full-text |
print |
pdf |
permalink |
Inventors
Benzler, Hartwig
Application #
682524
Filed
Jun-25-1996
Published
Oct-13-1998
Current US Class
235/382
340/5.8
340/5.85
International Classes
G07D 007/00
Field of Search
340/825.31 340/825.34 235/382 235/382.5 380/45
Assignee
SC-Info+Inno Technologie Informationen+Innovationen GMBH CC (DE)
Examiners
Zimmerman; Brian
Attorney, Agent or Firm
Fitch, Even, Tabin & Flannery
US Patent References
| 4432567 |
|
Authorization card |
|
| 4449189 |
|
Personal access co... |
|
| 5037301 |
|
Method enabling d... |
|
| 5109427 |
|
Fingerprint recogni... |
|
| 5150409 |
|
Device for the ident... |
|
| 5317637 |
|
Data exchange syst... |
|
| 5323146 |
|
Method for authenti... |
|
| 5395319 |
|
Needle for insertin... |
|
Referenced by:
View Backward References
Other References
Smith, "Authenticating users by word association," Computers & Security, . 6, No. 6, 1987, Amsterdam, NL, pp. 464-470, XP 000050578. Zviran, "Cognitive passwords: the key to easy access control," Computers & Security, vol. 9, No. 8, 1990, Amsterdam, NL, pp. 723-736, XP 000176620.
Citation
Cite This Patent
More From Subclass 382
More From Class 235
|
Abstract
An authentifying method is revealed which uses as an identification feature images, tokens, texts or sounds which are based on individual knowledges and experiences of a person (PSPI) and which consist of a principal part and a complement or of associated notions, with that person performing the following steps with regard to a plurality of these PSPI: first register them within a memory and keep them inaccessible to other people, secondly make them visible or audible without the complement and in a sequence which other persons cannot foresee, thirdly restore them with the missing complement or verify them; or first subdivide them into their associated elements and assemble and register the latter ones within a plurality of element groups according to superordinated categories of these associated elements, whereby the elements may be accompanied by tokens like numbers or letters, secondly make them visible, audible or available in their subdivided form according to the groups, for the elements of one category in a determined sequence and for the elements of the other categories in a random sequence, thirdly and still in subdivided form, put them together into characteristic two-dimensional structures or linear chains, by means of connecting associated elements of the respective element groups and of connecting these reconstituted PSPI in a sequence which is defined by the way in which the elements were registered, made visible, audible or available, or by the inherent nature of the elements.
Claims
What is claimed is:
1. An authentication method in an information technology device having a fixed and a portable data-carrier, an intelligent chip, means for entering, storing, programming, processing, random release, comparison, transmission, and display of information, as well as a means for signal processing and an actuator, the method comprising the steps of:
(a) constituting a plurality of associated ideas (PSPI) as constitutive elements in the form of images, symbols, text or sounds, said associated ideas (PSPI) being based on the individual knowledge and experiences of a person and being sufficient for the identification of that person, and storing said ideas;
(b) storing in the storing means the constitutive elements of the PSPI in a plurality of element groups such that the elements of a first group are placed in a determined sequence and the elements of the remaining groups are placed in a random sequence;
(c) adding numbers or letters to the constitutive elements of the stored PSPI by means of the device;
(d) displaying on the displaying means the elements of the first group in a determined sequence and the elements of the remaining groups in a random sequence;
(e) putting together the PSPI elements into a characteristic geometrical pattern of reconstituted PSPI, by connecting associated elements of the respective element groups;
(f) generating a code, the code depending on the numbers or letters and their position in the geometrical pattern; and
(g) comparing the code with a code permanently stored in the device.
2. An authentication method in an information technology device having a fixed and a portable data-carrier, an intelligent chip, means for entering, storing, programming, processing, random release, comparison, transmission, and display of information, as well as a means for signal processing and an actuator, the method comprising the steps of:
(a) constituting a plurality of PSPI, each PSPI consisting of a statement and its corresponding truth value (true/false), about half of the statements being true and the other half being false relating to constitutive elements in the form of images, symbols, text or sounds, said associated ideas (PSPI) being based on the individual knowledge and experiences of a person and being sufficient for the identification of that person, and storing said ideas;
(b) storing the PSPI in said device;
(c) displaying the statements one after another in a random sequence on the display means;
(d) entering the truth value (true/false) directly after the display of the corresponding statement by pushing one or more buttons of the entering means;
(e) comparing the entered truth value with a counterpart stored in the device;
(f) counting the number of correct entries made, after the comparison of all entered truth values; and
(g) deciding whether the authentication is positive, depending on the counted number of correct entries made.
