WO2001013243A1 - User authentication system - Google Patents

User authentication system Download PDF

Info

Publication number
WO2001013243A1
WO2001013243A1 PCT/AU2000/000972 AU0000972W WO0113243A1 WO 2001013243 A1 WO2001013243 A1 WO 2001013243A1 AU 0000972 W AU0000972 W AU 0000972W WO 0113243 A1 WO0113243 A1 WO 0113243A1
Authority
WO
WIPO (PCT)
Prior art keywords
password
user
service
user authentication
authentication system
Prior art date
Application number
PCT/AU2000/000972
Other languages
French (fr)
Inventor
Joseph Elie Tefaye
Original Assignee
Creditguard Ltd
Joseph Elie Tefaye
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AUPQ2184A external-priority patent/AUPQ218499A0/en
Priority claimed from AUPQ2347A external-priority patent/AUPQ234799A0/en
Application filed by Creditguard Ltd, Joseph Elie Tefaye filed Critical Creditguard Ltd
Priority to EP00955955A priority Critical patent/EP1214658A1/en
Priority to AU68097/00A priority patent/AU6809700A/en
Publication of WO2001013243A1 publication Critical patent/WO2001013243A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation

Definitions

  • the Internet is rapidly changing the way the world communicates and conducts business There continues to be an exponential increase in the number of users who gain access to the Internet and who subsequently wish to purchase goods and services via this medium
  • a user authentication method to authenticate a registered user of a service over a computer network, the method comprising the steps of
  • the method may further comprise the step of
  • step (h) may further comprise the step of (l) issuing said second password once the registered user has selected said first password, said second password issued according to said pre-defined relationship
  • said method further comprising the step of
  • the method may also comprise the step of randomly mapping input values with output values
  • the pre-defined relationship may be determined according to the formula y - mx + c wherein said passwords are numerical and y is said first password, x is said second password and m and c are constant
  • step (h) said registered user may select one or more calendar dates as a password and step (h) may further comprise the step of ( ⁇ ) issuing a random number associated with said selected one or more calendar dates and using said random number to identify said registered user
  • the service may relate to credit card payment facilities
  • the service provider may be a credit card payment authorisation service
  • Z and C may be based on a number unique to the user such as their Driver's License or Social Security number, Medicare Card With such a nominated number as input, the values of Z and C can optionally be calculated according to a formula
  • a date time stamp data may be issued to a registered user when they are issued with the unique graphic and this date time stamp is embedded within said unique graphic
  • a transaction number may be issued to the registered user for each service request that is granted over the computer network
  • a user authentication system to authenticate a registered user of a service over a communication network
  • the authentication system comprising server means connected to said communications network having one or more information pages associated with a service provider, a client device adapted to interface with said server means via said communication network, said client device capable of accessing said one or more information pages to thereby permit said user to submit a first password and a unique graphic comprising embedded second password data, to the service provider via said one or more information pages, and authentication means adapted to interface with said server means to thereby extract the second password from the embedded second password data contained within the unique graphic, and compare the submitted first password and extracted second password to determine if a pre-defined relationship exists between the passwords, wherein in use, the client user is granted registered user status and is allowed access to said service if said pre-defined relationship exists
  • a user authentication system to authenticate a registered user of a credit card service in an Internet environment, the authentication system comprising server connected to the Internet having one or more web pages associated with said vendor, said vendor web pages permitting purchase of goods/services therefrom, a client device operable by a user, said client device adapted to connect to said server via the Internet and download one or more of said web pages, said client user being thereby permitted to submit a first password and.
  • a unique graphic including an embedded second password to the service provider via said web pages, and authentication software adapted to interface with said server to thereby extract the second password from the unique graphic and compare the submitted first password and second password to determine if a pre-defined relationship exists between the passwords, wherein in use, the client user is granted registered user status and is allowed access to said credit card service if said pre-defined relationship exists
  • theie is provided a usei authentication method to authenticate a registered user of a service over a computer network, the method comprising the steps of (a) permitting a client user to request a service from a service provider accessible from said computer network,
  • Fig 1 is a schematic illustration of a preferred system to authenticate a registered user of a credit card service
  • Fig 1A is a display of a virtual form from a web page that a credit card user completes to obtain registration with the credit card authentication service
  • Fig IB is a display of an email that is sent to a user once they have registered for the credit card authentication service
  • Fig 2 is of a display of a virtual form from a vendor website which is downloaded by a client computer and viewed from the client's web browser software
  • Fig 3 is a schematic illustration of a Birth Date chart used in the preferred embodiment
  • Fig 3A is a schematic illustration of the fields associated with a credit card holders details recorded in the data base of the credit card authentication service of Fig 1
  • Fig 4 is a schematic illustration of the steps which are involved in authenticating a credit card purchase from the credit card authentication service of Fig 1 ,
  • Fig 5 is a schematic illustration of the virtual form of Fig 2 after an authentication check has determined that the purchase request is from a registered user of the credit card authentication service
  • Fig 6 is a schematic illustration of the virtual form of Fig 2 after a authentication check has determined that the purchase is not from a registered user of the credit card authentication service and therefore the purchase has been denied, and
  • Fig 7 is a schematic illustration of how passwords are extracted and compared by the system of Fig 1
  • a preferred embodiment provides an authentication method and system to authenticate a registered user of a credit card service in an Internet environment
  • the authentication system includes a server which is connected to the Internet and from which any number of web pages associated with an Internet vendor is available for the purchase of goods and services
  • a personal computer connects to the Internet and downloads one of the web pages
  • the user submits a purchase request which includes a first password and a graphic file having embedded password data when they wish to make a purchase request from the vendor
  • the purchase request information sent to the vendor is routed to a server having authentication software which extracts the password data embedded in the graphic tile and compares this with the first password If a pre-defined relationship exists between the two passwords, the authentication software grants registered user status to the purchase request and the purchase is allowed to proceed
