WO1996021314A1 - A remotely authorized data transaction system - Google Patents

A remotely authorized data transaction system Download PDF

Info

Publication number
WO1996021314A1
WO1996021314A1 PCT/US1995/016920 US9516920W WO9621314A1 WO 1996021314 A1 WO1996021314 A1 WO 1996021314A1 US 9516920 W US9516920 W US 9516920W WO 9621314 A1 WO9621314 A1 WO 9621314A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
access code
generating
user
code
Prior art date
Application number
PCT/US1995/016920
Other languages
French (fr)
Inventor
David Gazelle
Dror Kanion
Original Assignee
Helfgott & Karas, P.C.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Helfgott & Karas, P.C. filed Critical Helfgott & Karas, P.C.
Priority to AU47428/96A priority Critical patent/AU4742896A/en
Publication of WO1996021314A1 publication Critical patent/WO1996021314A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal

Definitions

  • This invention relates to remotely authorized data transaction systems, particularly for permitting data transactions to be effected in a secure manner over the telephone.
  • Telephone dialling systems for obtaining specialized services which allow a remote service to be obtained by dialling a subscriber password which is transmitted over the telephone line for verification at the receiving terminal.
  • Such systems are open to fraud because it is possible to eavesdrop once communication is established between a local terminal and a remote data transaction terminal and then make fraudulent use of the password which is transmitted. It is also known to encrypt the user password in order to increase the security and reduce fraud.
  • the password modulating means could be an integral part of the telephone itself and thus of the complete data transaction system. Such an approach is disclosed, for example, by Labaton et al in
  • WO 9311619 which describes an encryption system for transmitting confidential data from a transmitting device based on the use of a dynamic algorithm which is a function of time.
  • Encoded data may be transmitted along conventional telephone lines using various data modulation techniques, including DTMF.
  • DTMF data modulation techniques
  • encrypted data is applied to a tone generator which generates DTMF control signals which, in turn, are applied to a voice coupling module.
  • the voice coupling module generates and applies appropriate DTMF tones corresponding to the encrypted data.
  • DTMF signals Whilst DTMF signals are adapted for transmission along telephone lines, they have quite different statistical characteristics than audio speech signals. The difference in characteristics between audio speech signals and DTMF signals prevents possible conflict between DTMF control signals which are employed, for example, to awaken remote facsimile machines and the like and regular speech signals. It would clearly be unacceptable if a particular combination of speech signals caused automatic operation of a remote facsimile or answering machine.
  • the data must first be modulated so that the modulated signal bandwidth lies in the audio range.
  • a modula ⁇ tion technique is employed which renders the modulated data amenable to well known digital audio compression techniques.
  • modulation which is susceptible to digital audio compression techniques resides in the fact that the transmission device is acoustically coupled to the mouthpiece of the telephone. The information entering the mouthpiece is thus assumed to possess the same statistical characteristics as speech and thus is subjected, without any prior filtering, to digital audio compression techniques (such as are used in digital cellular telephones employing the C.E.L.P. compression technique). Such digital audio compression techniques are not amenable for use with DTMF signals.
  • modulation techniques which are common to all HayesTM compatible modems, thus permitting a standard modem to be used in a remote computer site, thus lowering the cost of the receiver whilst maintaining simplicity.
  • time dependent keys Another disadvantage of time dependent keys lies in the fact that a constant power supply is needed in order to maintain the clock active. Even apart from the resulting power consumption which reduces the life of the battery, the token clock requires re-synchronization each time the power supply is disconnected, for whatever reason, such as, for example, when the battery is replaced.
  • a remotely authorized data transaction system comprising a data access device and an access code authentication device: the data access device including: means for generating an audio signal representative of transaction data corresponding to a public key and a variable personal access code both characteristic of a particular user desiring access thereto; and the access code authentication device including: receiving means for receiving said audio signal and extracting therefrom the transaction data, expected current personal access code means responsive to the user's public key for generating an expected current personal access code, and verification means for comparing the expected current personal access code to the received personal access code and for producing a verification signal if they are identical.
  • the access code is a substantially one time only pseudo-random number which is a function of the user's public key and an initial code which is preset uniquely in respect of each user.
  • the authentica ⁇ tion means likewise generates a pseudo-random number which is a function of the user's public key and of the same initial code.
  • PIN Personal Identity Number
  • Fig. 1 is a block diagram showing functionally the principal compo ⁇ nents in a system according to the invention
  • Fig. 2 is a block diagram showing functionally a detail of a transmitter for use in the system shown in Fig. 1;
  • Fig. 3 is a block diagram showing functionally a detail of an encryptor for use with the transmitter shown in Fig. 2;
  • Fig. 4 is a block diagram showing functionally the principal compo ⁇ nents in a communication channel for use in the system shown in Fig. 1;
  • Fig. 5 is a block diagram showing functionally the principal compo- nents of a receiver for use in the system shown in Fig. 1;
  • Fig. 6 is a block diagram showing functionally the principal compo ⁇ nents of a decoder for use with the receiver shown in Fig. 5;
  • Figs. 7 and 8 are flow diagrams of a data encryption algorithm for use with the invention.
  • Fig. 9 is a block diagram showing schematically the flow of data employed by the encryption algorithms illustrated in Figs. 7 and 8.
  • Fig. 1 shows functionally a data transaction system 10 comprising a transmitter 11 coupled to a receiver 12 via a telephone channel 13.
  • the transmitter 11 comprises an encryptor 15 responsive to control signals entered by a user for generating a key which is then passed to a multiplexer 16 coupled to an optional internal data generator 17.
  • external data defining, for example, a telephone number to be dialled or a product code to be purchased etc. may be entered to the multiplexer 16, the multiplexed output thereof being fed to a frame generator 18 which adds synchronization signals to the output of the multiplexer 16, in accordance with a predetermined communications protocol, in order to produce a frame of data which is fed to an encoder 19.
  • the external data and the control signals may be passed to and from the transmitter 11 via an integral keypad and an electrical communication port (ECP) and can be displayed visually on an alpha-numeric display.
  • ECP electrical communication port
  • the encoder 19 encodes the frame of data by means of known error correction codes, e.g. convolutional codes, block codes and so on so as to produce an error-free code characteristic of the user and of the transaction data defining the particular transaction which he wishes to undertake.
  • Fig. 3 shows functionally a detail of the encryptor 15 depicted in
  • the heart of the encryptor 15 is an arithmetic logic unit (ALU) 22 coupled to a controller 23 and to a sequence generator 24 which together function as a password generator for generating a pseudo random sequence which is fed to the ALU 22.
  • ALU arithmetic logic unit
  • sequence generator 24 which together function as a password generator for generating a pseudo random sequence which is fed to the ALU 22.
  • An identification pattern 25 and a true random sequence extracted from a data bank 26 are also fed to the ALU 22 as is an -
  • the ALU 22 combines all four sequences: namely the external secret key, the pseudo and true random sequences and the identification pattern so as to produce a secret key whose randomality is further improved by being fed back to the sequence generator 24 via a feedback loop 27.
  • This allows the random number generator to relate to previous bits of the currently generated code or to previous codes in their entirety, in order to improve the randomness of the currently generated code.
  • the sequence generator 24 operates as a pseudo-random number generator.
  • the ALU 22 is also coupled to a miniature keypad (not shown) by means of which a user can enter his PIN.
  • the secret key is fed to a multiplexer 28 which combines the secret key with a public key 29 for producing a once-only random key characteristic of the user and further encoding data representative of the transaction he wishes to perform.
  • Fig. 4 shows functionally the principal components associated with the channel 13 along which the user access code and data transaction data are sent.
  • the modulated audio signal is simply picked up by the mouthpiece 30 of the telephone 31 which is connected to any conventional telephone channel 32 in known manner.
  • the audio signal transmitted down the telephone channel 32 is a unique user access code characteristic of the particular user and being derived from the user's public key, which is public knowledge, and his secret access code which is known only to the user. Since the resulting encrypted code is susceptible to deciphering only with a knowledge of the initial code constituting the identification pattern 25 which itself is not transmitted over the telephone channel 32, the resulting encrypted access code is secure. Furthermore, since the encrypted access code is a one time only code and, once used, is invalidated for further use, the resulting system is completely secure.
  • Fig. 5 shows functionally a detail of the receiver 12 which includes a demodulator 33 for demodulating the audio signal received thereby and extracting therefrom the encrypted code.
  • An error correction code decoder 34 is coupled to the demodulator 33 and corrects the encrypted code for errors resulting, for example, from channel noise and so on.
  • the resulting frame of data is passed to a frame synchronizer 35 which removes the frame synchronization bits in order to extract the original data sequence produced by the multiplexer 16 within the transmitter 11.
  • This data it will be recalled, comprises the user's secret key, his public key and the required transaction data.
  • Each of these components is extracted by a decoder 36 having two outputs 37 and 38 which are coupled to a controller 39 and having a third output 40 connected to a global data network 41 to which there is connected a general key bank 42.
  • the decoder 36 decodes the user's public key and from this extracts from an internal look-up table (constituting a storage means) an initial code corresponding to that public key. Using the extracted initial code and the user's public key, the decoder 36 now determines an expected user access code which is compared with the actual user access code received by the decoder 36 so as to produce a verification signal if the two are identical.
  • the extracted transaction data is passed via the output 37 to the controller which is responsive to the verification signal at the output 38 of the decoder 36 for processing the transactions and routing them to an appropriate data transaction terminal (not shown).
  • a plurality of data transaction terminals may be coupled to the controller 39, each being accessed by a different telephone number, for example, the telephone number itself being embedded as part of the data transaction data and thus allowing correct automatic dialling to the required data transaction terminal.
  • the receiver 12 shown in Fig. 5 may be part of a national network comprising a plurality of receivers each, for example, being associated with a different local telephone exchange.
  • the reinitialization code is passed down the output 40 of the decoder to the global data network 41 and, by this means, reaches all other receivers connected thereto such as the general key bank 42 shown by way of example in Fig. 5.
  • Fig. 6 shows a detail of the decoder 36 which extracts from the error corrected frame, stripped of its synchronization bits, the required public key, secret key and transaction data.
  • the stripped, error-corrected frame is passed to a demultiplexer 45 having two outputs 46 and 47 for respectively feeding the public key and the secret key to a local key bank 48 and a decoding comparator 49 both of which are interconnected via a feedback loop 50.
  • the demultiplexer 45 also extracts data transaction data from the received code, this being fed to the output 37 of the decoder 36.
  • the local key bank 48 permits determination of the expected access code from a knowledge of the public key fed thereto and the initial code corresponding to that public key and which is reinitialized upon verification that the expected code and the actual code match.
  • the reinitialization is effected by means of the feedback loop 50 which is responsive to a verification signal produced by the decoding comparator 49 for reinitializing the initial code in the local key bank 48.
  • the initial code stored in all other local key banks connected to the output 40 of the decoder via the global data network 41 are also reinitialized to the same value.
  • the transmitter 11 is a miniature pocket-size device having a small push button for operating the transmitter and transmitting the desired audio signal.
  • the encrypted data access code is transmitted merely by actuation of the transmitter without any further input on the part of the user.
  • This is convenient but the security of the system can be enhanced by further including in the transmitter a small keypad for allowing entry by the user of a Personal Identity Number so that, in the event of loss or theft, the transmitter is inoperable without a knowledge of the PIN.
  • Such a miniature device is adapted for uni-directional transmis ⁇ sion only to the remote access code authentication device via the telephone line, there being no requirement or possibility, of course, for a handshake signal by the remote access code authentication device with the miniature data access device.
  • This can be problematic if there is provided a modem at the remote end of the telephone line for receiving the encrypted data, since modems expect to receive such an acknowledge signal from the sending device before proper communication can be established between the sending device and the receiving modem.
