WO2004084486A1 - Procede pour renforcer la securite de systemes securises - Google Patents

Procede pour renforcer la securite de systemes securises Download PDF

Info

Publication number
WO2004084486A1
WO2004084486A1 PCT/DK2003/000789 DK0300789W WO2004084486A1 WO 2004084486 A1 WO2004084486 A1 WO 2004084486A1 DK 0300789 W DK0300789 W DK 0300789W WO 2004084486 A1 WO2004084486 A1 WO 2004084486A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
algorithm
result
code
access
Prior art date
Application number
PCT/DK2003/000789
Other languages
English (en)
Inventor
Tauno Suikkanen
Original Assignee
Eta-Max
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Eta-Max filed Critical Eta-Max
Priority to AU2003281970A priority Critical patent/AU2003281970A1/en
Publication of WO2004084486A1 publication Critical patent/WO2004084486A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/23Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder by means of a password
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1025Identification of user by a PIN code
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2103Challenge-response
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/00388Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks code verification carried out according to the challenge/response method

Definitions

  • the present invention relates to a method and an apparatus used to verify the identity of a user requesting access to a secure system.
  • a very common example is an ATM machine or Debit Card terminal.
  • a user In order to withdraw funds or make a payment, a user must first prove his or her identity to the system in order to prevent unauthorized persons from accessing his or her bank account .
  • PIN Identification Number
  • the user inputs the ID card to the system and then enters his or her PIN which is known only to the user and the system.
  • the system compares the PIN input by the user and the PIN stored by the system. If the two numbers are equal, the user is granted access to the system.
  • One problem with the current method is that it is relatively simple for an unauthorized person to observe an authorized user entering his or her PIN code. This could occur via direct observation, or with the help of, for example, a hidden camera. If the unauthorized person then gains access to, or makes a copy of, the user's ID card, the unauthorized person can gain access to the system.
  • Another problem with this idea is that the user needs to keep track of which corrupted versions have been entered previously and then develop newly corrupted versions. This will usually result in a few guesses to find a new version. An unauthorized user could observe the attempts made by the user and deduce the underlying PIN code.
  • a first aspect of the current invention is to provide a method to verify the identity of a user requesting access to a secure system, as mentioned in the opening paragraph, where an unauthorized person cannot gain access to the system by observing how an authorized user interacts with the system.
  • Another aspect of the current invention is to provide a method of the kind mentioned in the preamble where an unauthorized person cannot gain access to the system by stealing a piece of hardware from an authorized user of a system.
  • a third aspect of the current invention is to provide a method of the kind mentioned in the preamble where an unauthorized person is highly unlikely to gain access to the system even after repeated observations of an authorized user inputting his or her access code.
  • a fourth aspect of the current invention is to provide a method of the kind mentioned in the preamble where the user is not forced to remember any previous interactions with the system.
  • a fifth aspect of the current invention is to provide a method of the kind mentioned in the preamble where currently used systems can be used without any modifications to t ⁇ ir hardware .
  • a sixth aspect of the current invention is to make it easier for a user to remember his or her access code while simultaneously maintaining a high security level.
  • the current invention presents a new method to verify a person's identity comprising the steps of the user providing a user identity code to the system, the system providing a response code to the user, the system applying a first algorithm to the response code to get a first result, the user applying a second algorithm to the response code to get a second result, the user inputting the second result to the system, the system comparing the first result and the second result, and the system granting the user access to the secure system if the comparison of the first and second results meets a certain set of criteria.
  • the personal identification code can take many different forms, for example, an alphanumeric code, a multi-digit number, a voice characteristic, a fingerprint, plus many others.
  • the response code can also take many different forms, for example a random number, a random alphanumeric string, a sentence, plus many others.
  • the algorithms are chosen so that they are of sufficient complexity to prevent an unauthorized user from determining the algorithm by observing the user entering his or her code, even if the observation occurs a number of times.
  • the algorithms can simultaneously be chosen to be simple to remember. The user can therefore memorize his or her algorithm to ensure high security.
  • Algorithms can be easier to remember than PIN codes since peoples minds are better at remembering procedures than they are in remembering abstract codes.
  • an algorithm can be so complicated that it would be too time consuming to attempt to determine the algorithm, given both the response code provided by the system and the result input by the user.
  • the algorithm stored by the system and the algorithm memorized by the user can be identical, which makes the comparison of the two results a simple equality comparison.
  • the response number provided by the system can be a random number.
  • a simple random number generator can be used to provide the response number.
  • a component of the algorithm can be a Personal Identification Number (PIN) known to the system and memorized by the user.
  • PIN Personal Identification Number
  • the result of the algorithm can then be a specific combination of the users PIN code and the response number provided by the system.
  • the method is not limited to single terminal systems, but can also be applied to systems, which are composed of a number of remote terminals connected to a secure central server.
  • a good example of such a system is an Automated Teller Machine (ATM) system or a debit card terminal system.
  • ATM Automated Teller Machine
  • the user accesses the central server via the remote terminals.
  • a system such as this can be organized in many different ways. Some systems can be organized where the processing elements and database elements are located at a central location and the remote terminals act as "dumb" terminals, accepting user input and displaying output to the user, but where all the processing occurs at a central location. Other systems are organized into a more distributed system where the remote terminals have their own processing means, allowing the remote terminals to do part of the processing, minimizing the amount of communication between the terminal and the central computer .
  • the user identifying number can be stored on a magnetic stripe card or the like, input to the system by the user at the start of the procedure. This is identical to currently available Debit Cards .
  • the algorithm and/or PIN code can also be stored in an encrypted form on a magnetic stripe card or the like, input to the system by the user at the start of the procedure.
  • the system works as previously described, the difference being that the remote terminal can read the data on the card and compare this to the data entered by the user.
  • This can be used in distributed systems with a number of "smart" remote terminals. In this case, the remote terminal can verify the identity of the user without any communication being necessary between the terminal and the central system.
  • the response number output to the user can be stored in a table by the system. Subsequent response numbers generated by the system are looked up in the table and if the response number is already present in the table, a new response number is chosen before being displayed to the user.
  • authorized users can be given a second algorithm, which also gives access to the system, but simultaneously activates an alarm. This will dissuade unauthorized persons from attempting to coerce an authorized user .
  • Fig. 1 is a flowchart of the authorization process on a single secure system
  • Fig. 2 is a flowchart of the authorization process on a centralized computer system
  • the flowchart of Fig. 1 shows the authorization procedure when the current invention is applied to a single-location secure system.
  • a single-location secure system In this example, it is a door to a secure area.
  • the user identifies him or her self to the system via a magnetic key card which has the user's ID number encoded on it.
  • the system has a built in card reader to read the ID number from the card.
  • the user interacts with the system via a small numeric keypad and the system interacts with the user via a small alphanumeric display.
  • the system has a database containing the IDs of all the authorized users and a specific algorithm for each user.
  • step 1 the system is in an idle loop waiting for the user to enter his or her identity card.
  • step 2 the user enters a magnetic stripe card which has his or her identity number (ID) encoded on it.
  • ID his or her identity number
  • the system reads the ID number from the card in step 3 and finds the ID number in the database in step 4. If, in step 5, the ID number is not found in the database or the ID number is from an unauthorized person, the system ejects the card 6 and the system goes back to its idle state 1, waiting for a new ID card. If the user ID is found in the database the system generates a random number, N, in step 7. In step 8 the system displays the random number, N, on the screen. In step 9 the system retrieves, from the database, an algorithm, Al, which is associated with the user ID number.
  • Al an algorithm
  • step 11 the system waits for the user to enter a number.
  • step 12 the system checks if the two results are equal.
  • step 14 the doors opens and permits the user access to the system.
  • the users ID card is ejected. If the two results, Rl and R2 , are not equal, then step 13 is skipped and the user's card is ejected in step 14 without the door opening.
  • FIG. 2 shows an embodiment of the current invention applied to an Automated Teller Machine (ATM) system.
  • ATM Automated Teller Machine
  • a centralized processing system comprising a number of "dumb" remote terminals and a central processing system.
  • the user identifies him or her self to one of the remote terminals via a magnetic key card which has his or her ID number on it.
  • the terminals have a built in card reader to read the ID number from the user's identity card.
  • the user interacts with the remote terminal via a small numeric keypad and the remote terminal interacts with the user via a small alphanumeric display.
  • the remote terminals interact with the central computer via secure telephone lines.
  • the central computer has a database containing all the authorized users and a specific algorithm for each user.
  • the procedure starts in an idle loop 15, with the remote terminal waiting for the user to enter his or her identity
  • step 16 When the user enters his ID card in step 16, the terminal reads the ID from the card and sends it to a central computer in step 17.
  • step 18, the central computer looks up the ID number in the database. If the ID number is not found in the database in step 19, then the central computer commands the remote terminal to eject the users ID card in step 20. In step 21, the terminal ejects the users card. If the user ID is found in the database in step 19, then the central computer generates a random number, N, in step 22. The central computer sends the random number, N, to the terminal in step 23. In step 24 the terminal displays the random number, N, on its screen.
  • step 25 the central controller retrieves, from the database, an algorithm, Al, associated with the user ID.
  • step 28 the number entered by the user, R2 , is sent to the central computer.
  • step 29 the central computer compares the result generated by the computer and the result input by the user. If the results are equal, then central computer allows the user to perform a financial transaction starting at step 30 and ending at step 32.
  • step 33 the central computer commands the terminal to eject the card, which is ejected in step 34. If, in step 29, the two numbers, Rl and R2 , are not equal, then the central computer skips steps 30 to 32 and commands the terminal to eject the card in step 33.
  • the hardware used is identical to hardware already used in many ATM machines. Therefore the only change necessary to implement this idea is a change in software.
  • the algorithm applied to the response code can be one of many different types. However, when choosing an algorithm it is important to choose one which doesn't have any specific frequency components. Algorithms having specific frequency components have a "rhythm" and are therefore easier to determine using statistical programs.
  • An example of an algorithm is as follows,
  • one component of the algorithm could be a Personal Identification Number (PIN) .
  • PIN Personal Identification Number
  • An example of an algorithm with the use of a PIN code is as follows. In the example, the PIN code is assumed to be 6735.
  • the initial response code generated by the system is a four-digit random number.
  • the user performs an algorithm on the four-digit number, the result of which is a single digit.
  • the user then inputs the single digit to the system.
  • the number system used in this example is a base 4 number system, that is to say the number system counts as follows, 0, 1, 2, 3, 10, 11, 12, 13, 20, 21, etc...
  • the final result entered by the user can be one of four different values. This means that there is a 25% chance that an unauthorized user will be able to gain access to the system with a random guess. Therefore it is unlikely that this specific example would actually be implemented. However, since the result is only one digit, there will be a very large number of different algorithms which give the same result.
  • the "random" number generated by the system could be limited to “random” numbers which work well with the algorithm. For example if a part of the algorithm were “choose the number after the digit 7", then the "random” numbers could be limited to those random numbers where there is a 7 and where 7 is not the last digit.
  • the way in which the "random" number is limited is stored together with the users identification code and algorithm. Some example of how the limitation could be stored are: on a magnetic user identification card, on the local terminal, in the central computer's database, and so on.
  • users of the system can have the possibility to choose and modify their algorithms themselves.
  • the user can establish an encrypted connection to the secure system's central computer from a personal computer via the internet and change his or her algorithm via a form.
  • a user is required to use specially designated terminals located at secure locations in order to create and/or change the algorithm.
  • the security of the system can also be improved by forcing the user to change his or her algorithm on a regular basis.
  • a more advanced system could keep track of the users activity and when a user has used his or her algorithm a certain number of times from a certain location, then the user is required to change his or her algorithm.
  • the system can assign different security risks to different locations. For example using a debit card at a pizza shop could be assigned a higher security risk than using the same card at a bank terminal. In this way, the algorithm could be made to expire more quickly if the algorithm were used often in an insecure place. If the algorithm were used in a very secure place, the algorithm could be made to expire more slowly.
  • the algorithm security level can be set appropriately. If the algorithm is to be used for, for example, small cash sums, the algorithm could be made very user friendly but not very secure. If the algorithm is to be used for, for example, unlimited cash sums, then the algorithm could be made more secure but consequently also less user friendly.
  • the algorithm security level can also be set depending on what other security measures are in place. If extra security measures are in place, the algorithm could be made less secure, if the algorithm is the only security measure, then the algorithm should be made more complex.
  • One example of an extra security measure would to provide screens which prevent unauthorized users from seeing the random number generated by the system. In this case, only the authorized user can see the random number. Therefore the security is much improved over a situation where unauthorized users could see the random number. In this case, the algorithm could be made simpler, for example, enter the first two digits of the random number and the last two digits.
  • Another example of an external security measure would be for the authorized user to have an identity card. An unauthorized user would have to steal the card plus know the algorithm.
  • Another possible embodiment of the current invention can be applied to voice recognition systems.
  • the user issues a command to a system.
  • the voice of the user is analysed and compared to a database of authorized users. If a match is found, the user's command is executed.
  • an unauthorized person it is possible for an unauthorized person to make a copy of an authorized user's voice command via, for example, a tape recorder.
  • the user is prompted with a random number and asked to provide a result based on an algorithm known only to the authorized user and the system. This means that the entire procedure can take place audibly.
  • each authorized user can be given a second algorithm.
  • Use of the second algorithm gives full access to the system, but simultaneously activates an alarm. This feature will be well known and unauthorized persons will therefore be dissuaded from attempting to coerce authorized users to give away their algorithms, since they will be unsure as to which algorithm they are receiving. The security could be further improved by giving the authorized users a random number of second algorithms. In this way, the unauthorized person will not know how many alarm algorithms there are.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Finance (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

La présente invention concerne un procédé et un appareil permettant de vérifier l'identité d'un utilisateur sollicitant l'accès à un système sécurisé. Le procédé se différencie des systèmes connus en empêchant des utilisateurs non autorisés d'être en mesure d'accéder au système en observant ce que l'utilisateur autorisé entre dans le système ou en volant un élément matériel à l'utilisateur autorisé. Ladite vérification est obtenue par le système par comparaison du résultat de l'application par l'utilisateur d'un algorithme mémorisé sur un nombre aléatoire présenté par le système et du résultat de l'application par le système d'un algorithme audit nombre aléatoire.
PCT/DK2003/000789 2003-03-18 2003-11-19 Procede pour renforcer la securite de systemes securises WO2004084486A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2003281970A AU2003281970A1 (en) 2003-03-18 2003-11-19 Method to increase security of secure systems

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
DKPA200300411 2003-03-18
DKPA200300411 2003-03-18
DKPA200300647 2003-04-30
DKPA200300647 2003-04-30

Publications (1)

Publication Number Publication Date
WO2004084486A1 true WO2004084486A1 (fr) 2004-09-30

Family

ID=33031169

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/DK2003/000789 WO2004084486A1 (fr) 2003-03-18 2003-11-19 Procede pour renforcer la securite de systemes securises

Country Status (2)

Country Link
AU (1) AU2003281970A1 (fr)
WO (1) WO2004084486A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102004049878A1 (de) * 2004-10-13 2006-04-27 Deutscher Sparkassen Verlag Gmbh System und Verfahren zur Überprüfung einer Zugangsberechtigung

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5163097A (en) * 1991-08-07 1992-11-10 Dynamicserve, Ltd. Method and apparatus for providing secure access to a limited access system
US5544154A (en) * 1995-03-09 1996-08-06 Telefonaktiebolaget Lm Ericsson Method for determining the load induced by a routing verification test on a network
GB2319150A (en) * 1996-10-31 1998-05-13 Solaic Sa A security method for making secure an authentication method that uses a secret key algorithm
WO2001035685A1 (fr) * 1999-11-09 2001-05-17 Orange A/S Systeme de delivrance electronique de code d'identification personnel

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5163097A (en) * 1991-08-07 1992-11-10 Dynamicserve, Ltd. Method and apparatus for providing secure access to a limited access system
US5544154A (en) * 1995-03-09 1996-08-06 Telefonaktiebolaget Lm Ericsson Method for determining the load induced by a routing verification test on a network
GB2319150A (en) * 1996-10-31 1998-05-13 Solaic Sa A security method for making secure an authentication method that uses a secret key algorithm
WO2001035685A1 (fr) * 1999-11-09 2001-05-17 Orange A/S Systeme de delivrance electronique de code d'identification personnel

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102004049878A1 (de) * 2004-10-13 2006-04-27 Deutscher Sparkassen Verlag Gmbh System und Verfahren zur Überprüfung einer Zugangsberechtigung
DE102004049878B4 (de) * 2004-10-13 2006-09-21 Deutscher Sparkassen Verlag Gmbh System und Verfahren zur Überprüfung einer Zugangsberechtigung

Also Published As

Publication number Publication date
AU2003281970A1 (en) 2004-10-11

Similar Documents

Publication Publication Date Title
KR100292547B1 (ko) 개인 식별 장치 및 접근 제어 시스템
CA2089306C (fr) Systeme de verification d'identite resistant a tout compromis lorsque bien utilise
US20080249947A1 (en) Multi-factor authentication using a one time password
US6990586B1 (en) Secure data transmission from unsecured input environments
WO2000048135A1 (fr) Systeme de verification d'identite positive et procede incluant l'authentification anthropometrique de l'utilisateur
CN1959750B (zh) 现金自动存取系统及装置
TWI332637B (en) Biometrics system and method thereof
US20050111709A1 (en) Identification system
JPH06507277A (ja) 個人認証方法および装置
JP2001188759A (ja) 個人認証方法およびそのシステム
Onyesolu et al. Improving security using a three-tier authentication for automated teller machine (ATM)
US20080037842A1 (en) Smart Card That Stores Invisible Signatures
JP2001337929A (ja) 動的暗証番号管理システム
JP2007072777A (ja) 取引処理システム
WO2002005077A2 (fr) Procede et systeme d'utilisation d'un echantillon biometrique destines a l'acces electronique a des comptes et a l'autorisation de transactions
JP2002269052A (ja) 携帯端末認証システム、携帯端末認証方法ならびに携帯端末認証プログラムおよび該プログラムを記憶したコンピュータ読み取り可能な記録媒体
JPH0750665A (ja) 本人確認装置及びその方法
WO2004084486A1 (fr) Procede pour renforcer la securite de systemes securises
JP4835102B2 (ja) 自動取引装置
JP2002041813A (ja) 個人認証システム
JP2007018203A (ja) 個人認証装置
JP3090265B2 (ja) 認証icカード
JPS63136296A (ja) 個人認証用カ−ド
US20070124598A1 (en) System And Method For Providing Security
WO1999060485A1 (fr) Systeme de carte d'authentification

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP