Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
2002-01-29
2003-12-23
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S152000, C713S152000, C380S277000, C380S283000
Reexamination Certificate
active
06668321
ABSTRACT:
BACKGROUND OF THE INVENTION
1. The Field of the Invention
The present invention relates to securely transmitting information over communication networks. In particular, the present invention relates to systems and methods for verifying the identity of a sender and/or a recipient of information transmitted over a communication network.
2. Relevant Technology
During recent years, there has been tremendous growth in the amount and types of information that are transmitted between remote locations using telecommunication networks. For example, the Internet has become widely used in electronic commerce, education, banking, investing, and many other areas. The Internet and other wide area and local area networks have greatly enhanced the ability to transmit large volumes of information between people. While many segments of the economy have been transformed by the ongoing communication revolution, the finance industry has been particularly affected. For instance, financial transactions have become increasingly cashless as debit cards, credit cards, smart cards and other techniques for authorizing electronic transfer of funds have become widely used.
There are several reasons for the increased use of electronic systems and telecommunication systems for transmitting information and conducting business. First, data processing speeds have vastly increased during recent decades to permit large volumes of information to be processed in relatively short periods of time. Likewise, the size, cost, and speed of mass data storage systems have improved, thereby allowing large volumes of information to be conveniently stored and accessed. In addition, the data transmission rates of telecommunication systems have grown equally as fast, which permits large amounts of data to be rapidly transmitted between distant locations.
There have been some limiting factors that have prevented electronic communication of information from being fully utilized in many situations. A persistent problem involves the difficulty of verifying the identity of participants in electronic communication. For instance, it is often difficult to determine whether a person receiving a document via email is, in fact, the intended recipient. Likewise, it has often proved impossible to conclusively determine whether a person using a credit card number to execute an electronic transaction is an authorized user of the credit card. In yet another example, it has often been difficult to be certain of the identity of a person creating an electronic document. Thus, in situations where electronically created or transmitted information is particularly sensitive, in, for example, the banking and legal industries, electronic communication has not been practical or fully accepted. Instead, hand-signed hard copies of documents, conventional hand delivery of documents, and face-to-face transactions are still widely used, although their electronic counterparts would often be more efficient were it not for the persistent security limitations.
In order to attempt to overcome the aforementioned problems of identifying participants in electronic communication, a variety of approaches have been taken. Often, information is encrypted before it is transmitted over open communication networks such as the Internet, stored on computer-readable media, or otherwise placed in a position where it could be potentially intercepted by unauthorized users. Transmitted encrypted information can be decrypted if the recipient possesses the appropriate decryption key. Otherwise, unauthorized recipients are unable to view or otherwise use the contents of the encrypted information.
One commonly used encryption technique is private/public key cryptography, such as RSA, in which each user has a public key published for anyone to see and an associated private key. A sender looks up the recipient's public key and uses it to encrypt the data to be transmitted. The recipient uses the secret, private key to decrypt the information. While the private/public key approach provides reasonably secure transmission in may circumstances, it has several drawbacks. The use and maintenance of the private and public keys can be quite expensive for organizations. Moreover, if the security of the private key is breached, new private and public keys must be created, with the new public key being published to all interested users, and the old public key being invalidated, wherever it might exist.
Another approach to maintaining the security of electronic information involves using passwords to identify users of computer networks, recipients of information, etc. For instance, information transmitted over a communication network to a recipient may be password protected, in that it may not be decrypted, decompressed, or otherwise placed in a usable form unless the recipient possesses a specified password. In other situations, passwords are required to gain access to computer networks in the first instance. Typically, when a user logs onto a computer network, the user is prompted to enter a password that enables the user to gain access to resources of the computer network.
The basic concept underlying passwords is that any person possessing the password is assumed to be authorized to access particular information or perform selected operations. In practice, however, it has been found that passwords are often the weak link in an electronic security system. Sometimes, network users select passwords such as birthdays or names of family members that could be easily guessed by unauthorized persons. In other situations, users write their password in plain sight, such as on a note affixed to a computer monitor. Such practices essentially negate the security advantages of passwords. Furthermore, particularly persistent persons could intercept a user's password by memorizing a series of a few keystrokes while observing the user entering a password into a computer. Thus, many businesses require employees to regularly change their passwords in an attempt to strengthen network security systems. In any event, it has been found that unauthorized persons often successfully obtain users' passwords, thereby compromising any security measures associated with the passwords.
A related security technique is the use of personal identification numbers (PINs) in electronic commerce and other situations. A PIN is a number assigned to or selected by a cardholder, for example, in order to verify the identify of a person attempting to execute a transaction. PINs are widely used in automatic teller machines, credit and debit card readers, electronic commerce websites, and other situations where electronic funds transfer is to be initiated. Likewise, access numbers, which are analogous to PINs, are widely used in businesses, the military, and other organizations having sensitive buildings or areas. Persons wishing to gain access to sensitive buildings or areas must enter an access number to an access control device that permits entry only to authorized persons. Like passwords, PINs and access codes are subject to being stolen or otherwise obtained by unauthorized individuals. Because PINs are generally static or, in other words, remain usable in multiple transactions, they are sometimes stolen by an unauthorized person watching a PIN being entered into a keypad.
In view of the foregoing, electronic communication and creation of information has been limited in many situations by the failure of conventional security measures to reliably permit the identity of participants to be verified. Thus, it would be an advancement in the art to provide systems and methods for both verifying and authenticating the identity of participants in electronic communication that do not merely rely on password protection, PINs, or public key/private key encryption.
BRIEF SUMMARY OF THE INVENTION
The present invention relates to systems and methods for verifying and authenticating the identity of participants in electronic communication. The invention replaces or supplements the reliance that conventional systems place on passwords
Hunter, Sr. David L.
Nendell Donald F.
Wade Eric D.
Peeso Thomas R.
Tsunami Security, Inc.
Workman Nydegger
LandOfFree
Verification of identity of participant in electronic... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Verification of identity of participant in electronic..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Verification of identity of participant in electronic... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3131207