  • the modem in the host computer sends a handshake signal to the computer terminal which, in turn, returns an acknowledge signal to the modem, whereupon the desired communication is established.
  • the receiving modem only receives data from the portable data access device and does not send any data thereto. Consequently, the data access device receives no handshake signal from the remote modem. In order to allow the data access device nevertheless to send data to the modem, upon activation by the user, the data access device sends a "fictitious" acknowledge signal which is interpreted by the remote modem so as to imply that its handshake signal was in fact received correctly. Thereupon, regular bi-directional communication is simulated although, in practice, data is only sent one way.
  • Fig. 7 shows a flow diagram depicting the principal operating steps associated with the data encryption algorithm used by the encryptor 15 shown in detail in Fig. 3 of the drawings.
  • the ALU 22 is the heart of the encryption system.
  • the ALU 22 is responsible for getting all or part of four key sequences, constituted by a pseudo-random sequence, a true random sequence, an external secret key and an identification pattern, and combining them into the secret key.
  • the user of the portable data access device wishes to identify himself, he enters his personal secret key via the keypad, whereupon his external secret key together with appropriate control signals are fed to the controller 23 shown in Fig. 3.
  • the user's personal secret key (being his Personal Identification Number, PIN) may be stored inside the transmitter for comparison with a PIN entered by the keypad so as to allow subsequent use of the transmitter only in the event that the PIN entered via the keypad matches that stored within the transmit ⁇ ter.
  • the user's PIN could be stored at the receiver site for remote verification by the ALU 22 in the encryptor 15. In either case, the external key defends the user in case of loss or theft of the transmitter.
  • the controller 23 Upon receiving an appropriate command, the controller 23 triggers the encryption process. First, a trigger is sent to the sequence generator 24 which generates a new short portion of a long, practically non- repetitive pseudo-random sequence, which is then sent to the ALU 22. At the same time, a pointer is sent to the true random data bank 26 so as to define a portion thereof for use in the current encryption. The true random data bank 26 then sends the defined portion thereof to the ALU 22 which, as described above, combines the two sequences with the constant identifi- cation pattern and the external secret key so as to form the current non- repetitive secret key.
  • the sequence generator 24 contains a PN sequence generator and/or a chaotic sequence generator.
  • Different transmitters contain the same sequence generators differing only in their initial conditions so as actually to represent a different portion of the same sequence.
  • the sequence generated in each transmitter has a very long period whilst, in each transaction, only a relatively small portion thereof is used thus, to all practical purposes, rendering the resultant code non-repetitive.
  • a maximal length PN sequence generator based on a fifty stage shift register, generates a sequence of 2 50 -l length code. Assuming that each transaction uses a portion of the fifty bits in the shift register, and that there are 100 million different users, each user can use his transmitter ten times a day for over 60 years without the sequence repeating itself.
  • This authentication system is unique in the fact that it is used from a plurality of locations, hence disabling eavesdroppers from gathering enough data representing a single user in order to reverse engineer his unique encryption parameters.
  • the combination of a chaotic sequence with a PN sequence increases dramatically the number of parameters involved.
  • the true random data bank 26 Since the true random data bank 26 is relatively small, there may be provided the option of reprogramming the true random data bank with new sequences from time to time, so as to prevent even this sequence from repeating itself after extended use. Reprogramming of the true random data bank could be done via the ECP after the user enters an appropriate command using either the keypad or the ECP itself. If the PIN is stored in the transmitter 11, it may be used to verify the user's identity prior to allowing data reprogramming.
  • Fig. 8 is a flow diagram of a particular embodiment of the encryption process and Fig. 9 is a block diagram depicting the principal data modules shown in Fig. 3, illustrating pictorially the flow of data therebe ⁇ tween during the encryption process shown in Fig. 8.
  • the controller 23 sends a trigger signal to the sequence generator 24 and also sends the current value of a counter 51 as a pointer to the true random data bank 26.
  • the controller 23 also sends a 14-bit external secret key to the ALU 22 and updates the counter 51.
  • the sequence generator 24 Upon receipt of the trigger signal sent by the controller 23, the sequence generator 24 generates a new 50-bit PN sequence.
  • p(x) p x +p 2 *x +p 3 -x 2 + ... +p 50 -x 49 .
  • the external secret key and the internal identification pattern are multiplexed into one sequence which is then encrypted.
  • K(x) is formed by: ii _ .. ,.
  • the contents of the 8 bit word from the true random data bank are used in part for masking the external secret key and in the other part for masking the internal identifica ⁇ tion pattern.
  • the remaining contents of the external secret key and the internal identification pattern registers are masked with the contents of the PN register.
  • the true random data bank contains only a small number of words, for example allowing 1 Kbytes of memory to be used for 1000 transactions.
  • the true random data bank may be periodically recharged with new data via the electrical communications port (ECP). If this is not done, then the true random data bank will be read cyclically, such that whenever the contents of the true random data bank are exhausted, the pointer points back to the beginning of the data bank.
  • the period of the encrypting sequence S(x) is the LCM(m,n), where LCM is the Least Common Multiple and m,n are the periods of the contents of the true random data bank and the sequence generator, respectively, both in transaction units.
  • the period of the encrypting sequence is thus LCM(LCM(2 50 -1,50),1000).
  • the verification signal produced by the decoder in the access code authentication signal may be a simple match signal denoting that the user's access code matches the expected code generated by the decoder. More generally, however, it includes additional data indicating, for example, restrictions placed on the user's account such as credit limit, access control, account privileges and so on.
  • the invention does not require that the receiver perform a transaction on receipt of a valid user code.
  • the invention in its most basic form, allows for the remote authentication of a user or subscriber to a system who may then issue vocal instructions to a human operator.
  • the transmitter to encode such instructions within the transaction data, nor for the receiver to decode them and route them to a data transaction terminal.
  • the invention allows exploitation of the existing telephone network which itself is inexpensive, but insecure, whilst guaranteeing high security by means of a one time only password which renders eavesdropping ineffective.

Abstract

In a remotely authorized data transaction system (10), a data access device (11) generates an audio signal representative of transaction data corresponding to a transaction to be effected at a remote data transaction terminal, a public key (29) and an access code both characteristic of a particular user desiring access thereto. An access code authentication device (12) receives the audio signal and extracts therefrom the transaction data user's public key (29) and personal access code. An expected personal access code is derived responsive to the user's public key (29) and is compared to the received personal access code for producing a verification signal if they are identical, whereupon the transaction data is routed to the data transaction terminal. The audio signal is encrypted independent of time and so does not require an accurate battery powered internal clock thus avoiding re-synchronization problems when the battery is replaced.

Description

A Remotely Authorized Data Transaction System
FIELD OF THE INVENTION
This invention relates to remotely authorized data transaction systems, particularly for permitting data transactions to be effected in a secure manner over the telephone.
BACKGROUND OF THE INVENTION
Telephone dialling systems for obtaining specialized services are known which allow a remote service to be obtained by dialling a subscriber password which is transmitted over the telephone line for verification at the receiving terminal. However, it is still possible to monitor the telephone line in order to determine the encrypted code which is sent to a remote terminal. Such systems are open to fraud because it is possible to eavesdrop once communication is established between a local terminal and a remote data transaction terminal and then make fraudulent use of the password which is transmitted. It is also known to encrypt the user password in order to increase the security and reduce fraud. Furthermore, it is common practice to supply the password in the form of a DTMF tone by means of a telephone keypad, or the like. In this case, the password modulating means could be an integral part of the telephone itself and thus of the complete data transaction system. Such an approach is disclosed, for example, by Labaton et al in
WO 9311619 which describes an encryption system for transmitting confidential data from a transmitting device based on the use of a dynamic algorithm which is a function of time. Encoded data may be transmitted along conventional telephone lines using various data modulation techniques, including DTMF. Specifically, encrypted data is applied to a tone generator which generates DTMF control signals which, in turn, are applied to a voice coupling module. The voice coupling module generates and applies appropriate DTMF tones corresponding to the encrypted data.
Whilst DTMF signals are adapted for transmission along telephone lines, they have quite different statistical characteristics than audio speech signals. The difference in characteristics between audio speech signals and DTMF signals prevents possible conflict between DTMF control signals which are employed, for example, to awaken remote facsimile machines and the like and regular speech signals. It would clearly be unacceptable if a particular combination of speech signals caused automatic operation of a remote facsimile or answering machine.
On the other hand, as a direct consequence of the difference in characteristics between speech signals and DTMF signals, they are not amenable to the same data compression algorithms. -Voice compression is desirable in order to reduce bandwidth. In order to be able to send data - 3 -
down a telephone line, the data must first be modulated so that the modulated signal bandwidth lies in the audio range. Preferably, a modula¬ tion technique is employed which renders the modulated data amenable to well known digital audio compression techniques. The increased necessity of using modulation which is susceptible to digital audio compression techniques resides in the fact that the transmission device is acoustically coupled to the mouthpiece of the telephone. The information entering the mouthpiece is thus assumed to possess the same statistical characteristics as speech and thus is subjected, without any prior filtering, to digital audio compression techniques (such as are used in digital cellular telephones employing the C.E.L.P. compression technique). Such digital audio compression techniques are not amenable for use with DTMF signals. A preference would also be given to modulation techniques which are common to all Hayes™ compatible modems, thus permitting a standard modem to be used in a remote computer site, thus lowering the cost of the receiver whilst maintaining simplicity.
Yet a further drawback of the system disclosed by Labaton et al lies in the fact that the data encryption is based on a time-based algorithm. Time encryption gives rise to problems of synchronization resulting from drift between the clocks in each token and the clock in the main computer. In order to overcome such time uncertainty, the main computer must accept as valid data any data whose decoded time stamp lies within a time validity window. Since, in effect, data is accepted as valid which does not correspond exactly to the originating data, this derogates from the overall security of such time-based systems. - 4 -
Another disadvantage of time dependent keys lies in the fact that a constant power supply is needed in order to maintain the clock active. Even apart from the resulting power consumption which reduces the life of the battery, the token clock requires re-synchronization each time the power supply is disconnected, for whatever reason, such as, for example, when the battery is replaced.
It is also known to employ magnetic cards, such as bank guarantee cards, credit cards and so on, as well as optical cards such as telephone cards via suitably adapted telephones. However, this approach suffers from the drawback that each telephone must be adapted for use with a particular type of card and such customization is expensive. Furthermore, the different telephones conform to different, incompatible standards which means that each can be used only with the particular card for which it was adapted. Yet a further consideration when credit type cards are used over the telephone, is that, in the absence of a magnetic card reader, the user's account number must be dictated orally and recorded, usually manually, at the remote end. This is wasteful of manpower, as well as being prone to errors: either in dictation or recordal of the credit card number. Further- more, dictating the user's credit card number represents a security risk since the telephone conversation can be overheard and fraudulent use then made of the user's credit card number.
It would clearly be preferable to encode the password by means of a completely portable encoding device quite separate from the telephone, so as to avoid compatibility problems and the expense associated with telephone customization. Furthermore, it would clearly be desirable to improve the security of the resulting system by invalidating the password each time it is used and replacing it with a new, unpredictable password, so that even if somebody were able to eavesdrop on the communication channel and so determine the current password, it would be unusable for any further data transaction.
Whilst these general objectives are partially met by the system disclosed by Labaton et al and described above, the need for precise time synchronization which must be performed upon battery replacement, the data insecurity resulting from the need to provide a time validation window and the use of DTMF signals which are not susceptible to well known data compression techniques all constitute major drawbacks.
SUMMARY OF THE INVENTION It is an objection of the invention to provide a data transaction system in which the above-mentioned drawbacks are significantly reduced or eliminated.
According to the invention there is provided a remotely authorized data transaction system, comprising a data access device and an access code authentication device: the data access device including: means for generating an audio signal representative of transaction data corresponding to a public key and a variable personal access code both characteristic of a particular user desiring access thereto; and the access code authentication device including: receiving means for receiving said audio signal and extracting therefrom the transaction data, expected current personal access code means responsive to the user's public key for generating an expected current personal access code, and verification means for comparing the expected current personal access code to the received personal access code and for producing a verification signal if they are identical.
Preferably, the access code is a substantially one time only pseudo-random number which is a function of the user's public key and an initial code which is preset uniquely in respect of each user. The authentica¬ tion means likewise generates a pseudo-random number which is a function of the user's public key and of the same initial code. Thus, providing that the initial codes are synchronized and re-initialized in accordance with the same function, it may be ensured that the expected code generated by the authentication means matches the user's access code, since both pseudo¬ random number generators employ the same public key.
Security can be further enhanced by making the pseudo-random number generator dependent on a Personal Identity Number (PIN) entered by the user via a small keypad associated with the data access means.
Likewise, it may be partially based on a fully random sequence which still further enhances the security of the secret code. BRIEF DESCRIPTION OF THE DRAWINGS
In order to understand the invention and to see how the same may be carried out in practice, a preferred embodiment will now be described, by way of non-limiting example only, with reference to the accompanying drawings, in which:
Fig. 1 is a block diagram showing functionally the principal compo¬ nents in a system according to the invention;
Fig. 2 is a block diagram showing functionally a detail of a transmitter for use in the system shown in Fig. 1; Fig. 3 is a block diagram showing functionally a detail of an encryptor for use with the transmitter shown in Fig. 2;
Fig. 4 is a block diagram showing functionally the principal compo¬ nents in a communication channel for use in the system shown in Fig. 1; Fig. 5 is a block diagram showing functionally the principal compo- nents of a receiver for use in the system shown in Fig. 1;
Fig. 6 is a block diagram showing functionally the principal compo¬ nents of a decoder for use with the receiver shown in Fig. 5;
Figs. 7 and 8 are flow diagrams of a data encryption algorithm for use with the invention; and Fig. 9 is a block diagram showing schematically the flow of data employed by the encryption algorithms illustrated in Figs. 7 and 8.
DETAILED DESCRIPTION OF A PREFERRED EMBODIMENT
Fig. 1 shows functionally a data transaction system 10 comprising a transmitter 11 coupled to a receiver 12 via a telephone channel 13. As shown in Fig. 2, the transmitter 11 comprises an encryptor 15 responsive to control signals entered by a user for generating a key which is then passed to a multiplexer 16 coupled to an optional internal data generator 17. If desired, external data defining, for example, a telephone number to be dialled or a product code to be purchased etc. may be entered to the multiplexer 16, the multiplexed output thereof being fed to a frame generator 18 which adds synchronization signals to the output of the multiplexer 16, in accordance with a predetermined communications protocol, in order to produce a frame of data which is fed to an encoder 19. The external data and the control signals may be passed to and from the transmitter 11 via an integral keypad and an electrical communication port (ECP) and can be displayed visually on an alpha-numeric display. The encoder 19 encodes the frame of data by means of known error correction codes, e.g. convolutional codes, block codes and so on so as to produce an error-free code characteristic of the user and of the transaction data defining the particular transaction which he wishes to undertake.
The encoded data is fed to a modulator 20 which modulates the code into an audio signal which is transmitted via a speaker 21 to the audio channel 13. Fig. 3 shows functionally a detail of the encryptor 15 depicted in
Fig. 2. The heart of the encryptor 15 is an arithmetic logic unit (ALU) 22 coupled to a controller 23 and to a sequence generator 24 which together function as a password generator for generating a pseudo random sequence which is fed to the ALU 22. An identification pattern 25 and a true random sequence extracted from a data bank 26 are also fed to the ALU 22 as is an -
- 9 -
external secret key which is fed thereto via the controller 23 together with appropriate control signals. The ALU 22 combines all four sequences: namely the external secret key, the pseudo and true random sequences and the identification pattern so as to produce a secret key whose randomality is further improved by being fed back to the sequence generator 24 via a feedback loop 27. This allows the random number generator to relate to previous bits of the currently generated code or to previous codes in their entirety, in order to improve the randomness of the currently generated code. By such means, the sequence generator 24 operates as a pseudo-random number generator. In the event that the encryptor 15 is responsive to a user's PIN, then the ALU 22 is also coupled to a miniature keypad (not shown) by means of which a user can enter his PIN.
The secret key is fed to a multiplexer 28 which combines the secret key with a public key 29 for producing a once-only random key characteristic of the user and further encoding data representative of the transaction he wishes to perform.
Fig. 4 shows functionally the principal components associated with the channel 13 along which the user access code and data transaction data are sent. Thus, the modulated audio signal is simply picked up by the mouthpiece 30 of the telephone 31 which is connected to any conventional telephone channel 32 in known manner. It will be appreciated that the audio signal transmitted down the telephone channel 32 is a unique user access code characteristic of the particular user and being derived from the user's public key, which is public knowledge, and his secret access code which is known only to the user. Since the resulting encrypted code is susceptible to deciphering only with a knowledge of the initial code constituting the identification pattern 25 which itself is not transmitted over the telephone channel 32, the resulting encrypted access code is secure. Furthermore, since the encrypted access code is a one time only code and, once used, is invalidated for further use, the resulting system is completely secure.
Fig. 5 shows functionally a detail of the receiver 12 which includes a demodulator 33 for demodulating the audio signal received thereby and extracting therefrom the encrypted code. An error correction code decoder 34 is coupled to the demodulator 33 and corrects the encrypted code for errors resulting, for example, from channel noise and so on. The resulting frame of data is passed to a frame synchronizer 35 which removes the frame synchronization bits in order to extract the original data sequence produced by the multiplexer 16 within the transmitter 11. This data, it will be recalled, comprises the user's secret key, his public key and the required transaction data. Each of these components is extracted by a decoder 36 having two outputs 37 and 38 which are coupled to a controller 39 and having a third output 40 connected to a global data network 41 to which there is connected a general key bank 42.
The decoder 36 decodes the user's public key and from this extracts from an internal look-up table (constituting a storage means) an initial code corresponding to that public key. Using the extracted initial code and the user's public key, the decoder 36 now determines an expected user access code which is compared with the actual user access code received by the decoder 36 so as to produce a verification signal if the two are identical. The extracted transaction data is passed via the output 37 to the controller which is responsive to the verification signal at the output 38 of the decoder 36 for processing the transactions and routing them to an appropriate data transaction terminal (not shown). In practice, a plurality of data transaction terminals may be coupled to the controller 39, each being accessed by a different telephone number, for example, the telephone number itself being embedded as part of the data transaction data and thus allowing correct automatic dialling to the required data transaction terminal. It will be understood that the receiver 12 shown in Fig. 5 may be part of a national network comprising a plurality of receivers each, for example, being associated with a different local telephone exchange. In this case, it is essential that, once a user access code has been verified by the decoder 36, all other receivers in the network be updated accordingly so that the initial code stored in each of the respective decoders of each receiver in respect of the particular user be reinitialized in accordance with the same function employed in the transmitter 11. To this end, the reinitialization code is passed down the output 40 of the decoder to the global data network 41 and, by this means, reaches all other receivers connected thereto such as the general key bank 42 shown by way of example in Fig. 5.
Fig. 6 shows a detail of the decoder 36 which extracts from the error corrected frame, stripped of its synchronization bits, the required public key, secret key and transaction data. Thus the stripped, error-corrected frame is passed to a demultiplexer 45 having two outputs 46 and 47 for respectively feeding the public key and the secret key to a local key bank 48 and a decoding comparator 49 both of which are interconnected via a feedback loop 50. The demultiplexer 45 also extracts data transaction data from the received code, this being fed to the output 37 of the decoder 36. The local key bank 48 permits determination of the expected access code from a knowledge of the public key fed thereto and the initial code corresponding to that public key and which is reinitialized upon verification that the expected code and the actual code match. The reinitialization is effected by means of the feedback loop 50 which is responsive to a verification signal produced by the decoding comparator 49 for reinitializing the initial code in the local key bank 48. At the same time, as explained above, the initial code stored in all other local key banks connected to the output 40 of the decoder via the global data network 41 are also reinitialized to the same value.
Preferably, the transmitter 11 is a miniature pocket-size device having a small push button for operating the transmitter and transmitting the desired audio signal. According to a first simple embodiment thereof the encrypted data access code is transmitted merely by actuation of the transmitter without any further input on the part of the user. This is convenient but the security of the system can be enhanced by further including in the transmitter a small keypad for allowing entry by the user of a Personal Identity Number so that, in the event of loss or theft, the transmitter is inoperable without a knowledge of the PIN.
Such a miniature device is adapted for uni-directional transmis¬ sion only to the remote access code authentication device via the telephone line, there being no requirement or possibility, of course, for a handshake signal by the remote access code authentication device with the miniature data access device. This can be problematic if there is provided a modem at the remote end of the telephone line for receiving the encrypted data, since modems expect to receive such an acknowledge signal from the sending device before proper communication can be established between the sending device and the receiving modem. In a typical configuration wherein a computer terminal wishes to establish communication with a remote host via the telephone line, the modem in the host computer sends a handshake signal to the computer terminal which, in turn, returns an acknowledge signal to the modem, whereupon the desired communication is established. However, in the present invention, the receiving modem only receives data from the portable data access device and does not send any data thereto. Consequently, the data access device receives no handshake signal from the remote modem. In order to allow the data access device nevertheless to send data to the modem, upon activation by the user, the data access device sends a "fictitious" acknowledge signal which is interpreted by the remote modem so as to imply that its handshake signal was in fact received correctly. Thereupon, regular bi-directional communication is simulated although, in practice, data is only sent one way.
Fig. 7 shows a flow diagram depicting the principal operating steps associated with the data encryption algorithm used by the encryptor 15 shown in detail in Fig. 3 of the drawings. With further reference to Fig. 3, it is to be noted that the ALU 22 is the heart of the encryption system. The ALU 22 is responsible for getting all or part of four key sequences, constituted by a pseudo-random sequence, a true random sequence, an external secret key and an identification pattern, and combining them into the secret key. When the user of the portable data access device wishes to identify himself, he enters his personal secret key via the keypad, whereupon his external secret key together with appropriate control signals are fed to the controller 23 shown in Fig. 3. As will be appreciated, the user's personal secret key (being his Personal Identification Number, PIN) may be stored inside the transmitter for comparison with a PIN entered by the keypad so as to allow subsequent use of the transmitter only in the event that the PIN entered via the keypad matches that stored within the transmit¬ ter. Alternatively, the user's PIN could be stored at the receiver site for remote verification by the ALU 22 in the encryptor 15. In either case, the external key defends the user in case of loss or theft of the transmitter.
Upon receiving an appropriate command, the controller 23 triggers the encryption process. First, a trigger is sent to the sequence generator 24 which generates a new short portion of a long, practically non- repetitive pseudo-random sequence, which is then sent to the ALU 22. At the same time, a pointer is sent to the true random data bank 26 so as to define a portion thereof for use in the current encryption. The true random data bank 26 then sends the defined portion thereof to the ALU 22 which, as described above, combines the two sequences with the constant identifi- cation pattern and the external secret key so as to form the current non- repetitive secret key.
The sequence generator 24 contains a PN sequence generator and/or a chaotic sequence generator. Different transmitters contain the same sequence generators differing only in their initial conditions so as actually to represent a different portion of the same sequence. The sequence generated in each transmitter has a very long period whilst, in each transaction, only a relatively small portion thereof is used thus, to all practical purposes, rendering the resultant code non-repetitive. For example, a maximal length PN sequence generator based on a fifty stage shift register, generates a sequence of 250-l length code. Assuming that each transaction uses a portion of the fifty bits in the shift register, and that there are 100 million different users, each user can use his transmitter ten times a day for over 60 years without the sequence repeating itself. The nature of this authentication system is unique in the fact that it is used from a plurality of locations, hence disabling eavesdroppers from gathering enough data representing a single user in order to reverse engineer his unique encryption parameters. The combination of a chaotic sequence with a PN sequence increases dramatically the number of parameters involved.
Notwithstanding all of these precautions, no code is completely unbreakable and therefore a further enhancement is added by means of the true random data bank 26. This data bank contains a sequence of bits which are fully random, i.e. they cannot be generated by any finite state machine. An example of such truly random sequences is white Gaussian noise. The ALU 22 combines the pseudo-random sequence with a small portion of the random bits extracted from the true random bank 26 by means of multi¬ plexing or masking to encrypt the identification pattern. The use of pseudo¬ random sequences in conjunction with short sequences of fully random bits, minimizes the memory capacity needed in the transmitter, whilst maintaining a high level of data security. PCI7US95/16920
- 16 -
Since the true random data bank 26 is relatively small, there may be provided the option of reprogramming the true random data bank with new sequences from time to time, so as to prevent even this sequence from repeating itself after extended use. Reprogramming of the true random data bank could be done via the ECP after the user enters an appropriate command using either the keypad or the ECP itself. If the PIN is stored in the transmitter 11, it may be used to verify the user's identity prior to allowing data reprogramming.
Fig. 8 is a flow diagram of a particular embodiment of the encryption process and Fig. 9 is a block diagram depicting the principal data modules shown in Fig. 3, illustrating pictorially the flow of data therebe¬ tween during the encryption process shown in Fig. 8. When a user wishes to identify himself, the controller 23 sends a trigger signal to the sequence generator 24 and also sends the current value of a counter 51 as a pointer to the true random data bank 26. The controller 23 also sends a 14-bit external secret key to the ALU 22 and updates the counter 51. Upon receipt of the trigger signal sent by the controller 23, the sequence generator 24 generates a new 50-bit PN sequence. A polynomial notation of the form j Εat 'X{i~l) is assigned to each of the registers, where a. e GF(2) . i=l Denoting the contents of the sequence generator 25 by the polynomial notation p(x) = px +p2 *x +p3 -x2 + ... +p50 -x49. The pointer signal which is sent to the true random data bank 26 is used as an address for a fully random 8 bit word which is sent to the ALU 22 and, in the following description, is denoted by t(x) = tl + t2 -χ + 1. -χ2 + ... + tg -x1. The 14 bit external secret key and the 44 bit identification pattern register are denoted, respectively, by e(x) = el + e2 -x + e3 -x2 + ... + eu -x and d(x) = dλ + a -x + d3 -x2 + ... + dM -x43.
One possible encryption mode will now be explained with further reference to Fig. 8 of the drawings. The external secret key and the internal identification pattern are multiplexed into one sequence which is then encrypted. The simplest way of multiplexing them is by concatenating the two registers into one register which may be denoted by I(x) = e(x) + x 14 ■ d(x). The sequence generator register and the 8 bit random word are likewise multiplexed to create a sequence S(x) given by S(x) = t(x*) +p(x) , where_σ(;c) is given by:
Figure imgf000019_0001
where - is the remainder from the division of : by y. The secret key
K(x) is formed by: ii _ .. ,.
K(x) ∑ ^ Θ S -x '- " i = l where Θ stands for modulo 2 summation.
In the above-described encryption scheme, the contents of the 8 bit word from the true random data bank are used in part for masking the external secret key and in the other part for masking the internal identifica¬ tion pattern. The remaining contents of the external secret key and the internal identification pattern registers are masked with the contents of the PN register. It should be noted that the true random data bank contains only a small number of words, for example allowing 1 Kbytes of memory to be used for 1000 transactions.
If desired, the true random data bank may be periodically recharged with new data via the electrical communications port (ECP). If this is not done, then the true random data bank will be read cyclically, such that whenever the contents of the true random data bank are exhausted, the pointer points back to the beginning of the data bank. However, it is to be noted that even if this not done, the period of the encrypting sequence S(x) is the LCM(m,n), where LCM is the Least Common Multiple and m,n are the periods of the contents of the true random data bank and the sequence generator, respectively, both in transaction units. In the above example, the period of the encrypting sequence is thus LCM(LCM(250 -1,50),1000). By judicious selection of the parameters from the sequence generator and the memory size of the true random data bank, a sequence having a very long period (in transaction units) may be formed.
In a simple embodiment, the verification signal produced by the decoder in the access code authentication signal may be a simple match signal denoting that the user's access code matches the expected code generated by the decoder. More generally, however, it includes additional data indicating, for example, restrictions placed on the user's account such as credit limit, access control, account privileges and so on.
It will also be appreciated that whilst the invention has been described with particular regard to a data transaction system, the invention does not require that the receiver perform a transaction on receipt of a valid user code. Thus the invention, in its most basic form, allows for the remote authentication of a user or subscriber to a system who may then issue vocal instructions to a human operator. In this case, of course, there is no need for the transmitter to encode such instructions within the transaction data, nor for the receiver to decode them and route them to a data transaction terminal. Thus, the invention allows exploitation of the existing telephone network which itself is inexpensive, but insecure, whilst guaranteeing high security by means of a one time only password which renders eavesdropping ineffective.

Claims

- 20 -CLAIMS:
1. A remotely authorized data transaction system, comprising a data access device and an access code authentication device: the data access device including: means for generating an audio signal representative of transaction data corresponding to a public key and a variable personal access code both characteristic of a particular user desiring access thereto; and the access code authentication device including: receiving means for receiving said audio signal and extracting therefrom the transaction data, expected current personal access code means responsive to the user's public key for generating an expected current personal access code, and verification means for comparing the expected current personal access code to the received personal access code and for producing a verification signal if they are identical.
2. The system according to Claim 1, wherein the variable personal access code is a substantially one time only pseudo-random number, and the generating means includes a user access code generating means comprising: a storage means for storing an initial code, a random number generator coupled to the storage means and being responsive to said initial code and to said public key for generating said pseudo-random number, and initialization means coupled to the storage means for reinitializing the initial code to a new value being a predetermined function of the generated pseudo-random number; and the expected access code means includes an expected access code generating means comprising: storage means for storing said initial code, a random number generator coupled to the storage means and being responsive to said initial code and to the user's public key for generating a pseudo-random number, and initialization means coupled to the storage means and to the verification means and being responsive to said verification signal for reinitializing the initial code to said new value in accordance with said predetermined function.
3. The system according to Claim 2, including at least two interconnected access code authentication devices, each further comprising: communication means coupled to the initialization means of each of said interconnected access code authentication means for communicating thereto said new value so that the initial code in each of the access code authentication means is reinitialized to the new value whenever the user's personal access code is verified.
4. The system according to Claim 2, wherein the random number generator comprises: a sequence generator for generating a pseudo-random sequence, and a true random data bank for storing a fully random sequence therein; the user access code generating means further including means for extracting at least a portion of the fully random sequence and combining said portion with the pseudo-random sequence.
5. The system according to Claim 4, wherein the sequence generator comprises means for generating a function of a PN sequence and a chaotic sequence.
6. The system according to Claim 4, wherein the data access device further includes an electrical communications port for enabling reprogram¬ ming of the true random data bank and reinitialization of the pseudo-random sequence.
7. The system according to Claim 1, wherein the data generating means is coupled to the receiving means via a telephone line.
8. The system according to Claim 1, wherein the audio signal is amenable to any digital audio compression technique which is used for speech.
9. The system according to Claim 1, wherein the verification signal includes data representative of the user's access or account privileges.
10. The system according to Claim 1, wherein the data generating means is further responsive to a user's Personal Identity Number (PIN) for generating the user's access code and there is provided an encoding means for encoding said PIN.
11. The system according to Claim 1, wherein the data generating means is a miniature portable device.
12. The system according to Claim 1, wherein the data generating means further includes means for generating an acknowledge signal which are independent of a handshake signal being received thereby.
13. A data access device for use with the system according to Claim 1, said data access device including: means for generating an audio signal representative of transaction data corresponding to a public key and a variable personal access code both characteristic of a particular user desiring access thereto.
14. The data access device according to Claim 13, further including a user access code generating means for generating a substantially one time only pseudo-random number, said user access code generating means comprising: a storage means for storing an initial code, a random number generator coupled to the storage means and being responsive to said initial code and to said public key for generating said pseudo-random number, and initialization means coupled to the storage means for reinitializing the initial code to a new value being a predetermined function of the generated pseudo-random number.
15. The data access device according to Claim 14, wherein the random number generator comprises: a sequence generator for generating a pseudo-random sequence, and a true random data bank for storing a fully random sequence therein; the user access code generating means further including means for extracting at least a portion of the fully random sequence and combining said portion with the pseudo-random sequence.
16. The data access device according to Claim 15, wherein the sequence generator comprises means for generating a function of a PN sequence and a chaotic sequence.
17. The data access device according to Claim 15, further including an electrical communications port for enabling reprogramming of the true random data bank and reinitialization of the pseudo-random sequence.
18. The data access device according to Claim 13, further including: an encoding means for entering a user's Personal Identity Number
(PIN); the data generating means being further responsive to said PIN for generating the user's personal access code.
19. The data access device according to Claim 14, further including: an encoding means for entering a user's Personal Identity Number
(PIN); the data generating means being further responsive to said PIN for generating the user's personal access code.
20. The data access device according to Claim 13, wherein the audio signal is amenable to any digital audio compression technique which is used for speech.
21. The data access device according to Claim 13, being a miniature portable device.
22. The data access device according to Claim 13, further including means for generating an acknowledge signal which are independent of a handshake signal being received thereby.
23. An access code authentication device for use with the system according to Claim 1, said access code authentication device comprising: receiving means for receiving said audio signal and extracting therefrom the transaction data, expected access code means responsive to the user's public key for generating an expected personal access code, and verification means for comparing the expected personal access code to the received personal access code and for producing a verification signal if they are identical.
24. The access code authentication device according to Claim 23, wherein the expected access code means includes an expected access code generating means comprising: storage means for storing said initial code, a random number generator coupled to the storage means and being responsive to said initial code and to the user's public key for generating a pseudo-random number, and initialization means coupled to the storage means and to the verification means and being responsive to said verification signal for reinitializing the initial code to said new value in accordance with said predetermined function.
25. The access code authentication device according to Claim 23, wherein the random number generator comprises: a sequence generator for generating a pseudo-random sequence, and a true random data bank for storing a fully random sequence therein; - 26 -
the expected access code generating means further including means for extracting at least a portion of the fully random sequence and combining said portion with the pseudo-random sequence.
26. The access code authentication device according to Claim 23, wherein the verification signal includes data representative of the user's access or account privileges.
27. The access code authentication device according to Claim 23, further including: a communication means coupled to the initialization means for communicating thereto a received initial code.
28. The access code authentication device according to Claim 23, further including: decoding means coupled to the receiving means for decoding the data extracted thereby so as determine the user's PIN, and PIN verification means coupled to the decoding means for verifying that the user's PIN is valid.
PCT/US1995/016920 1994-12-30 1995-12-26 A remotely authorized data transaction system WO1996021314A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU47428/96A AU4742896A (en) 1994-12-30 1995-12-26 A remotely authorized data transaction system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IL11220094A IL112200A0 (en) 1994-12-30 1994-12-30 Secure data transaction system
IL112,200 1994-12-30

