WO2002008974A2 - Ameliorations portant sur la securite de systemes d'authentification - Google Patents

Ameliorations portant sur la securite de systemes d'authentification Download PDF

Info

Publication number
WO2002008974A2
WO2002008974A2 PCT/GB2001/003298 GB0103298W WO0208974A2 WO 2002008974 A2 WO2002008974 A2 WO 2002008974A2 GB 0103298 W GB0103298 W GB 0103298W WO 0208974 A2 WO0208974 A2 WO 0208974A2
Authority
WO
WIPO (PCT)
Prior art keywords
subset
authentication
store
elements
user
Prior art date
Application number
PCT/GB2001/003298
Other languages
English (en)
Other versions
WO2002008974A3 (fr
Inventor
Giles Martin Wren-Hilton
Original Assignee
Nexxgen Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from GB0018047A external-priority patent/GB0018047D0/en
Priority claimed from GB0111978A external-priority patent/GB0111978D0/en
Application filed by Nexxgen Limited filed Critical Nexxgen Limited
Priority to AU2001270912A priority Critical patent/AU2001270912A1/en
Publication of WO2002008974A2 publication Critical patent/WO2002008974A2/fr
Publication of WO2002008974A3 publication Critical patent/WO2002008974A3/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/04Billing or invoicing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures

Definitions

  • the present invention concerns improvements relating to the security of authentication systems and provides, more specifically, though not exclusively, a method of and an apparatus for simple, low cost personal authentication over non-secure communications channels such as the Internet or a public telephone network.
  • a more robust example of known information is a memorised password - commonly used for authenticating computer users or users of Internet-based services. This will usually be set, in the first instance, by a system administrator and then communicated to the individual who has been registered to use the system. When the set password is first used, the user will usually be given the opportunity to re-set it to something which they can readily recall.
  • a system may require passwords to contain non-alphanumeric characters. Constraints on what characters may be used are intended to make the system more resilient against so- called 'dictionary attacks' made by computer hackers. Many users base their passwords on real words and so hackers attempt to gain access to systems by creating algorithms which systematically work through a database, or 'dictionary', of common words or phrases. The introduction of non-alphanumeric characters increases the number of possible password variants, but this only makes passwords more time- consuming to crack and hackers have responded by adapting their algorithms to substitute in random non-alphanumeric characters as required and to process the variants at an ever-increasing rate.
  • PINs personal identification numbers
  • PINs personal identification numbers
  • Examples of items that a person may be asked to produce include a driving licence, a passport or an identity card.
  • a driving licence a passport
  • an identity card a separate record of our identity can be stored on a personal portable device which can be read by machines.
  • a so-called smart card is a plastic card of the same dimensions as a credit card but with limited processing and data storage capabilities.
  • machine-readable identity cards require expensive equipment to be installed at all points where authentication is required and so the coverage offered by this solution is limited.
  • tokens small handheld electronic devices
  • the token generates statistically random numbers by executing an algorithm which generates pseudo random numbers.
  • a copy of the token's algorithm is stored centrally by the computer system, so that the user is authenticated if the number generated by the token matches that generated by the stored algorithm.
  • Tokens may be independent devices featuring a liquid crystal display, a key pad and an on-board power source, whereby the user enters a challenge received from the central computer system into the token and is provided with the response they should give.
  • tokens can be devices which are connected to a computer system to generate and communicate authentication data directly; these devices are commonly referred to as 'dongles' but again they require specialist readers to be installed.
  • Tokens contain delicate electronics, though, which must be protected from physical extremes such as temperature, humidity, vibration and shock. Special casing is required which, in addition to the cost of the electronic components, makes the tokens expensive to manufacture.
  • Certain physical environments preclude the use of tokens as a means for authentication - for example if there are strong magnetic fields. The cost of tokens, presently around the $80 mark, dictates that they are only issued to those employees whose jobs are deemed to require such security; this clearly does not meet the requirements of a global or mobile workforce. In addition to the above, if a person is issued with multiple tokens to access a number of different systems, then the physical size of the tokens will become a cumbersome inconvenience.
  • the present invention resides in the appreciation that the degree of security required for most personal authentication solutions need not be absolute and that, as a result, an authentication system can be provided, which is relatively secure yet easy-to-use and significantly low-cost, based on a challenge/response mechanism where the response is a readily selectable option provided on a portable personal authentication store.
  • a personal authentication store for use in authenticating the identity of a user by determining a response to an authorisation challenge
  • the authentication store comprising: a unique identifier for identifying the authentication store and hence the identity of the user; a first subset of a plurality of humanly readable elements; and a second subset of a plurality of humanly readable elements, each subset having been selected from a group of elements from a larger corresponding set and each element of the first subset being visually related to a specific one of the plurality of elements in the second subset, wherein the unique identifier is related to each element of the first subset and to each respective corresponding visually related element of the second subset by machine stored information external to the store such that authentication of the personal store requires the use of the machine stored information to verify the visual relationship between an element of the first subset provided as the authentication challenge and an element of the second subset provided as the response thereto.
  • the personal authentication store does not have to be electronic and does not require any special electronic reading equipment thereby significantly reducing its cost but increasing its portability and its ease of operability.
  • the term 'humanly readable element' is intended to cover any visual identifier such as an icon or a colour having a distinct name associated with it which is provided on the store in place of that written name.
  • the term 'unique user identifier' can be a number, barcode or any representation of an alphanumeric number unique to the personal store. It can also be a serial number which is used in the production of the card and in its distribution.
  • the term 'subset' or 'set' is intended to mean a group of data elements which share a common feature, such as a category or colour, the subset being a selection from a defined set.
  • the term 'authenticating' is intended to mean a process of confirming electronically a claimed relationship or identity.
  • the visual relationship between the elements of the first and second subsets can be achieved in many ways. For example, it may comprise a positional relationship, such that by virtue of how the elements of the first and second subsets are positioned, there is only one member of the second subset that corresponds to the challenge member of the first set. Also the relationship can be a colour relationship or a graphical relationship such that appearance of the personal data store can be enhanced to make the store more customisable in appearance. This can make the store, such as a card, far more attractive to younger users, for example.
  • the elements of one of the first or the second subsets may comprise the features of the visual relationship. This advantageously minimises the amount of space required on the portable data store for displaying each challenge and associated response. This is because the elements of the first or second subsets can be made up of different colours and the colours themselves can be the responses or the challenges. Also, it is possible for one subset of elements to be displayed and the positional relationship with parts of the store (e.g. top left-hand corner) can be used to identify the required response.
  • the elements of the first and second subsets comprise alphanumeric characters.
  • the advantage of these types of characters is that they are readily transmittable across data networks such as the Internet or over the public telephone network (where input from the authentication card holder of non-numeric data would be more challenging than entering numeric data using the telephone's keypad).
  • the invention is particularly easy to use for people of all ages and requires little to no training on the part of the user.
  • the alphanumeric characters preferably have a minimum font size of ten points. If the font size is any smaller than this then the characters become too difficult for the average user to read correctly and would decrease the simplicity and ease of use of the personal store.
  • one of the first and second subsets comprises words and the subset of words comprise words selected from a list of words suitable to minimise confusion when verbally spoken across a telephone network. This again makes the challenge/response less prone to errors when used in an aural authentication check. More preferably, the subset of words comprise nouns. This type of element is relatively simple to recognise and use, which further prevents errors.
  • the words in the first subset are arranged in alphabetical order to facilitate the user rapidly finding the word from the presented subset on the store and reading back the corresponding response number into a terminal connected to an authentication system. Furthermore, the possibility of an error can be reduced by having a different type of information in the first subset to that provided in the second subset. More preferably, the information in the first and second subsets is non-personal to users such that even if this data is obtained unscrupulously, it would not compromise the user.
  • each subset There are a number of factors governing the size of each subset provided on the authentication store.
  • the smaller the number of information sets the greater the degree of assurance that the authentication store holder has that he is dealing with a valid authentication system by minimising the chance of an impostor authentication system correctly guessing information from any subset on the authentication store.
  • the information in the first or second subsets may be rendered on the authentication store in a colour other than black or white. This may help prevent casual (black and white) photocopying of the card.
  • many well-known anti-copy techniques may be used, such as preparing the information-bearing surface of the authentication store with an ink, coating, varnish or film whose properties include the reflection and/or diffraction of the light source in a photocopier, which prevents casual photocopying.
  • Another method to achieve this is to render the authentication store in such a way that the some or all of the information is not visible from straight in front of the card by, for example, using a lenticular covering.
  • the personal authentication store is provided as a simple plastics card.
  • the first and second subsets may be rendered on one face of the card having width and height dimensions substantially in accordance with standard ISO 7810, or on one face of a card which when folded has similar width and height dimensions.
  • the advantage conferred by this feature is that it may be conveniently carried on the person in a wallet or purse or similar container designed for ISO 7810 cards. It is a further advantage for the card to be much thinner than ISO 7810 financial transactions cards (e.g. credit cards) so that the authentication card may be placed with other cards while adding a minimum of extra thickness to the cardholder's wallet or purse. Thinner cards use less of the material used for card manufacture (such as PVC or polyester), which is beneficial to the environment and reduces manufacturing costs.
  • the authentication store is packaged in such a way as to ensure that no-one other than the intended user of the card has sight of the first and second subsets prior to the intended user obtaining the card.
  • This may be achieved by using well-known tamper-evident devices such as envelopes, or stores (cards) with removable perforated edges or stores with rub-removable ink or a scratch-off coating acting as a covering means all of which facilitate an irreversible process to render the information sets visible to the human eye.
  • the authentication store (card) and/or the packaging may feature a visible code, such as a serial number, the purpose of which is to uniquely identify the card at any point in the distribution process from the card manufacturer to the end user.
  • a visible code such as a serial number
  • This latter feature is particularly important if the authentication card has a prepayment value associated with it, so that authentication card may be enabled or disabled, as required, at any stage in the distribution process. It is also important for the card issuer to know who has received which authentication card, and this is achieved most securely if the authentication card is delivered to the user in an envelope, preferably a tamper-evident envelope.
  • the unique identifier may be a code such as a serial number, the purpose of which is to allow the cardholder to uniquely identify the card they are holding, for example to a system administrator or to the associated authentication computer upon initial registration of that card, without revealing any other information from the card.
  • This code, or serial number may be the same as, or related to, a visible code which may be seen prior to the store being given to the end user.
  • a specific and important advantage of the authentication store described above is that the authentication card holder is provided a reasonably high degree of assurance that he is dealing with a valid authentication system, not a bogus authentication system. More specifically, the response from the authentication system when the unique identifier of the personal authentication store is submitted can be considered a challenge-response mechanism from the user's perspective.
  • Another advantage of the authentication store is that it can be extremely low cost to manufacture. Also, when embodied as a card, its use does not require any special purpose terminal equipment other than a telephone device or a computer terminal connected to the Internet or connected to a computer network.
  • the authentication store may comprise an electronic device in which the first and second subsets can be held and displayed.
  • the electronic device comprises a mobile telephone, a personal digital assistant or other mobile computing device which are all common portable devices which can simply be programmed without substantial cost to display the information that would be displayed on a card for example in addition their primary use.
  • the authentication store may has a prepayment value associated with it and means for identifying the prepayment value to the user.
  • One field that can benefit from the advantages conferred by the present invention is that relating to, or concerned with, financial transactions and the authentication of those transactions to reduce or prevent fraud.
  • the invention may be used in conjunction with a financial transaction card (e.g. a credit or debit card) to authenticate financial transactions and hence reduce the possibility of fraud.
  • a financial transaction card e.g. a credit or debit card
  • the authentication store and credit card information can conveniently be provided in one card, for example, on opposed faces, though this is not as secure as providing the financial and security information on separate cards.
  • the personal authentication store together with an authentication system can be used for Cardholder Not Present (CNP) transactions over the Internet and over the telephone.
  • CNP Cardholder Not Present
  • An authentication method for use with the authentication card is an authentication method for use with the authentication card.
  • An authentication system for implementing the method may take different forms according to the application for which the authentication is required and is here described in general terms. Usually, but not necessarily, the authentication system will form part of a larger computer system providing other services.
  • a method of authenticating a personal authentication store for use in authenticating the identity of a user comprising: receiving a unique identifier of the personal authentication store; identifying first and second subsets of predetermined data elements using the unique identifier, each subset having been previously selected from a corresponding larger set of the data elements and each data element of the first subset corresponding to a specific one of the data elements of the second subset; selecting a data element from the first subset and transmitting the data element to the user as an authentication challenge; receiving a response to the authentication challenge from the user that has been determined by use of information provided on the personal authorisation store; and issuing an authentication signal if the response comprises the specific data element of the second subset that corresponds to the data element of the first subset used for the challenge.
  • the receiving step may comprise receiving a response to the authentication challenge from the user that has been determined by use of information provided on the personal authorisation store authentication described above.
  • the transmitting and receiving steps may comprise transmitting and receiving information over a telecommunications link such that remote authorisation of a user can be carried out. This is clearly advantageous as it enables CNP transactions to be authorised.
  • the transmitting and receiving steps are carried out via the Internet or via a short messaging service (SMS) exchange for mobile communications.
  • SMS short messaging service
  • the selection step may comprise selecting an element of the first data subset at random. This increases the difficulty for unscrupulous people detecting a sequence of challenges and responses such that they can predict what the next challenge will be.
  • the selection step may also comprise selecting an element of the first data subset randomly on first use of the personal authentication store and thereafter selecting an element of the first data subset deterministically such that a previously selected element has a lower chance of being selected than a previously not selected element. This balances the use of all the different elements in the first data set again to prevent someone working out what a response to a given challenge should be.
  • the selection step may comprise selecting an element of the first data subset sequentially in the order that the elements are displayed on the user's personal authentication store. Whilst this is not as secure a technique in some respects, it does have the benefit that the user is aware of what is the next challenge that they should be asked and so they are able to detect fraud by a challenge being asked out of the sequence presented on their card.
  • the method may further comprise making prepaid services available to the user in response to issuance of the authentication signal. This would typically comprise reducing a prepayment value stored in a prepayment field in accordance with the use of the prepaid services.
  • the application of the authentication method to prepaid services provides an additional layer of security to existing prepayment systems.
  • the method may further comprising processing a payment transaction in response to the issuance of the authentication signal, such that on-line Internet shopping can be carried out rapidly and effectively.
  • a system for authenticating a personal authentication store for use in authenticating the identity of a user comprising: a receiving means for receiving a unique identifier of the personal authentication store; identifying means for identifying first and second subsets of predetermined data elements using the unique identifier, each subset having been previously selected from a corresponding larger set of the data elements and each data element of the first subset corresponding to a specific one of the data elements of the second subset; selecting means for selecting a data element from the first subset; transmitting means for transmitting the data element to the user as an authentication challenge; the receiving means being arranged to receive a response to the authentication challenge from the user that has been determined by use of information provided on the personal authorisation store; and issuing means for issuing an authentication signal if the response comprises the specific data element of the second subset that corresponds to the data element of the first subset used for the challenge.
  • the authentication system is set up to accept an input that uniquely identifies which authorisation store, is to be authenticated. Normally this would be a serial number associated with the card, and may arrive at the authentication system indirectly, for example by a related system which has received other information identifying the user.
  • the authentication system has available to it a database of records, including the record showing the first and second subsets of elements which are uniquely related to each other, that corresponds to the unique identifier or a means of recreating the first and second subsets associated with the unique identifier.
  • the authentication system randomly or deterministically selects one of the elements of the first subset as a challenge to the user.
  • This challenge is submitted to the user and the user looks at the first and second subsets of elements on the authentication store and finds the response information corresponding to the challenge. The user then submits to the authentication system this response information, or information derived therefrom. The authentication system takes this response and if the response corresponds to the element of information in the second subset corresponding to the element selected for the challenge, the authentication system generates a positive authorisation signal; otherwise the authentication system generates a negative authorisation signal.
  • the authentication system may feature as a method of input, from a user to the system they are using, an on-screen representation of a keypad which the user uses with an onscreen pointer (such as that controlled by a mouse, trackball or similar device) and mouse button (or similar button) to enter the user's response to the authentication system's challenge.
  • an onscreen pointer such as that controlled by a mouse, trackball or similar device
  • mouse button or similar button
  • the authentication system may feature a method of encrypting the user's response whereby the authentication system submits a random data challenge along with the information challenge.
  • the user's response is used as a symmetric encryption key to encrypt the random data challenge, which is then sent back (via a web server) to the authentication system.
  • the authentication system decrypts the returned encrypted random data challenge with the associated information from the challenge and if the results match (that is, if when decrypted by the associated information from the challenge the same random data is generated as that random data sent in the random data challenge), the system generates an authorisation signal.
  • the advantage of this method is that the user's response is not sent back, and cannot therefore be captured by a covert communication channel listening device or program.
  • the present invention may be used in conjunction with other well-known security, cryptographic and authentication techniques and systems to further enhance many aspects of the overall security of a given system.
  • One example of an additional mechanism that may be used to provide further security to the invention is the use of encryption systems such as SSL on the Internet to encrypt the data flow between the computer being used by the cardholder and the web server they are connected to.
  • the enhanced system is a two-factor authentication system.
  • the present invention may be used in any field where a low-cost authentication mechanism is of benefit.
  • the authentication store and authentication system may also be used to provide authentication services over a voice communications channel such as that provided by a telephone.
  • the challenges from the authentication system may be spoken to the cardholder and the response from the cardholder spoken back to a speech recognition unit and passed to the authentication system or the cardholder may respond using the keys on the cardholder's telephone keypad.
  • the present invention also relates to a method of configuring a personal authentication store, for use in authenticating the identity of a user by determining a response to an authorisation challenge, the method comprising: determining a unique identifier for identifying the authentication store; selecting a first subset of a plurality of humanly readable elements from a corresponding larger set of the elements; selecting a second subset of a plurality of humanly readable elements from a corresponding larger set of the elements; relating the unique identifier to the first and second selected subsets and relating elements within the first subset to corresponding elements within the second subset, such that the elements of the first and second subsets can be used to validate the authenticity of the personal authentication store; and storing the unique identifier, the first subset and the second subset in the personal identification store, such that each element of the first subset is visually related to a specific one of the plurality of elements in the second subset, thereby enabling the user to determine which element of the second subset is to form a response to
  • Either of the selecting steps may comprise selecting the plurality of humanly readable elements which make up the first or second subsets randomly from the corresponding larger set of elements. This provides a good way of preventing fraudulent mass manufacture of authentication cards.
  • either of the selecting steps may comprise selecting the plurality of humanly readable elements which make up the first or second subsets deterministically such that there is no duplication of elements in any of the subsets. This is beneficial in that it avoids confusion in the generation of a response and also reduces the chances of a guessed response being correct.
  • the word or words used in the first subset are chosen from a dictionary of suitable words.
  • the suitability of words is governed by many factors including but not limited to the type of word (nouns are better than adverbs), the number of letters (preferably no more than eight has been established by the inventor), the number of syllables (no more than two) and how common usage of the word is - common words being more easily recognised, particularly over the telephone, than obscure ones - and the reading age (preferably no higher than eight) associated with a given word.
  • a further check by the first and second set generating computer may be made to remove and replace words that may be easily confused (by dyslexic misreading of the letters, similar phonetic sound, or otherwise).
  • the second subset comprises numbers
  • these corresponding numbers may be of any length but four to six digits provides a good balance between ease-of-use and being randomly guessed.
  • a four digit number has a one in ten thousand chance of being guessed correctly and a six digit number has a one in one million chance of being randomly guessed.
  • the elements of the first or second subsets may comprise alphanumeric characters and the storing step may comprise arranging the elements of the first or second subsets in alphabetic or numeric order in the personal authentication store. This advantageously provides a fast look up for the user.
  • a system for configuring a personal authentication store for use in authenticating the identity of a user by determining a response to an authorisation challenge, the system comprising: determining means for determining a unique identifier for identifying the authentication store; first selecting means for selecting a first subset of a plurality of humanly readable elements from a corresponding larger set of the elements; second selecting means for selecting a second subset of a plurality of humanly readable elements from a corresponding larger set of the elements; relating means arranged to relate the unique identifier to the first and second selected subsets and relating elements within the first subset to corresponding elements within the second subset, such that the elements of the first and second subsets can be used to validate the authenticity of the personal authentication store; and storing means arranged to store the unique identifier, the first subset and the second subset in the personal identification store, such that each element of the first subset is visually related to a specific one of the plurality of elements in the second sub
  • Figure 1 is a schematic block diagram showing a security system for authenticating users who wish to access a secure corporate Web site, according to a first embodiment of the invention
  • Figure 2 is a plan view of an authentication card which is used in conjunction with the security system of Figure 1, according to presently described embodiments of the invention
  • FIG 3 is a schematic block diagram showing an authentication system as featured in the security system of Figure 1 , according to presently described embodiments of the invention
  • Figure 4 is a table containing data which identifies users to the authentication system of Figure 3, according to presently described embodiments of the invention.
  • Figure 5 is a table containing data which is also stored on the authentication card of Figure 2, according to presently described embodiments of the invention.
  • Figure 6 is a flow diagram showing the steps involved in authenticating a user, according to the first embodiment of the invention.
  • Figure 7 is a flow diagram showing the steps involved in generating a challenge that is submitted to the user as a step in Figure 6;
  • Figure 8 is a schematic block diagram showing a security system for authenticating users via a centralised authentication authority, according to a second embodiment of the invention;
  • Figure 9 is a flow diagram showing the steps involved in authenticating a user, according to the second embodiment of the invention.
  • Figure 10 is a plan view of an alternative authentication card from that shown in Figure 2, according to presently described embodiments of the invention.
  • Figure 1 la is a plan view of the reverse side of the authentication card shown in Figure 2 when it features a set of payment card details, according to presently described embodiments of the invention
  • Figure 1 lb is a plan view of a tamper-evident envelope which can be used to package authentication cards, according to presently described embodiments of the invention
  • Figure 12 is a plan view of a personal digital assistant which displays the authentication data provided on the authentication card of Figure 2, according to presently described embodiments of the invention;
  • Figure 13 is a schematic block diagram showing a system for generating authentication cards, according to the first and second embodiments of the invention.
  • Figure 14 is a flow diagram showing the steps involved in producing a batch load of authentication cards, according to the first and second embodiments of the invention.
  • the security system 10 determines whether a user terminal 12, featuring a Web browser 14, is granted access to a corporate Web site 16.
  • the Web site 16 is hosted by a corporate server 18, which is accessible to the user terminal 12 via the Internet 20.
  • a communications link 21 connects the user's Web site browser 14 to the corporate server 18. All communication with the corporate Web site 16 is controlled by the corporate server 18 liasing with the login engine 22 and the authentication system 24.
  • the corporate server 18 shown in Figure 1 is provided with a login engine 22, for checking whether a username and password supplied from the user terminal 12 are recognised, together with an authentication system 24 for determining a second factor of authentication.
  • the login engine 22 refers to a database 26 of user details.
  • FIG. 2 shows an authentication card 30 which is used in conjunction with the security system 10.
  • the authentication card 30 is a personal item that is issued to all users of the corporate Web site 16. It stores information which is also held by the authentication system 24, such that the authentication system 24 can issue a user with a challenge and the user can refer to their authentication card 30 to provide an appropriate response.
  • the authentication card 30 has substantially the same dimensions as a standard credit card and is similarly manufactured from durable plastic. Embossed, or printed, on one face of the card are two sets of data, 32 and 34, each set containing a different type of data.
  • Both of the data sets 32 and 34 each have twenty members.
  • the first data set 32 appearing on the authentication card 30 is comprised of words 36 which are between three and seven characters long, whilst the second data set 34 consists exclusively of four digit numbers 38. Each data set member is unique within its data set.
  • the 'word' and 'number' data sets, 32 and 34 respectively, are arranged in separate columns on the authentication card 30, the columns being adjacent to oneanother such that there is a unique visual, positional correspondence between a word 36 and a number 38 appearing on the same row.
  • the words 36 are ordered alphabetically to enable fast look up.
  • Each data set column is split into two halves - the first ten members of each of the 'word' and 'number' data sets 32, 34 being presented on the left hand side of the authentication card 30 and the last ten members on the right hand side. As can be seen from Figure 2, this effectively gives rise to four demi-columns of data.
  • the authentication card 30 is also provided with a serial number 40, which uniquely identifies the card to the security system 10. This number is of assistance, for example, when the authentication cards 30 are manufactured.
  • the serial number 40 is also stored as a bar code 42 on the authentication card 30, so that it may be read quickly when the card is passed through a bar code reader (not shown).
  • the card In order to prevent the authentication card 30 from being casually photocopied, the card is provided with a diffusion coating 43 as shown in the enlarged view of the card surface 44. Illuminating light from a photocopier is diffused by the coating 43, resulting in a copy of poor quality which prevents the 'word' and 'number' data sets, 32 and 34 respectively, from being deduced.
  • information which is presented on a user's authentication card 30 is also stored by the authentication system 24 of the security system 10.
  • the authentication system 24, which is suitable for use in all of the embodiments described herein, is shown in more detail in Figure 3.
  • the authentication system 24 is comprised of a database 50, an authentication engine 52 and a random number generator 54.
  • the 'word' and 'number' data sets, 32 and 34 respectively, associated with a particular authentication card 30 are stored in authentication data tables (described in detail later) which are held in the database 50, there being one table per card. Each authentication data table is referenced by the serial number 40 associated with the corresponding authentication card 30.
  • the authentication engine 52 uses the data stored for a particular authentication card 30 to generate a user challenge and to assess the user's response.
  • the authentication system 24 is told which serial number 40 to process by the login engine 22 which refers to the database of user details 26.
  • Figure 4 shows a limited excerpt from a table of user details 60 which is stored in database 26, the table name being USER DETAILS.
  • Each row of the USER_DETAILS table 60 corresponds to a particular user of the Web site 16.
  • the table is comprised of four columns, namely USER_NAME 62, PASSWORD 64, SERIAL NO 66 and VALIDITY 68, such that the serial number 40 associated with a particular user's authentication card is stored alongside their username and password.
  • the authentication card 30 shown in Figure 2 is assigned to the user with username 'N1ZAW'.
  • the variable stored under the VALIDITY column 68 is provided so that the security system 10 can enable or disable the authentication of a particular authentication card 30 at any point in time.
  • the authentication data table 80 is named after the serial number 40, namely 4072 3811 0987 2104, of the authentication card 30.
  • the table is comprised of three columns, namely ROW_NUM 82, WORD 84 and NUMBER 86.
  • Members of the 'word' data set 32 appear under the WORD column 84, whilst those of the 'number' data set 34 appear under the NUMBER column 86.
  • the variables under the ROW NUM column 82 indicate the row number within the authentication data table 80.
  • the authentication data is stored in the same row order as it appears on the authentication card 30, so that, for example, the word KITE and the number 6231 appear alongside ROW_NUM 10, whilst the word MOUSE and the number 2012 appear alongside RO W_NUM 11.
  • the authentication process 100 is a two-factor authentication process, the first factor relying on standard username and password validation, the second factor comprising validation of a response from a user to a specific issued challenge. If the response given by the user is judged to be correct, access to the Web site is made available to the user.
  • the authentication process 100 begins when a user gives the URL address of the corporate Web site 16 to their browser 14.
  • the corporate server 18 presents the user with a standard login screen, prompting them to enter their username and password.
  • the corporate server 18 When the user's login details are received by the corporate server 18 at step 104, they are submitted for verification to the login engine 22 which checks if they are stored in the USER DETAILS table 60 of Figure 4. If the login details are not recognised, for example if the username supplied is not found under the USER NAME column 62 or if the password supplied with a recognised username does not match the corresponding password stored under the PASSWORD column 64, then at step 106 in the authentication process 100 the corporate server 18 generates and sends a message to the user's browser 14 stating the same. In such a circumstance, the user may be permitted a limited number of attempts to log in correctly.
  • the login engine 22 finds the supplied username and password to be valid according to the USER_DETAILS table 60, then the authentication system 10 validates the user according to its first factor of authentication. Accordingly, at step 108 in authentication process 100, the login engine 22 retrieves the serial number 40 from the table USER_DETAILS 60 that is associated with the supplied username and forwards it to the corporate server 18.
  • the serial number 40 identifies the authentication data table 80, shown in Figure 5, which holds a record of the data issued on the user's authentication card 30.
  • the corporate server 18 sends the serial number to the authentication system 24, which uses it to generate a challenge to be issued to the user as part of the second factor of authentication.
  • the authentication system 24 uses the serial number to select a word and a corresponding number from the user's authentication data table 80. The selected word is used to form the user challenge, whilst the selected number is stored as an expected response. This step is described later in greater detail with reference to Figure 7.
  • the corporate server 18 issues the challenge to the user, via the communications link 21, at step 112, such that a pop-up window (not shown) containing the selected word appears at the user's browser 14.
  • the pop-up window explains that the Web site which the user has addressed is a secure Web site and that the user must be authenticated before access will be granted. It instructs the user to refer to their authentication card 30, locate the selected word displayed in the pop-up window on the card and then enter the number associated with the word as a response to the challenge.
  • the user's response is received by the corporate server 18 at step 114 in the authentication process 100 and is subsequently transferred to the authentication system 24.
  • the authentication system 24 makes a comparison between the expected response, which was stored at step 110, and the received response. If the number supplied by the user is identical to that of the expected response, then the user is judged to have satisfied the second factor of authentication and, accordingly, the authentication system 24 generates an authentication signal at step 118. However, if the user's response does not match the expected response then the authentication system 24 generates a rejection signal at step 120.
  • These signals determine whether the user is granted access by the corporate server 18 to the Web site 16.
  • the corporate server receives an authentication signal, as at step 122 in the authentication process 100, it closes the pop-up window and connects the user's browser 14 to the Web site 16. Accordingly, the user is then able to access the sensitive corporate information which is held on the Web site 16 in accordance with that user's security privileges. If a rejection signal is received by the corporate server 18, it sends another message within the existing pop-up window to the user at step 124 informing them that their response was incorrect and that they have not been granted access to the Web site 16.
  • the message can however ask the user if they would like to send a different response to the same challenge (although this option would only be available for a limited number of incorrect response iterations). It is preferred not to give a new challenge word to the user for security reasons.
  • a challenge generation process 130 commences at step 132 when the authentication engine 52, shown in Figure 3, receives a serial number from the corporate server 18 identifying a particular authentication data table 80.
  • the authentication engine calls the random number generator 54, which randomly selects a number between 1 and 20 (as there are twenty possible challenge/response pairs in each authentication data table 80) using any of the well-known random number generation algorithms.
  • the authentication engine 52 receives the randomly selected number at step 136.
  • the authentication engine 52 accesses the appropriate authentication data table
  • the authentication data table 80 is comprised of twenty rows of data and the authentication engine 52 selects the word and the number from the nth row, where n is the number obtained from the random number generator 54.
  • the authentication engine 52 transmits the selected word to the corporate server 18 at step 140, whilst storing the corresponding number in a temporary variable for later use in the comparison with the received response at step 116 of the authentication process 100.
  • Randomly selecting a word and a corresponding number in this way prevents the challenge that will be issued to the user from being known in advance, thereby improving the security of the authentication process 100.
  • FIG. 8 The second presently preferred embodiment of the invention will now be described with reference to Figures 8 and 9.
  • This embodiment demonstrates how the present invention may be implemented using a centralised authentication system, rather than an authentication system which is specific to one entity as described in the first embodiment.
  • a centralised authentication system is particularly suited to the on-line shopping environment, which has proved to be an easy target for payment card fraud.
  • the second embodiment of the present invention overcomes this problem by introducing a further factor of authentication into the on-line ordering process.
  • users Prior to transmitting their payment card details, users are required to authenticate themselves with an authentication authority which independently informs the merchant of the authentication result. This additional information allows merchants to refuse to accept payment from non-authenticated individuals and discourages valid payment card details from being used with false identities.
  • FIG 8 shows a security system 150 for implementing the second embodiment.
  • a user accesses a merchant Web site 152 via a first instance 154 (browser window) of the user's Web browser 14.
  • the merchant Web site 152 is hosted by a merchant server 156, which the first browser instance 154 connects to via the Internet 20 and a communications link 158.
  • An authentication server 160 of a centralised authentication authority is also accessible via the Internet 20.
  • the authentication server 160 is provided with an authentication system 24, as described in the first embodiment, and also hosts an authentication Web site 162.
  • the user terminal 12 connects to the authentication server 160 via a second browser instance 164 (a pop-up browser window) using a communications link 166 (as is described in more detail later).
  • authentication cards 30 Users of the security system 150 are provided with authentication cards 30, as in the first embodiment of the present invention. Accordingly, a description of the authentication cards 30 will not be repeated here, although possible variations of the authentication cards will be described in due course. However, a key difference between the authentication cards 30 of the first and second embodiments is their scope of use. As the authentication cards 30 of the second embodiment are issued by a centralised authentication authority, they can be used to validate users to any entity, whereas the cards issued in the first embodiment are restricted to authenticating users to a specific corporation.
  • the above- described security system 150 carries out an authentication check. In general terms this involves the user being temporarily diverted from the merchant Web site 152 to the Web site 160 of a centralised authentication authority. The user is then issued with a challenge and responds according to the information held on their authentication card 30. The user's response is assessed by the authentication system 24 which determines whether the user is recognised. An appropriate message concerning the authenticity of the user is transmitted to the merchant Web site 152 and the user is duly returned there. Processing on the merchant Web site 152 can then proceed according to the authentication result.
  • Figure 9 shows the steps involved in an authentication process 170. Whilst browsing the merchant Web site 152, the user comes across some goods or services that they wish to order. After indicating their order to the Web site 152, the user is presented, at step 172 of the authentication process 170, with a message in the first browser instance 154 inviting them to seek authentication via the centralised authentication authority. If the user accepts the invitation then, at step 174, the merchant server 156 instructs the user browser 14 to create the second instance 164 of itself. This communication is made via the existing communications link 156.
  • the second browser instance 164 opens in the foreground of the display of the user terminal 12, whilst the first browser instance 154 (displaying the merchant Web site 152) is maintained in the background.
  • the merchant server 156 instructs the second browser instance 164 to access the authentication Web site 162 by providing its URL. Accordingly, the second browser instance 164 establishes the communications link 166 with the authentication server 160.
  • the authentication server 160 sends a message to the second browser instance 164 asking the user to enter the serial number 40 of their authentication card 30, which the user duly does.
  • steps 110 to 120 of the authentication process 100 are executed as indicated by step 178.
  • the user is challenged through the second browser instance 164 and provides a response which enables the authentication system 24 to generate either an authentication signal or a rejection signal.
  • This signal is then transmitted from the authentication server 160 to the merchant server 156 at step 180.
  • the authentication server 160 uses the existing communications links between itself and the merchant server 156, namely communications links 166 and 158, for this purpose. It then instructs the second browser instance 164 to terminate the communications link 166, causing the second browser instance 164 to disappear from the user's display.
  • the user is then returned to the merchant Web site 152 displayed by the first browser instance 154.
  • the merchant Web server 156 then informs the user of the authentication result received from the authentication server 160. If an authentication signal was received, the merchant Web site 152 prompts the user for their payment card details. Payment for the order is then transmitted and accepted in the usual way. Alternatively, if a rejection signal is received at step 180 then the merchant Web site 152 issues a message stating that the user's order has been refused.
  • the authentication can be acquirer driven rather than merchant driven. More specifically, the sequence of events would be that firstly the user finds goods they wish to purchase on the merchant's Web site 152. The user then enters the financial transaction card number at their terminal 12, such as their credit card number. On receipt of this information, the merchant's Web site 152 sends a message to the computer of the card's acquiring bank (not shown) requesting authorisation of a desired payment transaction. At this stage, the acquiring bank's computer sends a message to the card issuing bank's computer (not shown) requesting authorisation of the desired payment transaction.
  • the card issuing bank looks at a database record (not shown) corresponding to the financial transaction charge to see if the user has elected to have CNP transactions authenticated by a centralised authenticating authority. If authentication is required, a request for authentication is passed from the issuing bank to the authentication authority (comprising the authentication Web site 162, the authentication server 160 and the authentication system 24) which then carries out the authentication as described in the second embodiment. The result (positive/negative) of the authentication is then passed back to the issuing bank who pass a message back to the acquiring bank specifying whether the transaction has been declined or accepted. The message is then passed back to the merchant Web site 152 for acceptance or rejection of the payment transaction proposed by the user.
  • the authentication authority comprising the authentication Web site 162, the authentication server 160 and the authentication system 24
  • the result (positive/negative) of the authentication is then passed back to the issuing bank who pass a message back to the acquiring bank specifying whether the transaction has been declined or accepted.
  • the message is then passed back to the merchant Web site 152 for acceptance or rejection of
  • the advantage of the above described alternative method is that the merchant and the acquiring bank need make no changes to their existing transaction processing system, only the issuing bank does, and logically it is the issuing bank who should implement systems to enhance security for themselves and their customers.
  • the form of the authentication cards need not be restricted to that shown in Figure 2.
  • one of the data sets presented on the card could be a set of colours which are used to distinguish the members of a second data set. This is illustrated in Figure 10 by the authentication card 190, where shading has been used to convey different colours as indicated by the shading key 192. Five blocks of colour
  • each block being presented with a different colour.
  • Members of a second data set which is comprised of five words 196, appear in the colour blocks 194.
  • a single word 196 is positioned within each colour block 194, such that if the challenge issued to the user is a colour they can respond with the corresponding word and vice-versa. Only the colour names need be stored next to the words 196 in the corresponding authentication data table 80, this table again being identified by the card's serial number 40 which is displayed at the bottom of the authentication card 190.
  • FIG. 11a and 1 lb Another possible variation of the authentication card 30 is shown in Figures 11a and 1 lb.
  • payment card details are applied to the reverse face of the card shown in Figure 2, producing a payment/authentication card 200 as shown in Figure 1 la.
  • the payment card details comprise a Primary Account Number (PAN) 202, a date 204 from which the card may be used, an expiry date 206 beyond which the card cannot be used and a payment cardholder name 208.
  • PAN Primary Account Number
  • the payment/authentication card 200 is suitable for use in either the first embodiment, for example as a store charge card, or in the second embodiment, for example as a credit card.
  • the PAN may act as the serial number of the authentication card, such that there would be no need to provide a serial number 40 for the authentication card.
  • the payment/authentication card 200 may be provided to the payment cardholder in a tamper-evident envelope 220, as indicated in Figure l ib. This prevents anyone other than the intended user of the card from gaining sight of the 'word' and 'number' data sets, 32 and 34 respectively, which will be used to authenticate the user.
  • the payment/authentication card 200 is totally obscured from view when inside the envelope 220, but the card's serial number 40, and its associated barcode 42, are reproduced on the outside of the envelope as shown. This allows the card 200 to be uniquely identified at any point in the distribution process, from the manufacturer to the end user.
  • the envelope 220 also displays a warning 222 to the recipient of the card, stating that the card will not suitable for use if its packaging has been tampered with. In this event, the recipient should contact the authentication authority who issued the card, informing them of the card's serial number.
  • the payment/authentication card 200 may then be disabled via the validity variable 68 (shown in Figure 4). A new card assigning different 'word' and 'number' data sets to the user will then be issued by the authentication authority.
  • FIG. 12 shows a PDA 230 displaying the same authentication details as those provided on the authentication card 30.
  • the display uses the same format as that employed on the authentication card 30, namely four demi-columns of the 'word' and 'number' data sets 32 and 34, respectively.
  • the card's serial number 40 which is used to identify the user's authentication data to the authentication system 24, is also provided at the bottom of the screen.
  • authentication authorities may issue their users with both a 'hard' and 'soft' copy of their authentication details, supplying them with simple software which can be loaded onto a personal computing device of the user's choice for displaying the authentication card data.
  • Software may also be provided for automatically receiving the challenge and transmitting a user selected response.
  • FIG. 13 shows an authentication card generation system 240 which is comprised of a selection engine 242, the authentication system 24 of the previously described embodiments and a printing manufacturer's system 244.
  • the selection engine 242 selects the information that is to appear on a particular authentication card 30 and subsequently informs the authentication system 24 of its selections. It also instructs the printing manufacturer's system 244 to produce cards bearing the selected authentication information. Both the authentication system 24 and the card manufacturer's printing system 244 are updated by the selection engine 242 on a regular basis, after details of a predetermined number of authentication cards 30 have been generated.
  • the selection engine 242 refers to a serial number generator 246, a dictionary database 248 and a random number generator 250 whilst making its selection.
  • the serial number generator 246 generates sequential numbers of the form nnnn - nnnn - nnnn - nnnn (where n is a single digit integer) which are assigned as the serial numbers 40 of the authentication cards 30.
  • the dictionary database 248 stores words 36 which have been chosen as being suitable for the purposes of the present invention.
  • the suitability of a word is governed by many factors including, but not limited to, the type of word (nouns are better than adverbs), the number of letters comprising the word, the number of syllables in the word, how frequently the word is used in everyday language and the reading age associated with the word.
  • the dictionary database 248 will store over 20,000 suitable words.
  • the random number generator 250 is used for generating random numbers of a fixed digit length, four-digit numbers 38 are used in the previously described embodiments, and employs standard random number algorithms for this purpose.
  • a card generation process 260 which is performed by the authentication card generation system 240, is outlined in the flow diagram of Figure 14 and is discussed in more detail below.
  • the selection engine 242 When the selection engine 242 receives instructions from an authentication authority to generate a certain number of authentication cards 30, it commences the card generation process 260 at step 262 by calling the serial number generator 246 to determine a serial number 40 for a new authentication card 30.
  • the selection engine 242 determines the 'word' and 'number' data sets, 32 and 34 respectively, which will be assigned to the serial number 40.
  • the selection engine 242 randomly selects, avoiding duplication, twenty words 36 from the dictionary database 248, by using standard database query techniques.
  • the selected words 36 are preferably ordered into alphabetical order, ready for printing onto the authentication card 30 as the 'word' data set 32, and it is also advantageous if words starting with different letters are chosen (both aiding human look up speed).
  • the selection engine 242 selects twenty numbers 38 (each number being four-digits in length) with which to form the 'number' data set 34 which will correspond to the 'word' data set 32.
  • the engine 242 does this by calling the random number generator 250, which generates the numbers from an effective set of 10,000 members.
  • the 'word' data set 32, the 'number' data set 34 and the serial number 40 are combined in a data file and written to a batch processing data file at step 268 of the card generation process 260.
  • the above steps 262 to 268 are then repeated, with new data files for different authentication cards being added to the batch processing file at step 268 until, at step 270, a predetermined batch file size is reached.
  • Step 272 of the card generation process 260 is then executed, whereby the batch file containing all of the generated authentication card details is transmitted to the authentication system 24 and to the printing system 244 of the card manufacturer. In this way, the card manufacturer is able to produce authentication cards 30 in accordance with the details held on the authentication system's database 50.
  • the card generation process 260 is then repeated until the number of authentication cards 30 requested by the authentication authority have been generated.
  • the authentication data may be subdivided into groups, such that, for example, there are four groups of data displayed on a card which are referred to by their group identifiers A, B, C and D. Each group would still contain two data sets of different information types, between whose members there is a unique correspondence,
  • two or more words could be associated with a single number D on the authentication card, such that when any of those words is provided as a response to the number when received as a challenge, the user is authenticated.
  • the authentication cards can also be provided with start dates and expiry dates determining their period of use. These dates would be stored in conjunction with the
  • the present invention can reduce the opportunity for fraud.
  • the present invention there has been the possibility of merchants using validly obtained payment card details to elicit further payments from acquirers, which have not been authorised by the cardholder. If the acquirer also becomes the authentication authority, or if the acquirer requires an authentication signal from an authentication authority prior to processing a payment transaction, all merchants, whether bogus or genuine, would be prevented from using payment card details for a given transaction without the express permission of the payment card holder.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Development Economics (AREA)
  • Marketing (AREA)
  • Economics (AREA)
  • Computer Security & Cryptography (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
  • Telephonic Communication Services (AREA)

Abstract

L'invention concerne un procédé et un système d'authentification d'un stockage d'authentification personnelle, tel qu'une carte de paiement, destinés à être utilisés afin d'authentifier l'identité d'un utilisateur. Le procédé tient dans la réalisation d'une tâche consistant à recevoir un identificateur unique du stockage d'authentification personnelle, à identifier des premier et second sous-ensembles d'éléments de données prédéterminés en utilisant l'identificateur unique, à sélectionner un élément de données provenant du premier sous-ensemble et à émettre cet élément de données vers l'utilisateur en tant que tâche d'authentification. Chaque sous-ensemble a été auparavant choisi parmi un ensemble plus important correspondant d'éléments de données et chaque élément de données du premier sous-ensemble correspond à un élément spécifique des éléments de données du second sous-ensemble. L'authentification est déterminée par la réception d'une réponse à la tâche d'authentification provenant de l'utilisateur, déterminée par utilisation de l'information fournie par le stockage d'autorisation personnelle, et par la délivrance d'un signal d'authentification si la réponse comprend l'élément de données spécifique du second sous-ensemble qui correspond à l'élément de données du premier sous-ensemble utilisé pour la tâche.
PCT/GB2001/003298 2000-07-21 2001-07-23 Ameliorations portant sur la securite de systemes d'authentification WO2002008974A2 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001270912A AU2001270912A1 (en) 2000-07-21 2001-07-23 Improvements relating to the security of authentication systems

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
GB0018047.1 2000-07-21
GB0018047A GB0018047D0 (en) 2000-07-21 2000-07-21 Improvements in and relating to authentication cards and systems
GB0111978A GB0111978D0 (en) 2001-05-16 2001-05-16 Improvements in and relating to authentication cards and systems
GB0111978.3 2001-05-16

Publications (2)

Publication Number Publication Date
WO2002008974A2 true WO2002008974A2 (fr) 2002-01-31
WO2002008974A3 WO2002008974A3 (fr) 2003-05-01

Family

ID=26244707

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2001/003298 WO2002008974A2 (fr) 2000-07-21 2001-07-23 Ameliorations portant sur la securite de systemes d'authentification

Country Status (2)

Country Link
AU (1) AU2001270912A1 (fr)
WO (1) WO2002008974A2 (fr)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1803251A1 (fr) * 2004-10-18 2007-07-04 Entrust Limited Procede et appareil apportant une authentification mutuelle entre une unite d'envoi et un destinataire
WO2007106566A2 (fr) 2006-03-14 2007-09-20 Verisign, Inc. Procede et appareil destines a fournir une authentification a l'aide d'une carte d'authentification
EP2165300A2 (fr) * 2007-06-25 2010-03-24 Visa U.S.A. Inc. Présélection de questions d'identification pour transactions de paiement
US8060915B2 (en) 2003-12-30 2011-11-15 Entrust, Inc. Method and apparatus for providing electronic message authentication
US8224887B2 (en) 2003-03-26 2012-07-17 Authenticatid, Llc System, method and computer program product for authenticating a client
US8612757B2 (en) 2003-12-30 2013-12-17 Entrust, Inc. Method and apparatus for securely providing identification information using translucent identification member
US8966579B2 (en) 2003-12-30 2015-02-24 Entrust, Inc. Method and apparatus for providing authentication between a sending unit and a recipient based on challenge usage data
US9191215B2 (en) 2003-12-30 2015-11-17 Entrust, Inc. Method and apparatus for providing authentication using policy-controlled authentication articles and techniques
US9281945B2 (en) 2003-12-30 2016-03-08 Entrust, Inc. Offline methods for authentication in a client/server authentication system
US9742761B2 (en) 2015-11-10 2017-08-22 International Business Machines Corporation Dynamic authentication for a computing system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2058417A (en) * 1979-06-25 1981-04-08 Gao Ges Automation Org Input of a Personal Code Word
US4958066A (en) * 1988-08-19 1990-09-18 Secured Transactions Financial instrument verification and method of production
FR2654238A1 (fr) * 1989-11-07 1991-05-10 Lefevre Jean Pierre Procede d'authentification de l'identite d'une personne physique et dispositif authentificateur de mise en óoeuvre du procede.
US5177789A (en) * 1991-10-09 1993-01-05 Digital Equipment Corporation Pocket-sized computer access security device
US5712627A (en) * 1995-04-19 1998-01-27 Eastman Chemical Company Security system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2058417A (en) * 1979-06-25 1981-04-08 Gao Ges Automation Org Input of a Personal Code Word
US4958066A (en) * 1988-08-19 1990-09-18 Secured Transactions Financial instrument verification and method of production
FR2654238A1 (fr) * 1989-11-07 1991-05-10 Lefevre Jean Pierre Procede d'authentification de l'identite d'une personne physique et dispositif authentificateur de mise en óoeuvre du procede.
US5177789A (en) * 1991-10-09 1993-01-05 Digital Equipment Corporation Pocket-sized computer access security device
US5712627A (en) * 1995-04-19 1998-01-27 Eastman Chemical Company Security system

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8224887B2 (en) 2003-03-26 2012-07-17 Authenticatid, Llc System, method and computer program product for authenticating a client
US8612757B2 (en) 2003-12-30 2013-12-17 Entrust, Inc. Method and apparatus for securely providing identification information using translucent identification member
US9191215B2 (en) 2003-12-30 2015-11-17 Entrust, Inc. Method and apparatus for providing authentication using policy-controlled authentication articles and techniques
US9876793B2 (en) 2003-12-30 2018-01-23 Entrust, Inc. Offline methods for authentication in a client/server authentication system
US9519770B2 (en) 2003-12-30 2016-12-13 Entrust, Inc. Transaction card for providing electronic message authentication
US8060915B2 (en) 2003-12-30 2011-11-15 Entrust, Inc. Method and apparatus for providing electronic message authentication
US9281945B2 (en) 2003-12-30 2016-03-08 Entrust, Inc. Offline methods for authentication in a client/server authentication system
US9100194B2 (en) 2003-12-30 2015-08-04 Entrust Inc. Method and apparatus for providing authentication between a sending unit and a recipient based on challenge usage data
US8230486B2 (en) 2003-12-30 2012-07-24 Entrust, Inc. Method and apparatus for providing mutual authentication between a sending unit and a recipient
US8966579B2 (en) 2003-12-30 2015-02-24 Entrust, Inc. Method and apparatus for providing authentication between a sending unit and a recipient based on challenge usage data
US10009378B2 (en) 2003-12-30 2018-06-26 Entrust, Inc. Method and apparatus for providing authentication using policy-controlled authentication articles and techniques
EP1803251A4 (fr) * 2004-10-18 2007-12-05 Entrust Ltd Procede et appareil apportant une authentification mutuelle entre une unite d'envoi et un destinataire
AU2005297350B2 (en) * 2004-10-18 2010-10-07 Entrust, Inc. Method and apparatus for providing mutual authentication between a sending unit and a recipient
EP1803251A1 (fr) * 2004-10-18 2007-07-04 Entrust Limited Procede et appareil apportant une authentification mutuelle entre une unite d'envoi et un destinataire
EP1999682A4 (fr) * 2006-03-14 2015-07-08 Symantec Internat Procede et appareil destines a fournir une authentification a l'aide d'une carte d'authentification
WO2007106566A2 (fr) 2006-03-14 2007-09-20 Verisign, Inc. Procede et appareil destines a fournir une authentification a l'aide d'une carte d'authentification
EP2165300A2 (fr) * 2007-06-25 2010-03-24 Visa U.S.A. Inc. Présélection de questions d'identification pour transactions de paiement
EP2165300A4 (fr) * 2007-06-25 2012-01-25 Visa Usa Inc Présélection de questions d'identification pour transactions de paiement
US8380629B2 (en) 2007-06-25 2013-02-19 Visa U.S.A. Inc. Seeding challenges for payment transactions
US9742761B2 (en) 2015-11-10 2017-08-22 International Business Machines Corporation Dynamic authentication for a computing system

Also Published As

Publication number Publication date
WO2002008974A3 (fr) 2003-05-01
AU2001270912A1 (en) 2002-02-05

Similar Documents

Publication Publication Date Title
RU2414001C2 (ru) Способ и устройство для проверки подлинности или права с использованием разовых кодов транзакций
US6246769B1 (en) Authorized user verification by sequential pattern recognition and access code acquisition
US9224272B2 (en) Method of secure data communication
US7694130B1 (en) System and method to authenticate a user utilizing a time-varying auxiliary code
US5475756A (en) Method of authenticating a terminal in a transaction execution system
US4993068A (en) Unforgeable personal identification system
US4958066A (en) Financial instrument verification and method of production
EP2339550A1 (fr) Carte de crédit/débit à mot de passe unique
US20040257238A1 (en) Virtual keyboard
WO2007146159A2 (fr) Système, procédé et appareil permettant d'empêcher le vol d'identité lié à l'utilisation de cartes de paiement et de pièces d'identité
GB2433147A (en) A method for verifying a person's identity or entitlement using one-time transaction codes
AU9422298A (en) Personal identification authenticating with fingerprint identification
JP2008015924A (ja) ネット決済補助装置
US20050067485A1 (en) Apparatus and method of identifying the user thereof by means of a variable identification code
US20020013904A1 (en) Remote authentication for secure system access and payment systems
US20050018883A1 (en) Systems and methods for facilitating transactions
WO2001095268A2 (fr) Systeme et procede d'authentification sure d'un abonne de services de reseau
WO2002008974A2 (fr) Ameliorations portant sur la securite de systemes d'authentification
Nath et al. Issues and challenges in two factor authentication algorithms
US10503936B2 (en) Systems and methods for utilizing magnetic fingerprints obtained using magnetic stripe card readers to derive transaction tokens
JPS63136296A (ja) 個人認証用カ−ド
KR20020059002A (ko) 전자 도장을 통한 개인 신분 인증 시스템
JP2006164117A (ja) 自動取引システム及び自動取引装置

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 69(1) EPC (EPO FORM 1205A DATED 06.06.03)

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP