slide 1

Back to the List of the Granted Patents                                                                         Click here to download KE000386 PDF

(11) Patent Number: KE 386
               
(51) Int.C1.8:    G 07D 7120, G 07F 7/02,7/10   

(73)0wner:GridlockTS Limited of Montagu House, 81 High Street,Huntingdon PE29  3NY, United Kingdom

(ll)Application Number:    KE/P/2008/ 000755       

(72) Inventor:CRAYMER. Jonathan and HOWES, Stephen

(22) Filing Date:30/11/2006               
           
(74) Agent/address for correspondence: Kaplan & Stratton Advocates, P.O. Box 40111-00100,Nairobi

(30) Priority data: 0524414.0    01/12/2005  GB; 0601910.3 31/01/2006    GB; 0613835.8  13/07/2006 GB; 0614902.5  27/07/2006  GB and 601774225    17/0212006  us   
   
(86) PCT data    PCT/GB06/050422    30/11/2006 W02007/063346    07/06/2007                       

(54)Tit1e:A METilOD AND APPARATUS FOR VERIFYING A PERSON'S IDENTITY OR ENTITLEMENT USING ONE-TIME TRANSACTION CODES

(57) Abstract: A method for verifying a person's identity is the general type which comprises storing a personal pattern

of a pre-determined number of locations on a grid in association with personal identification data, and subsequently using the pattern in a verification process. According to the invention, the subsequent verification process comprises the steps of: (a) presenting to the person a challenge grid of locations occupied by a pseudo-random set of symbols, and challenging the person to identify a response set of symbols occupying locations in the challenge grid corresponding to the stored personal pattern; (b) receiving from the person the response set; (c) generating from the challenge grid and the stored pattern a verification set of symbols occupying locations in the challenge grid corresponding to the stored personal pattern; (d) comparing the response set of symbols with the verification set of symbols; and (e) verifying the identity of the person if the response set is the same as the verification set.

Authentj fyina  method

The  purpose  of  the  invention  is  to  reveal  a  possibility  of

implementing  with  simple  means  authentifications  which  are

falsification-proof  and  pleasing  in  application.

There are essentially two types of authentifying methods: the first type consists of eqipping the person to be authentified with a person-WJ.specific characteristic, for
instance  with  a  password,  a  chip-card  or  a  cOdified key.  This

characteristic  being  verified  for  authencity  through

10    comparison with a cocform or a ma.tching counterpart, checking for equality or for natchi.ng quality (lock and key system). For instance, anti-theft devices of cars can be deblocked with a key containing a microchip, which exchanges a lllOdified code with the motor control device after each use, as soon as the

15    key is introduced in the starting switch. only if key and car motronic are matching, the car can be started. The disadvantage of this first type of authentifying methods is that third persons may usurp the person•unspecific

characteristic  in  order  to  unperceivedly  occupy  the  wrong

20    identity. The issue of memorizing numbers or passwords as a characteristic, is often not opportune because of human oblivion. Furthermore, third persons could get knOW'ledge of these numbers and passwords during an authentification process.

25

The second type of authentifying methods relies on the principle of preserving certain person• specific characteristics at a place remote from the person concerned. The proof of authencity is implemented tbxough coop.rison of

30    the origina.l cbara.cteristic with the preserved counterpart. In the case of biometrical authentifying methods, certain physical features like hand•geometry, finger•prints, photographs or peculiarities caused by physique {like speaking specimens), are in principle used as person-specific


characteristics.  Biometrical  methods  are  complicated,

partially  susceptible  to  falsification,  and  are  often

perceived  as  erobarrassing  by  the  persons  concerned.

The  present  status  of  technology  is  described  in  the  following

patent  applications  or  patents.

•    PCT/KR92/00056   (WO  93/09621):  An  electronic  identification

system  consists  of  first  a  portable  device,  which  is  activated

10    after the introduction of a password, possibly in connection with the number of the car license plate, an account or identity card number, and secondly of an automatically responding control station. For the purpose of user

authentification  or  for  release  of  a  certain  effect,  signals

15    and information chains are exchanged by wireless transmission which are verified in both units. In one arrangement, the input device is equipped with only four buttons, two of which serve for scrolling forward or backward characters appearing on a display, a third one for marking certain characters, and

20    a  fourth  one  for  undoing  wrong  markings.

•    DE-OS 4.2 20 971: For the purpose of an identity check, the finger-print of a person is photographically registered, transformed and preserved, and used as an identification characteristic.

25    • DE-OS 41 25 870: Identification data of men or animals are attached to a tooth in the form of an active medium, so that

these informations can be recognized in a non-destructive way at a later check-up.

•  DE-OS  41  07  042::  A  tubule  is  incorporated  in  a  living

30    creature, for implantation of information-carriers by which the living creature can be identified.

•    DB-OS 40 39 646: In the case of a biological object, measured values - for instance the electric brain or muscle

activity - are recorded and compared with existing structures 3 5 of measured values. Start or cancellation of a process are

related  to  the  result  of  comparison.

•  DE-OS40  36  025:  Finger-prints  are  recognized  by use  of  a

hologramme.

•  DE-PS  40  09  051:  A  characteristic  temperature  distribution

of the face is used as a biometrical identification feature. The possibility of using person-related values like voice-specific peculiarities (the spoken word), tallness, shoe-size,
the  dynamic  pressure  course  of  movements,  the  structure  of  the

blood-vessels  of  the  retina,  as  identification

characteristics,  is  mentioned.

•  DE-PS  11.0  OS  971:  'rhe  user  of  a  data-station  is  authentified

10    by passwords  and  random numbers  via  a  one-way  function.

•    DE-OS  40  05  448:  For  the  purpose  of  partner  search,  personal

data  of  a  person,  like  character-traits,  business  an4.~Private

projects,    interests  and  opinions,  are  preserved  in  a  statioi:i.

belonging  to  that  person,  then  transmitted  to  an  analogue

15    station of a potential partner, then compared with corresponding data of that potential partner which he/she may have re~transmitted, and then evaluated with regard to the degree of confonnity.

•  DE-OS  39  43  097:  Biometrically  measurable  data,  for  instance

20    eye prints or finger-prints, are used as a key to accessing stored medical data.

•  DE•OS  38  34  048  and  DE-OS  38  34  046:  The  finger-print  of  a

person  or  a  radioscopie  of  the  finger-bone  outline  is  used  for

optoelectronic  identification  of  a  person.  The  possibility  of

25    using supplementary measured values of identification like the form or outline of a nail, or solving of test problems, is

mentioned.

•  DE-PS  38  27  l72:  Informations  are  identified  by transforming

an  input  information  into  an  output  information  -  dependent  on

30    preceding signs - according to the principle of associated individual transformation, whereby special ramification structures are applied. Informations of any kind can serve as the basis of identification, for instance completely u.oknowD,

unaccessible,    non-reproducti.ble  randan  informations.  The

35    possibility of mutually exchanging i.Ilforma.tion series between a data-carrier and the control station according to the challenge-response principle and of comparing those series


with  corresponding  preserved  information  series  for  .the

purpose  of  identifying  persons,  is  mentioned,  whereby  the

control  station  will  emit  a  "good"-signal  if  the  comparison

is  positive.  Furthermore,  a  portable  memory  is  mentioned,  into

which  a  personal  secrete  identity  number,  an  account  number

and  other  personal  data  are  entered  at  the  time  of  delivery  to

the  owner.

•  DE-OS  3301  629:  In  a  telephone  office,   informations  are

generated  sequentially  for  each  participant  by  a  special

10    switchboard, in order to identify a calling participant, such informations coiJ.taining data with regard to the participant's address, number and the category to which he/she is attributed.

•  DE-OS  2846  974:  A  person  is  characterized by  the  solution  of

15    one  or  more  dexterity  tasks.

• DB-OS 2 254 597: Persons are identified by the following process: members of the body having a characteristic curvature are recorded, preserved in the form of a curvature graph, and

evaluated  with  a  data  treatment  device.

20    • DE-OS 2 224 667: A key has a recognition register with several indication elements which latter ones can be placed independently in two positions, each of which carrying indication symbols. According to the combination of the

indication  elements,  different  symbol  patterns  are  being

25    generated, one of them corresponding to a pattern of the key arrangement which is only kD.own by the key-owner and which permits unlocking.

•    DE•AS  1  762  669:  In  the  case  of  transmission  of

informations,    the  calling  participant  transmits  after  the

30    establishment of the connection two different characteristic qualifying signals, of which the second one is a coding of the first one. The other participant decodes the second signal and compares it with the first signal before the connection is getting operative.

35    • DE•AS 1 195 057 and DE•AS 1 084 036: For the purpose of comparing persons, certain peculiarities of the face or of the entire body are measured or recorded, for instance the form of

the  ears,  limit  points  of  the  temples,  location  of  the  pupils

or  of  the  nose  tip,   the  middle  line  of  the  lips,  the  chin,

particular  wrinkles,  cicatrices,  birth-marks  or  warts.  The  use

of  poroscopie  of  finger-  and  palm-prints  is  also  mentioned.

•  DE-PS  683  233:  In  the  field  of  modus  recognition  services,

the  distance  of  two  characteristic  points  of  an  abject,  for

instance  of  a  hand-writing  sample  or  of  a  body  feature,  is

opto-electronically  juxtaposed  to  the  corresponding  points  of

an  pre-existing  pattern.

10    • EP-OS o 573 245: In order to check the intactness of messages in a communication network between a plurality of participants, a so-called authenticator is attributed to each transmitted message, that is a code which is calculated in the

emission  station  from  the  entire  information.  In  the  receiving

15    station, a comparison code is calculated from the received entire information with the same algorism. Only when both codes are conform, there is certitude that the message was transmitted intactly. Authentification of participants is implemented by secrete and non-secrete keys, and by different

20    encodin~ functions  and  transmission  steps.

• EP-OS 0 548 967: In context with a data exchange system, mutual authentification is started by checking a personal characteristic, e.g. a codeword, entered by the user, after

exhibition  of  an  encoded da.taword  preserved  in  the  system

25    which is only known by the user and which can be modified by him/her.

•    EP-OS 0 532 227: In order to create unequivocal connections within a cellular mobile telephone network, authentification signals are generated by a key-code which is conferred upon by

30    the  network  operator  and  later-on  changeable.

• EP-OS 0 522 473: Transscripts are generated between a person to be authentified and a central authentification instance, by excba.nge of certain secrete and non-secrete informations in a

ccmmmication  network,  as  well  as  by  exchange  of  therefrom

35    resulting questions and answers (challenge-response principle) which will be transferred in doubtful cases to an arbitration instance for renewed screening of the
 

user  qualification.

•  EP-OS  o 466  146:  In  order  to  guarantee  that  certain  texts

can  only  be  read  by  persons  who  are  qualified  to  do  so,  these

texts  or  parts  of  them  are  composed  of  encoded  signs  which  are

preserved  in  a  memory  and  which  can  be  decoded  by  special

methods.

•  EP-PS  o  441  774:  An  authentification  card  has  several

separate  zones,  one  of  which  is  dedicated  to  :o.er:manent.

preservation  in  encoded  form  of  a  person-specific  singularity,

10    for instance of individual peculiarities as finger- or foot-prints, signatures etc., with the addition or abstraction of certain partial elements. The other zones are intended for
~ preservation  of  the  same  singularity  without  the

additions  or  abstractions,  for  instance  after  ittt:~ressing a

15    finger or a foot, or by means of a sca.Diliog-process during authentification. An automatic comparison of both singularities is implemented in a card-reader, after reconstitution of the image of the permanently preserved

singularity  through  a  code  entered  by  the  authorized  user.

20    • EP-OS 0 382 410: In order to memorize and retrieve a password, its owner inserts the characters of this password into a plurality of alphanumerical texts according to a self-chosen pattern, in such a way that he/she alone is able to

retrieve  these  characters  with  the  help  of  the  memorized

25    pattern.

•    EP-PS o 085 680: A data-carrier, preferably a personal card, containing informa.tions about the owner, the conferring organization, account numbers etc. , is introduced in a reading

device  for  releasing  a  free-signal.  For  the  purpose  of  a

30    supplementary authentification, the finger-tip of the OWJJ.er is scanned by a sensor, recorded as papillary-line information,

and  compared  with  a  counterpart  already  preserved  in  the

reading  device.

•  EO-OS  0  082  304:  A person  is  identified  through  voice-

35    recognition on the basis of a characteristic sequence of voice peculiarities emitted during the pronouncement of a key-word, as well as through face recognition, e.g. through recognition


of  a  specific  part  of  it .

•  EP-OS  0  034  7 ss:  A qualification  pattern  consisting  of

characters  and  changeable  by  its  owner,  is  preserved  in

encoded  form  in  the  recognition  field  of  a  qualification  card.

This  pattern  generates  a  protocol  during  the  reading  process

which  has  to  coincide  ~th an  authenticity  protocol  for

authentification.

•  EP-PS  0  029  894:  A key  electronically.  imbedded  in  a  personal

idec.tification  card,  being  unchangeable  and  unrecognizable,  is

10    compared with a key in the possession of the person to be authentified. The possibility of using signatures or dynamic signals during signature, as well as voice-records or finger-prints, as person-specific characters for authentification, is

mentioned.

15    • EP-PS o 007 002: For the purpose of user authentification and for transactions between a data station and a control unit, the former receives, combines, encodes and retransmits in a modified form certain user messages, and the latter

receives  these  modified  messages  for  comparison  with  preserved

20    information.

• EP-OS 0 006 419: Parts of the signature of a person are cryptographically recorded via certain keys, and deccx'led and verified for authentification.

25    The task of the invention is. solved by the authentifying methcx'l defined in the principal claim. In •this context, the images, tokens, texts or sounds which are based on individual

knowledges  and  experiences  of  a  person  and  which  consist  of  a

principal  part  aJld a  complement  or  of  associated  notions,  and

30    which are used as an identification feature, are denominated according to an appropriate terminology as person-specific psychanetrical informations, abbreviated PSPI.

Every  human  being  is  unique  because  of  its  course  of  life,

35    that is to say, its experiences and knowledges. Everybody is in a position to form thousands of original associations which cannot be prcx'luced by other persons. Specific psychametrical

experiments  have  shown  that  experiences  can  be  reproduced

particularly  well,  if  they  are  remote  in  time,  adapted  to  the

human  thinking  structures,  and  closely  connected  with  persons,

places,    times  and  quantities.

Contrary  to  authentifying  methods  where  third  persons  try  to

democstrate  the  identity  of  a  certain person,  the  method

according  to  the  invention  is  methodically  a  self-

identification,    that  is  to  say  a  method  where  the  interested

10    person himself/herself demonstrates in face of third persons that he/she is really a definite human being. The well-known didactical methods like "interactive learning" on the computer, or "multiple-choice 11 tests are completely alien to

the  method  of  the  invention.  Those  methods  rely  on  the

15    principle that the learner or examinee has to reproduce common knowledge and just not individual PSPI.

The  authentifying  method  according  to  the  invention  is

distinguished  by  the  possibility  of  usicg  a  very  large  number

20    of PSPI as an identification characteristic. The PSPI which consist of a principal part and a complement or of associated notions, benefit from the fact that they can be expressed and treated, as bipartite structures (preferentially as couples of written or spoken texts) , in a particularly easy, clear and

25    compact ma.DD.er, thus with minilm.nn icvestment ic io£ormation units. Therefore, the method accordicg to the invention can be realh:ed in a particularly econanic and safe way, opposite to the biometrical method.

30    If the PSPI are submitted for the purpose of identification to the process steps deficed in the second part of the principal claim, joint preservation of matchicg association elemects
is  not  necessary.  In  this  case,  groups  of  association  elements

belonging  to  a  common  category are  preserved  separately.  Only

35    in the last process step, the integral PSPI are f.ormed from matching association elements, and the latter are assembled to characteristic structures. concealment of these association


elements being preserved as groupes, is therefore not absolutely necessary. This peculiarity reduces the investment for protecting the preserved PSPI against unauthorized access.

The authentifying method according to the invention can be realized with existing .simple and low-cost components. It has the potential of mass use in very different application fields like:

•  Traffic  technology:  anti-theft  devices;

10 • Safety technology: access control, equipment for surveillance and alarms;

Banking and trade: teleba.Dking, electronic cash, personalized baDk cards, productivity e.oha.ncement in the fields of check control and direct debit processes;

15    Ccmnunication and information technologies: authentification of participants;

Registration  services:  falsification-proof  identity  cards;

Cryptography:  secrete  keys,  notebooks,  PIN-cards.

20    Particularly appropriate arrangements of the authentifying method according to the invention are described in claims 2 to 10.

Several  types  of  PSPI,  advantageous  for  authentification

25    purposes, are enumerated in claim 2. Short statements which can be seized by one glance {in particular .a combination of two notions which are either true or wrong} are especially appropriate for representing the principal part of the person-specific PSPI, while a symbol for "true" or "wrong" is

30    representing the complement. For instance, such statement could be:

Principal part of PSPI: " Village A is located in county S", PSPI complement: 11 wrong" .

35

Contrary to other categories of PSPI, e.g. questions or text fragments to be completed, statements are especially simple,

as  only  two  different  complements  are  possible,  namely  "true"

or  "wrong".

Such corrqllements are susceptible to be entered vecy easily into the system, for instance through pushing one or two corresponding function buttons. verification of one single statement is, however, not sufficient for a safe

authentification:  The  probability  for  an .unqualified person  to

accidentally  pushing  the  correct  button  is  50%.  Therefore  it

10    is proposed to verify a series of different statements rather quickly one after another, and to divide the total quantity of all preserved statements preferentially iilto 50 % true and SO%

wrong  ones.  Thus  the  hit  score  for  accidentally  pushing  the

complement  buttons  by unqualified  persons  will  be  a  minimum.

15    For instance, if there are ten statements to be verified, the probability for an accidental authentification is only ~/ 210 or 1/1024.

Claim 3 points to appropriate technologies for realizing the 2 0 authentifying method according to the invention, and also to

different advantageous safety measures. For instance, it is possible to programme the authentificatiOil process in such a way that renewed authentif ications with new PSPI are automatically initiated in irregular intervals, if

25 authentcards (chip~ or magnet~cards intended for authentification) are kept permanently in an authentdevice (reading and data-treatment device for authentcards) . By these means, the presence of a certain person can be surveyed duriilg longer time periods. It may also be opportune to exclude the

30    faculty of authentification temporarily or definitively, by means of a time switch or an external signal. For certain applicatioilS, it is advantageous to update, replace or reproduce the preserved PSPI under observation of the

necessary  discretion,  partially  or  integrally.

35

The main system components for the implementation of the authentifyi.ng method are described in claim 4. For


design  reasons,  the  devices  for  the  preservation  and

manipulation  of  the  PSPI  have  often  to  be  placed  directly  at

the  points  of  action.  The  necessary miniaturization  of  these

components  is  not  difficult  to  attain,  especially  if

intelligent  chips  are  utilized:  200  statements  in  text  form

with  each  about  25  characters  don • t  need  more  than  5 kB  of

memory volume.  In  the  context  of  the  invention,  an  actuator  is

a  device  for  the  release  of  a  distinct  mechanical,  electrical,

optical  or  other  effect.

10

The  object  of  claim  5  is  a  miniaturized  unit  assembling  all

essential  system  campoil.eilts,  having  a  very  simple  design  and

being  easily  operated,  which  can  be  used  as  an  electronic

key  in  many  fields.

15

The  arrangement  according  to  claim  6  allows  mutual  tele•

authentification  of  two  persons  who  have  exchanged  their

respective  authentcard.

20    Claim 7 reveals another arrangement at which the PSPI of a mul.titude of persons are entered and stocked in a central operational data ba.Ilk, from where they will be transmittec:i -

for  the  purpose  of  authentification  and  if  required  or •during

certain  time  periods  -  to  decentralized  control  or

25    teleoperatea stations having a display and an input device. One advantage of this configuration is the fact tbat those to be authentified don't need an authentcard.

The  principle  of  concentrating  the  PSPI  of  a  rultitude  of

30    perscms within a central data bailk can be combined with the principle of authentcard.s. Authentification relies in this case on two complementary PSPI stocks, the one preserved in the card possibly being relatively small and interchangeable.

35    Claim 8 reveals different cba.racteristic tying-together schemes and arrangements of PSPI which consist of a plurality of associations of the type Ax-Bx-Cx. etc. These schemes and
 

arrangements  can  be  used  as  authentification  criteria  which

can  be  easily  checked.  In  particular  it  is  advantageous  to

arrange the association elements in the form of a matrix or of columns, and to attribute to them so-called basic-numbers BZ, from which for evecy arrangement "A" a characteristic result-

number  EZ  can  be  calculated.  The  latter  is,  in  the  language  of

mathematics,  function  of  all  basic-numbers  BZ  and  of  their

arrangement  "A":

10

The  function  EZ  can  be  defined  by  most  different  algorisms,

for  instance  by:

15    EZ  = Sum  of    all    (Ix> 2
    Ix =  BZx  •    BZx+ l    •  BZx+:2

The  basic-numbers  BZ  are  advantageously  integer  numbers,  and

the  function  is  preferentially  defined  by  algorisms  which

20    deliver as result-number EZ an integer number having many digits. Further criteria for the choice of an appropriate algorism are the following ones: easy implementation of the calculation, easy programni.ng, and finally: iD:q;lossibility to

calculate  the  inverse  function  with  limited  calculation  and

25    time  investment.

Claim 9 reveals convenient technologies, system components and functional processes for realizing the authentifying method

according  to  claim  8 .  If  a  large  number  of  persons  has  to  be

30    authentified, it is advantageous to supply each of them with an individual authentcard, on which are preserved the names

a.od first names of people who are in the first line only known by the corresponding person himself/herself, as well as basic-numbers attributed to these oaxnes, and the corresponding

35    result-number. The tying-together of the names and first names is advantageously perfomed by means of an authentdevice with touch-screen, in which the authentcards can be entered. A
 

complementary  authentification  on  the  basis  of  other  personal

characteristics  can be  performed  in  addition.

Claim  10  reveals  a  tele-authentifying  method  with  a  so-called

pocket  authentdevice  which  allows  authentification by

telephone.  A simple  and  falsification-proof  tele-

authentification  can  be  implemented by:  calculating  an

original  result-number  and  a  second  result-IlUitlber on  the  basis

of  a  modified  basic-number,  transmitting  the  original  and  new

10    result-numbers and basic-numbers, and comparing the new result-number with another one which is produced in a data treatment device. The pocket authentdevice is also suited for all kind of on-the-spot authentification, for preserving

secrete  codes  and  PINs  or  other  personal  data  in an

15    Ulldecodahle  manner.

The invention is more closely explained in the light of the following examples and with special regard to the attached
figures  l  to•  l3.

20

Example 1: Application of the anthentHyjng rnpthod jn lpsal informatj ca. The task may be to exchange confidential informations via fax between a person Pl at the site .Sl and a person P2 at the site S2. Two preferentially identical

25    authentdevices, except for the preserved P8PI, are placed at the sites Sl and 82. The device at Sl has stocked the PSPI of person P2, the one at S2 those of person Pl. Both authentdevices may be connected via a digital network. Person

Pl  establishes  the contact  to  P2  by operating  a  signalling

3 0 apparatus. The device at 82 transmits stepwise ten texts from its memory to the device at Sl, where Pl pushes the function button "true" or "wrong" after having checked each statement which appeared on his/her display. After identifying correctly all statements as true or wrong, an actuator of the device in

35    S2  signals  the  authenticity  of  Pl.

Hereupon,  P2  initiates  his/her  authentification.  This  happens
 

in  the  same  manner  as  implemented  by  Pl,  except  far  the  fact

that  it  is  no  longer  necessary  to  operate  the  signalling

apparatus,  because  the  connection  is  already  established.

After P2 has correctly reacted to the ten statements, the mutual authentification is terminated, and the actuator of the device at Sl deblocks the connection for the exchange of
faxes.  The  total  authentificatioo  will  be  accomplished  in

about  twenty  seconds.

10    Example 2: Anti-theft device for cars. In recent years, theft of cars has become a big problem. Therefore it is getting more and more common to install anti-theft devices or ilmnobilizers in vehicles. Such devices interrupt simultaneously starter, ignition system, injection or gasoline pump, and beccme

15    automatically operative within about thirty seconds after locking. Only with a coded card or a coded key they can be inactivated for starting the vehicle. Professional car thiefs are, however, not discouraged by such systems: simple bridging

or  disconnection  of  the  cables  will  make  ineffective  these

20    systems in a short time. on the other hand, traditional anti-theft devices are of no value in the case of carjacking. The invention redresses that situation.

The  example  regards  an  automobile  with  two  miniaturized

25    memory-units which are addressed from the same terminal. The first memory-unit Ml may be mounted at the gasoline pump, the secOild one M2 at the upper part of the coach. The terminal T may be incorporated in the instrument-board and connected with Ml and M2 via preferentially multi-core cables. Ml may

30    directly effect the pump by means of an actuator, thus without intermediary electrical circuit which could be short-circuited. In the basic position, the actuator keeps the pump blocked, the pump drive turned off, and the gasoline supply

interrupted.  In  the  operational  position,  the  actuator  keeps

35    the gasoline pump in operation. M2 may act directly, equally by means of an actuator, on a viewy and impressive signal,

for  instance  a  metal  arm which  is  in  the  basic  position  of  the
 

actuator  embedded  in  the  coach,  so  that  it  cannot be  seen  from

the outside. In the operational position, the metal arm is upwards directed. In the basic position, the metal arm blocks mechanically the vehicle. It is convenient to attach an identification mark of the vehicle-owner to the arm in a clearly visible manner.


For starting the vehicle, the driver has first to switch on the electrical supply of the car, practically with a
10    mechanical key system. By the same operation, the components Ml, M2 and T are being made operational. Next, the driver operates the signalling apparatus of T and thereby establishes

the  contact  to  Ml.  !Ill  transmits  stepwise  ten  statement -texts

of  its  stock  to  T,  the  display  of  which  exhibiting  these

lS    statements.  After  appearence  of  each  single  statement,  the

driver  pushes  either  the  functional  button  "true''  or  ••wrong".

If all statements are correctly marked (this will take about ten seconds), Ml will release its actuator and with its help the gasoline suwly. In a second step, the contact to M2 will

20    be established, and the signalling arm will be likewise put •in operatiocal mode. The entire system composed of Ml, M2 and T

is advantageously progranmed in such a way, that the actuators will fall back into their basic position after the running off of certain time intervals. Further operation of the vehicle is

25    then only possible after a new autheD.tification. The time intervals are preferentially fixed by a device for the generation of not foreseeable random series of control

impulses. I.n order t<? guara:dtee traffic security, some time will elapse after each turning-off i.mpulse, until the

3 0   actuators  will  fall  back  into  their  basic  position.

Exa.Diple 3: P,utheptcard with amliqatjon-specj fjq integrated chip fASICl: According to figure 1. a rather large quantity
(e.g.  lOO)  of  PSPI  statements  are  introduced  (arrows  5)  in  the

35    authentcard l with one-chip-microcomputer, observing the necessacy safety measures, and are preserved in it, each PSPI
 



-  1 6  -

with  its  complement  "true"  or  "wrong".  A memory  volume  of

about 1 to 10 kB is needed for this preservation. Because of ma.thetratical reasons, an optimum is reached if half of the total number of the introduced PSPI statements is true, and the other b.a.lf wrong. The internal structure of the card ensures that the preserved PSPI cannot be copied without

authorization.

Tne  authentcard  can  be  put  into  an  authentdevice  2.  By

lC    interaction between both  of  them,  a  sufficient  quantity

of  PSPI  (e.g.  ten)  are  ra.nd.omly  released  without  the

complement  one  after  another,  whereby  it  will be  convenient  if

a  subsequent  PSPI  appears  only  after  complete  handling  of  the

previous  one.  It  is,  however,  also  possible  to  treat  groups  of

lS    PSPI  sinn.lltaneously.  The  PSPI  without  complement  are

electronically transmitted to a display 3 {arrow 6), where they get visualized. The ca:rd owner verifies or falsifies the PSPI one after another, by means of a push button 4 which may be supplemented by a second one. Experience shows that not

20    more than about. ten seconds are needed for this operation. The PSPI which are complemented in this way are sent back to the autheDtdevice (arrow 7) and compared with the origiDa.l PSPI stocked in the authentcard (arrow B) • If this check is

successfully  perfonned,  a  free-sigD.al  is  released  (arrow  9).

25    on the contrary 1 a stop-signal is released, preferentially after finishing the comparison (arrow 9) . In the case of a

series of ten PSPI to be checked, the probal:lility for a non-authorized person to correctly verify or falsify by chance the PSPI 1 is less than one- per thousand.

30

The ASIC comprises: a long-time memory for preserving the PSPI and th~ programme routines, a micro-processor for implementing all necessary operations, in particular release of the PSPI without ccmplement in a non-foreseeable ma.nner, serial

3 5 comparison of these PSPI when they are complemented, with the original preserved entire PSPI, generation of the free- and stop-signals and of the safety routines, and also a sufficient
 

short-time  memory.  It  is  possible  to  transfer  part  of  these

functions  to  the  hard-  and  software  of  the  authentdevice.

For  the  ~le with  an  authentcard  just  described  and

presented  in  figure  1,   it  would  be  possible,  as  an

alternitive,    to  get  along  with  a  far  smaller  stock  of  PSPI

(about  ten)  instead  of  the  roughly  hundert  PSPI  preserved  in

the  form  of  statements,  and  still  guarantee  sufficient

safety.:  only  a  few  PSPI  {e.g.  two)  would  have  to  be  extracted

10    from this stock per authentification, if PSPI in the form of question plus answer or in the form of text fragment plus missing text would be used. However, for this alternative it

would be  necessary  to  provide  an  alphanumerical  key- board,  by

itself  complicated. and  expensive,  instead  of  the  input  push-

15    button  of  figure  1.

E:xaJit~le 4:  MemQrv-npjt  with  actuator.  Figure  2  shows

schematically  how  the  ASIC  1  is  permanently  incorporated  in  a

stationary  casing  2.  This  unit  is  equipped  with  an  energy

20    supply 3, an electronic connection 4 to the remotely placed display Which is not presented, and with an actuator 5. This configuration is suited to serve as an electronic anti-theft device for vehicles, especially with the inclusion of the time

factor  according  to  claim  3.

25

Exarrq:lle 5: p.ctjye authentc:arc'l. Figure 3 shows a miniaturized unit like an active authentcard which assembles all components and functions of an authenti~ying system. The casing 1 with dimensions of 10cm x 4cm x o, Scm as an example, possesses a

30    two-line nain display 2 for visualizing: the PSPI without complement, the introduced complements, and other texts. In the light of the Internatioca.l Patent Application No.

Pcr/KR92/00056    (wo  93/09621),  the  key-board can be  rectuced to

a  few  buttons  even  in  the  case  of  alphanumerical  input:  The

35    button 3 (up) initiates forward- and the button 4 (down) backward- scrolling of alphanumerical characters appearing on the auxiliary display 5. The authentcard is turned on by
 



-  18  -

button  6  (on),  and  the  first  PSPI  without  complement  appears

on  the  main  display.  The  button  7  {set)   serves  for  the  input

of  the  relevant  character  into  the  auxiliary  display,  the

button S (cancel) for cancelling incorrect inputs. The result of the authentification process is visualized on che main display and enables the performance of certain supplementary
operations,  if  it  is  positive.

A miniaturized authentdevice  of  this  kind  can  be  used  in

10    numerous  applicacions,  for  instance:

a)    as  a  crypto-notebook:  Personal  informations  like  secrete

codes,  account  numbers  etc.,  can be  entered with the

provision  that  they  can  only be  reproduced  after  a

15    successful  authentification;

b)    as a falsification-proof ideptity card: Only the owner of the device is able to perform his/her authentificatioo:
c)    as a ~ for access to otherwise blocked localities, plants, machines, vehicles, data systems. After successful

20    authentification,  an  open-signal  will  be  available.

In the case c) it is convenient to suit the outer form of the device to the key~f\lllCtion. Such an electronic key can be prcqrararned, as an example, so that codes, passwords or

25    information chains which are preserved in the device and which may l:Je time-dependent, can be sent to the lock after successful authentification, via contacts or other means not represented in figure 3. The codes, passwordS or infonna.tion chains are chronologically dontorm with their changing

30    counterparts in the lock. The progranme may also initiate a temporary or permanent inactivity of the key.

The time-dependence of the codes, passwords or information chains in key and lock can be realized in many ways. For

35    example, the digits zx of a co:::le•number can be recalculated in regular or irregular time intervals, each digit resulting from a distinct time-function which may be changeable after


prefixed  time  intervals  or  through  signals  emitted  from  the

outside.  Such  a  time-function  is  defined,  for  example,  by the

forimJla:

•x  = Mod [Int{Sqrt (n+"-,c) ).10]

zx    ==  i:Oteger  :cumber  between  0  and  9

Mod    = modul-function

Int    =  integer-function
Sq.rt  = square-root-function
10    n = number of passed time-units ax; = constant value

The  constant  value  Bx has  another  value  for  each  digit  of  the

code-number  and  can  be  time-dependent  itself.  For  reasons  of

15    safety, it my be opportune to conceal the preserved codes, passwords or information chains and their time-dependence from the key owner.

Example  6:  Authentmatri x.  According  to  figure  4,  at  one  axis

:20    of  a chess-board  like  field,  encoded  electronic  informations

are  input  via  a  ten-bit-wide  databus.  The  encoding principle

consists  in  a  far-going  re-arrangement  of  the  conducting wires

of the bus (the conducting wires may be numbered as LEx at the matrix input and as LAx at the matrix output) • The following
:25    attribution  is  implemented  in  the  exa:rrple;  LEO-LAB,  LE1•LA4.,

LE2•LA5,    LE3•LAO,  LE••LA2,  LES•LA9,  LE6•LA6,  LE7•LAl,  LE8•LA7,

LE9- LA3 • Each one of the ten conducting wires of the datal:ru.s is marked with the name of a person. At the other axis of the matrix, the informations are passed on equally via an teo.-bit-

30    wide databus. The ten output conducting wires are marked with the ten. correlated first-names of the persons, in such way that a mottled sequence of first-names is formed, if the names are passed one after another.

3S    Each input wire can. be cOD.Dected with eve:cy output wire within the matrix. Decoding of informations is ilr;;)lemented by re-arranging the wires in the matrix in such a way that each
 

input wire is correctly tied-together with its correlated output wire, in the example: LEB-LAO, LE4-LAl, LES-LA2, LEO-LA3, LE2-LA4, LE9-LA5, LE6-LA6, LE1-LA7, LE7-LAB, LE3-LA9.
The  dashed  fields  in  figure  4  designate  the  combination  points

of correctly associated names and first-names. The person to be authentified creates tlf.e ten correct contacts between the

wires  of  the  input-bus  and  the  output-bus,  through  pushing  of

buttons  or  similar  impulses  on  tbese  fields.  In  total,  there

are  10!  posibilities  of  tying-together  the  two  data-buses

10    within the matrix. Only one of them is the correct one, is therefore suitable to decode and pass on the fed-in informations.

The  principle  of  the  authentifyi.ng  metbod  described  in  this

15    example and outlined in figure 4, can be physically implemented in many ways. For instance, the two-dimensional pattern consisting of the ten nodal points, can be used as a

mechanical  or  electronical  key  which  matches  with a  lock

not  recognizable  from  the  outside.  Or  it  is  possible  to

20    attribute to all matrix fields signs or numbers (basic-numbers}, whereby the signs attributed to the noclal points may serve as secrete codes, or the corresponding basic-numbers may be fed into a calculation algorism in order to calculate a

result-number  which  is  characteristic  for  the  pattern.

25

Example 7: Static PIN-card. According to figure 5 aru1 with a view of reproducing secrete codes (PINs), the owner of the represented card first produces ten couples of names (name o, name 1 etc. l and associated first-names (first-name o, first-

3 0 name 1 etc . l of persons who are only known by himself /herself, in principle. In figure s, names aru1 first-names with equal digit are ru2t correlated. The names aDd first-names are arranged on the card or on Clata-carriers to be fixed on the card iD such a way that couples of names aDd first-names which

35    belong  together  are  placed  in  both  columns  in  the most  random

manner.  Then  the  card  owner  defines  (in  the  example)  five

Pm-codes  {C  0,  C  l,   c 2,  c 3,  c 4),  or  takes  note  of  already
existiog  codes  each  of  which  may  contain  up  to  ten  characters.

A  digit  or  character  {zoo  to  z49)   of  each  of  the  five  PIN•

codes  is  juxtaposed  to  each  first-name  of  the  card  or

inscribed  in  special  data-carriers,  within  five  columns  of

digits  or  characters,  in  such  a  way  that  the  first  code  digits

or  characters  are  placed beside  that  first-name  which  belongs

to  the  first  name,  the  second  code  digits  or  characters  beside

the  first-name  which  belongs  to  the  second  name,  and  so  on.  If

a  code  has  less  than  ten  digits  or  characters,  digits  or

10    characters of any kind are inserted after exhaustion of the stock of digits or characters of the code. For the purpose of authentification, the card owner associates one after another the names with the first-names, and gets stepwise from the relevant col\.tiNl the code digits or characters which are placed

15    beside  the  first-names.

Example a: Actiye prN-rard. According to figure 6, the names and first-names of persons are used as association elements Ax

and  Bx.  A display  B and  several  handling  buttons  are  placed

20    on an electronic secrete-card A, abbreviated active authentcard. For example, the following buttons may be

available: E for "on/off", F for scrolling the code-denominations, G for "okey11 , H for scrolling the first-names, I for the exhibition of the desired entire code. The arrow C

25    symbo1izes the iiiput of the informations to be stocked: Names, first-names, code-denominations, characters or digits. The latter ones are a function of the first -names and the code-denominations, the order of exhibition of the names depends

upon  the  code-denani.nations.  For  instance,  the  authentcard  may

30    be "loa.dedn by insertion i.n a loading device, through incorporation or programming of an intelligent chip, or by putting it together with a key-board or a personal computer.

Arrow  D  indicates  the  possibility  of  utilizing  a  code  which  is

generated  during  the  authentifying  process,  for  unrecognized

35    authentification  as  in  the  case  of  an  encoded  key.

For  the  generation  of  a  PIN,  the  device  is  switched  on,  and


the  desired  code-denomination  is  entered  by  scrolling  and

operation  of  the  "okey"-button.  Thereafter,  the  names  appear

one  after  another  in  the  display.  By  scrolling  the  first-names

and  operation  of  the  "okey"-button,  the  correct  first-name  is

entered.  Si.Im.J.ltaneously  the  device  is  memorizing  the

correlated code-digit  or  character  or  visualizing  it  in  the

display.  The  entire  code  is  thus  reproduced  stepwise.

Example  9:  Static  PIN-Card.  According  to  figure  7,  ten  text-

10    couples Ax-Bx, composed of notions which are only within the remembrance of the owner, preferentially names and first-names, are inscribed in a card or leaf within two text colurrms
in  such  a  way  that  aorrelated  names  Ax  and  first-names  Bx are

separated  from  each  other  in  a  most  irregular manner.  For  the

15    purpose of illustrating the principle, the names and first-names of contemporary personalities are used in figure 7 which don't satisfy, of course, the fundamental psychanetrical criterium of exclusive individual knowledge.

20    Between these two word colurrms, eight double colunms of signs are arranged, preferentially of letters and digits, from which eight secrete codes (Pm 1 to PIN 8) can be derived. In these central sign-columns, digit-codes are placed under the titles PIN l to PIN 5, and letter-codes Ullder the titles PDl 6 to

25    PIN  8.

For reconstructing the eight codes, the card owner associates the names with the first-names (which are in real cases only

within  his  remembrance)  one  after  another  as  indicated  in the

30    left parts of the double columns by letter- or digit-series, ami then comes within the right parts of the double colunms to the digits or letters forming the secrete code, following the lines of the first-names. In the example, the following codes

will  result:  PIN  1  =  36  29;  PDl  2  =  29  26;  PIN  3  =  27  305;

35    PIN 4 = 69 ll 37; PIN 5 = 57 06 27 98 18; PIN 6 = mlM ZUC; PIN 7 = GQA REH DZ; PIN 8 = AJIO SllW Dl BQ.
 

Example  10:  personal j zeQ  electronic  key.  According  to  figure

8, a display 2 is incorporated in a longish plastic casing 1, on which up to about 25 characters can be exhibited single-lined. By pushing the button 3, short statement texts are

visualized  one  after  another,  in  particular  combinations  of

names,  which  are  to  be  verified by  the  key  owner,  for  instance

through  twice-repeated  pushing  of  the  button.  After  a

determined  number  of  verifications,  ao.  electronic  signal

becomes  available  for  a  short  time  via  the  contacts  '  which

10    releases the intended effect after putting the key in a suitable electronic lock.

The  electronic  system  of  the  inherent  ASIC  consists

essentially  of  a  memory  of  about  500  to  1500  Byte  volume  and  a

15    processor for the release, the exhibition and the comparison of the preserved texts, as well as for the input, the preservation and the time-dependent release of the signal. A

key- board which  is  seperated  from  the  key,  serves  as  an  input

device  for  the  texts  and,  if  needed,  for  a  modified

20    electronic signal. It will be put together with the key-board for the '"loadingn of the key. In order to activate the key effect, the key is put into a corresponding electronic lock.

The  main advantages  of  this  personalized  electronic  key  are:

25    a) Only the key owner is able to activate the key. He/she needs not memorize any code or secrete number. Nobody can forge the key.

b)    The  texts  used  for  verification,  and  the  signal  can  be

exchanged.

30    c) The key is suited for wide application, for instance as an anti-theft device for cars, for controled access to rooms and apparatusses, in general for all cases where non-personalized keys are now being used.

d)    Simple  design with  existing  cCIIlq;)OIJ.ents.

35

Example  11:  Identity  card.  Fifteen  text  couples  {Al-B1,

A2-B2,   ....  AJ.S-BlS),  logically  belonging  together,  are  noted


within  two  columns  of  the  identity  card  according  to  figure  9,

correlated  couples  Ax  and  Bx  being  irregularly  separated  as

far  as  possible.  The  tying-together  of  all  the  texts  follows

the  scheme  Al  -  Bl  -  A2  -  B2,  whereby  A(x+l)  is  placed  on  the

same  line  as  Bx.  The  first  fifteen  prime  numbers  are  arranged

between  the  two  text  columns  as  basic-nUlllbers,  one  after

another.

Notions  which  are  only  remembered  by  the  owner  of  the  identity

10    card, are advantageously used as text couples, like names and first -names of persons, names and business of persons, names and denominations of localities, names of neighbouring villages, denominations and characteristics of locations, and

so  on.

15

The  fifteen  basic-numbers  BZ  are  brought  into  a  particular

order through the before-mentioned tying-together plan of the texts. In total, there are 14! • 8,7 x 10 10 different orders. It is therefore impossible to guess the order chosen for the

20    identity card, and pointless for reasons of time and costs, to inversely calculate the order starting from the result-number. This is particularly true if one keeps secrete the calculation algorism, that is to say, if one does not note it on the card.

25    Fifteen intermediary results Nx2 are calculated by the algor ism shown in figure 9, via the operandusses:


30    and the power-exponent 2, for each order of basic-numbers. The final result-number EZ is found by addition of the fifteen intermediary results, in the example EZ = 2 042 071 872.

It  is  obvious  to  use  other  tyiD.g~up plans,  other ba.sic-

35    numbers, and other a1gorisms for calculatiD.g the result-nllll1ber.


The  identity  of  the  card  owner  will  be  demonstrated  at  a  given

time  and  a  given  location,  by  re-calculation  of  the  result-

nUliiber  EZ.  For  this  sake,  an  elementary  pocket  calculator

is  sufficient.  It  is  also  possible  to  use  a  specially

programmed calculator, into which the fifteen basic-IIUII1bers are entered one after another, and which directly outputs the

result-number.  In  this  case  and  in  the  following  one,  the

description of the algor ism on the card can be dispended with. It is even more advantageous, to use a card-reader (a so-

lO called ident- or authentdevice), on the display of which texts and numbers are exhibited after introduction of. the card, and

on which  the  card owner  can  tie-together  the  texts  (and

numbers)  with  the  provision  that  a  programne  contained  in  the

reader  will  autcmatically  calculate  the  result-numbers.

LS

In order to speed up the identification process in the case of institutions where a larg.e public needs to be received at counters and cash-offices, for instance in banking for check-confinnation, in trading for automated debiting and for

20    electronic cash, it is opportune to place the authentdevice remotely. The basic- and result-nUliibers of the identity card will be transferred by the authentdevice into a short-time data-carrier (so-called authent-money) which can be evaluated

by a  reading  device  placed  near  the  counter  or  the  cash-

25    office. After a pre-determined time or initiated by the reading process, the data temporarily entered in the data-carrier will be automatically cancelled.

If  the  authentification  is  to  be  effected by a  remote

30    instance, it is possible to enter and transmit the resul.t-number, and the basic -numbers in the correct order, by means of the cCJliiiOn and practically everywhere available numerical key-boards of the existing com:nunication networks, observing

appropriate  safety provisions.  In  the  example,  it would be

5    necessary to enter ten digits for the result-number and fifteen two-digit numbers for the basic-numbers. Tllis does not require more effort than the establishment of international


telephone  connections.

In  order  to  improve  security,  the  authentification  can  be

subdivided  in  two  or more  steps,  that  is  to  say  one  can

perform  several  identifications  with  the  same  identity  card  or

with  different  cards,   in  a  time-staggered  manner.  For

instance,  it  is  possible  to  use  two  cards  which  are  nearly

conform and  which  differ  only by  a  very  small  rearrangement  of

the  texts.  If  somebody would  manage  to  spy  out  the  first

10    identification  process,  he/she  would  not  be  successful,

as he/she would not be conscious of the fact that there is a second card which differs from the first one.

The  main  advantages  of  the  just  described  identity  card  are:

15    No secrete numbers or reference patterns are needed for identification, as in the case for the finger-print method. The risk of unqualified usurpation of these patterns or

codes  no  longer  exists.

Direct  readability  of  the  cards,  if  the  PSPI  and  t.he  numbers

20    are  visibly  impressed.

Simple  design  and  price-worthy  production.

In appropriate instances, no need for troublesome electronics .

secrete  numbers  or  codes  are  not  to  be  memorized.

25    A sufficiently large number of texts, the use of several colUIIIIlS of basic-numbers, the concealment or modification of the algor ism, or the suhdivision of the

identification process into partial steps, will make the process as falsification-proof as wanted.

30

Exairq;>le 1.2: ;uthentj fj cation wj th autheptcards. Accordi.D.g to figure 10, each authentcard contains, assembled in groups, the names and first-names of sixteen people Who are only within the remambra.nce of the card owner (for the sake of

35    illustrating the principle, the names and first~:cames of contemporary persOD.ages are used which don't fulfil, of
 
course,  the  fundamental  psychorretrical  criterium  of  exclusive

individual  knowledge).  A prime  number   (basic-number  BZ)  is

attril:ruted  to  each  name.  The  tying-together  is  as  follows:

ADENAUER-K.onrad-BRECHT-Bertold-ERHARD-Ludwig  etc.  Altogether

there  are  15!  ""  1,31  x  1012:  different  tying-together

possibilities.  The  algorism  is  defined as:  result-IlUlTiber  EZ  =
I: Zx2 , where Zx is defined as BZx • BZx+l • BZx+ 2 • The result-number in this example is calculated to 6 927 236 929.

10    The authentdevice (figure llA) exhibits on its touch-screen the names and first-names as well as menu-indications.

In  order  to  excluCle  that  an  owner  of  an  authentcard  transfers

without  authorisation  his/her  card  and  his/her  psychanetrical

15    knowledge to another person who might attempt to perform a forged authentification, it is opportune to accomplish in addition to the authentification according to the tying-

together  principle,  a  supplementary authentification  on  the

basis  of  the  characteristic-comparison principle.  For

20    instance, PSPI statements or bianetrical characteristics of each participant in the system may be stocked in stationary information memories, with the help of which corresponding data produced during authentification, are being compared.

25    Figure 118 shows how the authentdevice with touch-screen, already used for ~lementing the authentification according to the tying-together principle, can also be used for

verifying PSPI statements, that is for authentification accordiDg to the characteristic- comparison principle.

30

If bianetrical characteristics are used for this supplementary autheo.tification, very simple features like tallness, weight, head-periphery etc. can be utilized, because it is only necessary to demonstrate that a person differs physically

35    from  another  one,  or  does  not.

Exarr(>le  13:  Tele-a.ntheptjfjcatinn  per  telephone.  According  to
 

figure  12A,   the  person  to  be  authentified  uses  an

authentdevice  W'ith  touch- screen and  authentcards  {which  are

not shown} with 16 names, 16 first.-c.ame.s and 16 basic-numbers, for instance the first 16 prime numbers from 2 to 53. If no

authentdevice  is  available,   a  si.rople  card  with  the

corresponding  informations  which  is  directly  readable,  and  a

pocket.  calculator  with  12-digit  display,  will  suffice.  The  use

of  a  new- shaped  authentdevice  in  t.he  form  of  a  small

electronic  calculator  (figure  13)  is,  however,  especially

10    appropriate,  as  will  be  described  in  example  14.

After introducing an authent.card, the picture represent.ed in figure 12A will be exhibited on the touch-screen. The screen

possesses  in  its  lower  part  a  display  for  exhibiting  the
15    result-number EZ = 6 927 236 929 which will be calculated after tying-together all names and first-names, and for

exhibiting one of the basic-numbers attributed to the names, in the present case, BZ = 53 .

20    The  authentdevice  is  equipped  with  means  for  generatillg

numbers which can be used as a modified basic-number and will be exhibited on the left side of the lower part of the screen (in the ~le BZ = 59). This new basic~ number will be used instead of the original one (BZ = 53) . After touching the

25 "okeY"-field, the authentdevice calculates the new result-number EZ = 8 365 541 377. Initially, the four numbers remain visible. Next, the person to be authentified calls the authentifying instance, and ccmnunicates the origi.Dal EZ = 6 927 236 929 and the original BZ = 53. The authentifying

30    instance bas acces to a data treat.ment device via a terminal. All persons participating i.Jl the authentification syst.em have entered in it before the beginning of its operation and observing the necessary safety provisions, their result~ number, chain of basic-numbers and possibly additional ba.sic-

35    nunfoers attrilJUted to the names and first-names, as well as in appropriate instances individual algorisms. '!'his data


processes:  After  input  of  a  correct  result-number  into  the

terminal,    first  the  corresponding  chain  of  basic-numbers  will

be  approached;  then  a  basic-number  will  be  input  in  the

terminal,  so  that  -  if  that  basis-number  was  correct  -  its

correspooding  basis-number  in  the  chain  is  identified  and

activated.  The  programme  then  calculates  according  to  an

individual  algorism  or  on  the  basis  of  an algorism common  for

all participants, from the approached chain of basic-numbers automatically the result-number, or replaces the identified
10    basic-number  by another  one  which  was  entered  in  the  terminal.

The display of the terminal of the authentifying instance is shown in figure 12B. It has a key-board (fields) for entering
the  ten  basic  digits,  a  cancellation button  (field)  "C"  and  a

lS    turning-on  buttOD  (field)  "on",  as  well  as  a  domain  for

indicating  the  user-led menu.  Finally a  field  for  the

exhibition  of  result-  and  basic-numbers,  and  a  button  (field)

"okey".

20    After  turning-on  the  terminal,  the  user-led  menu  exhibits

"Please enter the transmitted EZ, then push okey11 • The operator at the terminal then enters the original EZ = 6 927 236 929 and observes the result on the display,

whereafter  he/she  operates  the  field  "okey''•  By  this,  the

25    chain of basic-numbers in the data treatment device of the person to be authentified, is approached and activated. Then follows the menu indication "Please enter the transmitted BZ, then push okey". The operator complies with this indication by

entering  the BZ  =  53  and  operating  the  field  "okey".  This

30    basic-number is identified and activated in the data treatment device, and the menu exhibits the request "Please request the

new basic-number,  then  enter  it,  then  po.sh  okey".  The  operatm;-

formulates the corresponding request on the telephone, receives of the person to be authentified the new BZ = 59,

35    enters  it  into  the  terminal  and  confirms  with  the  field

"okey". Herafter, the data treatment device calculates the new result number EZ = 8 365 541 377 and exhibits it on the
 

display.  Then  follows  the  menu  indication:  "Please  request  the

new  result-number  and  compare  it  with  the  one  exhibited  on  the

display,    then  push  okey".  The  operator,  after  having

transmitted the corresponding request by telephone, receives from the person to be authentified the new EZ = 8 365 541 377,

compares  it  with  the  one  on  the  display,  and  confirms  in  the

case  of  positive  result  with  the  field  "okey".  The  display

hereafter  exhibits  "Authentification  successfully

accomplished".    If  there  was  no  conformity,  the  authentifying

10    process  is  abandoned.

The new chain of basic-nti111l:lers with the new BZ = 59 remains preserved within the authentdevice of the person to be

authentified  as  well  as  within  the  data  treatment  device,

15    furthermore the new EZ = B 365 541 377 withiD. the data treatment device, as an access criterium for the chain of basic-numbers. Time and progress of every authentification are recorded for the sake of surveillance. The data treatment

device  is  programmed  in  such  a  way  that  each  basic -number  of

20    the chaiD can only be modified once. If after a number of authentifications all original basic-numbers of a chain have been changed, the person to be authentified uses a complete new set of basic-numbers having the same tying-together

order,  conform with  another  one  already available  in  the  data

25    treatment device, or to be generated in it at the necessary manent, and which will replace the precedin~ chain of

basic-numbers after the ultimate modification of an original basic -number.

30    The telephone authentifying method according to the invention is absolutely falsification-proof. The investment for conmun.ication is a minimum, because only two ten~digit and two two-digit nlJD'hers have to be transmitted in the example,

35    Example 14: Pocket authpntdeyjce. With regard to figure 13, a ha.Ildy authentdevice composed of elementary compooents is described, by the use of which the person to be authentified


can  perform  the  main  steps  of  telephone  authentification

speedily  and  flawlessly.  This  device  is  also  suited  for  all

kind  of  on-the-spot  authentification  and  for  preserving

secrete  codes  (PINs)  and  other  personal  data.

Signify  in  figure  13:  B a  casing,  A photocells,  c  a  12-digit

display,  D a  switch  for  turning  on  aDd  off  the  device  and

for  initiating  special  functions,  E a  column  of  ten  pushing

buttons  or  release  ~ields, F  an  area  on  which  are  inscribed

10    ten names and first-names of persons who have been chosen by the owner of the device according to the criteria of psychometry. The ten buttons or fields are electronically covered each by a basic-number, as is shown in figure 13. As was already mentioned in excutq:)le 12, additional basic-numbers

15    which are not shown, may be attributed to the buttons or fields according to claims 8 and 10. Further features of the device result from. claim 10.

The  authentifying  process  progresses  as  follows:

20

1. The owner turns on. the device, whereafter the last calculated result-n.uml:Jer appears on the display. Thus according to figure 13, EZ = 3 056 775 706, if the algorism was chosen as EZ = l: Zx., with Zx ""BZx • BZ(x+l) • BZ(x+2)•

25

2. He/she operates one after another the ten. buttons {fields) following the tying-together plan. The EZ = 3 056 775 706 appears once again on the display. This means self-

authen.tification of the owner who may then continue by noting 3 0 this result- number.

3. He/she pushes the button (field) beside 'name 6 aDd first-name 5', until the basic-IlUll'lber BZ = 31 will appear on the display. He/she notes this basic-number.

35

4. He/she pushes agai.IJ. the same button (field), as long as a new basic-number will appear on the display, in the example
 

BZ  = 33.  This  new  basic-number  was  generated  by  the  owner  with

the  means  revealed  by  claim  10,  or  automatically  by  the

authentdevice.  He/she  notes  this  new  basic-number.

5.  He/she  repeats  step  2,  and  gets  the  new  result-number  E:Z:;::::

2  891  394  442  on  the  display,  which  he/she  notes.

6. He/she transmits the four D.UII'Ibers 3 056 775 706, 31, 23, and 2 891 394 4-4.2 by phone to the authentifying instance which

10    then accomplishes the authentifying process with the means revealed in claim 9.

The  owner  can  exhibit  possible  preserved  secrete  codes  {PINs}

or  other  persooal  data  oc.  the  display,  after  each  successful

15    self-authentification, through the pocket authentdevice and with the help of the supplementary functions mentioned in claim 10. The number of possible tele-authentifications is practically unlimited, because: first the quantity of basic-

numbers needed for authentification is only limited by the 2 o memory volume of the authentdevice, and secondly the

authentdevice can be loaded with fresh data from time to time, observing certain safety provisions.

liMENIEDCLAIMS
[received Uy the 1nternational Bureau on 30 June 1995 (30.06.95); original claims l and 2 amended;. remaining claims unchanged.

(2  pa<;JeSlJ

1.  An  autheDtifyi.Dg  method  using  associated  notions  (PSPI)  in

the  form  of  images,  tokens,  texts  or  sounds  as  an

identification  feature,  these  associated  notions  (PSPI)

being based on the indivi<hlal knowledge and experiences of a person, the latter performing the following steps with regard to a plurality of these PSPI:

•  first  subdivide  them  into  their  associated  elements  and

assemble  and  register  the  latter  ones  within a  plurality of

element  groups  according  to  superordi.nated  categories  of

10    these associated elements, whereby the elements may be accompanied by tokens iike numbers or letters, secOildly make

them visible, audible or available in their sul:ldivideci form acc:ording to the groups, for the elements of one category in a determined sequence and for the elements of the otber
lS    categories  in a  random  sequence,  thi.rdly  and  still  in

subdivided  form,  put  them together  into  characteristic  two-

di.mensiODal  structures  or  linear  chains,  by means  of

connecting  associated  elements  of  the  respectiVQ  element

groups  and  of  connecting  these  reconstituted  PSPI  in a

20    sequeDCe wllich is defined 'ay the way in which the elements were registered, made visible, a.ud..ilJle or available, or by

the  iDherent  nature  of  tbe  elements*  or

•  first  integrally and  i.Daccesibly  store  PSPI,  consisting  of

a  statement  plus  the  correlated verification/falsification

25    particle, aboUt balf of these statsments being true and. the other half being ~g; or t:onsisting of fragments of statements and the complementary part; or being fozmulated
in a  language  not  current  at  the  place  of  identification or

with  signs  not  commonly  intelligible;  secOildly make  those

30    'PS'PI visible or audi.l:;)le without the caaplement and in a sequence which other persons cannot foresee, thirdly replenish them with tbe missing rest.

2.    An authentifying method according to the first part of claim 1, the PSPI consisting of comhinatians of proper names
with other proper names, of proper names with properties, of proper names with numbers, or of proper IlBJDQS with other proper names, properties and numbers .

3. An  authentifying  method  according  to  claims  l   or  2,

characterized by  one  or  more  of  the  following  features:

a)  the  PSPI  can  be  entered  with  the  methods  of  modern

10    information technology into stationary, mobile or card• and key-like dan-carriers (authentcuds and authentkeys), where they can be preserved and treated, aJld frcmt where tbey can be emitted;

b}  a  subsequent  PSPI  is  only emitted after  final  treatement.

15    of  the  foregoing  PSPI;

c) after accomplishment of authentifica.tion, an actuator is released autanatically or through an additional signal;

0.) after certain intervals, renewed authentification processes are initiated automatically or tllrough external
2 0    action  an  the  basis  of  other  PSPI;

e) a time limit is fixed for the authentificatiOIJ. processes, after passing of which authentification is unsuccessfully tetminated, and renewed authentificatian is excluded tenporarily or definitively;

25    fl preserved PSPI are partially or integrally replacable or reproductable. observing special safetY measures.

4. An  authentifying method  according  to  claims  1  to  3,
 
Figure 4


First-name  0

First-name  1

First-name  2

First-name  3

First-name  4

First-name  5

First-name  6

First-name  7

First-name  8

First -name  9

        c  0    c  1    c  2    c  3    c  4           
Name    0    First-name  0--  zOO    z10    z20    z30    z40           
Name    1    First-name  1--  z01    z11    z21    z31    z41           
Name    2    First-name  2--  z02    z12    z22    z32    z42           
Name    3    First-name  3--  z03    z13    z23    z33    z43        l-f:l,.   
Name    4    First-name  4--  z04    z14    z24    z34    z44        .........   
                                   
                                .......   
Name    5    First-name  5--  z05    z15    z25    z35    z45        .......   
Name    6    First-name  6--  z06    z16    z26    z36    z46           
Name    7    First-name  7--  z07    z17    z27    z37    z47               
                                       
Name    8    First-name  8--  z08    z18    z28    z38    z48               
Name    9    First-name  9--  z09    z19    z29    z39    z49               
                                       
        PinCard  -  Personal secrete codes                       
    Name: MUSTERMANN        Street: Lindenweg 99            Tel.: 0999-12 34 56 78                       
    First-name:  Moritz        City: D-99999 Moritzkirchen        Divers: Please return to address                   
                        PiN:a'PIN 4    PIN,S • PIN 6                               
            PiJ•n    PIN 2            PII':Ci:~    PIN B   .                       
    NAMES    4;Zij( 4 Ziff.    $~!fJ;    6 Ziff.    1l}?:i~    6 Bu.    ~•ij~i;i: 10 Bu. Forst-names                       
    lmti.u:ii: ;~. > i   ,.,,~,    ~• :,4    i::  ~.' ''~.:    !1:: fA 7: I''!~I j;, i;j;j    '1':W, LIJI/Wt(Ji    ; ,''            0'>   
                                    --..,   
    ADENAUER    :;,[    ;((    A  6    i :::if ,:~:    B  3    i!! :1!    Z [,,~'~ ~~~'    2    I    Erich                ~   
    s¢flu(L(~~fii;f1,, :,    •~,    ~    ':.~ •~ ;2Lt ,()    c (i; :'1. •~;;,,    ~ !~!    ::3    ,(:)    K:i.ift,, .•: ::.    ,,    ;        ~   
                                                           
    WEHNER    \    II    B  B    ,,,,! ,q:    c  5    p  1.    u    ~ .• "~',    4    B    Jakob                       
    BRAiili)f                                                                       
    ERHARD                                                                       
    i-IEINE,{,;f'A/iiN                                                                       
    OLLENHAUER                                                                       
Figure 9


Identity Card

Card-No.: 2 042 071 872       
Card owner:       
Moritz MUSTERMANN       
Birthday: 31-12-1967       
Residence:       
Lindenweg 99    Nx = BZ of Ax times  BZ of A(x+1)   
D-99999 Moritzklrchen       
    times  BZ of A(x+2)   

Valid until: 31-12-1999    EZ = Sum of all Nx power 2   
       
Preserved
Informations:

1.    Series of 16 Names with each one Basic-number;

2.    Series of 16
First-names;

3.    One Result-number.
4.    One Algorism.
 

EZ =6 927 236 929

            ADENAUER    19    August       
            ERHARD    11    Bertold       
            SCHARPING    37    Ernst       
            WEHNER    23    Gerhard       
            HEUSS    3    Gustav       
            BRANDT    47    Helmut       
            SCHUMACHER    17    Herbert       
                                               
            KOHL        53    Jakob           
            BRECHT                Konrad           
                    5                   
            WORNER    43    Kurt       
            HEINEMANN    29    Ludwig   
            BE BEL    7    Manfred   
            REUTER    41    Oskar   
            SCHRODER    13    RudoH   
            KAISER    31    Theodor   
                       
            LAFONTAINE    2    Willy   
                       

Zx = BZX o BZX+1 o BZx+2 EZ =Sum of all ZX oZX
 
Please August touch correct 'Bertold
first-name
Ernst

KOHL

(  City A belongs to county B )
 
t~~B Please touch the field "true"
or 11wrong"

If you have touched the wrong field, please touch adjacentfield lor correction,
then continue
 

Newsletter

Join our newsletter for CIPIT news through subscriptions!

SEND

Social Media

    

Contact Us

TEL : (254) 703 034 612