Publications (1)

Publication Number Publication Date
WO1996021314A1 true WO1996021314A1 (en) 1996-07-11

Family

ID=11066950

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1995/016920 WO1996021314A1 (en) 1994-12-30 1995-12-26 A remotely authorized data transaction system

Country Status (3)

Country Link
AU (1) AU4742896A (en)
IL (1) IL112200A0 (en)
WO (1) WO1996021314A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2367976A (en) * 2000-06-19 2002-04-17 Innovation Venture Ltd Generating an access code when a user attempts to gain access to a remote location and causing it to be sent to a mobile communication device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4601011A (en) * 1981-12-30 1986-07-15 Avigdor Grynberg User authorization verification apparatus for computer systems including a central device and a plurality of pocket sized remote units
US4761808A (en) * 1987-03-18 1988-08-02 Sheldon Howard Time code telephone security access system
US4800590A (en) * 1985-01-14 1989-01-24 Willis E. Higgins Computer key and computer lock system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4601011A (en) * 1981-12-30 1986-07-15 Avigdor Grynberg User authorization verification apparatus for computer systems including a central device and a plurality of pocket sized remote units
US4800590A (en) * 1985-01-14 1989-01-24 Willis E. Higgins Computer key and computer lock system
US4761808A (en) * 1987-03-18 1988-08-02 Sheldon Howard Time code telephone security access system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2367976A (en) * 2000-06-19 2002-04-17 Innovation Venture Ltd Generating an access code when a user attempts to gain access to a remote location and causing it to be sent to a mobile communication device

Also Published As

Publication number Publication date
AU4742896A (en) 1996-07-24
IL112200A0 (en) 1997-02-18

Similar Documents

Publication Publication Date Title
US5481611A (en) Method and apparatus for entity authentication
JP5062916B2 (en) Secure messaging system for selective call signaling system
KR100382180B1 (en) Multiple account portable wireless financial messaging unit
US5592555A (en) Wireless communications privacy method and system
AU2002230306B2 (en) Method for enabling PKI functions in a smart card
US6996213B1 (en) Superposition of data over voice
US7284123B2 (en) Secure communication system and method for integrated mobile communication terminals comprising a short-distance communication module
US6112187A (en) Encryption communication system for generating passwords on the basis of start information on both parties of communication
KR100653142B1 (en) Communication system and device and communication method
JP2002259344A (en) One-time password authentication system, portable telephone and user identification server
US5818937A (en) Telephone tone security device
JP2001527255A (en) Single account portable wireless financial messaging unit
KR20010024793A (en) Transaction authentication for 1-way wireless financial messaging units
JP2001527258A (en) Portable two-way wireless financial messaging unit
AU2002230306A1 (en) Method for enabling PKI functions in a smart card
JPH113033A (en) Method for identifying client for client-server electronic transaction, smart card and server relating to the same, and method and system for deciding approval for co-operation by user and verifier
RU2004127588A (en) SYSTEM AND METHOD OF ACOUSTIC TWO-FACTOR AUTHENTICATION
JPH06125342A (en) Means for discrimination and exchange of encoded key
JP3145116B2 (en) Access control and / or identification method and device
EP1457000A1 (en) Method for registering and enabling pki functionalities
CN100367701C (en) Apparatus and method for implementing data safety transmission of mobile communication apparatus
US7188361B1 (en) Method of transmitting signals
WO1996021314A1 (en) A remotely authorized data transaction system
JP2541307B2 (en) Cryptographic key communication method and apparatus thereof
JP2003309552A (en) Control system for electronic certificate by portable telephone

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AU AZ BB BG BR BY CA CH CN CZ DE DK EE ES FI GB GE HU IS JP KE KG KP KR KZ LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK TJ TM TT UA UG US UZ VN

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): KE LS MW SD SZ UG AT BE CH DE DK ES FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: CA