3. An authentication method according to claim 1, wherein the PSPI consist of a plurality of associated pairs of the type Ax-Bx-Cx, and comprising one or more of the following steps:
(a) the associated pairs of elements Ax are assembled in one group and matched A with x in a certain sequence; the associated pairs of elements Bx are assembled in another group and are consecutively associated to the associated pairs of elements Ax by the person to be authenticated; the associated pairs of elements Cx are assembled in a third group and are consecutively associated to the associated pairs of elements Ax or Bx by the person to be authenticated;
(b) signs are attributed to the associated pairs of elements Ax, Bx, Cx, or to part of them; controllable authentication criteria are formed from the matching scheme of the associated pairs of elements Ax, Bx, Cx, or from the scheme of the attributed signs;
(c) the associated pairs of elements Ax, Bx and Cx are words or text;
(d) the associated pairs of elements Ax, Bx and Cx are proper names, properties, or numbers;
(e) the associations are pairwise associations of the type Ax-Bx, the associated pairs of elements Ax being registered along one axis of a two-dimensional matrix, and the associated pairs of elements Bx being registered in a random manner along the other axis of the matrix; the points of intersection of straight lines drawn parallel to the axes through registration marks corresponding to the associated pairs of elements Ax, Bx defining a two-dimensional pattern; numbers, or actuators which generate a physical effect when the person to be authenticated connects corresponding elements Ax-Bx of both axes, being attributed to the points of intersection of the straight lines;
(f) the associations are multiple associations of the type Ax, Bx and Cx, the texts of the same category A, B and C and the signs attributed to them being arranged one beneath the other in juxtaposed columns of a matrix, such that the elements Ax, Bx and Cx which are correlated one with another are distributed in a random manner in different matrix columns; the scheme for matching the texts being as follows: start with an element A1 of the first column, then go to element B1 of the second column which is correlated with element A1, then go to element C1 of the third column which is correlated with element B1, and so on; then go to element A2 of the first column which is placed in the same row of the matrix as the element of the last column which has been matched-up then go to element B2 which is correlated with element A2; the matching process being terminated when the last element of the last column has been matched-up;
(g) alphanumeric parts of secret codes and supplementary letters or numbers, or integer numbers, or prime numbers, or series of numbers are utilized as attributed signs;
(h) attributed signs which are arranged in different columns or patterns, are correlated to certain time periods or to certain authentication processes;
(i) the attributed signs are stored in an authentication device, the signs becoming available only after a successful authentication;
(j) the associations are multiple associations of the type Ax, Bx and Cx, authentication criteria being constructed by the following operations:
(1) numbers attributed to the associated elements (called "basic" numbers) are brought into a characteristic geometrical pattern according to the matching scheme of the associated elements, or they are transformed into characteristic result numbers by calculation, each result number being a function of all or a part of the basic numbers and of their arrangement, or of the sequence in which the basic numbers are introduced into the calculation; and
(2) every two, three or more basic numbers which follow each other in the matching scheme, are multiplied with each other, the calculated products are raised to a power, and the numbers thus produced are added to a total result number having a large number of digits;
(k) the texts, basis numbers, the result number and possible parameters of the calculation process are stored in a unique identity card which is readable by an authentication device, or are stored in a portable miniaturised authentication device;
(l) the result number is used as the unique number of the identity card;
(m) the authentication device is equipped with a display, which exhibits the matrix built up from the texts after introducing the identity card into the device or after putting the device into operation, the owner of the card matching the texts by means of the displayed matrix, and a program installed in the authentication device automatically calculating the result number from the basic numbers;
(n) the basic numbers, the result number and other relevant data are automatically entered into an intermediary mechanical, electronic or magnetic short-term data carrier, from which they can be evaluated for renewed authentication by a remotely located reading device within a determined time interval, these data being cancelled after the reading process or after the time interval has passed; and
(o) one of the basic numbers is modified after each authentication process, a new result number being calculated on that basis; the original result number and unmodified basic number, as well as the modified basic number and the new result number being transmitted to a remote authentication means, having access to a data processing device; the latter containing in electronic form and protected against unauthorised retrieval the matched chain of basic numbers together with the original result number and the calculation algorithm for each participant in the authentication system; after entering the original result number, the original and the modified basic number into the data processing device, the corresponding original basic number of the chain stored in the device is changed and a new result number is calculated and sent to a display, or is automatically compared with the transmitted new result number.
4. An authentication method according to claim 1, comprising one or more of the following:
(a) identity cards which contain a plurality of associated surnames and first names, basic numbers which are attributed to them, and the result number calculated from these basic numbers;
(b) a fixed data processing device which contains supplementary PSPI or biometrical data concerning the persons participating in the authentication system;
(c) an authentication device with screen or touch-screen which displays after introduction of an identity card all or part of the first names and consecutively one surname at a time or simultaneously several or all surnames, and which in addition displays the main parts of the supplementary PSPI which are transmitted from the fixed data processing device, and other information;
(d) means of interaction, such as a keyboard or a touch-screen pen for matching the displayed surnames with first names and for verifying or complementing the displayed PSPI main parts;
(e) hardware and software for implementing the authentication functions, such as displaying the surnames, first names, PSPI main parts and other data on the screen, matching surnames with first names, processing numbers, verification of statements, comparison of data with stored counterparts, release of a result signal;
(f) an authentication device with touch-screen, comprising one or more of the following steps:
(1) the person to be authenticated touches the correlated first name after the display of each surname;
(2) touching a wrong first name is undone by touching an undo-field;
(3) each successive surname is displayed after touching a first name; and
(4) after matching all surnames and first names, the authentication device calculates a result number from the corresponding chain of basic numbers, and signals successful authentication, if the calculated result number coincides with the result number stored in the identity card.
5. An authentication method according to claim 1, wherein an original result number, and a new result number calculated from a modified set of basic numbers, are calculated and wholly or partially transmitted for comparison with corresponding result numbers produced in a data processing device.
6. An authentication method according to claim 1, comprising one or more of the following:
(a) a casing like that of a small, flat electronic pocket calculator;
(b) an electronically active identity card having the format of a credit card;
(c) a display for displaying numbers and letters;
(d) a photovoltaic or galvanic energy supply;
(e) one or more buttons for switching on the authentication device and initiating additional functions;
(f) a display area for words which are arranged in two columns and which are generated by writing, optically or electronically;
(g) a transparent cover for the display area under which cover a two-column board for displaying words is located permanently or interchangeably;
(h) push-buttons or touch-screen fields which are located in a column corresponding to the word columns, being consecutively actuated by the person to be authenticated according to the matching scheme of the words, such that each actuation releases a predetermined basic number for the calculations in the authentication device;
(i) inscription of any combination of the numbers 0 to 9 and letters on the buttons or fields;
(j) electronic functions implementing all or part of the following processes:
(1) attribution of one or more basic numbers to each button or field, subsequent basic numbers only being activated after the initially attributed basic numbers of all buttons or fields have been changed;
(2) display of the last calculated result number;
(3) calculation and display of a new result number based on the released basic numbers;
(4) generation of numbers by processes such as: actuating buttons or fields inscribed with numbers; by scrolling through a series of numbers in the display and stopping the scroll process when the desired number appears; and random number generation;
(5) attribution of numbers to the buttons or fields to serve as basic numbers, or to be stored as a secret code (PIN);
(6) generation of letters by actuating buttons or fields inscribed with letters;
(7) display of stored information after successful authentication; and
(8) locking of the following processes after invalid, unsuccessful or inadmissible attempts at authentication: actuation of the authentication device, display of words, display of numbers and letters, and change of the basic numbers attributed to the buttons or fields.
7. An authentication method according to claim 1, comprising one or more of the following:
(a) a subsequent PSPI element is only emitted after processing of the preceding PSPI has been completed;
(b) an actuator is activated automatically or by an externally applied signal, after successful authentication;
(c) renewed authentication processes are initiated automatically or by external action on the authentication device on the basis of other PSPI, after certain intervals; and
(d) stored PSPI are partially or wholly replaceable or reproducible, subject to security measures.
8. An authentication method according to claim 1, wherein all the essential device components are assembled in a single miniaturized unit like an electronic key, the casing of which comprises:
(a) a display for displaying the PSPI elements,
(b) a button for calling-up, verifying or falsifying, and cancelling text on the display, and
(c) a docking area for the transmission of a signal from the unit for a period of time after a successful authentication.
9. An authentication method according to claim 1, wherein, for the purposes of authentication by a telecommunication link, the display and device for entering PSPI complements 1 is situated at a site S1 of a person P1, and is connected via a telecommunication link with the display and device for entering PSPI complements 2 of a person P2 at a site S2, the person P2 entering the identify card of person P1 and for inverse authentication, the person P1 entering the identity card of person P2.
10. An authentication method according to claim 1, comprising one or more of the following:
(a) the PSPI of a plurality of persons are entered and stored in a central data bank, from where they are transmitted without their PSPI complements, for authentication and on demand of the person to be authenticated or during certain time periods, to a decentralised control and one or more remotely operated stations, each equipped with a display and entering means for the PSPI complements; and
(b) additional PSPI are available on individual identity cards in addition to the PSPI stored in the central data bank, authentication being implemented at the decentralised stations on the basis of both stores of PSPI.
11. An authentication method according to claim 3, comprising one or more of the following:
(a) identity cards which contain a plurality of associated surnames and first names, basic numbers which are attributed to them, and the result number calculated from these basic numbers;
(b) a fixed data processing device which contains supplementary PSPI or biometrical data concerning the persons participating in the authentication system;
(c) an authentication device with screen or touch-screen which displays after introduction of an identity card all or part of the first names and consecutively one surname at a time or simultaneously several or all surnames, and which in addition displays the main parts of the supplementary PSPI which are transmitted from the fixed data processing device, and other information;
(d) means of interaction, such as a keyboard or a touch-screen pen for matching the displayed surnames with first names and for verifying or complementing the displayed PSPI main parts;
(e) hardware and software for implementing the authentication functions, such as displaying the surnames, first names, PSPI main parts and other data on the screen, matching surnames with first names, processing numbers, verification of statements, comparison of data with stored counterparts, release of a result signal;
(f) an authentication device with touch-screen, wherein:
(1) the person to be authenticated touches the correlated first name after the display of each surname;
(2) touching a wrong first name is undone by touching an undo-field;
(3) each successive surname is displayed after touching a first name; and
(4) after matching all surnames and first names, the authentication device calculates a result number from the corresponding chain of basic numbers, and signals successful authentication, if the calculated result number coincides with the result number stored in the identity card.
12. An authentication method according to claim 3, wherein an original result number, and a new result number calculated from a modified set of basic numbers, are calculated and wholly or partially transmitted for comparison with corresponding result numbers produced in a data processing device.
13. An authentication method according to claim 4, wherein an original result number, and a new result number calculated from a modified set of basic numbers, are calculated and wholly or partially transmitted for comparison with corresponding result numbers produced in a data processing device.
14. An authentication method according to claim 11, wherein an original result number, and a new result number calculated from a modified set of basic numbers, are calculated and wholly or partially transmitted for comparison with corresponding result numbers produced in a data processing device.
15. An authentication method according to claim 3, comprising one or more of the following:
(a) a casing like that of a small, flat electronic pocket calculator;
(b) an electronically active identity card having the format of a credit card;
(c) a display for displaying numbers and letters;
(d) a photovoltaic or galvanic energy supply;
(e) one or more buttons for switching on the authentication device and initiating additional functions;
(f) a display area for words which are arranged in two columns and which are generated by writing, optically or electronically;
(g) a transparent cover for the display area under which cover a two-column board for displaying words is located permanently or interchangeably;
(h) push-buttons or touch-screen fields which are located in a column corresponding to the word columns, being consecutively actuated by the person to be authenticated according to the matching scheme of the words, such that each actuation releases a predetermined basic number for the calculations in the authentication device;
(i) inscription of any combination of the numbers 0 to 9 and letters on the buttons or fields;
(j) electronic functions implementing all or part of the following processes:
(1) attribution of one or more basic numbers to each button or field, subsequent basic numbers only being activated after the initially attributed basic numbers of all buttons or fields have been changed;
(2) display of the last calculated result number;
(3) calculation and display of a new result number based on the released basic numbers;
(4) generation of numbers by processes such as: actuating buttons or fields inscribed with numbers; by scrolling through a series of numbers in the display and stopping the scroll process when the desired number appears; and random number generation;
(5) attribution of numbers to the buttons or fields to serve as basic numbers, or to be stored as a secret code (PIN);
(6) generation of letters by actuating buttons or fields inscribed with letters;
(7) display of stored information after successful authentication; and
(8) locking of the following processes after invalid, unsuccessful or inadmissible attempts at authentication: actuation of the authentication device, display of words, display of numbers and letters, and change of the basic numbers attributed to the buttons or fields.
16. An authentication method according to claim 4, comprising one or more of the following:
(a) a casing like that of a small, flat electronic pocket calculator;
(b) an electronically active identity card having the format of a credit card;
(c) a display for displaying numbers and letters;
(d) a photovoltaic or galvanic energy supply;
(e) one or more buttons for switching on the authentication device and initiating additional functions;
(f) a display area for words which are arranged in two columns and which are generated by writing, optically or electronically;
(g) a transparent cover for the display area under which cover a two-column board for displaying words is located permanently or interchangeably;
(h) push-buttons or touch-screen fields which are located in a column corresponding to the word columns, being consecutively actuated by the person to be authenticated according to the matching scheme of the words, such that each actuation releases a predetermined basic number for the calculations in the authentication device;
(i) inscription of any combination of the numbers 0 to 9 and letters on the buttons or fields;
(j) electronic functions implementing all or part of the following processes:
(1) attribution of one or more basic numbers to each button or field, subsequent basic numbers only being activated after the initially attributed basic numbers of all buttons or fields have been changed;
(2) display of the last calculated result number;
(3) calculation and display of a new result number based on the released basic numbers;
(4) generation of numbers by processes such as: actuating buttons or fields inscribed with numbers; by scrolling through a series of numbers in the display and stopping the scroll process when the desired number appears; and random number generation;
(5) attribution of numbers to the buttons or fields to serve as basic numbers, or to be stored as a secret code (PIN);
(6) generation of letters by actuating buttons or fields inscribed with letters;
(7) display of stored information after successful authentication; and
(8) locking of the following processes after invalid, unsuccessful or inadmissible attempts at authentication: actuation of the authentication device, display of words, display of numbers and letters, and change of the basic numbers attributed to the buttons or fields.
17. An authentication method according to claim 11, comprising one or more of the following:
(a) a casing like that of a small, flat electronic pocket calculator;
(b) an electronically active identity card having the format of a credit card;
(c) a display for displaying numbers and letters;
(d) a photovoltaic or galvanic energy supply;
(e) one or more buttons for switching on the authentication device and initiating additional functions;
(f) a display area for words which are arranged in two columns and which are generated by writing, optically or electronically;
(g) a transparent cover for the display area under which cover a two-column board for displaying words is located permanently or interchangeably;
(h) push-buttons or touch-screen fields which are located in a column corresponding to the word columns, being consecutively actuated by the person to be authenticated according to the matching scheme of the words, such that each actuation releases a predetermined basic number for the calculations in the authentication device;
(i) inscription of any combination of the numbers 0 to 9 and letters on the buttons or fields;
(j) electronic functions implementing all or part of the following processes:
(1) attribution of one or more basic numbers to each button or field, subsequent basic numbers only being activated after the initially attributed basic numbers of all buttons or fields have been changed;
(2) display of the last calculated result number;
(3) calculation and display of a new result number based on the released basic numbers;
(4) generation of numbers by processes such as: actuating buttons or fields inscribed with numbers; by scrolling through a series of numbers in the display and stopping the scroll process when the desired number appears; and random number generation;
(5) attribution of numbers to the buttons or fields to serve as basic numbers, or to be stored as a secret code (PIN);
(6) generation of letters by actuating buttons or fields inscribed with letters;
(7) display of stored information after successful authentication; and
(8) locking of the following processes after invalid, unsuccessful or inadmissible attempts at authentication: actuation of the authentication device, display of words, display of numbers and letters, and change of the basic numbers attributed to the buttons or fields.
18. An authentication method according to claim 5, comprising one or more of the following:
(a) a casing like that of a small, flat electronic pocket calculator;
(b) an electronically active identity card having the format of a credit card;
(c) a display for displaying numbers and letters;
(d) a photovoltaic or galvanic energy supply;
(e) one or more buttons for switching on the authentication device and initiating additional functions;
(f) a display area for words which are arranged in two columns and which are generated by writing, optically or electronically;
(g) a transparent cover for the display area under which cover a two-column board for displaying words is located permanently or interchangeably;
(h) push-buttons or touch-screen fields which are located in a column corresponding to the word columns, being consecutively actuated by the person to be authenticated according to the matching scheme of the words, such that each actuation releases a predetermined basic number for the calculations in the authentication device;
(i) inscription of any combination of the numbers 0 to 9 and letters on the buttons or fields;
(j) electronic functions implementing all or part of the following processes:
(1) attribution of one or more basic numbers to each button or field, subsequent basic numbers only being activated after the initially attributed basic numbers of all buttons or fields have been changed;
(2) display of the last calculated result number;
(3) calculation and display of a new result number based on the released basic numbers;
(4) generation of numbers by processes such as: actuating buttons or fields inscribed with numbers; by scrolling through a series of numbers in the display and stopping the scroll process when the desired number appears; and random number generation;
(5) attribution of numbers to the buttons or fields to serve as basic numbers, or to be stored as a secret code (PIN);
(6) generation of letters by actuating buttons or fields inscribed with letters;
(7) display of stored information after successful authentication; and
(8) locking of the following processes after invalid, unsuccessful or inadmissible attempts at authentication: actuation of the authentication device, display of words, display of numbers and letters, and change of the basic numbers attributed to the buttons or fields.
19. An authentication method according to claim 12, comprising one or more of the following:
(a) a casing like that of a small, flat electronic pocket calculator;
(b) an electronically active identity card having the format of a credit card;
(c) a display for displaying numbers and letters;
(d) a photovoltaic or galvanic energy supply;
(e) one or more buttons for switching on the authentication device and initiating additional functions;
(f) a display area for words which are arranged in two columns and which are generated by writing, optically or electronically;
(g) a transparent cover for the display area under which cover a two-column board for displaying words is located permanently or interchangeably;
(h) push-buttons or touch-screen fields which are located in a column corresponding to the word columns, being consecutively actuated by the person to be authenticated according to the matching scheme of the words, such that each actuation releases a predetermined basic number for the calculations in the authentication device;
(i) inscription of any combination of the numbers 0 to 9 and letters on the buttons or fields;
(j) electronic functions implementing all or part of the following processes:
(1) attribution of one or more basic numbers to each button or field, subsequent basic numbers only being activated after the initially attributed basic numbers of all buttons or fields have been changed;
(2) display of the last calculated result number;
(3) calculation and display of a new result number based on the released basic numbers;
(4) generation of numbers by processes such as: actuating buttons or fields inscribed with numbers; by scrolling through a series of numbers in the display and stopping the scroll process when the desired number appears; and random number generation;
(5) attribution of numbers to the buttons or fields to serve as basic numbers, or to be stored as a secret code (PIN);
(6) generation of letters by actuating buttons or fields inscribed with letters;
(7) display of stored information after successful authenication; and
(8) locking of the following processes after invalid, unsuccessful or inadmissible attempts at authentication: actuation of the authentication device, display of words, display of numbers and letters, and change of the basic numbers attributed to the buttons or fields.
20. An authentication method according to claim 13, comprising one or more of the following:
(a) a casing like that of a small, flat electronic pocket calculator;
(b) an electronically active identity card having the format of a credit card;
(c) a display for displaying numbers and letters;
(d) a photovoltaic or galvanic energy supply;
(e) one or more buttons for switching on the authentication device and initiating additional functions;
(f) a display area for words which are arranged in two columns and which are generated by writing, optically or electronically;
(g) a transparent cover for the display area under which cover a two-column board for displaying words is located permanently or interchangeably;
(h) push-buttons or touch-screen fields which are located in a column corresponding to the word columns, being consecutively actuated by the person to be authenticated according to the matching scheme of the words, such that each actuation releases a predetermined basic number for the calculations in the authentication device;
(i) inscription of any combination of the numbers 0 to 9 and letters on the buttons or fields;
(j) electronic functions implementing all or part of the following processes:
(1) attribution of one or more basic numbers to each button or field, subsequent basic numbers only being activated after the initially attributed basic numbers of all buttons or fields have been changed;
(2) display of the last calculated result number;
(3) calculation and display of a new result number based on the released basic numbers;
(4) generation of numbers by processes such as: actuating buttons or fields inscribed with numbers; by scrolling through a series of numbers in the display and stopping the scroll process when the desired number appears; and random number generation;
(5) attribution of numbers to the buttons or fields to serve as basic numbers, or to be stored as a secret code (PIN);
(6) generation of letters by actuating buttons or fields inscribed with letters;
(7) display of stored information after successful authentication; and
(8) locking of the following processes after invalid, unsuccessful or inadmissible attempts at authentication: actuation of the authentication device, display of words, display of numbers and letters, and change of the basic numbers attributed to the buttons or fields.
21. An authentication method according to claim 14, comprising one or more of the following:
(a) a casing like that of a small, flat electronic pocket calculator;
(b) an electronically active identity card having the format of a credit card;
(c) a display for displaying numbers and letters;
(d) a photovoltaic or galvanic energy supply;
(e) one or more buttons for switching on the authentication device and initiating additional functions;
(f) a display area for words which are arranged in two columns and which are generated by writing, optically or electronically;
(g) a transparent cover for the display area under which cover a two-column board for displaying words is located permanently or interchangeably;
(h) push-buttons or touch-screen fields which are located in a column corresponding to the word columns, being consecutively actuated by the person to be authenticated according to the matching scheme of the words, such that each actuation releases a predetermined basic number for the calculations in the authentication device;
(i) inscription of any combination of the numbers 0 to 9 and letters on the buttons or fields;
(j) electronic functions implementing all or part of the following processes:
(1) attribution of one or more button numbers to each button or field, subsequent basic numbers only being activated after the initially attributed basic numbers of all buttons or fields have been changed;
(2) display of the last calculated result number;
(3) calculation and display of a new result number based on the released basic numbers;
(4) generation of numbers by processes such as: actuating buttons or fields inscribed with numbers; by scrolling through a series of numbers in the display and stopping the scroll process when the desired number appears; and random number generation;
(5) attribution of numbers to the buttons or fields to serve as basic numbers, or to be stored as a secret code (PIN);
(6) generation of letters by actuating buttons or fields inscribed with letters;
(7) display of stored information after successful authentication; and
(8) locking of the following processes after invalid, unsuccessful or inadmissible attempts at authentication: actuation of the authentication device, display of words, display of numbers and letters, and change of the basic numbers attributed to the buttons or fields.
22. An authentication method according to claim 2, comprising one or more of the following:
(a) a subsequent PSPI element is only emitted after processing of the preceding PSPI has been completed;
(b) an actuator is activated automatically or by an externally applied signal, after successful authentication;
(c) renewed authentication processes are initiated automatically or by external action on the authentication device on the basis of other PSPI, after certain intervals; and
(d) stored PSPI are partially or wholly replaceable or reproducible, subject to security measures.
23. An authentication method according to claim 2 wherein all the essential device components are assembled in a single miniaturized unit like an electronic key, the casing of which comprises:
(a) a display for displaying the PSPI elements,
(b) a button for calling-up, verifying or falsifying, and cancelling text on the display, and
(c) a docking area for the transmission of a signal from the unit for a period of time after a successful authentication.
24. An authentication method according to claim 2 wherein, for the purposes of authentication by a telecommunication link the display and device for entering PSPI complements 1 is situated at a site S1 of a person P1, and is connected via a telecommunication link with the display and device for entering PSPI complements 2 of a person P2 at a site S2, the person P2 entering the identify card of person P1 and for inverse authentication, the person P1 entering the identity card of person P2.
25. An authentication method according to claim 2, comprising one or more of the following:
(a) the PSPI of a plurality of persons are entered and stored in a central data bank, from where they are transmitted without their PSPI complements, for authentication and on demand of the person to be authenticated or during certain time periods, to a decentralised control and one or more remotely operated stations, each equipped with a display and entering means for the PSPI complements; and
(b) additional PSPI are available on individual identity cards in addition to the PSPI stored in the central data bank, authentication being implemented at the decentralised stations on the basis of both stores of PSPI.
Description
BACKGROUND OF THE INVENTION
1. Field of the Invention
The purpose of this invention is to provide an easily implementable method for authenticating a person's identity, which method is viable, falsification-proof and easy to apply.
2. State of the Art
There are essentially two known types of authentication method: the first type consists of equipping the person to be authenticated with a characteristic not specific to that person, for instance with a password, a microchip-card or a coded key. This characteristic is verified for authenticity by comparison with an identical or matching counterpart, checking for identity or for matching quality (lock and key system). For instance, anti-theft devices on cars can be disabled with a key containing a microchip, which exchanges a modified code with the motor control device after each use, as soon as the key is introduced into the ignition. only if the key and car ignition match, can the car be started. The disadvantage of this first type of authentication method is that third parties may acquire the person non-specific characteristic illicitly in order to take on a false identity without being detected. The need to memorize numbers or passwords as a characteristic is often not convenient because of human forgetfulness. Furthermore, third parties could get knowledge of these numbers and passwords during an authentication process.
The second type of authentication method relies on the principle of storing certain person-specific characteristics at a place remote from the person concerned. The proof of authenticity is made by comparison of the original characteristic with the stored counterpart. In the case of biometrical authentication methods, certain physical features, such as hand-geometry, finger-prints, photographs or physiological features (for example speech samples), may be used as person-specific characteristics. Biometrical methods are complicated, partially susceptible to falsification, and are often perceived as embarrassing by the persons concerned.
In the case of psychometrical authentication methods, certain psychological features, such as mental reactions or capacities, have been proposed as person-specific characteristics. For instance: character-traits, business and private projects, interests and opinions; a list of questions and answers; solution of one or more dexterity tasks; pattern recognition; or word association tests. These proposals are not practical or would suffer most of the drawbacks of password protocol: risk of mistaken responses, need for cryptographical protection of responses, repetitive guessing of responses by a persistent intruder.
The present state of the art is described in the following patent applications, patents or other documents:
PCT/US93/05357 (WO 93/24906): One or more questions from a list of questions stored on a card are displayed to a computer user. The user's responses are saved and compared with the correct answers stored on a card. Computer access is allowed if at least one user response matches a corresponding correct answer.
PCT/KR92/00056 (WO 93/09621): An electronic identification system consists firstly of a portable device, which is activated after entering a password, possibly in connection with the number of a car licence plate, an account or identity card number, and secondly of an automatically responding control station. For the purpose of user authentication or for creating a certain physical effect, signals and data trains which are verified in both units are exchanged by wireless transmission. In one arrangement, the input device is equipped with only four buttons, two of which serve for scrolling forwards or backwards through characters appearing on a display, a third one for marking certain characters, and a fourth one for correcting wrong markings.
DE-A-4 220 971: For the purpose of an identity check, the finger-print of a person is photographically registered, transformed electronically and stored, and used as an identification characteristic.
DE-A-4 125 870: Identification data of humans or animals are attached to a tooth in the form of an active medium, so that these data can be recognized in a non-destructive way at a later check-up.
DE-A-4 107 042: A tubule is incorporated in a living creature, for implantation of information-carriers by which the living creature can be identified.
DE-A-4 039 646: In the case of a biological object, measured values--for instance the electrical activity of brain or muscle--are recorded and compared with existing patterns of measured values. Start or cancellation of a process are related to the result of this comparison.
DE-A-4 036 025: Finger-prints are recognized with the help of a hologram.
DE-B-4 009 051: A characteristic temperature distribution of the face is used as a biometrical identification feature. The possibility of using person-related parameters, such as voice-specific features (the spoken word), height, shoe-size, the dynamic pressure path of movements, or the structure of the blood-vessels of the retina, as identification characteristics is mentioned.
DE-B-4 008 971: The user of a data-station is authenticated by passwords and random numbers via a one-way function.
DE-A-4 005 448: To search for a partner, personal data of a person, such as character-traits, business and private projects, interests and opinions, are stored in a station belonging to that person, then transmitted to an analogous station of a potential partner, then compared with corresponding data of that potential partner which he/she may have re-transmitted, and then evaluated with regard to the degree of conformity.
DE-A-3 943 097: Biometrically measurable data, for instance eye prints or finger-prints, are used as a key to accessing stored medical data.
DE-A-3 834 048 and DE-A-3 834 046: The finger-print of a person or an x-ray image of the finger-bone outline is used for optoelectronic identification of a person. The possibility of using additional measured values for identification, such as the form or outline of a nail, or of solving test problems, are also mentioned.
DE-B-3 827 172: Data are identified by transforming an input datum into an output datum--depending on preceding indications--according to the principle of transforming associated items of data, in which special branching patterns are applied. Data of any kind can serve as the basis for identification, for instance completely unknown, inaccessible, non-reproducible random data. The possibility of mutually exchanging data series between a data-carrier and a control station according to the challenge-response principle and of comparing those series with corresponding stored information series for the purposes of identifying persons, is mentioned, whereby the control station will emit a "good"-signal if the comparison is positive. Furthermore, a portable memory is mentioned, into which a personal secret identity number, an account number and other personal data are entered at the time of delivery to the owner.
DE-A-3 301 629: In an office telephone system, data are generated sequentially for each participant by a special switchboard; in order to identify a calling participant, such data contain information about the participant's address, number and the category to which he/she is assigned.
DE-A-2 846 974: A person is characterized by the solution of one or more dexterity tasks.
DE-A-2 254 597: Persons are identified by the following process: parts of the body having a characteristic curvature are recorded, stored in the form of a curvature graph, and evaluated with a data processing device.
DE-A-2 224 667: A key has a recognition register with several indicia-bearing elements; the latter can be placed independently in two positions, each of which carries indicia. According to the combination of the indicia-bearing elements, different patterns of indicia are generated, one of them corresponding to a pattern of the key arrangement which is only known by the key-owner and which permits unlocking.
DE-AS 1 762 669: In the case of data transmission, after establishing connection, the calling participant transmits two different characteristic qualifying signals, of which the second one is a coding of the first one. The other participant decodes the second signal and compares it with the first signal before the connection becomes operative.
DE-AS 1 195 057 and DE-AS 1 084 036: For the purposes of comparing persons, certain features of the face or of the entire body are measured or recorded, for instance the form of the ears, limit points of the temples, location of the pupils or of the nose tip, the middle line of the lips, the chin, particular wrinkles, cicatrices, birth-marks or warts. The use of poroscopy of finger- and palm-prints is also mentioned.
DE-B-683 233: In the field of pattern recognition applications, the distance between two particular points of an object, for instance of a hand-writing sample or of a body feature, is opto-electronically compared with the corresponding distance of a pre-existing pattern.
EP-A-0 573 245: In order to check the integrity of messages in a communication network between a plurality of participants, a so-called "authenticator" is assigned to each transmitted message, the authenticator being a code which is calculated in the emitting station from the entire information. In the receiving station, a comparison code is calculated from the received entire information with the same algorithm. Only when both codes are the same, is there certainty that the message was transmitted intact. Authentication of participants is achieved using secret and non-secret keys, and by different encoding functions and transmission steps.
EP-A-0 548 967: In the context of a data exchange system, mutual authentication is started by checking a personal characteristic, e.g. a codeword, entered by the user, after exhibition of an encoded dataword stored in the system which is only known by the user and which can be modified by him/her.
EP-A-0 532 227: In order to create secure connections within a cellular mobile telephone network, authentication signals are generated by a key-code which is conferred upon the user by the network operator and may be changed later on.
EP-A-0 522 473: Transmissions are generated between a person to be authenticated and a central authentication means, by exchange of certain secret and non-secret data in a communication network, as well as by exchange of questions and answers which result therefrom (challenge-response principle), which are transferred in doubtful cases to an arbitration means for renewed screening of the user's qualification.
EP-A-0 466 146: In order to guarantee that certain texts can only be read by persons who are qualified to do so, these texts or parts of them are composed of encoded signs which are stored in a memory and which can be decoded by the methods disclosed herein.
EP-B-0 441 774: An authentication card has several separate zones, one of which is dedicated to permanent storage in encoded form of a person-specific characteristic, for instance of individual features, such as finger- or foot-prints, signatures, etc., with the addition or subtraction of certain partial elements. The other zones are intended for temporary storage of the same characteristic without the additions or subtractions, for instance after taking a print of a finger or a foot, or by means of a scanning process during authentication. An automatic comparison of both characteristics is implemented in a card reader, after reconstitution of the image of the permanently stored characteristic using a code entered by the authorized user.
