hash functions for the smart key that are able to generate keyed message digests, encode and decode binary data.
  • This key will be used for storing, processing and communicating encrypted information; ii) A Web server with a secret key database for storing, decrypting, processing and communicating relevant information, and executing transactions; iii) Client devices or systems, such as cellular phones, PDAs, desktop computers and any other Internet enabled computing devices; iv) Websites of vendors, financial institutions, information providers etc with software that will provide the interface for users to enter information into the system.
  • the present invention is that of a secure automatic authentication system for cross- verifying digital identities of information sharing partners, without a need for transferring personal information.
  • the system is comprised of a portable device, called a smart-key, software programs for the smart-key, a central database and client software for users.
  • the smart-key is a mini-computer that can store, process and communicate information, such as personal identification numbers (PIN), contact and identity information, bank and credit card details, personal preferences, codes and more.
  • PIN personal identification numbers
  • contact and identity information such as contact and identity information
  • bank and credit card details personal preferences, codes and more.
  • the smart-key typically contains the digital identities of the user and the set of communication peers (communication partners including people, companies and Websites on the users' contact or trade list).
  • the digital identities are encrypted, and the key can both receive and broadcast encoded and decoded information in order to authenticate a communication peer, as well as provide the peer with the means of authenticating the user.
  • the invention stores all the private information on the key, and enables secure communications using only PIN codes etc., so that no other personal information needs to be transferred over the Internet. Furthermore the identity of both users communicating are re-authenticated each time a new page or device is accessed. In this way users can conduct extremely secure, automatically cross-authenticated transactions and communications using multiple Internet enabled devices.
  • the current invention uses current communication standards such as USB, RS232, infrared RF and other electromagnetic technologies to communicate with PC's, ATM's, PDA's, mobile phones or any other similarly equipped devices.
  • FIGURE 1 illustrates the essential components of the key security system according to the present invention.
  • FIGURE 2 is a flow chart describing a typical user session of the key security system according to the present invention. DESCRIPTION OF THE PREFERRED EMBODIMENT
  • the present invention is of a system for automatically cross verifying all partners involved in transferring information or executing transactions online, using any
  • FIGURE 1 illustrates the essential elements of the key security system according to the current invention.
  • the following describes one of many possible embodiments of the present system.
  • the system is continuously being changed to follow changing market requirements and the continuously developing software environment.
  • the current invention executes on three processors;
  • the three processors are a) The authentication server 10 b) the client device or workstation 15, and the c) the Verifox key or authentication device 20.
  • the authentication server 5 has the following specifications: a) The operating system is RedHat Linux 5.1 b) The HTTP server is apache_1.3.12 or apache_1.3.12+ssl_1.39 c) The SSL encryption is provided by openssl-0.9.4 d) The HTTP server is built with php-3.0.12 e) PHP is built with mhash-0.7.0 f) For the Verifox project we have added an extension to mhash-0.7.0 that provides keyed SHA1 hashing. g) The database 11 is msql-2.0.10.1 h) Current compatible browser software includes Windows 2000, Netscape Navigator 4.x or Microsoft Internet Explorer 5.
  • the client environment 15 is a PC running Microsoft Windows 98 or Microsoft Windows 2000, Netscape Navigator 4.7 or Microsoft Internet Explorer 5.
  • the key environment 20 is currently a PC running RedHat 6.1.
  • the planned environment is ScanLogic or any other USB processor.
  • the authentication server has a series of HTML pages that contain embedded PHP code.
  • the PHP code performs: a) database access functions b) random number generation c) SHA1 hash computation d) client authentication by means of hash comparisons
  • the HTML pages serve the client: a) forms for data entry b) a Java applet or ActiveX component 17 for accessing the USB port for communication with the key c) Javascript or ActiveX glue routines for transferring parameters to and from the applet d) graphic content in the form of GIF or JPG files
  • HTML pages contain the HTML code, PHP code and Javascript code. It would be better to separate the Javascript into a separate .js file since the Javascript code is identical for all server HTML pages.
  • the Java applet is compiled using the JDK1.8 javac compiler from Sun
  • the applet is packaged in a digitally signed jar file for use with a Netscape Navigator client.
  • the client environment executables are the HTML pages that the client browser receives from the authentication server and the Java applet or activeX component that the client uses to communicate with the key using a USB.
  • the client browser must support execution of Java applets from an external JRE.
  • the key executes compiled and linked ANSI C code that performs hashing hashing functions. There is one executable file.
  • the development environment includes: 1. ANSI C development 2. PHP development
  • mhash-0.7.0 The keyed SHAl hash extensions to mhash-0.7.0 are developed in ANSI C on the RedHat Linux 5.1 authentication server using the GPL licensed GNU C compiler version 2.7.2.3.
  • the mhash-0.7.0 stock build environment was modified slightly to cause it to build and install the extensions.
  • the key code has been developed on a RedHat Linux 6.2 workstation using
  • a custom makefile in GNU Make version 3.77 syntax was developed to build the key object files and the key executable.
  • the PHP development does not require any special development environment other than a text editor.
  • the Java development does not require any special development environment other that a text editor and the javac compiler. Testing the applet requires the ability to upload the applet class files to an HTTP server and then execute them using a browser.
  • the HTML and Javascript development requires only a text editor for the code development.
  • the testing requires uploading the HTML pages to an HTTP server and then rendering the pages using a browser on a client machine.
  • Java applet code signing requires a code signing tool and code signing cryptographic certificate. We tested the applet first using the javakey code signing tool provided with JDK1.8 and certificates that we generated our using javakey. This code signing enables execution of the applet using appletviewer or the HotJava browser.
  • the Verifox Authentication System contains four distinct communication protocols:
  • the key I/O protocol is currently a trivial asynchronous bufferred read/write protocol over RS232.
  • To implement the key in firmware requires replacing this protocol with a semaphore protected read/write scheme since the firmware environment does not provide I/O buffering.
  • the USB port protocol is a simple asynchronous read/write protocol that is currently implemented using a proprietary system driver communicating with a USB hardware device.
  • Javascript to Java applet protocol is a trivial, one-to-one pair of function calls.
  • One function passes a string to the applet.
  • the other function passes a string to the applet and returns a string from the applet.
  • This interface will be simplified to consist of only a single Javascript function that passes a string to the Java applet and returns a string from the applet.
  • the authentication protocol is the message protocol between the authentication server, the client browser and the key that enables the user to perform secure authenticated transactions. This protocol is currently under development.
  • the smart key authentication device 30 of the current invention is a mobile physical device (or possibly a hardware implant or software-implanted device) that may be in various physical forms. It will be able to access various computing and communication devices, by any mechanism that can connect it into one of the device's sockets (or any other type of information entry possibility, such as Bluetooth, infra red etc.), or by a hardware implant into any system or device.
  • This key may be customized according to the needs of the key suppliers, for example the various banks, consumer organizations and financial institutions.
  • the key will be more than a smart card, it will have memory storage and transfer facilities, like a smart card, but in addition to this will have processing ability.
  • the key will be programmed with a trap door algorithm and a hash function, for permitting one-way function calculations.
  • These programs can be adapted to a variety of hardware forms.
  • the key includes a multiple layer programming for various applications, allowing the key to be easily adapted to the requirements of the particular hardware and software being used by a licensed agency
  • Transactions using the current invention can take place between transactional partners, or peers, using any Internet enabled devices, such as PCs, PDAs or mobile phones.
  • the smart key according the current invention will be compatible with almost all of these devices. Following are the key principles of operation of the Verifox Authentication Key, according to the current invention:
  • the Key stores a secret consisting of binary data that represents the identity of the Key owner
  • the Key stores a set of secrets consisting of binary data that represent the entities with which the owner of the Key is willing to communicate
  • the Key stores a set of names, each one associated with one of the secrets
  • the Key has a set of programs for generating keyed message digests
  • the Key stores a set of names, each one associated with one of the message digest programs 6.
  • the Key has a set of programs each of which can encode and decode binary data to or from a particular type of data format
  • the Key stores the secrets, names and programs in an encrypted format
  • the Key can accept a personal identification number (PIN) that enables its operation by decrypting the secrets, names and programs 9.
  • PIN personal identification number
  • the Key has a feature that permanently disables the Key if more than a predefined number of incorrect PIN's are accepted 10.
  • the Key can receive a message consisting of a data format type, the name of a secret, a message digest program name, a message digest and a set of data, and can compute the message digest of the set of data using the named secret and the named program 11.
  • the Key can compare the message digest that it received with the message digest that it computes and can store the result of the comparison 12.
  • the Key can receive a message consisting of a data format type, the name of a secret, a message digest program name and a set of data, and can output the message digest of the data in the received format type 13.
  • the output of the Key can be controlled according to the result of the message digest comparison 14.
  • the Key has a proprietary interface over the USB bus
  • FIGURE 2 illustrates a prime example of the usage of the current invention, in the case of an online transaction.
  • Any user of the current invention initially registers and subscribes via the site or any participating financial institution. Upon registration, all relevant personal and financial data is given over by the user or merchant.
  • Each potential financial transaction type for example between the user and a chosen merchant, is programmed as a single digital key that is known by both sides. In this way any future communication or transaction between the user and the merchant (referred to as a peer) will have a pre-defined identity unique to these two partners.
  • the registered user starts 30 (FIG 2a) the buying or information accessing process from an Internet access appliance some type of navigational software, such as a Web browser 31 operating on a personal computer to access an Internet commerce site such as an online store or bank.
  • the user specifies a preferred transaction using the forms or transaction pages 32 that the commercial site provides.
  • the user can decide to proceed as usual, entering credit card details etc., or to proceed with executing the transaction using the current invention.
  • the user uses a form or page provided by the commercial site to indicate that the user desires to authenticate the transaction using the Verifox Authentication System.
  • the enabling feature for this to occur will be an icon or textual reference to Verifox (the current invention), such as an applet.
  • this is a program written in the Java programming language (a Java Applet) or in ActiveX. Clicking upon this link will connect the user to the Verifox server.
  • a site has it own Verifox servers that includes its clients database, for example a bank, commercial or professional organization etc., the negotiations are as described between the client and the organization.
  • a simple form requesting the user to identify him or herself to the commercial site using a one-time non-negotiable instrument such as a simple user name.
  • This instrument is not a credit card number, social security number or other instrument that can be used by anyone for any other purpose than for identification to the commercial site.
  • the commercial site verifies that it has a record for the user.
  • the commercial site server generates a random sequence of several hundred letters and generates a cryptographic signature of this sequence using a secret number, a copy of which is also stored in the Verifox key that the user possesses.
  • the commercial site saves the random sequence of letters in the user's record in its database.
  • the commercial site sends a message to the user's access appliance containing the name of the commercial site, the random sequence of letters and the cryptographic signature.
  • the user's access appliance receives the message from the commercial site.
  • the user's access appliance uses a program that it receives from the commercial site in one of the pages that it downloads from the site to prompt the user to attach the Verifox key 34 to the appliance and to enter a personal identification number (PIN) 35.
  • PIN personal identification number
  • the user then types in their PIN 36 (FIG 2b).
