Embedded synchronous random disposable code identification method and system7043635
Abstract
A method and system for secure identification of a person in an electronic communications environment, wherein a host computer is adapted to be able to communicate with a specific electronic communications device operated by the person. The person is issued with a mask code, known only to the person and stored in the host computer, but never transmitted electronically there between. When the person is required to identify him- or herself to the host computer, the host computer transmits a pseudo-random string to the specific electronic communications device, whereupon the mask code must be applied to the pseudo-random string according to predetermined rules so as to generate a volatile identification code which is then transmitted back to the host computer. Positive identification is achieved when the volatile identification code matches a volatile identification code generated within the host computer by applying the mask code stored therein to the pseudo-random string. In this way, a person's mask code is never transmitted electronically and is therefore relatively safe from interception, and the volatile identification code will be different for each different pseudo-random string, thus making a fraudulently intercepted communication meaningless.
Claims
The invention claimed is:
1. A coded identification system, the system comprising an electronic computer, a specific electronic communications device that is operable to be in communication with the electronic computer, and at least one electronic communications device that is operable to be in communication with the electronic computer, wherein the electronic computer includes data relating to the specific electronic communications device, including a permanent identification code, a mask code and an identification code enabling electronic communication between the electronic computer and the specific electronic communications device, and wherein the permanent identification code is input to the at least one electronic communications device and transmitted to the electronic computer, the electronic computer generates a pseudo-random string and transmits this to the specific electronic communications device, the mask code is applied to the pseudo-random string so as to generate a volatile identification code in accordance with predetermined rules, the volatile identification code is transmitted back to the electronic computer by the specific electronic communications device or the at least one electronic communications device, the electronic computer checks the volatile identification code transmitted thereto against a volatile identification code obtained by applying the mask code to the pseudo-random string in accordance with the predetermined rules, and in which a positive identification is made when the volatile identification codes are found to match by the electronic computer, wherein the pseudo-random string comprises a first array of characters; each character having a given numerical position in the first array (first, second, third etc.), and wherein the mask code comprises a second array of numbers, each number having a given numerical position in the second array (first, second, third etc.), the predetermined rules for applying the mask code to the pseudo-random string so as to generate the volatile identification code being sequentially to select numerical positions in the first array on the basis of the numbers in the second array, taken in positional order, and to return the characters thereby selected from the first array in sequence so as to form a third array, this third array forming the volatile identification code.
2. A system as claimed in claim 1, wherein the specific electronic communications device and the at least one electronic communications device are the same device.
3. A system as claimed in claim 1, wherein the specific electronic communications device and the at least one electronic communications device are separate devices.
4. A system as claimed in claim 1, wherein the specific communications device is a mobile telephone, a pager or a personal digital assistant.
5. A system as claimed in claim 3, wherein the it least one electronic communications device is an EFTPOS terminal or the like.
6. A system as claimed in claim 1, wherein the permanent identification code is supplied in the form of a card bearing human- and/or machine-readable indicia.
7. A method for identifying a specific electronic communications device or user thereof to an electronic computer having stored therein data relating to the specific electronic communications device or user thereof, including a permanent identification code, a mask code and an identification code enabling communication between the electronic computer and the specific electronic communications device, wherein the permanent identification code is input to at least one electronic communications device and transmitted thereby to the electronic computer, the electronic computer associates the permanent identification code with the identification code enabling communication there between and the specific electronic communications device and generates a pseudo-random string before transmitting this to the specific electronic communications device, the mask code is applied to the pseudo-random string in accordance with predetermined rules so as to generate a volatile identification code, the volatile identification code is input to the specific electronic communications device or the at least one electronic communications device and transmitted to the electronic computer wherein it is compared with a volatile identification code generated therein by applying the mask code to the pseudo-random string, and a positive identification is made when the volatile identification codes match, wherein the pseudo-random string contains at least one character that is representative of some condition of the data relating to the person.
8. A method for identifying a specific electronic communications device or user thereof to an electronic computer having stored therein data relating to the specific electronic communications device or user thereof, including a permanent identification code, a mask code and an identification code enabling communication between the electronic computer and the specific electronic communications device, wherein the permanent identification code is input to at least one electronic communications device and transmitted thereby to the electronic computer, the electronic computer associates the permanent identification code with the identification code enabling communication there between and the specific electronic communications device and generates a pseudo-random string before transmitting this to the specific electronic communication device, the mask code is applied to the pseudo-random string in accordance with predetermined rules so as to generate a volatile identification code, the volatile identification code is input to the specific electronic communications device or the at least one electronic communications device and transmitted to the electronic computer where it is compared with a volatile identification code generated therein by applying the mask code to the pseudo-random string, and a positive identification is made when the volatile identification codes match, wherein the pseudo-random string comprises a first array of characters, each character having a given numerical position in the first array (first, second, third etc.), and wherein the mask code comprises a second array of numbers, each number having a given numerical position in the second array (first, second, third etc.), the predetermined rules for applying the mask code to the pseudo-random string so as to generate the volatile identification code being sequentially to select numerical positions in the first array on the basis of the numbers in the second array, taken in positional order, and to return the characters thereby selected from the first array in sequence so as to form a third array, this third array forming the volatile identification code.
9. A method according to claim 8, wherein the pseudo-random string contains at least one character that is representative of some condition of the data relating to the person.
10. A method according to claim 7, wherein the specific electronic communications device and the at least one electronic communications device are the same device.
11. A method according to claim 7, wherein the specific electronic communications device and the at least one electronic communications device are separate devices.
12. A method according to claim 10, wherein the specific communications device is a mobile telephone, a pager or a personal digital assistant.
13. A method according to claim 11, wherein the at least one electronic communications device is an EFTPOS terminal or the like.
14. A method according to claim 8, wherein the specific electronic communications device and the at least one electronic communications device are the same device.
15. A method according to claim 8, wherein the specific electronic communications device and the at least one electronic communications device are separate devices.
16. A method according to claim 15, wherein the specific communications device is a mobile telephone, a pager or a personal digital assistant.
17. A method according to claim 16, wherein the at least one electronic communications device is an EFTPOS terminal or the like.
18. A coded identification system, the system comprising an electronic computer, a specific electronic communications device that is operable to be in communication with the electronic computer, and at least one electronic communications device that is operable to be communication with the electronic computer, wherein the electronic computer includes data relating to the specific electronic communications device, including a permanent identification codes, a mask code and an identification code enabling electronic communication between the electronic computer and the specific electronic communications device, and wherein the permanent identification code is input to the at least one electronic communications device and transmitted to the electronic computer, the electronic computer generates a pseudo-random string and transmits this to the specific electronic communications device, the mask code is applied to the pseudo-random string so as to generate a volatile identification code in accordance with predetermined rules, the volatile identification code is transmitted back to the electronic computer by the specific electronic communications device or the at least one electronic communications device, the electronic computer checks the volatile identification code transmitted hereto against a volatile identification code obtained by applying the mask code to the pseudo-random string in accordance with the predetermined rules, and in which a positive identification is made when the volatile identification codes are found to match by the electronic computer, wherein the pseudo-random string contains at lest one character that is representative of some condition of the data relating to the person.
19. A system according to claim 1, wherein the pseudo-random string contains at least one character that is representative of some condition of the data relating to the person.
20. A method according to claim 7, wherein the user is able to first identify to the host the position of the representative character in the pseudorandom string, and secondly identify to the host the meaning of the representative character in the pseudorandom string.
21. A system according to claim 7, wherein the user is able to first identify to the host the position of the representative character in the pseudorandom string, and secondly identify to the host the meaning of the representative character in the pseudorandom string.
22. A method according to claim 18, wherein the user is able to first identify to the host the position of the representative character in the pseudorandom string, and secondly identify to the host the meaning of the representative character in the pseudorandom string.
23. A system according to claim 18, wherein the user is able to first identify to the host the position of the representative character in the pseudorandom string, and secondly identify to the host the meaning of the representative character in the pseudorandom string.
Description
CROSS-REFERENCE TO RELATED APPLICATIONS
Priority of U.K. Patent Application No. GB 0021964.2, filed 7 Sep. 2000, incorporated herein by reference, is hereby claimed.
BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS
For a further understanding of the nature, objects, and advantages of the present invention, reference should be had to the following detailed description, read in conjunction with the following drawings, wherein like reference numerals denote like elements and wherein:
FIG. 1 is a schematic diagram showing a preferred embodiment of the present invention.
DETAILED DESCRIPTION OF THE INVENTION
FIG. 1 shows a host computer 1 operated by a credit/debit card issuer, a user 2 having a mobile telephone 3, and an EFTPOS terminal 4. The user 2 is issued with a card (not shown) having a unique 16-digit account number embossed and magnetically encoded thereon, this 16-digit account number being correlated in the host computer 1 with account details relating to the user as well as a 4-digit mask code selected by or assigned to the user 2 upon initial registration with the credit/debit card issuer and a unique telephone number of the mobile telephone 3. The 16-digit account number is chosen for compatibility with existing credit/debit card protocols, and the 4-digit mask code for compatibility with existing PIN protocols. When the user 2 wishes to make a purchase from a retailer (not shown) operating the EFTPOS terminal 4, he or she presents the card, which is then scanned by the EFTPOS terminal 4. Details regarding a purchase are also entered into the EFTPOS terminal 4 by the retailer, and these are transmitted, together with the account number, to the host computer 1 by way of a modem link 5. The host computer 1 then correlates the account number with details of the user 2, including the telephone number of the mobile telephone 3, and generates a 13-digit pseudo-random string which is transmitted to the mobile telephone 3 by way of an SMS or voicemail protocol 6. The first three digits of the pseudo-random string are not random and are reserved to indicate to the user that a received SMS message is from the host computer. For example, the first three digits may be "T1:" or "T2:" or the like, so as to indicate that the host computer 1 is expecting the user 2 to apply a first or a second mask code to the pseudo-random string. The next 10 digits of the pseudo-random string provide sufficient redundancy for any 4-digit mask code to operate thereupon in the manner hereinbefore described. By choosing a string length of 13 digits for the pseudo-random string, compatibility with existing mobile telephone displays and EAN13 (European Article Number) barcode protocols is ensured.
Upon reception of the pseudo-random string by the mobile telephone 3, the user 2 must apply the mask code thereto as hereinbefore described so as to generate a volatile identification code, which is then passed 8 to the retailer and entered into the EFTPOS terminal 4 for transmission to the host computer 1. Alternatively, the volatile identification code may be returned by the user 2 to the host computer 1 by way of the mobile telephone 3. When the host computer 1 receives the volatile identification code, it compares this with a volatile identification code generated within the host computer 1 by applying the mask code to the pseudo-random string and, if the volatile identification codes are found to match, issues a signal to the EFTPOS terminal 4 so as to authorize the purchase and to transfer necessary funds to the retailer. Optionally, before authorizing the transfer of funds, the host computer 1 may send a message to the mobile telephone 3, for example in SMS or voicemail format 6, preferably including details of the transaction, and requesting that the user 2 return a signal 7 so as finally to confirm the transaction. This may provide added peace-of-mind for unusually large transactions and may alert a user 2 in the event that fraudulent use is being made of his or her card.
All measurements disclosed herein are at standard temperature and pressure, at sea level on Earth, unless indicated otherwise. All materials used or intended to be used in a human being are biocompatible, unless indicated otherwise.
The foregoing embodiments are presented by way of example only; the scope of the present invention is to be limited only by the following claims.
| |
Next» |
| |
Techniques for performing UMTS (universal mobile telecommunications system) authentication using SIP (session initiation protocol) messages |
|
- Inventors
Keech, Winston Donald;
- Assignee
Swivel Secure Limited (GB)
- Published
May-9-2006
- Current US Classes:
380/249
380/46
713/168
- Application #
663281
- International Classes
H04L 9/00 (20060101); H04L 1/00 (20060101)
- Field of Search
713/184 713/168 380/249 380/46 445/410
- Examiner
Song; Hosuk
- Agent
Greenberg Traurig, LLP, Kurtz, II; Richard E., Goepel; James E.
- US Patent References:
5131038
5196840
5335280
5343529
5619575
5649014
5878415
5926764
5974144
6078908
6119230
6128386
6201871
6363151
6704789
|
