Cryptography – Key management – Having particular key generator
Reexamination Certificate
2000-02-24
2001-06-12
Peeso, Thomas R. (Department: 2767)
Cryptography
Key management
Having particular key generator
C380S046000, C713S159000, C713S166000
Reexamination Certificate
active
06246769
ABSTRACT:
CROSS REFERENCE TO RELATED APPLICATIONS
Disclosure Document Program: 465535 Nov. 23, 1999.
BACKGROUND
1. Field of Invention
This invention relates to bank cards, credit cards, debit cards, smart cards, communication cards, financial transaction cards, student cards, employee cards, medical cards, identification cards and any other card based system that requires an authorized user to recall and enter a code in order to gain access to a protected resource, information source or service. This invention is also related to non-card based systems such as Internet and Intranet access codes, computer codes, alarm codes, lock codes, wireless codes or any other non-card based code which requires an authorized user to enter a code in order to gain access to a protected resource, information source or service.
2. Description of Prior Art
As computers have become more predominant in everyday life, it becomes evident that business in the near future will be transacted, in a larger part, on the electronic superhighway or the Internet. The convenience of shopping the Internet and the utilization of e-commerce has already begun to permeate our lives. Credit card transactions and product orders on the Internet are now commonplace. However, along with this newfound convenience, system security, user identification, and validation of user identification remain legitimate and primary concerns for users of the current systems.
The immediate solution to these security issues and concerns is the multitude of PIN codes, passwords and passcodes that have been issued to secure the totality of our protected resources. In other words, Internet and credit card users are becoming overwhelmed with well-intended security codes. Even though passcodes (passwords which do not form recognizable words) are extremely secure, attempts to recall a meaningless jumble of upper and lower case characters is unrealistic and impractical for most users. The avalanche of PINs, passwords and passcodes has become so crushing that many users often breach the intended security by writing these codes in convenient places which are easily available to both the authorized and unauthorized user.
In today's marketplace, four requirements are paramount in granting access to an authorized user of a protected resource: (1) authorized user identification, (2) verification of authorized user identification, (3) unauthorized user access rejection and (4) an appropriate level of security to protect the resource from unauthorized use. For example, when a user (authorized or unauthorized) wishes to withdraw funds from an Automated Teller Machine (ATM), a bank card is inserted into the ATM and the “card” is identified via data transferred from a magnetic strip or an electronic chip within the card to a system database. To verify that the user is the authorized user of the bank card inserted into the ATM, the ATM prompts the user to enter a Personal Identification Number (PIN) which is only issued to the authorized user by the grantor of the bank card. If the PIN entered by the user is identical to the PIN issued to the authorized user and also recorded in system database memory, the user is verified as the authorized user and the transaction is allowed to proceed. The security afforded by this transaction involves possession of the bank card issued to the authorized user, knowledge of the PIN code, an upper limit cash demand and card deactivation if a consecutive series of incorrect PINs are entered into the ATM system. Theoretically, this security system is adequate to prevent an unauthorized user from gaining access to an account, but unfortunately, unauthorized access to protected resources has become a billion dollar problem. The resolution of this problem lies in understanding the weaknesses of the present systems and how to effectively eliminate those weaknesses while simultaneously maintaining simplicity, security and efficiency.
As the PIN system of security became the standard for verification of an authorized user in both card and non-card based systems, authorized users were subsequently required to recall a plurality of PIN codes in order to gain access to protected resources and services. This problem of excessive recall was resolved on the user level by recording PIN codes in writing and carrying a copy for easy reference in a wallet or purse. However, this was a direct compromise of the intended security afforded by the PIN system and could result in easy unauthorized access to related accounts if the wallet or purse was stolen. The recall problem was addressed on the grantor level by allowing the use of personalized PINs. In this way, an authorized user could eliminate recalling a multitude of PIN codes by making all PIN codes identical. In other words, personalized PINs allowed an authorized user to utilize a single PIN code for all protected resources, and additionally, a PIN of personal choice. However, if the personalized PIN was easy to guess, such as the authorized user's birth date or phone number, an informed unauthorized user could gain access to all protected resources with a single intelligent guess. Today, the major disadvantage of personalized PINs is the requirement of identical code lengths with constant and unchanging characters, usually numerals. If unauthorized use of a resource is obtained by observing the PIN entry of the authorized user, said unauthorized user instantly gains access to all resources protected by said personalized PINs. Therefore, personalized PINs decrease the personal security of the authorized user due to the possible windfall associated with gaining unlawful possession of the authorized user's wallet or purse and subsequent access to all resources protected by personalized PINs. Gaining access to the Internet and e-commerce environments with an increased level of security has changed access code requirements with respect to code length and the alphanumeric mix of code characters. Since many intemet sites now require access codes of eight or more characters with a minimum of two numerals, or instead issue a code of their choosing of varied lengths, personalized PINs only resolved the excess PIN memory overload problem for a short period of time.
With the advent of the Internet and e-commerce, the security level intended by the four digit PIN code system was inadequate for the computer based environment and became obsolete overnight. PIN codes were replaced by passwords, or words in the authorized user's native language that were of sufficient length to increase security and that could be easily recalled. The password system increased the level of security, but eventually users were forced to record their passwords near the computer to avoid confusion with other passwords associated with a multitude of other applications and protected resources. The plurality of PINs, from the not so distant past, was replaced with a plurality of passwords. However, this new problem of too many passwords was resolved with software that allowed an authorized user to conveniently record their user log-on names and passwords in computer memory for automatic submission to the protected application or resource. However, if the computer was stolen or sold without erasing the codes, it became easy for an unauthorized user to gain access to all protected resource codes held in computer memory. Additionally, if an authorized user traveled on business and needed to use a protected resource which required the entry of an access code, and that code was only recorded in the memory of a home based computer, the user would be unable to gain access to that resource unless the correct code could be recalled. In other words, security was compromised for convenience and accessibility when codes were recalled by internal computer software.
Computer passwords have been replaced with passcodes that contain both numeric and alpha characters forming a non-word of an adequate length. This greatly increases the level of security, but if the highly secure passcodes are logged into computer memory for automatic
Jack Todd
Peeso Thomas R.
LandOfFree
Authorized user verification by sequential pattern... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Authorized user verification by sequential pattern..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Authorized user verification by sequential pattern... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2544501