  • the user authentication system 10 includes a Credit Card Authentication Centre (CCAC) 15 which includes a server 14 which is connected to the Internet 12
  • the server 14 further includes a database 16 on which credit card information for a multiplicity of registered users is stored
  • the credit card information includes registered user contact details, authentication data and the actual credit card details
  • the server 14 also includes authentication software 18 for authenticating credit card data
  • the authentication software 18 further includes random number software 20 in the form of a birth date chart comprising a table of random numbeis as will also be described in detail below
  • a web site 21 is also accessible from the server 14 and is written in HTML code The web site 21 is used to register users in the data base 16 and to permit a registered user to change their contact details as required
  • the authentication system 10 may further include a number of Internet vendors 23, 25 who operate respectiv e web sites 26, 28
  • the web sites 26, 28 are Internet vendor web sites which offer goods and services to customers when the respective servers 22 and 24 are accessed via the Internet 12
  • Fig 1 only two web site vendors are shown in Fig 1 , it should be understood that this is for illustrative purposes only and that any number of web site vendors could participate in the system
  • a plurality of client computers 30 31 are shown which can access the Internet 12 via their ISP (not shown)
  • client user 30 is a registered user of the CCAC 15 and client user 31 is not a registered user of the CCAC 15 system
  • client user downloads the Credit Card
  • Authentication Registration form 43 shown in Fig 1A, from the web site 21
  • Joe Citizen enters his contact details, shown generally by arrow 44, in addition to
  • a first birth date 48 preferably not the user's own and one that he will readily remember (in this case, 1 January),
  • This two digit number 48' is used to create a unique graphic identifier (UGI) which is later issued to the user by the CCAC 15 system
  • the client user 30 then sends the information contained within the of form 43 to the server 14 by clicking the SUBMIT button Should the client user not wish to proceed with registration, they click the CANCEL button
  • the user could also input his/her credit card PIN number for authentication of the credit card as being properly registered with the CCAC 15
  • Another alternative to the user inputting a two digit number in field 48" may involve the user inputting a number associated with his/her person, such as a drivers licence number. Medicare number, Social Security number etc This number can then be input into a pre-defined formula and a number derived to draw the UGI as will be explained below
  • the authentication program Upon receiving the registration data referred to above, the authentication program reads the two digit number "10" selected by the client in field 48" This number is used to generate a UGI
  • the UGI is preferably a fractal and more preferably is generated according to the Mandlebrot set
  • Z +1 (Z N ) + C series of numbeis
  • m Z and C are determined for each user according to a predefined algorithmic variation of two particular pieces of information, one for Z and one for C
  • the authentication program then reads the two dates 48, 48' and sets a first password for the registered user as 010131 12, being the two dates selected in form 43 of Fig 1A
  • the authentication software 18 When the client user 30 is registered as a user of the CCAC 15, the authentication software 18 records the date and time of when registration is issued to the client 30 and a Date Stamp is generated for the registered user This assists the CCAC 15 from distinguishing from different users of the CCAC 15 who have the same name, or the one registered user who has a number of credit cards registered with the service In this example, the registration was issued on 13 August 1999 at 3 03 25 PM, therefore the Date Stamp issued for the registration of this example
  • the random number software 20 which is a part of the authentication software 18, generates a routine to assign a random number value related to the input password In this example, the random number value relates to the birth Day Chart 32, are shown in Fig 3
  • the birthday chart 32 is a chart listing the dates of the sequential days of the year as shown in the birth date column 54, and having a corresponding assigned value called the UGI number shown in column 56 It will be appreciated that the numbers for the dates of the year are sequential in this diagram, but this is for illustrative purposes
  • the UGI number in the Birth Date chart has UGI No's 1 to 365 and is associated with respective calendar dates 1/1 to 31/12 (this example does not relate to a leap year) Therefore, as the user in Fig 1A, has selected the birth date 0101 and 31 12, they are assigned UGI number 1, and 365
  • the UGI numbers could be used to also generate the UGI graphic in other embodiments without having the client user select the field 48" as shown in Fig
  • the UGI data is broken down into binary format and the UGI No, 1 and 365, are formatted into binary format from an ASCII text character to binary format
  • the UGI Numbers are then embedded within the binary data of the UGI
  • the authentication program sends an encrypted email as shown in Fig IB
  • the email confirms the registration and provides the client user 30 with the first password (010131 12) and the UGI graphic which includes the embedded UGI numbers 1 and 365 Alternativel ⁇ the first password could be communicated verbally over the phone to the client user 30 or alternatively could be sent via the postal service for added security so that both first password and UGI are not sent in the same communication
  • the actual UGI shown in Fig IB is shown as an example of a UGI and is not a UGI determined according to the formula above
  • the data associated with the registered user Joe Citizen which is recorded in the CCAC 15 database 16, is shown in Fig 3A, including the Date Stamp 130899-150325 referred to above
  • a client user 30 wishes to purchase a product from an Internet vendor such as vendor 23 who operates website 26, they typically select the product and download an order form page, an example of which is shown in Fig 2
  • the client user wishes to purchase 'Book X' for $89 95 (refer to field 38)
  • the virtual form 32 has a number of fields which the client user 30 enters, such as title, first name, last name, address, suburb, postcode, state, country etc
  • the user also enters their credit card number into field 34, the expiry date of their credit card in field 36, the purchase amount in field 38, their eight digit designated password '01013112' (field 40) and their designated UGI with embedded UGI number in field 44
  • the UGI is copied from the client 30 and pasted in the Internet browser application in field 44 In other embodiments, this may be executed automatically by
  • the website server 22 automatically routes the purchase request information including the UGI from field 44 and the eight digit password from filed 40 to the CCAC 15 server 14
  • the authentication program 18 Upon receipt of the purchase request by the server 14, the authentication program 18 then begins the process of authenticating the user Firstly, the UGI is decrypted by the authentication software 18 and extracts according to an encryption key, UGI numbers encrypted within the UGI which are recorded as UGI#1 and UGI#2
  • the authentication program 18 refers to the random number software 20 having the birth Date chart table 52 shown in Fig 3, to obtain the respective corresponding birth dates
  • the authentication software 18 reads the password
  • the authentication software 18 determines if the person making the purchase request is a registered user of the CCAC 15 by determining if there is a pre-defined relationship. In this embodiment if:
  • Fig. 7 provides a schematic illustration of how PI .
  • P2, UGI#1 and UGI#2 are extracted and compared with P3 and P4. Therefore, the pre-defined relationship in this example is:
  • the authentication software 18 determines that the purchase request details entered on form 32 are correct by first reading the Date Stamp "130899-150325" submitted with the UGI data and comparing it with the Date Stamp recorded in the Database 16 to first verify the identity of the person making the purchase request
  • P1 -P3 and P2-P4 is '0'
  • the client user 30 is deemed to be the authentic owner of the Credit Card and the transaction is allowed to proceed as shown in Fig. 5
  • a transaction number may be issued to the person making the request to verify the time that the authorisation request has been made If either of these two sums had yielded a result that is greater or less than zero, due to a purchase request by the unregistered client user 31 , the authentication program 18 determines that the purchase request is not from an authentic card holder or registered user and access is denied as shown in Fig 6.
  • Authorisation is then declined and the Issuer advised of a possible fraudulent attack against the card
  • the authentication program sends a message to the server 22 of the Internet vendor 23, that the credit card number is an authorised registered user of the authentication system.
  • the Internet vendor can then ensure that an authorised person is making the purchase request and thereby approve the sale
  • a credit card holder Upon registration, a credit card holder is issued with a UGI and a password which he/she has nominated as shown in Fig. IB.
  • the password and UGI are used to authenticate a purchase request via the Internet from his/her credit card.
  • the credit card holder submits a purchase requests from a Internet vendor and fills in a virtual form 32 (Fig. 2) which is accessed from an Internet vendor's web site. Upon receipt, this information is routed to the credit card authentication server 14 (Fig 1).
  • Step 90 The credit card authentication server 14 receives the information routed from the vendor which includes the first password and the UGI
  • the authentication software 18 is initiated and the first password is stored in the RAM of the server 14 Step 110
  • the authentication software 18 then extracts the password embedded within the UGI and the Date Stamp and also stores this in RAM
  • the UGI numbei is then compared on the random table number 20 and the corresponding birth date is then determined from the birthday chart of Fig 3
  • the date stamp from the UGI graphic is compared with the date stamp recorded in the data base 16 to determine if they are matching and thereby identify who the person making the purchase request is meant to be
  • the first password (P1 ,P2) of Step 100 is then compared with the second password (P3,P4) from the extracted UGI number of Step 1 10 (UGI#1 ,UGI#2) to determine if they are equal
  • the transaction is authorised and the authentication program verifies that the purchaser's request is made by a registered user of the system as shown in Fig 5
  • the transaction authorisation is denied and a message displayed to the person making the request is displayed as shown in Fig 6
  • the CCAC 15 advises the credit card issuing authority that the an unauthorised purchase attempt has been made with the card If the relationship does not exist, the transaction is not approved and a GIF graphic "ACCESS DENIED" is posted in the field 44 of foim 32 as shown in Fig 6 from client 30 Internet browser Approval for the purchase request is not granted and this information is then sent to the server 22 of the Internet vendor 23
  • any relationship may be used to compare the first password (P1,P2) with the second password (P3,P4)
  • the embodiment described above requires a user to register with the CCAC 15 by filling in the form located on CCAC 15 web site 21, in other embodiments, the user may be required to register the information shown in Fig 1A first with the credit card issuing authority who will authenticate the user from personal information held on the database 16 and may obtain the information from their own web site, via a form, or over the telephone
  • the UGI graphic and the password are not sent in the same email for added security purposes
  • the embodiment above was shown with the UGI graphic and the password in the one email for illustrative purposes
  • more than one server 14 may be involved with the credit card authentication centre and furthermore the database and server 16 and server 14 may not be placed in the same location tor added security
  • it is preferable that all transactions between the internet vendor and the credit card authentication centre 15 are encrypted
  • the credit card authentication centre may be the credit card issuing body It will be realised that the system may be implemented for other security applications such as verifying that a particular authorised user has access to particular computer files
  • the client 30 31 shown in this embodiment has been a personal computer having access to the internet
  • the client of the computer network may take the form of a mobile phone with WAP capabilities for accessing the Internet
  • the computer network may not be the Internet but could be an organisation's LAN which is used to grant access to particular files
  • the UGI graphic is any graphic which is unique and may be created according to the Mandlebrot set, any graphic image or alternatively it could be a thermal image of a person to whom the image is assigned to
  • a copy of a UGI and password may be issued to two or more authorised users so that groups within an organisation may gain access to files on the computer network
  • the embodiment provides a method and system whereby an Internet vendor is able to authenticate that a person making a purchase request via the Internet is in fact the authentic credit card holder Because the person making the purchase request must submit both a UGI and a password, this substantially enhances the security of the system rather than using an alphanumeric password on its own which a third party could easily copy
  • UGI User Datagram Protocol
  • Other embodiments may require that a new UGI is generated for each registered user over a pre-defined time period, such as on a monthly or annual basis
  • a number of UGI's may be issued to a registered user in which one of them will be a valid UGI (known to the registered user) and the other UGI's will be fake so as to make it difficult for a fraudster to know which UGI is the correct UGI
  • a UGI without the password could be issued to a person, such as the thermal image of that person referred to above This thermal image could be used to allow a person to access the computer system as described above without the steps of comparing the password This would allow a registered user of the system to gain access to files remotely rather than relying on a password
  • the UGI submitted by an access request would be compared with one recorded in the database 16 to determine whether a correct UGI has been presented Should a correct UGI be presented, the person making the request is granted registered user status
  • the service request may be for electronic mail services
  • a client user would prepare an email to be sent to another email account and before sending the email the client user would submit with the email, the UGI and password in fields created in the client's electronic mail application, such as in Outlook ExpressTM by Mircosoft Corporation or Lotus NotesTM by Lotus Development Corporation
  • the email would be routed to the CCAC 15 rather than directly to the recipients email account and thereby authenticated as an actual email from the sender
  • a message could be displaved in the email on presentation to the recipient stating that the email has been verified as authentic by the CCAC 15

Abstract

A user authentication method to authenticate a registered user of a service over a computer network, the method comprising the steps of: (a) permitting a client user to request a service from a service provider having one or more information pages accessible from said computer network; (b) requiring the client user to submit a first password via said one or more information pages to the service provider; (c) requiring the client user to submit a unique graphic via said one or more information pages to the service provider, said unique graphic including embedded second password data; (d) extracting the second password from said embedded second password data contained within said unique graphic; (e) comparing the submitted first password and extracted second password to determine if a pre-defined relationship exists between the passwords; and (f) granting the client user authentic registered user status if said pre-defined relationship exists and providing access to said service.

Description

User authentication system
Field of the invention
The present invention relates to a user authentication system on a computer network such as the Internet and to a method of implementing same Background of the invention
The Internet is rapidly changing the way the world communicates and conducts business There continues to be an exponential increase in the number of users who gain access to the Internet and who subsequently wish to purchase goods and services via this medium
While the potential market for businesses offering goods and services over the Internet is enormous due to the large number of websites and ease of access to users, a perception amongst a number of Internet users is that information passed over the Internet is not particularly secure as it can be intercepted by other Internet users and more particularly hackers To circumvent this, a number of web sites operators enhance their web sites by encrypting data over the Internet transport layer
Although the actual transmission between a web vendor and a customer over the web may be relatively secure, there is nothing to prevent an unscrupulous person from copying the customer's credit card number and expiry date and then using this information to purchase goods from a website The web vendors do not perform a check to determine if the person making the purchase is the actual credit card holder, they simply check with the credit card issuing body as to whether the card is valid, they confirm the expiry date of the credit card and that there are sufficient funds on the account to make the purchase The applicant does not concede that the prior art discussed in this specification forms part of the common general knowledge in the art at the priority date of this application
Summary of the invention
It is an object of the invention to provide an advantageous user authentication system and method of implementing same According to a first aspect of the present invention, there is provided a user authentication method to authenticate a registered user of a service over a computer network, the method comprising the steps of
(a) permitting a client user to request a service from a service provider having one or more information pages accessible from said computer network,
(b) requiring the client user to submit a first password via said one or more information pages to the service provider,
(c) requiring the client user to submit a unique graphic via said one or more information pages to the service provider, said unique graphic including embedded second password data, (d) extracting the second password from said embedded second password data contained within said unique graphic,
(e) comparing the submitted first password and extracted second password to determine if a predefined relationship exists between the passwords, and (f) granting the client user authentic registered user status if said pre-defined relationship exists and providing access to said service
The method may further comprise the step of
(h) allowing a registered user of said service to select said first password Further, step (h) may further comprise the step of (l) issuing said second password once the registered user has selected said first password, said second password issued according to said pre-defined relationship
Optionally, said method further comprising the step of
(l) allowing said user to select an input value,
(j) using said selected input number to index a table to determine a table number, and (k) using the table number to determine an output number and thereby the second password
The method may also comprise the step of randomly mapping input values with output values
The pre-defined relationship may be determined according to the formula y = x wherein, y is said first password and x is said second password The pre-defined relationship may be determined according to the formula y = mx wherein said passwords are numerical and y is said first password, x is said second password and m is a constant
The pre-defined relationship may be determined according to the formula y - mx + c wherein said passwords are numerical and y is said first password, x is said second password and m and c are constant
In step (h), said registered user may select one or more calendar dates as a password and step (h) may further comprise the step of (ι) issuing a random number associated with said selected one or more calendar dates and using said random number to identify said registered user The service may relate to credit card payment facilities
The service provider may be a credit card payment authorisation service
The unique graphic may be a fractal and preferably is drawn according to a Mandlebrot set according to the set of v alues of C for which the series ZN+] = (Z )~ + C converges, wherein Z and C are determined for each user according to a predefined algorithmic variation of two particular pieces of information, one for Z and one for C For example, Z and C may be based on a number unique to the user such as their Driver's License or Social Security number, Medicare Card With such a nominated number as input, the values of Z and C can optionally be calculated according to a formula
A date time stamp data may be issued to a registered user when they are issued with the unique graphic and this date time stamp is embedded within said unique graphic
A transaction number may be issued to the registered user for each service request that is granted over the computer network
According to another aspect of the present invention, there is provided a user authentication system to authenticate a registered user of a service over a communication network, the authentication system comprising server means connected to said communications network having one or more information pages associated with a service provider, a client device adapted to interface with said server means via said communication network, said client device capable of accessing said one or more information pages to thereby permit said user to submit a first password and a unique graphic comprising embedded second password data, to the service provider via said one or more information pages, and authentication means adapted to interface with said server means to thereby extract the second password from the embedded second password data contained within the unique graphic, and compare the submitted first password and extracted second password to determine if a pre-defined relationship exists between the passwords, wherein in use, the client user is granted registered user status and is allowed access to said service if said pre-defined relationship exists
According to yet another aspect of the present invention, there is provided a user authentication system to authenticate a registered user of a credit card service in an Internet environment, the authentication system comprising server connected to the Internet having one or more web pages associated with said vendor, said vendor web pages permitting purchase of goods/services therefrom, a client device operable by a user, said client device adapted to connect to said server via the Internet and download one or more of said web pages, said client user being thereby permitted to submit a first password and. a unique graphic including an embedded second password, to the service provider via said web pages, and authentication software adapted to interface with said server to thereby extract the second password from the unique graphic and compare the submitted first password and second password to determine if a pre-defined relationship exists between the passwords, wherein in use, the client user is granted registered user status and is allowed access to said credit card service if said pre-defined relationship exists
Accoiding to anothei aspect of the present invention, theie is provided a usei authentication method to authenticate a registered user of a service over a computer network, the method comprising the steps of (a) permitting a client user to request a service from a service provider accessible from said computer network,
(b) requiring the client user to submit a unique graphic to the service provider,
(c) comparing said submitted unique graphic with a unique graphic pre-recorded with said service provider to determine if they are the same, and (d) granting the client user registered user status if said submitted unique graphic is the same as said unique graphic pre-recorded with said service provider and thereby providing access to said service from said computer network
In the description and claims of this specification the word "comprise" and variations of that word, such as "comprises" and "comprising" are not intended to exclude other features, additives, components, integers or steps but rather, unless otherwise stated explicitly, the scope of these words should be construed broadly such that they have an inclusive meaning rather than an exclusive one
Brief description of the drawings
Notwithstanding any other forms which may fall within the scope of the present invention, preferred forms of the invention will now be described, by way of example only, with reference to the accompanying drawings in which
Fig 1 is a schematic illustration of a preferred system to authenticate a registered user of a credit card service,
Fig 1A is a display of a virtual form from a web page that a credit card user completes to obtain registration with the credit card authentication service, Fig IB is a display of an email that is sent to a user once they have registered for the credit card authentication service,
Fig 2 is of a display of a virtual form from a vendor website which is downloaded by a client computer and viewed from the client's web browser software, Fig 3 is a schematic illustration of a Birth Date chart used in the preferred embodiment,
Fig 3A is a schematic illustration of the fields associated with a credit card holders details recorded in the data base of the credit card authentication service of Fig 1
Fig 4 is a schematic illustration of the steps which are involved in authenticating a credit card purchase from the credit card authentication service of Fig 1 ,
Fig 5 is a schematic illustration of the virtual form of Fig 2 after an authentication check has determined that the purchase request is from a registered user of the credit card authentication service,
Fig 6 is a schematic illustration of the virtual form of Fig 2 after a authentication check has determined that the purchase is not from a registered user of the credit card authentication service and therefore the purchase has been denied, and
Fig 7 is a schematic illustration of how passwords are extracted and compared by the system of Fig 1
Detailed description of the embodiments
A preferred embodiment provides an authentication method and system to authenticate a registered user of a credit card service in an Internet environment The authentication system includes a server which is connected to the Internet and from which any number of web pages associated with an Internet vendor is available for the purchase of goods and services When a personal computer connects to the Internet and downloads one of the web pages, the user submits a purchase request which includes a first password and a graphic file having embedded password data when they wish to make a purchase request from the vendor The purchase request information sent to the vendor is routed to a server having authentication software which extracts the password data embedded in the graphic tile and compares this with the first password If a pre-defined relationship exists between the two passwords, the authentication software grants registered user status to the purchase request and the purchase is allowed to proceed
Referring now to Fig 1 , there is shown a schematic illustration of a user authentication system 10 for a credit card service The user authentication system 10 includes a Credit Card Authentication Centre (CCAC) 15 which includes a server 14 which is connected to the Internet 12 The server 14 further includes a database 16 on which credit card information for a multiplicity of registered users is stored The credit card information includes registered user contact details, authentication data and the actual credit card details
In addition to the database, the server 14 also includes authentication software 18 for authenticating credit card data The authentication software 18 further includes random number software 20 in the form of a birth date chart comprising a table of random numbeis as will also be described in detail below
A web site 21 is also accessible from the server 14 and is written in HTML code The web site 21 is used to register users in the data base 16 and to permit a registered user to change their contact details as required
The authentication system 10 may further include a number of Internet vendors 23, 25 who operate respectiv e web sites 26, 28 The web sites 26, 28 are Internet vendor web sites which offer goods and services to customers when the respective servers 22 and 24 are accessed via the Internet 12 Although only two web site vendors are shown in Fig 1 , it should be understood that this is for illustrative purposes only and that any number of web site vendors could participate in the system
Each of the website vendors 23 and 25, participate in the user authentication system to determine whether a person using a credit card via their website is in fact a registered user of the CCAC 15
A plurality of client computers 30 31 are shown which can access the Internet 12 via their ISP (not shown) In this example, client user 30 is a registered user of the CCAC 15 and client user 31 is not a registered user of the CCAC 15 system To register with the CCAC 15, the client user downloads the Credit Card
Authentication Registration form 43 shown in Fig 1A, from the web site 21 As can be seen in this diagram, the client user, Joe Citizen, enters his contact details, shown generally by arrow 44, in addition to
( 1 ) his credit card number 45 ,
(2) his credit card issuing company, Mastercard 46,
(3) the expiry date of his credit card 47,
The user is then prompted for (1 ) a first birth date 48, preferably not the user's own and one that he will readily remember (in this case, 1 January),
(2) a second birth date 48', (31 December), and
(3) a two digit number 48", (in this case 10)
This two digit number 48' is used to create a unique graphic identifier (UGI) which is later issued to the user by the CCAC 15 system
Once the form 43 is completed, the client user 30 then sends the information contained within the of form 43 to the server 14 by clicking the SUBMIT button Should the client user not wish to proceed with registration, they click the CANCEL button
In an alternative embodiment, the user could also input his/her credit card PIN number for authentication of the credit card as being properly registered with the CCAC 15 Another alternative to the user inputting a two digit number in field 48" may involve the user inputting a number associated with his/her person, such as a drivers licence number. Medicare number, Social Security number etc This number can then be input into a pre-defined formula and a number derived to draw the UGI as will be explained below
Upon receiving the registration data referred to above, the authentication program reads the two digit number "10" selected by the client in field 48" This number is used to generate a UGI The UGI is preferably a fractal and more preferably is generated according to the Mandlebrot set
Z +1 = (ZN) + C series of numbeis where, where m Z and C are determined for each user according to a predefined algorithmic variation of two particular pieces of information, one for Z and one for C For example, Z is calculated by taking the number from field 48" and then using this number to calculate an initial value of Z and C, such as, where field 48" is M = 10 and the first birth date field 48 is N= 0101 , the initial value of Z and C could be Z0 = 0 6M1 2
= 0 6(10)1/2
= 1 89 and
C = 0 4N = 0 4(101 )'"
= 1 86
The authentication program then reads the two dates 48, 48' and sets a first password for the registered user as 010131 12, being the two dates selected in form 43 of Fig 1A
When the client user 30 is registered as a user of the CCAC 15, the authentication software 18 records the date and time of when registration is issued to the client 30 and a Date Stamp is generated for the registered user This assists the CCAC 15 from distinguishing from different users of the CCAC 15 who have the same name, or the one registered user who has a number of credit cards registered with the service In this example, the registration was issued on 13 August 1999 at 3 03 25 PM, therefore the Date Stamp issued for the registration of this example
Figure imgf000009_0001
Once the first password is recorded in the database, the random number software 20 which is a part of the authentication software 18, generates a routine to assign a random number value related to the input password In this example, the random number value relates to the Birth Day Chart 32, are shown in Fig 3 The birthday chart 32 is a chart listing the dates of the sequential days of the year as shown in the birth date column 54, and having a corresponding assigned value called the UGI number shown in column 56 It will be appreciated that the numbers for the dates of the year are sequential in this diagram, but this is for illustrative purposes only and that the preferred form involves a randomly assigned series of dates of the year in column 54 Furthermore the Birth Day chart is only preferable and it should be realised that any random number sequence could be used, such as choosing a star sign and then associating a UGI number with that star sign
The UGI number in the Birth Date chart has UGI No's 1 to 365 and is associated with respective calendar dates 1/1 to 31/12 (this example does not relate to a leap year) Therefore, as the user in Fig 1A, has selected the birth date 0101 and 31 12, they are assigned UGI number 1, and 365 The UGI numbers could be used to also generate the UGI graphic in other embodiments without having the client user select the field 48" as shown in Fig
1A Optionally once the client user 30 has been assigned the unique UGI numbers 1 , 365. these details are recorded in the database 16
Once the UGI has been generated according to the number input by the user in field 48" of Fig IB, the UGI data is broken down into binary format and the UGI No, 1 and 365, are formatted into binary format from an ASCII text character to binary format The UGI Numbers are then embedded within the binary data of the UGI Once the client user 30 is registered as a user of the CCAC 15, the authentication program then sends an encrypted email as shown in Fig IB The email confirms the registration and provides the client user 30 with the first password (010131 12) and the UGI graphic which includes the embedded UGI numbers 1 and 365 Alternativel} the first password could be communicated verbally over the phone to the client user 30 or alternatively could be sent via the postal service for added security so that both first password and UGI are not sent in the same communication Furthermore, it should also be understood that the actual UGI shown in Fig IB is shown as an example of a UGI and is not a UGI determined according to the formula above
The data associated with the registered user Joe Citizen which is recorded in the CCAC 15 database 16, is shown in Fig 3A, including the Date Stamp 130899-150325 referred to above When a client user 30 wishes to purchase a product from an Internet vendor such as vendor 23 who operates website 26, they typically select the product and download an order form page, an example of which is shown in Fig 2 In this example, the client user wishes to purchase 'Book X' for $89 95 (refer to field 38) The virtual form 32, has a number of fields which the client user 30 enters, such as title, first name, last name, address, suburb, postcode, state, country etc The user also enters their credit card number into field 34, the expiry date of their credit card in field 36, the purchase amount in field 38, their eight digit designated password '01013112' (field 40) and their designated UGI with embedded UGI number in field 44 Typically the UGI is copied from the client 30 and pasted in the Internet browser application in field 44 In other embodiments, this may be executed automatically by a suitably exe program
Once the user has completed the purchase request form as shown in Fig 2, the user selects the submit button which sends the information to the server 22 Upon receiving this information, before the transaction can proceed, the website server 22 automatically routes the purchase request information including the UGI from field 44 and the eight digit password from filed 40 to the CCAC 15 server 14
Upon receipt of the purchase request by the server 14, the authentication program 18 then begins the process of authenticating the user Firstly, the UGI is decrypted by the authentication software 18 and extracts according to an encryption key, UGI numbers encrypted within the UGI which are recorded as UGI#1 and UGI#2
In this example, UGI#1 = 1 and UGI#2 = 365 The authentication program 18 refers to the random number software 20 having the Birth Date chart table 52 shown in Fig 3, to obtain the respective corresponding birth dates
In this example, the corresponding birth date to UGI#1 is 0101 and this birth date is assigned as variable P3 and as the corresponding UGI#2 = 3112, the birth date is for UGI#2 is assigned as variable P4 Once the variables P3 and P4 have been assigned, the authentication software 18 reads the password
01013112 input into field 40 of the Fig 2, and reads the first four characters of the password and stores this as PI It then reads the second four digits of the password and stores this as P2. Hence PI -= 0101 and P2 = 31 12. The authentication software 18 then determines if the person making the purchase request is a registered user of the CCAC 15 by determining if there is a pre-defined relationship. In this embodiment if:
PI = P3 Pl - P3 = 0 and
P2 = P4
P2 - P4 = 0 then the person making the purchase request is granted user access rights. If PI ≠ P3 and/or P2 ≠ P4, then access is denied. Hence, in this example:
If
PI - P3 = 0
0101 - 0101 = 0 or P2 = P4
P2 - P4 = 0
3112 - 3112 = 0
Access is thereby granted. If
PI - P3 ≠ 0 or
P2 - P4 ≠ 0
Access is not granted.
Fig. 7 provides a schematic illustration of how PI . P2, UGI#1 and UGI#2 are extracted and compared with P3 and P4. Therefore, the pre-defined relationship in this example is:
PI - P3 = 0 and
P2 - P4 = 0
Where in the description of this embodiment reference is made to the first password, this should be taken to mean variables PI and P2, whilst the second password is variables P3 and P4 which has been obtained from the extracted UGI#1 and UGI#2 of the UGI In other embodiments, only one set of alphanumeric characters could be nominated as the password
The authentication software 18 determines that the purchase request details entered on form 32 are correct by first reading the Date Stamp "130899-150325" submitted with the UGI data and comparing it with the Date Stamp recorded in the Database 16 to first verify the identity of the person making the purchase request
As in this embodiment. P1 -P3 and P2-P4 is '0', the client user 30 is deemed to be the authentic owner of the Credit Card and the transaction is allowed to proceed as shown in Fig. 5 When a transaction is authorised by the system, a transaction number may be issued to the person making the request to verify the time that the authorisation request has been made If either of these two sums had yielded a result that is greater or less than zero, due to a purchase request by the unregistered client user 31 , the authentication program 18 determines that the purchase request is not from an authentic card holder or registered user and access is denied as shown in Fig 6. Authorisation is then declined and the Issuer advised of a possible fraudulent attack against the card
As the above relationship is satisfied, the authentication program sends a message to the server 22 of the Internet vendor 23, that the credit card number is an authorised registered user of the authentication system. The Internet vendor can then ensure that an authorised person is making the purchase request and thereby approve the sale
Preferably, upon completion of the above steps, the UGI and submitted password residing on the server 14 is destroyed The above steps are summarised in Fig 4
Step 70
Upon registration, a credit card holder is issued with a UGI and a password which he/she has nominated as shown in Fig. IB. The password and UGI are used to authenticate a purchase request via the Internet from his/her credit card. Step 80
The credit card holder submits a purchase requests from a Internet vendor and fills in a virtual form 32 (Fig. 2) which is accessed from an Internet vendor's web site. Upon receipt, this information is routed to the credit card authentication server 14 (Fig 1).
Step 90 The credit card authentication server 14 receives the information routed from the vendor which includes the first password and the UGI
Step 100
The authentication software 18 is initiated and the first password is stored in the RAM of the server 14 Step 110
The authentication software 18 then extracts the password embedded within the UGI and the Date Stamp and also stores this in RAM
The UGI numbei is then compared on the random table number 20 and the corresponding birth date is then determined from the birthday chart of Fig 3
The date stamp from the UGI graphic is compared with the date stamp recorded in the data base 16 to determine if they are matching and thereby identify who the person making the purchase request is meant to be
Step 120
The first password (P1 ,P2) of Step 100 is then compared with the second password (P3,P4) from the extracted UGI number of Step 1 10 (UGI#1 ,UGI#2) to determine if they are equal
If they are equal then the authentication program proceeds 18 to step 130
If they are not equal the authentication program proceeds to step 140
Step 130
The transaction is authorised and the authentication program verifies that the purchaser's request is made by a registered user of the system as shown in Fig 5
Step 140
The transaction authorisation is denied and a message displayed to the person making the request is displayed as shown in Fig 6 The CCAC 15 then advises the credit card issuing authority that the an unauthorised purchase attempt has been made with the card If the relationship does not exist, the transaction is not approved and a GIF graphic "ACCESS DENIED" is posted in the field 44 of foim 32 as shown in Fig 6 from client 30 Internet browser Approval for the purchase request is not granted and this information is then sent to the server 22 of the Internet vendor 23
It should also be noted that any relationship may be used to compare the first password (P1,P2) with the second password (P3,P4) For example, the relationship might be y = mx + c where y is PI or P2 and x is P3 or respectively P4 and m and c are constants as shown by the two equations below
PI = mP3 + c and/or
P2 = mP4 + c
Another formula may be y = mx Although the embodiment described above requires a user to register with the CCAC 15 by filling in the form located on CCAC 15 web site 21, in other embodiments, the user may be required to register the information shown in Fig 1A first with the credit card issuing authority who will authenticate the user from personal information held on the database 16 and may obtain the information from their own web site, via a form, or over the telephone Furthermore, it is preferable that the UGI graphic and the password are not sent in the same email for added security purposes The embodiment above was shown with the UGI graphic and the password in the one email for illustrative purposes It should also be realised that in another embodiment more than one server 14 may be involved with the credit card authentication centre and furthermore the database and server 16 and server 14 may not be placed in the same location tor added security Additionally, it is preferable that all transactions between the internet vendor and the credit card authentication centre 15 are encrypted
It is also preferable that any transactions between the client 30 31 and the Internet vendor 23 25 are also encrypted Additionally, in some embodiments the credit card authentication centre may be the credit card issuing body It will be realised that the system may be implemented for other security applications such as verifying that a particular authorised user has access to particular computer files
The client 30 31 shown in this embodiment has been a personal computer having access to the internet In other embodiments, the client of the computer network may take the form of a mobile phone with WAP capabilities for accessing the Internet Additionally, the computer network may not be the Internet but could be an organisation's LAN which is used to grant access to particular files
The UGI graphic is any graphic which is unique and may be created according to the Mandlebrot set, any graphic image or alternatively it could be a thermal image of a person to whom the image is assigned to
A copy of a UGI and password may be issued to two or more authorised users so that groups within an organisation may gain access to files on the computer network
The authentication system could be used in embodiments other than for credit card services such as in anti- hacking applications whereby an authorised user is permitted to access files on a server by submitting their issued UGI and password
The embodiment provides a method and system whereby an Internet vendor is able to authenticate that a person making a purchase request via the Internet is in fact the authentic credit card holder Because the person making the purchase request must submit both a UGI and a password, this substantially enhances the security of the system rather than using an alphanumeric password on its own which a third party could easily copy
Other embodiments may require that a new UGI is generated for each registered user over a pre-defined time period, such as on a monthly or annual basis Furthermore, a number of UGI's may be issued to a registered user in which one of them will be a valid UGI (known to the registered user) and the other UGI's will be fake so as to make it difficult for a fraudster to know which UGI is the correct UGI
The service request in other embodiments may be for financial transactions such as EFTPOS transactions
In another aspect, only a UGI without the password could be issued to a person, such as the thermal image of that person referred to above This thermal image could be used to allow a person to access the computer system as described above without the steps of comparing the password This would allow a registered user of the system to gain access to files remotely rather than relying on a password The UGI submitted by an access request would be compared with one recorded in the database 16 to determine whether a correct UGI has been presented Should a correct UGI be presented, the person making the request is granted registered user status
In another embodiment, the service request may be for electronic mail services In this regard, a client user would prepare an email to be sent to another email account and before sending the email the client user would submit with the email, the UGI and password in fields created in the client's electronic mail application, such as in Outlook Express™ by Mircosoft Corporation or Lotus Notes™ by Lotus Development Corporation The email would be routed to the CCAC 15 rather than directly to the recipients email account and thereby authenticated as an actual email from the sender Once the email is authenticated as being from a registered user, a message could be displaved in the email on presentation to the recipient stating that the email has been verified as authentic by the CCAC 15
It would be appreciated by a person skilled in the art that numerous variations and/or modifications may be made to the present invention as shown in the specific embodiments without departing from the spirit or scope of the invention as broadly described The present embodiments are therefore, to be considered in all respects to be illustrative and not restrictive

Claims

Claims
1 A user authentication method to authenticate a registered user of a service over a computer network the method comprising the steps of
(a) permitting a client user to request a service from a service provider accessible from said computer network
(b) requiring the client user to submit at least one first password to the service provider
(c) requiring the client user to submit at least one unique graphic to the service provider, said unique graphic including embedded second password data,
(d) extracting the second password from said embedded second password data contained within said unique graphic,
(e) comparing the submitted first password and extracted second password to determine if a predefined relationship exists between the passwords, and
(f) granting the client user authentic registered user status if said pre-defined relationship exists and providing access to said service 2 A user authentication method as claimed in claim 1 , said method further comprising the step of
(h) allowing a registered user of said service to select said first password
3 A user authentication method as claimed in claim 1 or claim 2, said method further comprising the step of
(0 allowing said user to select an input value, (j) using said selected input number to index a table to determine a table number, and
(k) using the table number to determine an output number and thereby the second password
4 A user authentication method as claimed in claim 3, wherein said method comprises the step of randomly mapping input values with output values
5 A user authentication method as claimed in claim 2, said step (h) further comprising the step of (ι) issuing said second password once the registered user has selected said first password, said second password issued according to said pre-defined relationship
6 A user authentication method as claimed in any one of the preceding claims, wherein said predefined relationship is determined according to the formula y = x wherein, y is said first password and x is said second password 7 A user authentication method as claimed in one of claims 1 to 4 wherein said pre-defined relationship is determined according to the formula y = mx wherein said passwords are numerical and y is said first password, x is said second password and m is a constant
8 A user authentication method as claimed in any one of claims 1 to 4, wherein said pre-defined relationship is determined according to the formula y = mx + c wherein said passwords are numerical and y is said first password, x is said second password and m and c are constant
9 A user authentication method as claimed in claim 2, wherein in step (h), said registered user selects one or more calendar dates as a password and step (h) further comprises the step of
(0 issuing a random number associated with said selected one or more calendar dates and using said random number to identify said registered user 10 A user authentication method as claimed in any one of the above claims, wherein said service relates to credit card payment facilities or electronic mail services
1 1 A user authentication method as claimed in any one of the above claims, wherein said service provider is a credit card payment authorisation service
12 A user authentication method as claimed in any one of the above claims, wherein said unique graphic a fractal
13 A user authentication method as claimed in claim 10, wherein said fractal is drawn according to a Mandlebrot set according to the set of values of C for which the series ZN+ι = (ZN)2 + C
14 A user authentication method as claimed in any one of the above claims, wherein date time stamp data is issued to a registered user when they are issued with the unique graphic and this date time stamp is embedded within said unique graphic
15 A user authentication method as claimed in any one of the above claims, wherein a transaction number is issued to the registered user for each service request that is granted over the computer network
16 A user authentication system to authenticate a registered user of a service over a communication network, the authentication system comprising server means connected to said communications network having one or more information pages associated with a service provider, a client device adapted to interface with said server means via said communication network, said client device capable of accessing said one or more information pages to thereby permit said user to submit at least one first password and at least one unique graphic comprising embedded second password data, to the service provider \ la said one or more information pages, and authentication means adapted to interface with said server means to thereby extract the second password from the embedded second password data contained within the unique graphic, and compare the submitted first password and extracted second password to determine if a pre-defined relationship exists between the passwords. wherein in use, the client user is granted registered user status and is allowed access to said service if said pre-defined relationship exists
17 A user authentication system as claimed in claim 16, wherein said authentication means allows a registered user of said service to select said first password
18 A user authentication system as claimed in claim 17, wherein said second password is issued once the registered user has selected said first password, and said second password is issued according to said predefined relationship
19 A user authentication system as claimed in any one of claims 16 to 18, wherein said pre-defined relationship is determined according to the formula y = x wherein, y is said first password and x is said second password
20 A user authentication system as claimed in any one of claims 16 to 18, wherein said pre-defined relationship is determined according to the formula y = mx wherein said passwords are numerical and y is said first password, x is said second password and m is a constant
21 A user authentication system as claimed in any one of claims 16 to 18, wherein said pre-defined relationship is determined according to the formula y = mx + c wherein said passwords are numerical and y is said first password, x is said second password and m and c are constant
22 A user authentication system as claimed in claim 17, wherein said registered user selects one or more calendar dates as a password and a random number is issued that is associated with said selected one or more calendar dates, said random number being used to identify said registered user
23 A user authentication system as claimed in any one of claims 16 to 22, wherein said service relates to credit card payment facilities or electronic mail services 24 A user authentication system as claimed in any one of claims 16 to 23 wherein said service provider is a credit card payment authorisation service
25 A user authentication system as claimed in any one of claims 16 to 24, wherein said unique graphic a fractal 26 A user authentication system as claimed in claim 25, wherein said fractal is drawn according to a
Mandlebrot set according to the set of values of C for which the series ZN+) = (ZN)~ + C
27 A user authentication system as claimed in any one of claims 16 to 26, wherein date time stamp data is issued to a registered user when they are issued with the unique graphic and this date time stamp is embedded within said unique graphic 28 A user authentication system as claimed in any one of claims 16 to 27, wherein a transaction number is issued to the registered user for each service request that is granted over the computer network
29 A user authentication system as claimed in claim 16 or claim 17, wherein said user to selects an input value and uses said selected input number to index a table to determine a table number, and using the table number to determine an output number and thereby the second password 30 A user authentication system as claimed in claim 29, wherein said system further comprises randomly mapping input values with output values
31 A user authentication system to authenticate a registered user of a credit card service in an
Internet environment, the authentication system comprising server connected to the Internet having one or more web pages associated with said vendor, said vendor web pages permitting purchase of goods/services therefrom, a client device operable by a user, said client device adapted to connect to said server via the Internet and download one or more of said web pages, said client user being thereby permitted to submit a first password and, a unique graphic including an embedded second password, to the service provider via said web pages and authentication software adapted to interface with said server to thereby extract the second password from the unique graphic and compare the submitted first password and second password to determine if a pre-defined relationship exists between the passwords, wherein in use, the client user is granted registered user status and is allowed access to said credit card service if said pre-defined relationship exists 32 A user authentication method to authenticate a registered user of a service over a computer network the method comprising the steps of
(a) permitting a client user to request a service from a service provider accessible from said computer network (b) requiring the client user to submit a unique graphic to the service provider,
(c) comparing said submitted unique graphic with a unique graphic pre-recorded with said service provider to determine if they are the same, and
(d) granting the client user registered user status if said submitted unique graphic is the same as said unique graphic pre-recorded with said service provider and thereby providing access to said service from said computer network
33 A user authentication method to authenticate a registered user of a service over a computer network, substantially according to any one of the examples described herein with reference to the accompanying drawings 34 A user authentication system to authenticate a registered user of a service over a communication network substantially as herein described with reference to the accompanying drawings
35 A user authentication system to authenticate a registered user of a credit card service in an
Internet environment, substantially as herein described with reference to the accompanying drawings
PCT/AU2000/000972 1999-08-13 2000-08-11 User authentication system WO2001013243A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP00955955A EP1214658A1 (en) 1999-08-13 2000-08-11 User authentication system
AU68097/00A AU6809700A (en) 1999-08-13 2000-08-14 User authentication system