  • the browser then sends the personal identification number to the key 37.
  • the key verifies that the personal identification number is correct 38. If the personal identification number is not correct the key returns an error message and maintains a count of the number of sequential incorrect access attempts 39. If the personal identification number is not correct the access appliance prompts the user to re-enter the number.
  • the access appliance sends the re-entered number to the key. If the count of the number of sequential incorrect accesses reaches a predefined number, such as three, then the key permanently disables itself and is no longer usable 40.
  • the key sends a message to the access appliance to inform it that the key is activated 42 (FIG 2c).
  • the access appliance receives the message that the key is activated it sends the message containing the commercial site identifier, the random sequence of letters and the cryptographic signature that it received from the commercial site to the key.
  • the key stores the cryptographic signature in a buffer for later use.
  • the key retrieves the commercial site's secret number from its internal memory that is associated with the commercial site name that it received in the message from the access appliance.
  • the key regenerates the commercial site's cryptographic signature of the random sequence of letters contained in the message received from the access appliance using its copy of the commercial site's secret number.
  • the key compares the cryptographic signature that it received in the message from the access appliance with the cryptographic signature that it generated independently. If the signatures do not match, the key sends a message to the access appliance that indicates that the commercial site message could not be authenticated. The key cannot perform any other function until it receives a message from a site that it can authenticate. The key maintains a count of consecutive failures to authenticate commercial sites. If there are more than a predefined number of consecutive failures the key disables itself permanently.
  • the browser instructs the key to sign the transaction docket with the user' s digital signature 51 (FIG 2d).
  • the key subsequently generates a cryptographic signature of the random letters received from the commercial site using the user's secret number that is stored in the key, a copy of which is contained in the user's record on the commercial site.
  • the signed docket is returned to the browser 52, indicating to the access appliance that the key has successfully authenticated the server message.
  • the access appliance sends the user's signature of the random message to the commercial Website 53.
  • the Website generates the cryptographic signature of the random letters that was previously sent to the user's access appliance and stored in the user's record, using its copy of the user's secret number that it has stored in the user's record.
  • the user If the cryptographic signature that the commercial site received from the access appliance does not match the cryptographic signature that the commercial site generated using the user's secret number, then the user is not authenticated and the commercial site discards the transaction. If the cryptographic signature of that the commercial site received from the access appliance matches the cryptographic signature that the commercial site generated using the user's secret number, then the user is authenticated to the server.
  • the server generates a new random sequence of letters and stores them in the user's record.
  • the commercial site generates a cryptographic signature of the new sequence of random letters and a transaction docket using its secret number.
  • the commercial site sends the transaction docket 43 (FIG 2c) and the new random letter and the cryptographic signature to the user's access appliance.
  • the access appliance displays the transaction docket 43 to the user and prompts the user to authenticate the transaction docket 43 and thereby complete the transaction.
  • the user indicates his or her desire to authenticate the transaction by clicking on a button.
  • the access application sends the transaction document, the random letters and the commercial site's cryptographic signature to the key.
  • the key stores the cryptographic signature in a buffer for later use.
  • the key retrieves the commercial site's secret number from its internal memory that is associated with the commercial site name that it received in the message from the access appliance.
  • the key regenerates the commercial site's cryptographic signature of the random sequence of letters and the transaction docket contained in the message received from the access appliance using the key's copy of the commercial site's secret number.
  • the key compares the commercial site's cryptographic signature that it received in the message from the access appliance with the cryptographic signature that it generated independently.
  • the key sends a message to the access appliance 46 that indicates that the commercial site message could not be authenticated.
  • the key cannot perform any other function until it receives a message from a site that it can authenticate.
  • the key maintains a count of consecutive failures to authenticate commercial sites. If there are more than a predefined number of consecutive failures the key disables itself permanently.
  • the signatures match the key generates a cryptographic signature of the random letters received from the commercial site together with the transaction docket using the user's secret number that is stored in the key, a copy of which is contained in the user's record on the commercial site.
  • the key sends the user's cryptographic signature to the access appliance to indicate that the key has successfully authenticated the server message and the transaction docket 48.
  • the access appliance sends the user's cryptographic signature of the random letters and the transaction docket 43 to the commercial site.
  • the ' commercial site retrieves the random letters and the transaction docket from the user's record and generates a cryptographic signature of them using its copy of the user's secret number. If the signature matches the signature that is received from the access appliance then the transaction is authenticated.
  • the Website then executes the transaction 54.
  • the user and peer will receive notifications from the Verifox server that the transaction has been verified and executed. All other transaction details are carried out directly between the user' s financial institution and the peer. No personal information whatsoever has to be transferred between the user and peer.
  • the same verification process is carried out each time a new transaction page is entered, or after chosen time intervals, in order to ensure that no unauthorized parties intervene in the buying process, however dynamic this process may be.
  • the current invention can also be used in other contexts where sharing of • information is of a sensitive nature. For example, transfer of restricted technical information, secret personal medical information, remote operation of software, secretive military information etc. may require highly secure authentication, which can be supplied by the current invention.
  • Another feature of the key is the disabling process, by which a key, which is used in an unauthorized way, can be automatically permanently disabled.

Abstract

An authentication system including an active smart-key (20) for automatically cross verifying all partners involved in communicating or transacting online, using any Internet enable device (15) or system. This invention enables users to communicate and transact from any Internet enabled device, in a secure and easy to use way, without transferring any personal details between the user and the merchant or source (10). All personal information is given over when registering as user, and is not used by any third parties. The system verifies all the relevant users every time a new page or device is used, ensuring a constantly authenticated and highly private information communication experience online.

Description

AUTOMATIC AUTHENTICATION SYSTEM THAT CROSS-VERIFIES DIGITAL IDENTITIES
FIELD AND BACKGROUND OF THE INVENTION
The present invention relates to a secure automatic authentication system for cross-verifying digital identities of transaction or information sharing partners, without a need for transferring personal information.
One of the major obstacles restraining the boom in Internet commerce and highly sensitive information sharing is security concerns. Users are expected to provide personal information when transacting a sale or initiating sensitive communication, and are rightly concerned that any personal information provided can be given over to the wrong hands and used in unauthorized ways.
Various attempts have been made to secure online transactions and communications. The following table illustrates competing strategies and their pros and cons. Nerifox represents the technology of the current invention.
Figure imgf000002_0001
Most known Internet security systems tend to protect the identity of the purchaser by decoding and encoding personal information provided during the transaction process. However this information is always available to potential hackers, and is also vulnerable to unauthorized usage from the side of the merchant.
There is thus a widely recognized need for, and it would be highly advantageous to have, a system where both communicating peers are able to be continually cross verified, without requiring a transfer of personal information, and where private information is not stored or channeled to trading partners. It would also be beneficial to have a system where the user can identify themselves using any type of Internet enabled device or system, and where unauthorized usage of the system would lead to rapid disabling of the system. The present invention facilitates secure online transactions and communications by verifying all the involved parties on a dynamic basis. For example, the current invention is able to verify both the buyer and seller, on every page where a possible transaction or sensitive exchange of information is required, without the need to transfer personal information between them. Users of the current invention may possibly execute secure Internet transactions from any Internet enable device that the smart-key can connect to, with no need to download any specific software or install any specific hardware. The key will connect to all major hardware communication components, such as USB's, RS232 etc., as well alternative information transfer means such as radio waves, infra red etc. The key will have an internal computer that is able to receive, store, process and send the necessary information in order to ensure secure, cross-verified communications and transactions.
SUMMARY OF THE INVENTION
According to the present invention there is provided a system for automatically cross verifying all partners involved in transactions and information transfer using the Internet, with any Internet enabled systems or devices, comprising: i) A smart-key authentication device with software programs based on trap door algorithms and hash functions for the smart key that are able to generate keyed message digests, encode and decode binary data. This key will be used for storing, processing and communicating encrypted information; ii) A Web server with a secret key database for storing, decrypting, processing and communicating relevant information, and executing transactions; iii) Client devices or systems, such as cellular phones, PDAs, desktop computers and any other Internet enabled computing devices; iv) Websites of vendors, financial institutions, information providers etc with software that will provide the interface for users to enter information into the system.
The present invention is that of a secure automatic authentication system for cross- verifying digital identities of information sharing partners, without a need for transferring personal information. The system is comprised of a portable device, called a smart-key, software programs for the smart-key, a central database and client software for users. The smart-key is a mini-computer that can store, process and communicate information, such as personal identification numbers (PIN), contact and identity information, bank and credit card details, personal preferences, codes and more. The smart-key typically contains the digital identities of the user and the set of communication peers (communication partners including people, companies and Websites on the users' contact or trade list). The digital identities are encrypted, and the key can both receive and broadcast encoded and decoded information in order to authenticate a communication peer, as well as provide the peer with the means of authenticating the user. The invention stores all the private information on the key, and enables secure communications using only PIN codes etc., so that no other personal information needs to be transferred over the Internet. Furthermore the identity of both users communicating are re-authenticated each time a new page or device is accessed. In this way users can conduct extremely secure, automatically cross-authenticated transactions and communications using multiple Internet enabled devices. The current invention uses current communication standards such as USB, RS232, infrared RF and other electromagnetic technologies to communicate with PC's, ATM's, PDA's, mobile phones or any other similarly equipped devices.
BRIEF DESCRIPTION OF THE DRAWINGS
FIGURE 1 illustrates the essential components of the key security system according to the present invention.
FIGURE 2 is a flow chart describing a typical user session of the key security system according to the present invention. DESCRIPTION OF THE PREFERRED EMBODIMENT
The present invention is of a system for automatically cross verifying all partners involved in transferring information or executing transactions online, using any
Internet enabled system or device. The principles and operations of such a system according to the present invention may be better understood with reference to the drawings and the accompanying description, wherein:
FIGURE 1 illustrates the essential elements of the key security system according to the current invention. The following describes one of many possible embodiments of the present system. The system, however, is continuously being changed to follow changing market requirements and the continuously developing software environment.
1. The current invention, or Verifox Authentication System, executes on three processors; The three processors are a) The authentication server 10 b) the client device or workstation 15, and the c) the Verifox key or authentication device 20.
The execution environments of each of these processors are specified in the following sections.
2. Execution Environments
2.1 Authentication Server Environment
The authentication server 5 according to the present configuration has the following specifications: a) The operating system is RedHat Linux 5.1 b) The HTTP server is apache_1.3.12 or apache_1.3.12+ssl_1.39 c) The SSL encryption is provided by openssl-0.9.4 d) The HTTP server is built with php-3.0.12 e) PHP is built with mhash-0.7.0 f) For the Verifox project we have added an extension to mhash-0.7.0 that provides keyed SHA1 hashing. g) The database 11 is msql-2.0.10.1 h) Current compatible browser software includes Windows 2000, Netscape Navigator 4.x or Microsoft Internet Explorer 5.
2.2 Client Side Environment The client environment 15 is a PC running Microsoft Windows 98 or Microsoft Windows 2000, Netscape Navigator 4.7 or Microsoft Internet Explorer 5.
2.3 Key Environment
The key environment 20 is currently a PC running RedHat 6.1. The planned environment is ScanLogic or any other USB processor.
3. Executable Files and Programming Languages
3.1 Server Executables
The authentication server has a series of HTML pages that contain embedded PHP code. The PHP code performs: a) database access functions b) random number generation c) SHA1 hash computation d) client authentication by means of hash comparisons The HTML pages serve the client: a) forms for data entry b) a Java applet or ActiveX component 17 for accessing the USB port for communication with the key c) Javascript or ActiveX glue routines for transferring parameters to and from the applet d) graphic content in the form of GIF or JPG files
Currently the HTML pages contain the HTML code, PHP code and Javascript code. It would be better to separate the Javascript into a separate .js file since the Javascript code is identical for all server HTML pages. The Java applet is compiled using the JDK1.8 javac compiler from Sun
Microsystems. In the current implementation the applet is packaged in a digitally signed jar file for use with a Netscape Navigator client.
3.2 The Client Executables
The client environment executables are the HTML pages that the client browser receives from the authentication server and the Java applet or activeX component that the client uses to communicate with the key using a USB.
The client browser must support execution of Java applets from an external JRE.
3.3 The Key Executables
The key executes compiled and linked ANSI C code that performs hashing hashing functions. There is one executable file.
4. Development Environment
The development environment includes: 1. ANSI C development 2. PHP development
3. Java development
4. HTML and Javascript development
5. Java code signing
These environments are described in the following paragraphs.
4.1 ANSI C Development
The keyed SHAl hash extensions to mhash-0.7.0 are developed in ANSI C on the RedHat Linux 5.1 authentication server using the GPL licensed GNU C compiler version 2.7.2.3. The mhash-0.7.0 stock build environment was modified slightly to cause it to build and install the extensions.
The key code has been developed on a RedHat Linux 6.2 workstation using
GPL licensed GNU C compiler version egcs-2.91.66 19990314/Linux (egcs-1.1.2 release). A custom makefile in GNU Make version 3.77 syntax was developed to build the key object files and the key executable. The C debugger, GNU gdb 4.18, was used in debugging and testing the key code.
4.2 PHP Development
The PHP development does not require any special development environment other than a text editor.
4.3 Java Development
The Java development does not require any special development environment other that a text editor and the javac compiler. Testing the applet requires the ability to upload the applet class files to an HTTP server and then execute them using a browser.
4.4 HTML and Javascript Development
The HTML and Javascript development requires only a text editor for the code development. The testing requires uploading the HTML pages to an HTTP server and then rendering the pages using a browser on a client machine.
4.5 Java Code Signing
The Java applet code signing requires a code signing tool and code signing cryptographic certificate. We tested the applet first using the javakey code signing tool provided with JDK1.8 and certificates that we generated ourselves using javakey. This code signing enables execution of the applet using appletviewer or the HotJava browser.
We subsequently modified the applet to use the Netscape security classes and signed the applet using the Netscape code signing tool and a temporary code signing certificate good for 15 days provided by Netscape.
All of the applet signing tools execute in the Microsoft Windows environment. We developed several simple batch files to automate process of signing the applets.
5. Protocols
The Verifox Authentication System contains four distinct communication protocols:
1. Key I/O protocol
2. USB port protocol
3. Javascript to Java applet protocol 4. Authentication protocol
5.1 Key I/O protocol
The key I/O protocol is currently a trivial asynchronous bufferred read/write protocol over RS232. To implement the key in firmware requires replacing this protocol with a semaphore protected read/write scheme since the firmware environment does not provide I/O buffering.
5.2 USB Port Protocol
The USB port protocol is a simple asynchronous read/write protocol that is currently implemented using a proprietary system driver communicating with a USB hardware device.
5.3 JavaScript to Java Apple Protocol
The Javascript to Java applet protocol is a trivial, one-to-one pair of function calls. One function passes a string to the applet. The other function passes a string to the applet and returns a string from the applet. This interface will be simplified to consist of only a single Javascript function that passes a string to the Java applet and returns a string from the applet.
5.4 Authentication Protocol
The authentication protocol is the message protocol between the authentication server, the client browser and the key that enables the user to perform secure authenticated transactions. This protocol is currently under development.
A demo version of the protocol is provided in the current implementation. The smart key authentication device 30 of the current invention is a mobile physical device (or possibly a hardware implant or software-implanted device) that may be in various physical forms. It will be able to access various computing and communication devices, by any mechanism that can connect it into one of the device's sockets (or any other type of information entry possibility, such as Bluetooth, infra red etc.), or by a hardware implant into any system or device. This key may be customized according to the needs of the key suppliers, for example the various banks, consumer organizations and financial institutions. The key will be more than a smart card, it will have memory storage and transfer facilities, like a smart card, but in addition to this will have processing ability. In order to achieve this the key will be programmed with a trap door algorithm and a hash function, for permitting one-way function calculations. These programs can be adapted to a variety of hardware forms, The key includes a multiple layer programming for various applications, allowing the key to be easily adapted to the requirements of the particular hardware and software being used by a licensed agency
Transactions using the current invention can take place between transactional partners, or peers, using any Internet enabled devices, such as PCs, PDAs or mobile phones. The smart key according the current invention will be compatible with almost all of these devices. Following are the key principles of operation of the Verifox Authentication Key, according to the current invention:
1. The Key stores a secret consisting of binary data that represents the identity of the Key owner
2. The Key stores a set of secrets consisting of binary data that represent the entities with which the owner of the Key is willing to communicate
3. The Key stores a set of names, each one associated with one of the secrets
4. The Key has a set of programs for generating keyed message digests
5. The Key stores a set of names, each one associated with one of the message digest programs 6. The Key has a set of programs each of which can encode and decode binary data to or from a particular type of data format
7. The Key stores the secrets, names and programs in an encrypted format
8. The Key can accept a personal identification number (PIN) that enables its operation by decrypting the secrets, names and programs 9. The Key has a feature that permanently disables the Key if more than a predefined number of incorrect PIN's are accepted 10. The Key can receive a message consisting of a data format type, the name of a secret, a message digest program name, a message digest and a set of data, and can compute the message digest of the set of data using the named secret and the named program 11. The Key can compare the message digest that it received with the message digest that it computes and can store the result of the comparison 12. The Key can receive a message consisting of a data format type, the name of a secret, a message digest program name and a set of data, and can output the message digest of the data in the received format type 13. The output of the Key can be controlled according to the result of the message digest comparison 14. The Key has a proprietary interface over the USB bus
FIGURE 2 illustrates a prime example of the usage of the current invention, in the case of an online transaction. Any user of the current invention initially registers and subscribes via the site or any participating financial institution. Upon registration, all relevant personal and financial data is given over by the user or merchant. Each potential financial transaction type, for example between the user and a chosen merchant, is programmed as a single digital key that is known by both sides. In this way any future communication or transaction between the user and the merchant (referred to as a peer) will have a pre-defined identity unique to these two partners. The registered user starts 30 (FIG 2a) the buying or information accessing process from an Internet access appliance some type of navigational software, such as a Web browser 31 operating on a personal computer to access an Internet commerce site such as an online store or bank. The user specifies a preferred transaction using the forms or transaction pages 32 that the commercial site provides.
At this stage the user can decide to proceed as usual, entering credit card details etc., or to proceed with executing the transaction using the current invention. In order to complete the transaction the user uses a form or page provided by the commercial site to indicate that the user desires to authenticate the transaction using the Verifox Authentication System. The enabling feature for this to occur will be an icon or textual reference to Verifox (the current invention), such as an applet. Typically this is a program written in the Java programming language (a Java Applet) or in ActiveX. Clicking upon this link will connect the user to the Verifox server. When a site has it own Verifox servers that includes its clients database, for example a bank, commercial or professional organization etc., the negotiations are as described between the client and the organization. But when a random transaction is being made with a foreign client there are no negotiations between the merchant and the client. In that case, the verification and negotiations are between the merchant/service supplier and the Verifox server, and in a totally separate action between the client and the Verifox server. When both of them have been authenticated the deal is approved.
Once connected to the Verifox server, a simple form requesting the user to identify him or herself to the commercial site using a one-time non-negotiable instrument such as a simple user name. This instrument is not a credit card number, social security number or other instrument that can be used by anyone for any other purpose than for identification to the commercial site. The commercial site verifies that it has a record for the user.
The commercial site server generates a random sequence of several hundred letters and generates a cryptographic signature of this sequence using a secret number, a copy of which is also stored in the Verifox key that the user possesses.
The commercial site saves the random sequence of letters in the user's record in its database. The commercial site sends a message to the user's access appliance containing the name of the commercial site, the random sequence of letters and the cryptographic signature. The user's access appliance receives the message from the commercial site. The user's access appliance uses a program that it receives from the commercial site in one of the pages that it downloads from the site to prompt the user to attach the Verifox key 34 to the appliance and to enter a personal identification number (PIN) 35. The user then types in their PIN 36 (FIG 2b).
The browser then sends the personal identification number to the key 37. The key verifies that the personal identification number is correct 38. If the personal identification number is not correct the key returns an error message and maintains a count of the number of sequential incorrect access attempts 39. If the personal identification number is not correct the access appliance prompts the user to re-enter the number.
The access appliance sends the re-entered number to the key. If the count of the number of sequential incorrect accesses reaches a predefined number, such as three, then the key permanently disables itself and is no longer usable 40.
If the personal identification number is correct 41, the key sends a message to the access appliance to inform it that the key is activated 42 (FIG 2c). When the access appliance receives the message that the key is activated it sends the message containing the commercial site identifier, the random sequence of letters and the cryptographic signature that it received from the commercial site to the key.
The key stores the cryptographic signature in a buffer for later use. The key retrieves the commercial site's secret number from its internal memory that is associated with the commercial site name that it received in the message from the access appliance. The key regenerates the commercial site's cryptographic signature of the random sequence of letters contained in the message received from the access appliance using its copy of the commercial site's secret number.
The key compares the cryptographic signature that it received in the message from the access appliance with the cryptographic signature that it generated independently. If the signatures do not match, the key sends a message to the access appliance that indicates that the commercial site message could not be authenticated. The key cannot perform any other function until it receives a message from a site that it can authenticate. The key maintains a count of consecutive failures to authenticate commercial sites. If there are more than a predefined number of consecutive failures the key disables itself permanently.
If the signatures match, the browser instructs the key to sign the transaction docket with the user' s digital signature 51 (FIG 2d). The key subsequently generates a cryptographic signature of the random letters received from the commercial site using the user's secret number that is stored in the key, a copy of which is contained in the user's record on the commercial site. The signed docket is returned to the browser 52, indicating to the access appliance that the key has successfully authenticated the server message. The access appliance sends the user's signature of the random message to the commercial Website 53.
A similar process happens on the side of the Website of the commercial entity. The Website generates the cryptographic signature of the random letters that was previously sent to the user's access appliance and stored in the user's record, using its copy of the user's secret number that it has stored in the user's record.
If the cryptographic signature that the commercial site received from the access appliance does not match the cryptographic signature that the commercial site generated using the user's secret number, then the user is not authenticated and the commercial site discards the transaction. If the cryptographic signature of that the commercial site received from the access appliance matches the cryptographic signature that the commercial site generated using the user's secret number, then the user is authenticated to the server. The server generates a new random sequence of letters and stores them in the user's record. The commercial site generates a cryptographic signature of the new sequence of random letters and a transaction docket using its secret number. The commercial site sends the transaction docket 43 (FIG 2c) and the new random letter and the cryptographic signature to the user's access appliance. The access appliance displays the transaction docket 43 to the user and prompts the user to authenticate the transaction docket 43 and thereby complete the transaction. The user indicates his or her desire to authenticate the transaction by clicking on a button. The access application sends the transaction document, the random letters and the commercial site's cryptographic signature to the key. The key stores the cryptographic signature in a buffer for later use. The key retrieves the commercial site's secret number from its internal memory that is associated with the commercial site name that it received in the message from the access appliance. The key regenerates the commercial site's cryptographic signature of the random sequence of letters and the transaction docket contained in the message received from the access appliance using the key's copy of the commercial site's secret number. The key compares the commercial site's cryptographic signature that it received in the message from the access appliance with the cryptographic signature that it generated independently.
If the signatures do not match 45, the key sends a message to the access appliance 46 that indicates that the commercial site message could not be authenticated. The key cannot perform any other function until it receives a message from a site that it can authenticate. The key maintains a count of consecutive failures to authenticate commercial sites. If there are more than a predefined number of consecutive failures the key disables itself permanently. If the signatures match, the key generates a cryptographic signature of the random letters received from the commercial site together with the transaction docket using the user's secret number that is stored in the key, a copy of which is contained in the user's record on the commercial site.
The key sends the user's cryptographic signature to the access appliance to indicate that the key has successfully authenticated the server message and the transaction docket 48. The access appliance sends the user's cryptographic signature of the random letters and the transaction docket 43 to the commercial site. The ' commercial site retrieves the random letters and the transaction docket from the user's record and generates a cryptographic signature of them using its copy of the user's secret number. If the signature matches the signature that is received from the access appliance then the transaction is authenticated. The Website then executes the transaction 54.
The user and peer will receive notifications from the Verifox server that the transaction has been verified and executed. All other transaction details are carried out directly between the user' s financial institution and the peer. No personal information whatsoever has to be transferred between the user and peer.
The same verification process is carried out each time a new transaction page is entered, or after chosen time intervals, in order to ensure that no unauthorized parties intervene in the buying process, however dynamic this process may be. The current invention can also be used in other contexts where sharing of • information is of a sensitive nature. For example, transfer of restricted technical information, secret personal medical information, remote operation of software, secretive military information etc. may require highly secure authentication, which can be supplied by the current invention.
Another feature of the key is the disabling process, by which a key, which is used in an unauthorized way, can be automatically permanently disabled.
While the invention has been described with respect to a limited number of embodiments, it will be appreciated that many variations, modifications and other applications of the invention may be made.

Claims

WHAT IS CLAIMED IS:
1. A system for automatically cross-authenticating digital identities of information partners or transactional peers without transferring personal information between them, comprising: an active smart-key for storing personal information and processing identity verification, which can connect to various Internet enabled systems and devices; a server database for storing personal information and processing identity verification and communications in two separate processes, between the peer and the server, and between said smart key or said Internet enabled systems and devices and the server.
2. A system for automatically cross-authenticating digital identities of information partners or transactional peers without transferring personal information between them, according to the following steps: pre-registration at a licensed agent including giving over of personal and financial information and receiving of a personal security key device; dual authentication of both user and peer against said agent for all transactions or information transfers involving the system. automatic execution of said transaction after said authentication has been verified.
3. The system of claim 1, wherein the digital identities of all involved parties are verified every time a relevant new page or device is accessed.
4. The system of claim 1, wherein the active smart-key is a mobile hardware or even software based device with an internal mini-computer, including a central processing unit, read-only memory, random-access memory and EEPROM, that can be connected to any device supporting a USB, RS232, infrared wireless technology or any other relevant communications technology.
5. The system of claim 4, wherein said active smart-key can store, process and communicate encrypted information, using a trap door algorithm and a hash function.
6. The system of claim 4, wherein said active smart-key contains a fragile envelope, based on a shattering casing or a glass bead interior that can disable the device when being opened up.
7. The system of claim 1, wherein authentication is performed continuously without the need for the user to confirm, so that the system automatically matches between users, renewing the authentication on every new page where sensitive information can be transferred.
8. The system of claim 7, wherein the message starting each authentication process is random.
9. A method for automatically cross-authenticating digital identities of information partners or transactional peers without transferring personal information between them, according to the following steps: pre-registration at a licensed agent including giving over of personal and financial information and receiving of a personal security key device; dual authentication of both user and peer against said agent for all transactions or information transfers involving the system. automatic execution of said transaction after said authentication has been verified.
PCT/IL2001/000620 2000-07-06 2001-07-06 Automatic authentication system that cross-verifies digital identities WO2002005476A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001270959A AU2001270959A1 (en) 2000-07-06 2001-07-06 Automatic authentication system that cross-verifies digital identities

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US61129700A 2000-07-06 2000-07-06
US09/611,297 2000-07-06

Publications (1)

Publication Number Publication Date
WO2002005476A1 true WO2002005476A1 (en) 2002-01-17

Family

ID=24448466

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IL2001/000620 WO2002005476A1 (en) 2000-07-06 2001-07-06 Automatic authentication system that cross-verifies digital identities

Country Status (2)

Country Link
AU (1) AU2001270959A1 (en)
WO (1) WO2002005476A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7116349B1 (en) 2005-04-04 2006-10-03 Leadtek Research Inc. Method of videophone data transmission
EP1715690A1 (en) * 2005-04-18 2006-10-25 Leadtek Research Inc. Method of videophone data transmission
US7480934B2 (en) 2003-06-17 2009-01-20 International Business Machines Corporation Multiple identity management in an electronic commerce site
US8615787B2 (en) 2006-05-22 2013-12-24 Nxp B.V. Secure internet transaction method and apparatus

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5623637A (en) * 1993-12-06 1997-04-22 Telequip Corporation Encrypted data storage card including smartcard integrated circuit for storing an access password and encryption keys
US5761309A (en) * 1994-08-30 1998-06-02 Kokusai Denshin Denwa Co., Ltd. Authentication system
US5778071A (en) * 1994-07-12 1998-07-07 Information Resource Engineering, Inc. Pocket encrypting and authenticating communications device
US6044470A (en) * 1996-09-12 2000-03-28 Kabushiki Kaisha Toshiba IC card portable terminal apparatus

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5623637A (en) * 1993-12-06 1997-04-22 Telequip Corporation Encrypted data storage card including smartcard integrated circuit for storing an access password and encryption keys
US5778071A (en) * 1994-07-12 1998-07-07 Information Resource Engineering, Inc. Pocket encrypting and authenticating communications device
US5761309A (en) * 1994-08-30 1998-06-02 Kokusai Denshin Denwa Co., Ltd. Authentication system
US6044470A (en) * 1996-09-12 2000-03-28 Kabushiki Kaisha Toshiba IC card portable terminal apparatus

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7480934B2 (en) 2003-06-17 2009-01-20 International Business Machines Corporation Multiple identity management in an electronic commerce site
US7958545B2 (en) 2003-06-17 2011-06-07 International Business Machines Corporation Multiple identity management in an electronic commerce site
US8359396B2 (en) 2003-06-17 2013-01-22 International Business Machines Corporation Multiple identity management in an electronic commerce site
US7116349B1 (en) 2005-04-04 2006-10-03 Leadtek Research Inc. Method of videophone data transmission
EP1715690A1 (en) * 2005-04-18 2006-10-25 Leadtek Research Inc. Method of videophone data transmission
US8615787B2 (en) 2006-05-22 2013-12-24 Nxp B.V. Secure internet transaction method and apparatus

Also Published As

Publication number Publication date
AU2001270959A1 (en) 2002-01-21

Similar Documents

Publication Publication Date Title
CN109951489B (en) Digital identity authentication method, equipment, device, system and storage medium
US8387119B2 (en) Secure application network
RU2415470C2 (en) Method of creating security code, method of using said code, programmable device for realising said method
US8661520B2 (en) Systems and methods for identification and authentication of a user
US20120254768A1 (en) Customizing mobile applications
US20090228370A1 (en) Systems and methods for identification and authentication of a user
TR201810238T4 (en) The appropriate authentication method and apparatus for the user using a mobile authentication application.
JP2006502456A (en) Privacy and identity verification information in data communication networks
JP2005531823A (en) Controlling user access to resources distributed over a data communications network
JP2005531822A (en) Enhanced privacy protection for identity verification over data communications networks
JP2005539279A (en) Enhanced privacy protection for identity verification over data communications networks
TW200907743A (en) Activation system architecture
MX2008011277A (en) Digipass for the web-functional description.
JP2017505048A (en) Electronic signature method, system and apparatus
KR20090006831A (en) Authentication for a commercial transaction using a mobile module
WO2001013574A1 (en) A digital signature service
US20140172741A1 (en) Method and system for security information interaction based on internet
CN112883361B (en) Function jump method and device of application program, computer equipment and storage medium
CN110661814A (en) Bidding file encryption and decryption method, device, equipment and medium
TW576065B (en) Method and apparatus for secure mobile transaction
JP5277888B2 (en) Application issuing system, apparatus and method
KR100848966B1 (en) Method for authenticating and decrypting of short message based on public key
WO2002005476A1 (en) Automatic authentication system that cross-verifies digital identities
KR101836236B1 (en) User authentication method and apparatus using authentication between applications, program therefor
CN112150151B (en) Secure payment method, apparatus, electronic device and storage medium

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP