WO2006117806B1 - Bilaterally generated encryption key system - Google Patents

Bilaterally generated encryption key system

Info

Publication number
WO2006117806B1
WO2006117806B1 PCT/IN2006/000157 IN2006000157W WO2006117806B1 WO 2006117806 B1 WO2006117806 B1 WO 2006117806B1 IN 2006000157 W IN2006000157 W IN 2006000157W WO 2006117806 B1 WO2006117806 B1 WO 2006117806B1
Authority
WO
WIPO (PCT)
Prior art keywords
user
service provider
password
encryption key
character
Prior art date
Application number
PCT/IN2006/000157
Other languages
French (fr)
Other versions
WO2006117806A3 (en
WO2006117806A2 (en
Inventor
Rahman Syed Ibrahim Abdu Abdul
Original Assignee
Rahman Syed Ibrahim Abdu Abdul
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from PCT/IN2005/000141 external-priority patent/WO2006006182A2/en
Application filed by Rahman Syed Ibrahim Abdu Abdul filed Critical Rahman Syed Ibrahim Abdu Abdul
Priority to US11/913,555 priority Critical patent/US20090217035A1/en
Publication of WO2006117806A2 publication Critical patent/WO2006117806A2/en
Publication of WO2006117806A3 publication Critical patent/WO2006117806A3/en
Publication of WO2006117806B1 publication Critical patent/WO2006117806B1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • H04L9/16Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms the keys or algorithms being changed during operation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/20Manipulating the length of blocks of bits, e.g. padding or block truncation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Abstract

Bilaterally Generated Encryption Key System is a variable password based computationally non intensive symmetric encryption key system dispensing with memorization and exchange of keys, capable of providing one encryption key for each object exchanged between two parties, two different encryption keys per transaction and a plurality of encryption keys for a session, integrating authentication and securing transactions preventing breaking attempts. The Password/Encryption Key is a random permutation of Character Units of Variable Character Set System of authentication devices { Fig. 3}, generated by a Call of random numbers from SERVICE PROVIDER and corresponding Response of USER. Bilaterally Generated Encryption Keys and Non Repeating Bilaterally Generated Encryption Keys are two types of Password/Encryption Keys. Secures every Internet/network transactions of USERs {Fig. 6} including Previously Unknown USERs, by generating many Password/ Encryption Keys of required length using a padding method, from single Password/encryption key input of users and previously unknown users at the instant of transaction.

Claims

AMENDED CLAIMS received by the International Bureau on 19 March 2007 (19.03.2007)
+ STATEMENT
1) I claim a symmetric encryption key system, a system for authenticating and securing Internet Contract/Network transactions by providing one symmetric encryption key for each object, two symmetric encryption keys for each transaction and a plurality of symmetric encryption keys for a session, wherein authenticating user using a single variable password at the beginning of a session, using a single encryption key for securing a session having a plurality of transactions, characterized ϊrt that: (a) authenticating USER/Previousty Unknown USER, using one variable Password for each transaction and a plurality of variable Passwords for a session having a plurality of transactions, using the said plurality of variable Passwords and Cails for said plurality of variable Passwords as encryption keys, thus obtaining two encryption keys per transaction and a plurality of encryption keys per session; (b) securing every single object employing one encryption key for each object, the said single object include all communications arising from one lap of a transaction between US€R/Previσusiy Unknown USEf? and SERVICE PROVIDER, the said communications include files, message packets, Call, Password/encryption keys bundled in to single folder; (c) securing of every single transaction between USER/Previously Unknown USER and SERVICE PROVIDER employing two encryption keys per transaction of two consecutive laps, one lap from USER to SERVICE PROVIDER, the other lap from SERVICE PROVIDER to USER; (d) the first of the sard two encryption keys per transaction, furnished by USER/Previously Unknown USER as Password/ encryption key, the second of the said two encryption keys per transaction generated by concatenating the 'Call' excluding the first Call of session, available from the system; (e) employing a plurality of encryption keys per session, half the number of the said plurality of encryption keys provided by at least one method of (f) generating a plurality of encryption keys from single initial Password/Encryption Key furnished by USER/Previously Unknown USER in step (d), using a software termed as USER AGENT SOFTWARE and (g) direct keying in by USER/Previously Unknown USER for every transaction, (h) the second half the number of the said plurality of encryption keys generated by concatenating the 1CaU' available from the system; (i) initiating secure session of plurality of transactions making a CaI! termed as the first Call of session, in open network, the said first Call identifying the first encryption key to be used for securing the first object of the first transaction between USER and SERVICE PROVIDER, the said Call decipherable only between USER/ Previously Unknown USER and SERVICE PROVIDER, whereby secure communication link is established only with the authorized, preventing unauthorised substitutions and clandestine diversions of the said secure communication φ continuously changing encryption keys at the rate of one encryption key for each lap of transaction, the said changing of encryption keys integrated in the system, dispensing with the effort for prior communication of encryption keys (k) the said continuously changing encryption keys decipherable only at the Internet Protocol address wherefrom the USER/Previously Unknown USER/SERVICE PROVIDER commenced transaction and upon furnishing valid Password for each object; (I) steps {i} to (k), ensuring continuous link between USER/Previously Unknown USER and SERVICE PROVIDER from the first to the last transaction preventing attacks such as intrusions, spoofing, sniffing, substitutions, diversions and remote operations by unauthorised (m> incorporating functions upgrading capability of encryption keys; (n) comprising: (n1) a second system of authentication devices, (n2)
54 font/distinguishing property modification of the said second system of authentication devices, (n3) transformation of the said second system of authentication devices, (n4) a key generation process generating two Encryption Keys per transaction, (nδ) generating a plurality of Encryption Keys from a single Password/Encryption Key using (n6) a software, (n7) padding of encryption keys, (n8) 45 preventing breach attempts on encryption key during/after the session and (n9) methods of using the said encryption key system for authenticating and securing of every individual Internal Contract/Network transactions of USERs/previously unknown USERs, (o) the said system implemented by a data processor loaded with software implementing the system for USER and SERVICE PROVIDER, connected by communication network.
50 2) The .system claimed in any preceding claim, (a) USER is a person or a process or software or
* specified sector(s) of data storage media or a system or server or a Network or any thing that uses a Password/Encryption key for authentication and securing transactions; (b) a previously unknown
USER is a USER having an USER account with a Internet SERVICE PROVIDER or Network server but is yet to establish an USER account with a SERVICE PROVIDER with whom such USER wants
55 to transact and includes first time/temporary USERs/short duration USERs excused from having an USER account such as participants in auctions; (c) SERVICE PROVIDER is a person or a process or software or specified sector(s) of data storage media or a system or server or a Network or any thing who/which provides access to the USER upon furnishing of valid Password/Encryption key for authentication/securing transactions.
60 3) The system claimed in any preceding claim, (a) Internet Contract transaction is an Internet transaction between USER and SERVICE PROVIDER which has a monetary or other value; (b) authentication/ securing of every individual transactions is to authenticate/secure every transaction using different Password/Encryption keys from USER either individually furnished by USER or generated from single Password/Encryption key initially furnished by USER, the said encryption
65 keys linked to the identity of USER.
4} The system claimed in any preceding claim, encryption keys generated using the said system, include either one of (a) Bilaterally Generated Encryption Keys or IMon Repeating Bilaterally Generated Encryption Keys and (b) Ca(Is, excluding the first Call of session, concatenated, (c) the said encryption keys optionally padded to increase the strength of the said encryption keys.
70 5} The system claimed in any preceding claim, ensuring continuous link is to ensure both USER/USER Agent Software and SERVICE PROVIDER and IP address from which USER/USER Agent Software and SERVICE PROVIDER are transacting remains one and the same from beginning to end of a session.
6} The system claimed irt any preceding claim, incorporating functions upgrading capability of
75 encryption keys is (a) preventing breach attempts on the encryption key during/after the session;
(b) each one of the said plurality of encryption keys of linked with USER'S identity thus providing computationally non-intensive proof for each object of the transactions of USERs/previousfy
55 unknown USERs and SERVICE PROVIDERS; the system dispensing with (c) pre-cornmunication of public/symmetric keys, (d) mandatory memorisation (e) need for third party certification/need to 80 trust third parties; (t) the USER AGENT SOFTWARE relieving USER/Previously Unknown USER from further input of second and subsequent Passwords/encryption keys v
7) The system claimed in any preceding claim, providing proof for a transaction is to preserve the Call and Password/Encryption key of each transaction along with Internet Protocol address wherefrom USER transacted, date, time and USER details, including Internet Protocol address of Internet
85 Service Provider/Network Server who forwarded the request of previously unknown USERs, as means of tracing source of objects in a direct and computationally non intensive manner as the proof of that transaction.
8) The system claimed in any preceding claim preventing breach attempts on the encryption key is (a) when the USER and SERVICE PROVIDER are in session, (a1) USER failing to furnish the correct
90 Encryption key within given chances resulting in aborted transaction; (a2) subsequent attempt taking place only after specified time and (a3) the USER furnishing two Encryption keys successively/furnishing twice the strength of single Encryption key, the said furnishing of Encryption key mandated in single chance; (a4) USER failing to furnish Encryption key in a two Encryption key Call or twice Hie strength of single Encryption key Call at first chance, is denied access until USER 95 establishes his authenticity to the satisfaction of the SERVIGE PROVIDER through other means (b)
» when the USER and SERVICE PROVIDER are not in session and a USER attempts to open an encrypted message such as a saved message, (bt) the system after allowing specified number of chances, rejecting, noting the date and time of rejection and disallowing further attempts; (b2) the system creating a fiie having failed attempt data in the USER'S system, such file is created only if
100 there is a failure, such file's access is restricted to particular encrypted message by a Password, such Password is known only to SERVICE PROVIDER; {b3} USER mandated to contact the SERVICE PROVIDER to recover the message; {b4) recovery of such message shall be effected by SERVICE PROVIDER sending the Password to delete the file having failed attempt data; (b5) after deleting the file, USER is allowed to furnish encryption again, referring to authentication device,
105 whereby, unauthorised persons breach attempts are prevented totally.
9) The system claimed in any preceding claim, methods of using the said encryption keys comprising authenticating and securing of every individual Internet ContractfNetwork transactions of (a) USER, with one Password/encryption key furnished by a USER for each transaction; (b) USER, with a plurality of different encryption keys, generating said plurality of different encryption keys
110 from a single Password/Encryption key furnished by USER at the beginning of a session (c) previously unknown USER with a plurality of different Password/Encryption keys, generating said plurality of different Password/Encryption keys from one Password/Encryption key furnished from a temporary authentication device by a previousiy unknown USER at the beginning of a session.
10} The system claimed in any preceding claim, temporary authentication device is an authentication 115 device generated from said second system of authentication devices by SERVICE PROVIDER; the
56 method of use comprising: sending temporary authentication device to a second SERVICE PROVIDER known to a Previously Unknown USER, securely exchanging identification data of said Previously Unknown USER; () passing a second temporary authentication device, through the said second SERVICE PROVIDER to the said Previously Unknown USER () performing continuous 120 mutual authentication and securing transactions of Previously Unknown USERs and SERVICE PROVIDER, using Password/encryption keys from the second temporary authentication device.
11 ) The system claimed in any preceding claim, the second system of authentication devices is the means of generating Passwords^Encryption Keys for authenticating/securing transactions of USERs and SERVICE PROVIDERS in Bilaterally Generated Encryption Keys System, the said
125 second system of authentication devices printed/stored on a physical medium such as paper, digital form on a memory device and/or similar means for USER, stored in database with database connectivity for trie SERVICE PROVIDER, comprising: (a) Variable Character Sets {VCS 1 to VCS 6}, (b) Master Variable Character Sets {MVCS 1}, (c) Sub Variable Character Sets and (d) Sub Variable Character Sets of Level 2 or below; wherein the functional combinations comprising: (e)
130 both SERVICE PROVIDER and USER using Variable Character Set; (f) SERVICE PROVIDER using Master Variable Character Set with a Sub Variable Character Set expressed in brief form and USER using Sub Variable Character Set; <g) SERVICE PROVIDER using Master Variable Character Set with a Sub Variable Character Set of Level 2 or below expressed in brief form and USER using a Sub Variable Character Set of Level 2 or below, wherein at least one of the said
135 combinations given herein as (e), (f) and (gj are used as the authentication device, wherein an authentication device of the said system further comprising: (h) an arrangement of a plurality of Character Units in which the Character Units are identified using unique Serial Number of Character Units; (i) the Character Unit consist of either one or a permutation of more than one Basic Character wherein the said random permutation inciudes repeating a Basic Character within
140 same Character Unit; {j} the Basic Characters are selected from a plurality of characters including alphanumeric characters chosen from a plurality of languages/scripts/numbers/symbol systems including non familiar languages/scripts/numbers/ symbol and graphical characters chosen from a plurality of representation of objects including diagrams, drawings, images, photos, pictures and sketches; (k) the characters are further differentiated by font/distinguishing properties; (i)
145 memorization is dispensed with; (m) the Character Units of the said arrangement comprise of completely random characters; (n) the total number of Character Units in the authentication device is unrestricted by human rnemorisable level removing the corresponding limit on Serial Number of Character Units irnposable by memorization; (o) the Serial Number of Character Units identify corresponding Character Unit; no further relationship exists between Character Units and Serial
150 Number of Character Units and no relation ship exists among the Character Units in the said arrangement; (p) the said arrangerrtsnt is free from algorithms/pattern forming methods, requiring recalling and implementation of the said algorithms/pattern forming methods to produce Password; (q) the authentication devices produce Passwords of chosen level of safety; (r) the functional combinations given herein as (f) and (g), facilitating single authentication device providing required
155 number of related sub authentication devices for assigning to a plurality of USERs/USER groups/uses, reducing data storage requirement of SERVICE PROVIDER, providing ease of
57 identifying Character Units in programs in terms of Serial Number of Character Units of Master Variable Character Set; (s) facilitating classification of USERs and generation of several Passwords from single Password initially furnished by a USER linking with identity of USER.
160 12) The system ciaimed in any preceding claim, in the second system of authentication devices, method of generating and using a Variable Character Set comprising the steps of (a) selecting the required number of Character Units; (b) arranging the Character Units in any one form of lists, i tables, arrays and matrices, in which each of the Character Unit is distinctly identifiable and easily readable; (c) assigning unique Serial Number of Character Unit to identify each Character Unit in
165 Variable Character Set; (d) specifying the method of identifying/calculating the Serial Number of Character Unit, facilitating USER to read the Character Units corresponding to the Serial Number of Character Units; (e) ensuring that the Character Units and the Serial Number of Character Units are unrelated and the Character Units of a Variable Character Set are unrelated to each other; (f) printing the said arrangement in a physical medium such as paper, digital form optionally in
170 encrypted file form and/or similar means; (g) SERVICE PROVIDER and USER storing the arrangement securely in a memory device; (h) optionally, SERVICE PROVIDER validating USER generated Variable Character Set for compliance of the above steps (a) to (g); wherein (i) USER upon being a Previously Unknown USER to a SERVICE PROVIDER but known to a second SERVICE PROVIDER passing the said Variable Character Set to the said Previously Unknown
175 USER through the said second SERVICE PROVIDER, the said passing of Variable Character Set is in encrypted form and decrypting key and method sent directly by SERVICE PROVIDER.
13) The system claimed in any preceding claim, in the second system of authentication devices, method of generating and using a Master Variable Character Set comprising the steps of (a) 180 generating a Variable Character Set and designating it as the Master Variable Character Set; (b) uport generation of Sub Variable Character Sets by USERs, generating the Master Variable Character Set by combining the said USER generated Sub Variable Character Sets of all USERs of a SERVICE PROVIDER, as continuous and non-overlapping lists or tables or arrays or matrices; (C) storing and using the arrangement securely by SERVICE PROVIDER
185 14) The system claimed in any preceding claim, in the second system of authentication devices, method of generating and using Sub Variable Character Set comprising the steps of (a) selecting the total number of Character Units of the Sub Variable Character Set; (b) identifying Serial Number of Character Units of the Master Variable Character Set, the method of identifying the said Serial Number of Character Units adopting at least one of the following ways: (b1) specifying rules of
190 selection such as criteria for filtering data, (b2) specifying discrete numbers, (b3) specifying continuous numbers and (b4) specifying random sequences; the Character units corresponding to the identified Serial Number of Character Units constituting the Sub Variable Character Set (c) selecting Character Units including a limited number of Character Units of other Sub Variable Character Sets, duly ensuring that no specific relationship exists, between Character Units of Sub
195 Variable Character Sets of same origin (d) arranging Character Units selected as per steps (a) to (c) herein, to any one of the form of lists, tables, arrays and matrices, in which each of the Character Unit is distinctly identifiable and easily readable; (e) assigning unique Serial Number of Character Units, independent of Serial Number of Character Units of Master Variable Character Set to identify each Character Unit in the Sub Variable Character Set; (f) specifying the method of identifying/calculating the Serial Number of Character Unit, facilitating USER to read the Character
MΌ units corresponding to me serial Numoer oτ unaracter units; (g; ensuring uπaracier units ano Serial Number of Character Units are unrelated and the Character Units of a Sub Variable Character Set are unrelated to each other, (h) assigning a Serial Number/identification number to each Sub Variable Character Set, (i) optionally USER generating Variable Character Set and using it as Sub Variable Character Set (j) SERVICE PROVIDER storing Sub Variable Character Sets in
205 brief form as in step (b); (k) USERs storing Sub Variable Character Sets in complete form (I) wnerem wnen using SUD vaπaDie unaracter bets, (irij tne password/ tncryption κ.ey uairs are in Serial Number of Character Units of Sub Variable Character Sets and SERVICE PROVIDER compares with Character Units of Master Variable Character Set corresponding to the called Serial Number of Character Units of Sub Variable Character Sets; (n) prefixing or suffixing identification
210 number of Sub Variable Character Sets with Password/Encryption Key, is used to identify any Password/Encryption Key specific to a particular Sub Variable Character Set, which in turn is used
1 for identification of groups and classification of USERs; (o) replacing with another Sub Variable
Character Set generated from the same Master Variabte Character Set upon suspected compromise of a Sub Variable Character Set.
215 15) The system claimed in any preceding claim, m the second system of authentication devices, where method of generating and using Sub Variable Character Sets of level 2 or below comprising steps of (a) selecting the total number of Character Units of the Sub Variable Character Set of- level 2 or below, (b) identifying Serial Number of Character Units of the of one level up Sub Variable Character Set, the method of identifying the said Serial Number of Character Units adopting at least
220 one of the following ways: (b1 ) specifying rules of selection such as criteria for filtering data, (b2) specifying discrete numbers, (b3) specifying continuous numbers and (b4) specifying random sequences; the Character units corresponding to the identified Serial Number of Character Units constituting the Sub Variable Character Set of level 2 or below; (c) selecting Character Units including a limited number of Character Units of one level up Sub Variable Character Sets/Master
225 Variable Character Set, duly ensuring that no specific relationship exists, between Character Units of Sub Variable Character Sets any level of same origin; (d) arranging Character Units selected as per steps (a) to {c) of this claim in to any one of the form of lists, tables, arrays and matrices, in which each of the Character Unit is distinctly identifiable and easily readable; (e) assigning unique Serial Number of Character Unit, independent of Serial Number of Character Units of one level up
230 Sub Variable Character Set/Master Variable Character Set to identify each Character Unit in the Sub Variable Character Set of Level 2 or below; (f) specifying the method of identifying/calculating the Serial Number of Character Unit, facilitating USER to read the Character Units corresponding to me aerial Numoer or unaracter units; igj ensuring tne unaracter units ana me serial Numoer oτ Character Units are unrelated and the Character Units of a Sub Variable Character Set of Level 2
235 or below are unrelated to each other; (h) assigning a Serial Number/identification number to each Sub Variable Character Set of Level 2 or below., (i) optionally, USER generating Sub Variabte
59 Character Set of level 2 or below duly selecting randomly the Character Units provided by SERVICE PROVIDERS from one level up Sub Variable Character Sets; (j) SERVICE PROVIDERS storing buo vaπaoiβ unaracter t>ets oτ level -i or DΘIOW in oneτ rorm αuiy lαβmrryiπg *enai iMumoer
240 of Character Units of Sub Variable Character Sets of level 2 or below in terms of Serial Number of Character Units the Master Variable Character Set, the method of identifying the said Serial Number of Character Units, adopting at least one of the following ways: (J1) specifying rules of selection such as criteria for filtering data, 02) specifying discrete numbers, (}3) specifying continuous numbers and (j4) specifying random sequences; (k) USERs storing Sub Variable
245 Character Sets of Level 2 or beiow in complete form; wherein when using Sub Variable Character Sets of level 2 or below, (I) the Password/Encryption Key Calls are in Serial Number of Character
* Units of Sub Variable Character Sets of level 2 or below and SERVICE PROVIDER compares with
Character Units of Master Variable Character Set corresponding to the called Serial Number of Character Units of Sub Variable Character Sets of level 2 or below; (m) prefixing or suffixing
250 identification number of Sub Variable Character Sets of level 2 or below with Password/Encryption Key, is used to identify any Password/Encryption Key specific to a particular Sub Variable Character Set of level 2 or below, which in turn is used for identification of groups and classification of USERs; (n) replacing with another Sub Variable Character Set of level 2 or below, generated τrom ine same one level up SUD vanaoie unaracier set upon suspected compromise oτ a buo
255 Variable Character Set of level 2 or below.
16) The system claimed in any preceding claim, the method of repeated variation of font/distinguishing properties of the second system of authentication devices claimed in any preceding claim, as means of differentiation between same characters of Passwαrd/Eπcryptiσn Key, in printed second system of Authentication Devices, including implementing the method by means of a transparent
260 sheet and a memory device with data processor loaded with software, (a) generating new Character Units and new authentication devices while retaining original characters, enhancing security against breach of Password/Encryption Keys, enhancing life of authentication Devices and ability of use with any number of SERVICE PROVIDERS, comprising steps of: (b) USER, proposing variation to font/distinguishing properties of characters of Password/Encryption Key/Character Units
265 of Variable Character Sets/Sub Variable Character Sets of any level; (c) optionally SERVICE PROVIDER proposing said variation of font/distinguishing properties at regular intervals and USER agreeing to such variations; (d) SERVICE PROVIDER registering the changes; (e) USER using a separate transparent sheet to the size of printed Variable Character Sets/Sub Variable Character Sets of any level, indicating font/distinguishing property variation (f) willing USER memorising the
270 changes; (g) furnishing font/distinguishing properties varied characters for Password/Encryption Key.
17) The system claimed in any preceding claim, the method of transformation of the second system of authentication devices claimed in any preceding claim to derive new Character Units including implementing the method by means a memory device with data processor loaded with software
275 comprising steps of: (a) USER proposing at least one rule of transformation of characters of Password/Encryption Key/Character Units of authentication device such as shifting Serial number
60 of Character Units of authentication device by a specified number/shifting characters from natural order by a specified number, (b) USER keeping the said rule of transformation separate from authentication device; (c) willing USER memorising the said rule of transformation on the Character
280 Units or Basic Characters of the authentication device; (d) SERVICE PROVIDER registering the rules; (e) USER furnishing the transformed characters/Character Units for Password/Encryption
- Key.
18) I claim a key generating process of the Encryption key System implemented by a memory device, a data processor loaded with software for USER and SERVICE PROViDER, connected by
285 communication network, comprising the steps of: (a) USER and SERVICE PROVIDER using a pre agreed authentication device of the second system of authentication devices; (b) the Password/encryption key comprising of a permutation of selected number of Character Units of ihe authentication device wherein optionally same Character Units are repeated in Password/encryption key on repetition of same random number within a Call; (c) USER
290 approaching the SERVICE PROVIDER with opening the website or dialogue window or switching on the SERVICE PROVIDER system; (d) SERVICE PROVIDER requesting the USER to furnish USER name or identification number; (e) USER furnishing USER name or identification number; (f) SERVICE PROVIDER <f1) verifying USER name, and refusing the unregistered USER; (β) identifying and referring to the authentication device of particular USER; (f3) generating a specified
395 number of random numbers wherein the said specified number is at least two; (f4) ensuring each of the generated random number is less than or equal to the total number of Character Units in the authentication device, further validating the said random numbers for compliance of rules preagreed between SERVICE PROVIDER and USER; (f5) sending the random numbers to the USER, termed as Call; (g) USER responding with a continuous string of Character Units of the
300 authentication device, wherein the serial numbers of Character Units, are the random numbers of Call, in the order of Call, termed as Response, wherein the said continuous string is making Basic Characters indistinguishable as belonging to particular Character Unit; (h) SERVICE PROVIDER when required, requesting the identification number of Sub Variable Character Set of any level as part of Password/encryption key, along with Call and the USER complying with such request; (i)
305 SERVICE PROVIDER (M) verifying the Response to the Call with the respective authentication device and authenticating the USER when the Response furnished is correct; (i2) allowing the USER up to preagreed number of chances to furnish the correct Password/encryption key when the Response furnished in step (i1) is incorrect; (i3) denying access and advising the USER to make subsequent attempt only after preagreed time when USER fails to furnish the correct
310 Password/encryption key within preagreed number of chances; (i4) making a Call to furnish a strong Password/encryption keys comprising two Passwords/encryption keys called simuttaπeαusty/successively, in one chance to the USER reaching step (i3); (iδ) denying access to the USER, who failed to provide correct Password/encryption key in step (i4) advising such USER to establish authenticity to the satisfaction of the SERVICE PROVIDER through other means,
315 characterized in that (j) dispensing with memorization of PIN/equivalent facilitating generation of Passwords/Encryption keys without human intervention; (k) enhancing the limit on maximum value of random numbers in Call, imposable by memorization from up to human rhemorisable level to tne
61 total number of Character Units in the authentication device; (I) free from algorithms/pattern forming methods involving multi step procedures to produce Password/encryption key (m) Call to furnish
320 two Password/encryption keys simultaneously/successively prevents breaking and automatically notifies the authentic USER on failed attempts; (n) generating two Encryption keys for each transaction, the process is suited to generate plurality of Passwords/Encryption keys from one Password/ Encryption key to secure each one of the transactions by different Encryption keys; (o) generating and validating Encryption keys by referring and comparing in a computationally non
325 intensive manner; (p) generating Passwords/Encryption keys of specified strength, the said specified strength directly proportional to the number of character units in the Password/Encryption Key, the said number (of character units in the Password/Encryption Key) having a lower limit of two and unrestricted upper limit; (q) Optionally USER and SERVICE PROVIDER, by prior arrangement adopt padding of keys to enhance the strength of USER furnished
330 Password/encryption key to preagreed length encryption key; (r) USER furnishing Password/encryption key as obtainable from authentication device, system designed to pad the keys to get keys of required length, (s) enabling USER verifying authenticity of SERVICE PROVIDER for every transaction.
19) In the key generating process of the Encryption key System as claimed in claim 18, further 335 comprising the steps of. (a) after the initial identification/authentication, the USER desiring to ascertain the authenticity of SERVICE PROVIDER, by pre arrangement, (b) issuing a Call; (c) SERVICE PROVIDER responding; (d) USER verifying the Response, with the authentication device and authenticating the SERVICE PROVIDER, whereby USER and SERVICE PROVIDER mutually authenticate and secure connection.
340 20) In the key generating process of the Encryption key System as claimed in claim 18, the valid Response to the Call in step (g) of claim 18, is Bilaterally Generated Encryption key, wherein chance of repeating is more than zero for the Bilaterally Generated Encryption key.
21) In the key generating process of the Encryption key System as claimed in claim 18, the method of generating Non Repeating Bilaterally Generated Encryption key comprising of the steps of (a)
345 SERVICE PROVIDER in step (f4) of Claim 18, verifying for compliance of the rule according to which, at least one Character Unit constituting a Password/Encryption key occurs for the first time in the said Password/Encryption key, wherein compliance of the said rule making the chance of repeating is zero for Non Repeating Bilaterally Generated Encryption key (b) wherein the said rule is observed till atl Character Units of pre agreed authentication device are exhausted (c) wherein all
350 the said Character Units of pre agreed authentication device are revived by transformation/font/distinguishing property change to the authentication device.
22) In the key generating process of the Encryption key System as claimed in claim 18, further comprising the steps of; using the random numbers of Call, concatenated, as Password/ Encryption key, in addition to USER furnished Password/Encryption key, thereby generating two
,155 Passwords/Encryption keys for a transaction.
62 23) In the key generating process of the Encryption key System as claimed in claim 18, strong Password/Encryption key is a Password/ Encryption key, which has twice the normal number of Character Units in a Call, designed to test physical availability of authentication device with USER after a failed attempt.
360 24) The method of padding of keys, a process of addition of characters to the USER furnished encryption key to make keys with preagreed number of characters to reduce the USER'S efforts v when furnishing Password/encryption key done by software of SERVICE PROVIDER/USER system, suited to the system, wherein one method is stated herein (a) the required number of padding characters are calculated (b) the Basic Characters of Password/Encryption key are
365 converted to the assigned serial number in the same order as it was assigned when forming the Variable Character Set or Sub Variable Character Set of any level and obtain a few random numbers; (c) the geometric mean of the random numbers obtained in previous step is calculated; when the geometric mean is a round number, the said geometric mean is multiplied by 'if and the resultant number is used; (d) from the geometric mean or the resultant number in step (c) the
370 decimal characters are extracted and used as initial seed "S0'; (e) Any mathematical/statistical function such as Fishers Number, Standard normal cumulative distribution, logarithm, that takes a single input value and gives an output value is operated on 'S0'; (Tj the decimal characters of output value of step (e) is the seed S1; (g) the random numbers obtained in step (b) are split to single digits d(; (h) one or more characters to be padded is/are selected from each of one of the output value S-,,
375 starting from character at dj +1; (h) steps (e) to (g) is correspondingly repeated to get as marψ characters that is required (i) when the first few digits of Si is/are '0' then the first nonzero number is moved to first decimal position with corresponding move of all other numbers; Q) when dι is even
4 number, the numbers obtained in step (h) is placed first followed by one Character Unit of
Password/Encryption Key ; when dj is odd number, one Character Unit of Password/Encryption Key
380 is placed first followed by the numbers obtained in step (h); (k) the step (j) is repeated till all Character Units αf Password/Encryption Key is exhausted (I) followed by adding characters of step (h) remaining unutilised till step (k); (m) When padding encryption keys made of Calls, using the Password/Encryption Key corresponding to the Call for generating padding numbers; (n) achieving variability between padding keys of Password/Encryption Key and that of Call by adopting harmonic
385 mean of random numbers obtained in step (b) adding ail but the last Character Unit of the Password/Encryption Key is as in step (j); (o) the algorithm for padding is pre agreed between USER/SERVICE PROVIDER; (p) the padding process is done by the software and USER is relieved from doing any calculation, characterized in that (q) the padding algorithm herein uses data from the Encryption key itself derived from the authentication devices of Bilaterally Generated
390 Encryption keys; (r) the position occurrence of numeric character is varied on par with characters of Password/encryption key making the encryption key as strong as the one which is directly made from authentication device; (s) any length of key is obtainable.
25) I claim a method of authenticating and securing of Internet Contract/Network transactions using one
Password/Encryption Key for each transaction furnished by a USER, including a memory device, a
395 data Drocessor loaded with software implementing the system for USER and SERVICE
63 PROVIDER, connected by communication network, {Fig. 5}, using Bilaterally Generated Encryption Key System, the method comprising steps of fa) SERVICE PROVIDER and USER (a1) recording their mutual Internet Protocol/Network addresses at the beginning of a session; (a2) placing all unexposed Galls, Password/Encryption Keys, file and message packets in to folders, exchanging
400 the folders after encrypting and access restricting, utilizing any one of unexposed Calls/Passwords as Passwords and encryption keys, using a pre agreed cryptographic algorithm to encrypt; wherein all the unexposed Cails/Password/Encryption Keys generated up to a transaction in a session are available for encrypting and access restricting a specific folder by prior agreement; (a3) access restriction and maintaining continuity of link by ensuring IP address from which USER or
405 SERVICE PROVIDER are transacting remains the one and the same from beginning to end of session and by obtaining a variable Password/Encryption Key known only to USER and SERVICE PROVIDER for each object exchanged; (a4) confirming correctness of Calls, Password/Encryption Keys and allowing pre agreed number of chances to rectify; exiting upon occurrence of at least one of the following events: failure to furnish valid information, lapse of time, inability to open and
410 inability to decrypt folders; (aδ) checking objects exchanged before accepting, the said checks are for compliance of regulations, contract conditions and freedom from undesirable programs (ike virus; (b) USER furnishing USER Name and issuing a Call termed as 'initial Call of the session' to SERViCE PROViDER; (c) SERVICE PROVIDER creating a folder containing Password/Encryption Key for initial Call of the session, a Call, termed as ' SERVICE PROVIDER'S first Call' and optional
415 message, encrypting and access restricting the folder as detailed in step (a); sending the folder to USER; (d) USER opening and decrypting the folder, checking Password/Encryption Key; creating a folder containing Password/Encryption Key for SERVICE PROVIDER'S first Call, any message, encrypting and access restricting the folder as detailed in step (a); sending the folder to SERVICE PROVIDER; (e) SERVICE PROVIDER opening and decrypting the folder, verifying
420 Password/Encryption Key from USER; creating a folder containing next Call, authentication message, encrypting and access restricting the folder as detailed in step (a); sending the folder to USER; (f) USER opening and decrypting the folder, getting the next Call; (g) after an Internet Contract/Network Transaction is created, USER, creating a foider containing Password/Encryption Key for the Call received in previous step, and the file or message packet containing the USER'S
425 Internet Contract/Network Transaction; encrypting and access restricting the folder as detailed in step (a); sending the folder to SERVICE PROVIDER; (h) SERVICE PROVIDER opening and
1 decrypting the folder, verifying Password/Encryption Key furnished by USER, checking and processing the contents of file or message packet; responding by creating a folder containing Call for the next transaction and the file or message packet containing the SERVICE PROVIDER'S
430 Internet Contract/Network Transaction; encrypting and access restricting the folder as detailed in step (a); sending the folder to USER; (i) USER opening and decrypting the folder from SERVICE PROVIDER, checking and processing the contents of file or message packet; Q) Repeating steps (g) to (i), till the transactions are completed and (k) exiting after advising SERVICE PROVIDER (i) wherein SERVICE PROVIDER keeping proof for every transaction of USERs including the USER
435 name, the IP address of USER system, the date and time, the details of internet Contract/Network Transaction, the Call and the Password/Encryption Key for each transaction providing direct and computationally non intensive means of tracing ail actions/objects of a USER from access to exit.
64 26) I claim a method of generating multiple Password/Encryption Keys from single Password/ Encryption Key using User agent software wherein all Character Units of the USER'S authentication
440 device has equal number of characters; SERVICE PROVIDER'S Call for at least 4 Character Units from USER, which provides at least 60 unique permutations from the said 4 Character Units comprising steps of (a) USER Agent Software (b) collecting the Call and Password/Encryption Key for initial access of USER; (c) determining the total number of Character Units and Character Units from said Call and Password/Encryption Key collected in step (b); (d) forming a Sub Variable
445 Character Set of any level termed as 'authentication device of the session' using all Character Units determined in step (c); (e) assigning Serial Number of Character Units to the said Character Units; i (f) communicating the assigned Serial Number of Character Units to SERVICE PROVIDER in encrypted folder using the Password/Encryption Key for initial access of USER as encryption key; (g) SERVICE PROVIDER making Call from Serial Number of Character Units communicated in
450 step (f); (h) USER Agent Software furnishing Response; (i) Repeating the steps (g) to (h) till end of session; (}} whereby a plurality of Password/Encryption Keys are generated; (R) wherein the first unexposed Call from SERVICE PROVIDER is optionally used as Serial Number of Character Units, dispensing with the need of communicating Serial Number of Character Units in step (f).
27) i claim a software termed as USER Agent Software, integrated with USER system connected 455 through communication network to SERVICE PROVIDER system, the said software combined with
Internet Contract/Network Transaction software optionally an independent software comprising modules to perform steps/functions of (a) USER Agent Software adopting to USER name as Internet Protocol/Network address of the computer, wherefrom, USER accesses SERVICE PROVIDER; (b) functioning from the USER Terminai representing USER, transacting with
460 SERVICE PROVIDER; (c) recording Internet Protocol/Network address of SERVICE PROVIDER; (d) forming the authentication device of the session; (e) generating multiple Password/Encryption
11 Keys from a single Password/ Encryption Key furnished by USER; (f) authenticating USER for individual transactions comprising: (M) seeking Call (f2) furnishing Response, (f3) confirming correctness of Calls, Password/ Encryption Keys and allowing specified number of chances to
465 rectify; (g) exchanging objects after securing and access restricting the said objects to Internet Protocol/Network address of SERVICE PROVIDER; (h) checking for origination of USER'S message from USER'S system by (hi) ensuring continuity of connection with SERVICE PROVIDER; (h2) ensuring the integrity of command to do the Internet Contract/Network Transaction, through checking the keyboard and other input entries; (i) passing on the objects
470 received from Service Provider to USER after checks such as presence of virus; (j) upon authentication failure, informing the USER to decide corrective action; (k) allowing USER doing authentications directly; (I) denying access to unauthorised USER created internet Contract/Network Transactions; (m) blocking the unauthorised user, from substituting the USER/ USER Agent Software/SERVICE PROVIDER, through any other computer, (n) rejecting the
475 attempts to originate ϊnternet Contract/Network Transaction from the USER'S Computer, through remote commands; (o) advising SERVICE PROVIDER upon end of transactions and exiting.
65 28) I claim a method of authenticating and securing of every individual Internet Contract/Network transaction with different Password/Encryption Keys, generating said different Password/Encryption Keys from single Password/Encryption Key furnished at the beginning of a session by a known
480 USER using USER Agent Software {Fig. 6}, using Bilaterally Generated Encryption Key System, a memory device, a data processor loaded with software implementing the method for USER and SERViCE PROVIDER, connected by communication network, comprising steps of: (a) SERVICE PROVIDER and USER/USER Agent Software (a1) recording their mutual Internet Protocol/Network addresses at the beginning of a session; (a2) placing all unexposed Calls, Password/Encryption
485 Keys, file and message packets in to folders, exchanging the folders after encrypting and access restricting using any one of unexposed Calls/Passwords as Passwords and encryption keys, using a pre agreed cryptographic algorithm to encrypt; wherein all the unexposed Calls/Password/ Encryption Keys generated up to a transaction in a session is available for encrypting and access restricting a specific folder by prior agreement; (a3) access restriction and maintaining continuity of
490 link by ensuring \P address from which USER or SERVICE PROVIDER are transacting remains the one and the same from beginning to end of session and by obtaining a variable Password/Encryption Key known oniy to USER and SERVICE PROVIDER, from the respective systems, for each object exchanged; (a4) confirming correctness of Calls, PasswordiΕncryptioπ Keys and allowing pre agreed number of chances to rectify; exiting upon occurrence of at least one
495 of the following events: failure to furnish valid information, lapse of time, inability to open and inability to decrypt folders; (aδ) checking objects exchanged before accepting, the checks are for compliance of regulations, contract conditions, and freedom from undesirable programs like virus; (b) USER furnishing USER Name and issuing a Call termed as ' initial Call of the session ' to SERVICE PROVIDER; (c) SERVICE PROVIDER creating a folder containing Password/Encryption
500 Key for initial Cail of the session, a Call, termed as 'SERVICE PROVIDER'S first Call' and optional message, encrypting and access restricting the folder as detailed in step (a); sending the folder to USER; fd) USER opening and decrypting the folder, checking Password/Encryption Key; creating a folder containing Password/Encryption Key for SERVICE PROVIDER'S first Call, any message, encrypting and access restricting the folder as detailed in step (a); sending the folder to SERVICE
505 PROVIDER; (e) SERVICE PROVIDER opening and decrypting the folder, verifying Password/ Encryption Key from USER; creating a folder containing authentication message, encrypting and access restricting the foider as detailed in step (a); sending the folder to USER; (f) USER opening and decrypting the folder, upon being authenticated, authorizing USER Agent Software for doing transactions passing on Password/Encryption Key furnished in step (f) and Call received in step
510 (e); (I) USER Agent Software forming a Sub Variable Character Set of any Level, using all
\ Character Units of the Password/Encryption Key furnished in step (f), assigning Serial Number of
Character units as Call received in step (e) or in a different manner ana using it as the authentication device of that session
29) In the method claimed in Claim 28, (a) USER Agent Software creating a folder containing assigned 515 Serial Number of Character Units and request for a Call; encrypting and access restricting the folder as in step (a) of claim 28; sending it to SERVICE PROVIDER; (b) SERVICE PROVIDER upon confirming the Internet Protocol/Network address of the USER Agent Software and USER are
66 same, opening and decrypting the folder, registering Serial Number of Character Units, creating a folder containing Call within the authentication device of the session, encrypting and access
520 restricting the folder as in step (a) of claim 28, sending it to USER Agent Software; USER Agent Software opening and obtaining the Call for next transaction; (c) USER creating Internet Contract/Network Transaction and passing on to USER Agent Software; USER Agent Software checking for the origination of Internet ContracWNetwork Transaction from within USER system such as; (d) ensuring continuity of connection with SERVICE PROVIDER; (c2) ensuring the
525 integrity of command to do the Internet Contract/Network Transaction, through checking the keyboard and other input entries; (c3) upon confirming the origination, the USER Agent Software, (c4) creating a folder containing Password/Encryption Key for the Call obtained in step (b) and the file or message packet containing the USER'S Internet Contract/Network Transaction; (c5) encrypting and access restricting the folder as in step (a) of claim 28; (cδ) sending the folder to
530 SERVICE PROVIDER; (d) SERVICE PROVIDER opening and decrypting the folder, (d1) verifying
Password/Encryption Key furnished by USER Agent Software; (d2) checking and processing the contents of fiie or message packet; (d3) responding by creating a folder containing Call for the next
, transaction and the fiie or message packet containing the SERVICE PROVIDER'S Internet
Contract/Network Transaction; (d-4) encrypting and access restricting the folder as in step (a) of
535 cfaim 28; (d5) sending the folder to USER Agent Software; (e) USER Agent Software opening and decrypting the folder from SERVICE PROVIDER, checking and passing "on the file or message packet to USER; retaining the Call; (f) repeating steps (c) to (e) ti the transactions are completed and exiting after advising SERVICE PROVIDER; (g) USER Agent Software performing further steps as claimed in claim 27; (h) SERVICE PROVIDER keeping proof for every transaction of
640 USERs including the USER name, the IP address of USER system, the date and time, the details of Internet Contract/Network Transaction, the Gall and the Password/Encryption Key for each transaction; (i) providing direct and computationally non intensive means of tracing all actions/objects of a USER/SERVICE PROVIDER from access to exit.
30) I claim a method of authenticating and securing of every individual Internet/Network transaction of a
545 with different Password/Encryption Keys, generating said different Password/Encryption Keys from single Password/Encryption Key furnished at the beginning of a session by Previously Unknown
USER from a temporary authentication device, using Bilaterally Generated Encryption Key System, including implementing the method by means a memory device, a data processor loaded with software implementing the method for Previously Unknown USER and SERVICE PROVIDER,
550 connected by communication network {Fig.7}, comprising steps of (a) Previously Unknown USER'S
System using USER Agent Software, provided on request by SERVICE PROVIDER; (b) SERVICE
PROVIDER and Previously Unknown USER/USER Agent Software (b1) recording their mutual
Internet Protocol/ Network addresses at the beginning of a session; (b2) placing all unexposed
Calls, Password/Encryption Keys and file or message packets in to folders, exchanging the folders
555 after encrypting and access restricting using the Call for a transaction for object exchange from
Previously Unknown USER/USER Agent Software to SERVICE PROVIDER and the Password for a transaction for object exchange from SERVICE PROVIDER to Previously Unknown USER/USER
Agent Software; (b3) access restriction and ensuring continuity of the link is by ensuring IP address
67 from which the Previously Unknown USER/USER Agent Software or SERVICE PROVIDER are
560 transacting remains the one and the same from beginning to end of session and by obtaining a variable Password/Encryption Key known only to Previously Unknown USER/USER Agent Software and SERVICE PROVIDER for each object exchanged from respective systems; (b4) confirming correctness of Calls, Password/Encryption Keys and allowing prβ agreed number of chances to rectify; exiting upon failure to rectify or lapse of time or inability to open or decrypt
565 folders'; (bδ) optionally checking objects exchanged before accepting, the checks are for compliance of regulations, contract conditions as agreed at the commencement of session, and freedom from undesirable programs like virus; (c) Previously Unknown USER requesting a known Internet SERVICE PROVIDER/Network server to facilitate transactions with an Unknown SERVICE PROVIDER, furnishing the domain name of the website or IP address of the SERVfCE
570 PROVIDER; ^d) Internet SERVICE PROVIDER/Network server authenticating said USER with a Password from that USER'S account, conveying the request of the said USER, passing on the USER name, the IP address of the USER and USER data as required to that SERVICE PROVIDER; (e) SERVICE PROVIDER, (e1) considering the request; (e2) when unwilling to transact with that USER, conveying unwillingness through the Internet SERVICE
575 PROVIDER/Network server to that USER; (e3) when willing to transact with that Previously Unknown USER, storing a newly assigned USER name, linked with validated USER data furnished by Internet SERVICE PROVIDER/Network server, IP address of the USER and IP address of Internet SERVICE PROVIDER/Network server for record; (e4) creating a folder containing temporary Sut> Variable Character Set of at least eight Character Units and a Call for the Internet
^80 SERVICE PROVIDER or Network server, a sub folder for Previously Unknown USER containing temporary USER Name, temporary Sub Variable Character Set of at least eight Character Units having equal number of Basic Characters in al! Character Units and a Call for at least four Character Units; jeδ} encrypting and access restricting the subfolder to IP address of Previously Unknown USER as USER Name with a Password; (e6) sending the folder to Internet SERVICE
585 PROVIDER or Network server, (f) Internet SERVICE PROVIDER/Network server conveying SERVICE PROVIDER'S unwillingness to USER or opening the folder, furnishing Password to SERVICE PROVIDER, passing on the subfolder to USER and exiting; (g) SERVICE PROVIDER checking Password from Internet SERVICE PROVIDER/Network server and upon finding it correct, sending the Password to open the subfolder directly to Previously Unknown USER (h)
590 Previously Unknown USER exiting on unwillingness of SERVICE PROVIDER to transact or opening the subfolder using Password received from SERVICE PROVIDER and obtaining temporary Sub Variable Character Set (i) Previously Unknown USER accessing SERVICE PROVIDER'S website, recording IP address of SERVICE PROVIDER, furnishing USER Name, creating folder containing Password to the Call received in the subfolder, encrypting and access
595 restricting as in step (b); sending the folder to SERVICE PROVIDER; Q) SERVICE PROVIDER verifying USER Name, recording IP address of USER, locating authentication device; upon finding the Password as correct, advising about successful authentication, for that session, from when, on, that Previously Unknown USER becomes an authenticated but temporary USER to that SERVICE PROVIDER; (k) Previously Unknown USER, authorising USER Agent Software to act
600 further, passing on the Password and Call used for initial access; (I) USER Agent Software forming
68 a Sub Variable Character Set of any Level, using all Character Units of the Password for initial access, assigning Serial Number of Character Units as Call for initial access or in a different manner and using it as the authentication device of that session;
31) The method of authenticating and securing of every individual Internet/Network transaction of a
605 Previously Unknown USER as claimed in claim 30, further comprising the steps of (a) USER Agent Software seeking a Call; (b) SERVICE PROVIDER upon confirming the Internet Protocol/Network address of the USER Agent Software and temporary USER are same, creating a folder containing Call within the authentication device of the session, encrypting and access restricting the folder as in step (b) of claim 30, sending it to USER Agent Software; USER Agent Software opening and
610 obtaining the Call for next transaction; (c) temporary USER creating Internet GαπtractfNetwork Transaction and passing on to the USER Agent Software; USER Agent Software checking for the origination Internet Contract/Network Transaction from within temporary USER'S system such as; (c1) ensuring continuity of connection with SERVICE PROVIDER; (c2) ensuring the integrity of command to do the Internet Contract/Network Transaction, through checking the keyboard and
015 other input entries (c3) upon confirming the origination, the USER Agent Software, (c4) creating a folder containing Password/Encryption Key for the Call obtained in step (b) and the file or message packet containing the temporary USER'S Internet Contract/Network Transaction; (c5) encrypting and access restricting the folder as in step (b) of claim 30; (c6) sending the folder to SERVICE PROVIDER (d) SERVICE PROVIDER opening and decrypting the folder, (d1) verifying
620 Password/Encryption Key furnished by USER Agent Software; {d2} checking and processing the contents of file or message packet; (d3) responding by creating a folder containing Call for the next transaction and the file or message packet containing the SERVICE PROVIDER'S Internet Contract/Network Transaction; (d4) encrypting and access restricting the folder as in step (b) of claim 30; (d5) sending the folder to USER Agent Software; (e) USER Agent Software opening and
625 decrypting the folder from SERVICE PROVIDER, checking and passing on the file or message packet to temporary USER; retaining the Gall (f) Repeating steps (c) to (e) till the transactions are completed and exiting after advising SERVICE PROVIDER (g) USER Agent Software performing further required steps as claimed in claim 27; (h) SERVICE PROVIDER keeping proof for every transaction of Previously Unknown USER including the USER name, the IP address of Previously
630 Unknown USER, fP address of the Internet SERVICE PROVl DE R/Network server authenticating said Previously Unknown USER, the date and time, the details of internet Contract/Network Transaction, the Call and the Password/Encryption Key for each transaction; (i) providing direct and computationally non intensive means of tracing all actions/objects of a Previously Unknown USER/SERVICE PROVIDER from access to exit.
635 32) I claim the use of the symmetric encryption key system claimed in claims 1 to 31
69
PCT/IN2006/000157 2004-07-12 2006-05-04 Bilaterally generated encryption key system WO2006117806A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/913,555 US20090217035A1 (en) 2004-07-12 2006-05-04 Bilaterally Generated Encryption Key System

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
PCT/IN2005/000141 WO2006006182A2 (en) 2004-07-12 2005-05-04 System, method of generation and use of bilaterally generated variable instant passwords
INPCT/IN2005/000141 2005-05-04

Publications (3)

Publication Number Publication Date
WO2006117806A2 WO2006117806A2 (en) 2006-11-09
WO2006117806A3 WO2006117806A3 (en) 2007-04-12
WO2006117806B1 true WO2006117806B1 (en) 2007-05-24

Family

ID=37057229

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IN2006/000157 WO2006117806A2 (en) 2004-07-12 2006-05-04 Bilaterally generated encryption key system

Country Status (1)

Country Link
WO (1) WO2006117806A2 (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8295480B1 (en) * 2007-07-10 2012-10-23 Avaya Inc. Uncertainty-based key agreement protocol
US20090044284A1 (en) * 2007-08-09 2009-02-12 Technology Properties Limited System and Method of Generating and Providing a Set of Randomly Selected Substitute Characters in Place of a User Entered Key Phrase
JP5491638B2 (en) 2010-10-26 2014-05-14 日本電信電話株式会社 Proxy calculation system, calculation device, capability providing device, proxy calculation method, capability providing method, program, and recording medium
WO2014078951A1 (en) * 2012-11-22 2014-05-30 Passwordbox Inc. End-to-end encryption method for digital data sharing through a third party
AU2013205125B1 (en) * 2013-04-13 2014-07-31 Hasq Technology Pty Ltd Method and system for the secure transfer and verification of ownership of digital sequences
US20210398127A1 (en) * 2020-06-18 2021-12-23 XPress Processing, LLC Payment gateway security management
CN112073410B (en) * 2020-09-07 2022-08-30 中国人民解放军63880部队 Cloud data secure transmission control method based on aging
CN112153046B (en) * 2020-09-24 2023-04-07 施耐德电气(中国)有限公司 Data encryption and data decryption method, related equipment and storage medium
CN116866909A (en) * 2023-05-11 2023-10-10 长江量子(武汉)科技有限公司 Method for synchronizing keys of two-ear earphone and two-ear encryption earphone

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
HU0101106D0 (en) * 2001-03-14 2001-05-28 Tozai Trading Corp Id alsorithm
US7577987B2 (en) * 2002-12-23 2009-08-18 Authernative, Inc. Operation modes for user authentication system based on random partial pattern recognition
US7581100B2 (en) * 2003-09-02 2009-08-25 Authernative, Inc. Key generation method for communication session encryption and authentication system

Also Published As

Publication number Publication date
WO2006117806A3 (en) 2007-04-12
WO2006117806A2 (en) 2006-11-09

Similar Documents

Publication Publication Date Title
US20090217035A1 (en) Bilaterally Generated Encryption Key System
US8478998B2 (en) Authenticated communication using a shared unpredictable secret
US11336446B2 (en) System and method for generating and depositing keys for multi-point authentication
US6148404A (en) Authentication system using authentication information valid one-time
CN104798083B (en) For the method and system of authentication-access request
JP4460763B2 (en) Encryption key generation method using biometric data
WO2006117806B1 (en) Bilaterally generated encryption key system
WO1999024895A1 (en) Tamper resistant method and apparatus
CN101517562A (en) Method for registering and certificating user of one time password by a plurality of mode and computer-readable recording medium where program executing the same method is recorded
TWI648679B (en) License management system and method using blockchain
US11652629B2 (en) Generating keys using controlled corruption in computer networks
JP6489464B2 (en) Optical code, information transmission method, and authentication method
US20140258718A1 (en) Method and system for secure transmission of biometric data
JP2005038139A (en) Electronic information management system
CN107920052A (en) A kind of encryption method and intelligent apparatus
JP2010165323A (en) Biometric authentication method and system
US20230259899A1 (en) Method, participant unit, transaction register and payment system for managing transaction data sets
Gulsezim et al. Two factor authentication using twofish encryption and visual cryptography algorithms for secure data communication
Dandash et al. Fraudulent Internet Banking Payments Prevention using Dynamic Key.
JP6533542B2 (en) Secret key replication system, terminal and secret key replication method
JP3898322B2 (en) Authentication system and method for authenticating electronic information
CN108667767A (en) A kind of account password storage protection method
US20230143356A1 (en) Method and system for performing cryptocurrency asset transaction
JP5574005B2 (en) Biometric authentication method and system
Gupta et al. A Novel Approach for User Specified Cryptographic Calculation for Securing Authentication

Legal Events

Date Code Title Description
NENP Non-entry into the national phase in:

Ref country code: DE

WWW Wipo information: withdrawn in national office

Ref document number: DE

WWE Wipo information: entry into national phase

Ref document number: 5493/CHENP/2007

Country of ref document: IN

NENP Non-entry into the national phase in:

Ref country code: RU

WWW Wipo information: withdrawn in national office

Ref document number: RU

WPC Withdrawal of priority claims after completion of the technical preparations for international publication

Ref document number: PCT/IN2005/000141

Country of ref document: IN

Free format text: WITHDRAWN AFTER TECHNICAL PREPARATION FINISHED

WWE Wipo information: entry into national phase

Ref document number: 11913555

Country of ref document: US

122 Ep: pct application non-entry in european phase

Ref document number: 06756260

Country of ref document: EP

Kind code of ref document: A2