Telecommunications – Radiotelephone system – Security or fraud prevention
Reexamination Certificate
1997-09-03
2002-10-15
To, Doris H. (Department: 3625)
Telecommunications
Radiotelephone system
Security or fraud prevention
C455S412100, C380S029000, C340S870030, C705S064000, C705S075000
Reexamination Certificate
active
06466780
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to the security of communications, and more particularly to a method and apparatus for combating the use of cloned, fraudulent or unauthorized communicating devices, such as cellular telephones, credit cards and computer terminals.
2. Background of the Invention
Communication signals are used widely in many different or interrelated fields, such as credit card authorization systems, cellular telephone and radio communications, satellite transmissions, telephone calls, computer networks and modem connections, automated teller machine transmissions, direct broadcast television, garage door openers, automobile remote devices and the like. While each of these fields may have different communication protocols, performance objectives and technical constraints, each of the fields have at least some concern for the security of the communication. Specific security concerns may deal with the content of the communication itself (often protected by encryption methods), the integrity of the communication (often protected by error-checking and anti-virus software), and authorized access to the communication (often protected by account codes and passwords).
Unauthorized access to communications and communicating devices has become a problem in many of the fields mentioned. Computer networks have been broken into by determining authorized account codes and passwords, thereby gaining access to proprietary information or computing capabilities Credit card transactions may be charged by an unauthorized person by merely possessing a lost or stolen card. Cellular telephones may be duplicated or cloned to produce a large number of fraudulent telephones having the same account codes and personal identification codes as a lost or stolen authentic cellular telephone. Attempts to combat these unauthorized communications has taken many forms.
One security measure implemented in typical various communication systems is the authentication of communicating devices at registration, initiation or reception of the communication. Authentication may be simply viewed as the process of confirming the identity of the communicating device, perhaps by transmitting an account or identification code and a password. In applications where the communicating device is mobile, authentication often requires communication between or through a plurality of communicating devices or networks in order to verify the identity of the communicating device and perhaps the user of the communicating device.
For example, a serious problem in existing cellular telephone systems may be referred to as the “false mobile station” syndrome. It is presently possible to copy the entire memory contents of a mobile station and to use that information to manufacture clones which can demand and receive service from the network. Cellular phones may be cloned by reading the entire memory contents of the phone, including its identification codes, secret keys, internally stored personal identification codes, signatures, etc., and writing the same codes into any number of similar “clone” phones. The cloning procedure can become quite sophisticated and may include software modifications which replace physically stored information with electronically stored information so that a number of stored mobile station identities may be cyclically rotated within one fraudulent mobile station and used to imitate several authentic mobile stations.
Similar breaches of communications have occurred in financial transactions involving credit cards. Typically, the information on a lost or stolen credit card can be electronically read and duplicated on any number of credit cards. The cards are then distributed and used until either the credit limit of the card is surpassed or the card is reported stolen or lost to the credit card company. Significant actual losses are experienced each year due to the use of such “cloned” credit cards.
Many communication systems, including cellular telephone networks and credit card authentication or authorization systems, comprise a vast number of distributed communicating devices (i.e., mobile cellular phones or credit cards and credit card readers) that transmit data to a central computer system in charge of determining whether or not to allow the communication to go through. The central computer system may execute an authorization algorithm to determine if the credit card has a valid account or identification number, if there is an available balance of credit and, perhaps, if a valid personal identification number has been given or entered. However, sophisticated thieves have been able to duplicate the credit card with valid identification numbers and determine even the personal identification number.
Similarly, computer network communications or computer-to-computer communications may include files that are locked, password protected, zipped and/or encrypted for various reasons, including the security of the content of the communication. Password protection provides a limited degree of security, primarily protecting a communication from being accessed by persons who casually encounter the file, but this security can still be violated. Encryption is perhaps the most secure means for preventing outsiders from obtaining the content of the communication and, therefore, is in widespread use by banks and other financial institutions throughout the world for many or all of their electronic transactions.
However, the security of even the most sophisticated encryption methods is jeopardized by the growing computing power available to individuals and groups. Complex encryption algorithms using 64 bit keys having 2
64
(about 1.8×10
19
) possible keys could become marginal protection against outside access to the communication.
Therefore, there is a need for improved methods of securing communications between two or more communicating devices and/or users. More particularly, there is a need for methods of preventing unauthorized use of communicating devices or the content of the communication. It would be desirable if the method provided a simple means for detecting the use of “cloned” communicating devices. Furthermore, it would be especially desirable if the method did not require any significant physical modifications to existing communicating devices, but rather could be employed by the addition or modification of software.
SUMMARY OF THE INVENTION
The present invention provides a method of authenticating a communication, comprising (a) providing a first communicating device with a first sequence of transaction specific codes; (b) providing a second communicating device with a second sequence of transaction specific codes, wherein the first and second sequences are identical; (c) setting pointers in the first and second sequences at the same transaction specific code; (d) transmitting a communication from the first communicating device to the second communicating device along with a transaction specific code from the first sequence; (e) refusing communications having a transaction specific code that is different from the transaction specific code expected by the second communicating device; and (f) incrementing the pointers in both the first and second communicating devices. The first and second sequences of transaction codes may be stored in a database or calculated according to various algorithms.
The first and second communicating devices may take on various forms and functions. For example, the first communicating device may be a credit card and the second communicating device a central clearinghouse; the first communicating device may be a cellular telephone and the second communicating device a cellular network; the first communicating device may be a garage door remote and the second communicating device a garage door opener; the first communicating device may be an automobile remote unlock device and the second communicating device an automobile remote unlock device receiver; the first communicating device may be a computer and the second commu
Bobola Robert E.
Geiselman J. Milton
Lerner Daniel M.
Interlok Technologies, LLC
Streets Jeffrey L.
Streets & Steele
To Doris H.
LandOfFree
Method and apparatus for securing digital communications does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for securing digital communications, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for securing digital communications will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2994505