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
AUPQ2184A AUPQ218499A0 (en) 1999-08-13 1999-08-13 A new method to allow merchants to authenicate 100 of internet credit card transactions with no need to contact credit card issuers
AUPQ2184 1999-08-13
AUPQ2347 1999-08-23
AUPQ2347A AUPQ234799A0 (en) 1999-08-23 1999-08-23 A new process/means to allow for automatic & simultaneous anthentication & authorisation of credit card transactions over the internet without operator intervention

Publications (1)

Publication Number Publication Date
WO2001013243A1 true WO2001013243A1 (en) 2001-02-22

Family

ID=25646121

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2000/000972 WO2001013243A1 (en) 1999-08-13 2000-08-11 User authentication system

Country Status (2)

Country Link
EP (1) EP1214658A1 (en)
WO (1) WO2001013243A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004059541A1 (en) * 2002-12-30 2004-07-15 Codebird Oy Providing of unique content
EP1705867A1 (en) * 2005-03-15 2006-09-27 Avaya Technology Llc Granting privileges to a telecommunications terminal based on the relationship of a first signal to a second signal
WO2012034579A1 (en) * 2010-09-13 2012-03-22 Andreas Krefft Method and device for legitimating access to a protected area

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5276314A (en) * 1992-04-03 1994-01-04 International Business Machines Corporation Identity verification system resistant to compromise by observation of its use
US5559961A (en) * 1994-04-04 1996-09-24 Lucent Technologies Inc. Graphical password
GB2313460A (en) * 1996-05-21 1997-11-26 Bosch Gmbh Robert Graphical password entry
US5821933A (en) * 1995-09-14 1998-10-13 International Business Machines Corporation Visual access to restricted functions represented on a graphical user interface
US5963924A (en) * 1996-04-26 1999-10-05 Verifone, Inc. System, method and article of manufacture for the use of payment instrument holders and payment instruments in network electronic commerce

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5276314A (en) * 1992-04-03 1994-01-04 International Business Machines Corporation Identity verification system resistant to compromise by observation of its use
US5559961A (en) * 1994-04-04 1996-09-24 Lucent Technologies Inc. Graphical password
US5821933A (en) * 1995-09-14 1998-10-13 International Business Machines Corporation Visual access to restricted functions represented on a graphical user interface
US5963924A (en) * 1996-04-26 1999-10-05 Verifone, Inc. System, method and article of manufacture for the use of payment instrument holders and payment instruments in network electronic commerce
GB2313460A (en) * 1996-05-21 1997-11-26 Bosch Gmbh Robert Graphical password entry

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004059541A1 (en) * 2002-12-30 2004-07-15 Codebird Oy Providing of unique content
EP1705867A1 (en) * 2005-03-15 2006-09-27 Avaya Technology Llc Granting privileges to a telecommunications terminal based on the relationship of a first signal to a second signal
US7751547B2 (en) 2005-03-15 2010-07-06 Avaya Inc. Extending a call to a telecommunications terminal through an intermediate point
US7949114B2 (en) 2005-03-15 2011-05-24 Avaya Inc. Granting privileges to a telecommunications terminal based on the relationship of a first signal to a second signal
WO2012034579A1 (en) * 2010-09-13 2012-03-22 Andreas Krefft Method and device for legitimating access to a protected area

Also Published As

Publication number Publication date
EP1214658A1 (en) 2002-06-19

Similar Documents

Publication Publication Date Title
KR101155858B1 (en) Electronic transfer system
TW548564B (en) Methods and apparatus for conducting electronic commerce
US7548890B2 (en) Systems and methods for identification and authentication of a user
US8086493B2 (en) System and method for facilitating a financial transaction with a dynamically generated identifier
US8412639B2 (en) System and method for facilitating a secured financial transaction using an alternate shipping address
US6807633B1 (en) Digital signature system
US20080243702A1 (en) Tokens Usable in Value-Based Transactions
US20080120717A1 (en) Systems and methods for identification and authentication of a user
US20130087612A1 (en) Method and devices for the production and use of an identification document that can be displayed on a mobile device.
WO2008127431A2 (en) Systems and methods for identification and authentication of a user
AU761974B2 (en) Transaction method and system for data networks, like internet
JP2004140502A (en) Method for requesting delivering, method for delivering, method for transmitting data, method for processing data, method for using data, method for inputting data, and communication network system
AU2004235134B2 (en) Secure messaging center
US20050246181A1 (en) Method for credit card payment settlement and system for same
US20060032912A1 (en) Contact information management system and method
JP4053948B2 (en) Management method and management system for connection authority to server
EP1214658A1 (en) User authentication system
AU6809700A (en) User authentication system
JP2004535619A (en) Systems and methods for secure payment transactions
WO2002001517A1 (en) A method for carrying out electronic commerce transactions
IES20050147A2 (en) Securing access authorisation
AU2003205448B2 (en) Electronic transfer system
IES85150Y1 (en) Securing access authorisation
WO2015056119A1 (en) System and method for enabling transactions
JP2003085366A (en) System, method, and program for authentication of acceptance through web site

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 10049529

Country of ref document: US

WWE Wipo information: entry into national phase

Ref document number: 68097/00

Country of ref document: AU

WWE Wipo information: entry into national phase

Ref document number: 2000955955

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2000955955

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Ref document number: 2000955955

Country of ref document: EP