Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1998-06-03
2001-02-06
Hayes, Gail O. (Department: 2766)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C380S262000
Reexamination Certificate
active
06185682
ABSTRACT:
BACKGROUND OF THE INVENTION
The invention relates to an authentication system comprising at least one station and a host; the station comprising: authentication means for, based upon an authentication algorithm, authenticating a message; and communication means for sending the authenticated message to the host; the host comprising: communication means for receiving an authenticated message; and verification means for verifying the authenticity of the received message by checking the received message with an authentication algorithm corresponding to a station which sent the message.
With the increase of electronic communication and electronic financial transactions, identification and authentication has become an essential aspect of many systems. Normally in an authenticated transaction three parties are involved: a host, a station and a user of the station. The host may, for example, be a central computer at a bank, at a retailer, or at a company providing services via Internet, or be a file server. The station may be a personal computer (PC), a Personal Digital Assistant (PDA) or a hand-held PC (HPC), usually connected or connectable via telecommunications to the host computer. The message may be a digital representation of a user generated message, including an instruction to a bank, but may also be computer data or computer code, such as a Java applet. In many applications, the station is split into two parts: a user station and an access station.
An identification, such as a communication address, which uniquely identifies the station is stored in the memory of the station. A message generated in the station, usually at the request of the user, is authenticated using an authentication algorithm. Typically, the message is authenticated by generating an additional digital signature. The authenticated message is sent to the host together with the identification of the station. The host uses the same or a complementary authentication algorithm to verify the authenticity of the message.
For certain applications, like a user instructing a bank to transfer money from a bank account, it may be required that the station performs some form of access control ensuring that only an authorised user can issue the instruction. The access control may, for instance, be based on a PIN-code or password. Also more advanced methods, for instance based on biometrical information, may be used. The access information may be passed on to the host as part of the message. For other applications, like a transfer of a small amount of electronic money, it may not be required or, in view of privacy or safety, even be undesired that additional access control is performed or that the access information is transferred to the host. The access control is not part of the invention.
It should be noted that the Dutch Giro (Postbank) uses the TAN (Transaction Number) system for electronic payments by customers using a PC and a modem. The customers of the Postbank receive via regular mail several transaction numbers printed on a piece of paper. For each transaction the client has to enter a next transaction number until all numbers have been used, at which moment the client receives a new set of numbers. A fraudulent party has, in general, easy access to the transaction numbers at the customer's premises. Furthermore, the distribution of the transaction numbers from the host to the customer makes the system vulnerable for fraudulent parties intercepting the list.
Most authentication algorithms are based on encryption algorithms, such as the symmetrical DES algorithm or the asymmetrical public-key RSA algorithm. Typically, the same algorithm is used for each station and a dedicated key is used to make the algorithm act in a manner specific for the station. The security provided by such algorithms is mainly based in the algorithmic strength of the involved algorithms, which are, as a consequence, complicated and costly to implement, which is a particular drawback for simple consumer electronic products.
SUMMARY OF THE INVENTION
It is an object of the invention to provide an authentication system of the kind set forth, which is simple to develop. It is a further object to provide such a system which can be cost-effectively implemented in consumer electronic products. It is a further object to provide such an authentication system which offers a high level of security.
To achieve this object, the authentication system according to the invention is characterised in that the station comprises a memory for electronically storing a plurality of authentication items; the host comprises a memory for electronically storing the authentication items of the station in association with an identification of the station;
the station comprises constructing means for constructing for each message a corresponding authentication control element; the constructing means being operable to select for the message a part of the plurality of authentication items and to construct the authentication control element from the selected part, where the authentication control element in practical circumstances causes the authentication algorithm to substantially authenticate the corresponding message uniquely; and
the host comprises constructing means for constructing for each received authenticated message an authentication control element from the authentication items associated with a station which sent the message; the construction being the same as performed by the associated station.
The system according to the invention is based on the insight that the simple manner in which parents and children identify each other when they are not in direct contact, such as in the case of a kidnapping, can form the basis of an automatic authentication system. If for instance a child is kidnapped, the parents want to be sure that the kidnappers indeed hold the child and that, for instance, a ransom demand genuinely relates to their child. At the moment when identification of, for instance, the child is required, the child informs the kidnappers of a few events from a large set of events known to the child and parents and unknown to others (or at least to the kidnappers). For each communication with the kidnappers, the parents may request that the child recalls other events. This ensures that the kidnappers have to keep the child alive. It also ensures that no fraudulent kidnappers, who in one way or another intercepted a set of identifying events, can re-use this set for authenticating a fraudulent demand.
Based on this insight, the host (parent) and the station (child) share a large set of authentication items. For each message which needs to be authenticated, a small subset from the authentication items is selected and used to form an authentication control element which controls an authentication algorithm. In practical circumstances the authentication algorithm authenticates with a high likelihood the corresponding message uniquely under control of the authentication control element. A main strength of the system according to the invention lies in unpredictably authenticating messages by selecting a subset of authentication items from a relatively large set, where for each next message other items may be selected. This allows the use of a simple authentication algorithm, where the emphasis is not on the algorithmic strength of the algorithm, such as the difficulty of predicting for a message the corresponding authenticated message, but on using the algorithm in an unpredictable manner. A correlation which might occur in the authentications generated for successive messages can be broken by using an authentication control element, which is not related to the authentication algorithm. The authentication items, which determine the authentication control element can be generated in advance using sophisticated means, such as real random sequence generators, if desired. For a fraudulent party to be able to break the system, the fraudulent party needs not only to intercept sufficient messages to be able to break the authentication algorithm but also to d
Hayes Gail O.
Leaning Jeffrey Scott
Piotrowski Daniel J.
U.S. Philips Corporation
LandOfFree
Authentication system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Authentication system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Authentication system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2575908