EP-A-0 382 410: In order to memorize and retrieve a password, its owner inserts the characters of this password into a plurality of alphanumeric texts according to a self-chosen pattern, in such a way that he/she alone is able to retrieve these characters with the help of the memorized pattern.
EP-B-0 085 680: A data-carrier, preferably a personal identity card, containing data about the owner, the issuing organization, account numbers, etc., is introduced into a reading device to transmit a release signal. For the purposes of additional authentication, the finger-tip of the owner is scanned by a sensor, recorded as papillary-line information, and compared with a counterpart already stored in the reading device.
EP-A-0 082 304: A person is identified by voice-recognition from of a characteristic sequence of voice features emitted during the utterance of a key-word, as well as by face recognition, e.g. by recognition of a specific part of it.
EP-A-0 034 755: An authorizing pattern consisting of characters and changeable by its owner is stored in encoded form in the recognition field of an identity card. This pattern generates a protocol during the reading of the card which has to coincide with an authenticity protocol for successful authentication.
EP-B-0 029 894: A key electronically imbedded in a personal identity card, which key is unchangeable and unrecognizable, is compared with a key in the possession of the person to be authenticated. The possibility of using signatures or dynamic signals during signature, as well as voice-records or finger-prints, as person-specific characteristics for authentication is mentioned.
EP-B-0 007 002: For the purposes of user authentication and for transmissions between a data station and a control unit, the former receives, combines, encodes and retransmits in a modified form certain user messages, and the latter receives these modified messages for comparison with stored information.
EP-A-0 006 419: Parts of the signature of a person are cryptographically recorded via certain keys, and decoded and verified for authentication.
GB-A-2 112 190: A combination of particular questions and their answers is used as information connecting a card to an original owner of the card. Questions and answers are selected by the original owner and registered in advance. The questions are displayed at the time of input of the card, and the user is asked to make answers to the displayed questions. These answers have to coincide with the registered counterparts.
GB-A-2 058 417: A code word is made up of a certain number of signs or symbols, which together with a number of other signs are presented to the user at least once, who makes his selection of the number of offered signs one after the other using a control part, the signs of the selection made being in agreement with his code word or parts of it.
Computers & Security, vol. 6, no. 6, 1987, Amsterdam NL, pages 464-470, XP 0000 50578, SMITH Sidney L. "Authenticating users by word association": User identity could be verified by a word association test. A new user is asked to provide the computer with a list of 20 cues (words or phrases) along with a response that the user associates with each cue. The computer stores these cue-response associations safely away. On subsequent access attempts, the computer selects a cue at random and challenges the candidate user to give the stored response, repeating that process as necessary to confirm the user's claimed identity. Depending upon an assessment of risk, a user might be required to give one response or several. Responses could be single words, such as surnames, first names of people, and place names.
SUMMARY OF THE INVENTION
The task of the present invention, i.e. to provide an easily implementable method for authenticating a person's identity, which method is viable, falsification-proof and easy to apply, is achieved by the authentication methods defined in the claims. In this context, associated ideas in the form of images, symbols, text or sounds, which are ideas based on the individual knowledge and experiences of a person, which are sufficient for the identification of that person and which consist of associated elements or of a principal part and a complement, are defined according to an appropriate terminology as person-specific psychometrical information, abbreviated as PSPI.
BRIEF DESCRIPTION OF THE DRAWING
FIG. 1 illustrates a system of operation in accordance with an example of the embodiment;
FIG. 2 shows the integration of an ASIC into a casing of FIG. 1;
FIG. 3 shows a miniaturized authentication card used in the embodiments;
FIG. 4 illustrates an exemplary embodiment of an authentication matrix;
FIG. 5 illustrates a static pin card used in the embodiments;
FIG. 6 shows a secret card of the embodiments;
FIG. 7 illustrates data organization in an exemplary embodiment;
FIG. 8 shows a personalized electronic key of the embodiments;
FIG. 9 shows an identity card of the embodiments;
FIG. 10 illustrates data organization for an exemplary embodiment;
FIG. 11A shows an authenticating device displaying names to be matched;
FIG. 11B shows an authenticating device of a question-and-answer type;
FIGS. 12A and 12B show an additional authenticating device and an associated terminal used in the embodiments; and
FIG. 13 shows a pocket authenticating device for telephone authentication.
DETAILED DESCRIPTION OF THE INVENTION
Every human being is unique because of his or her own life, that is to say his or her own experiences and knowledge. Everybody is able to form thousands of original associations which cannot be produced by another person. Specific psychometrical experiments have shown that experiences, if they are remote in time, can be remembered particularly well if they are adapted to human thought patterns, and closely connected with persons, places, times and quantities.
Contrary to authentication methods where third parties try to demonstrate the identity of a certain person, the method according to the invention is methodically a self-identification, that is to say a method where the person concerned himself/herself demonstrates in the face of third parties that he/she is really a certain human being. Well-known didactic methods, such as "interactive learning" by computer, or "multiple-choice" tests, are completely alien to the method of the invention. Those methods rely on the principle that the learner or examinee has to reproduce common knowledge and not just an individual's PSPI.
The authentication method according to the invention is distinguished from other proposals by the possibility of using a large quantity of PSPI as an identification characteristic, if it consists of a principal part and a complement. PSPI benefits from the fact that it can be expressed and treated as bipartite patterns (preferably as pairs of written or spoken texts), in a particularly easy, clear and compact manner, thus with minimum investment in information units.
Therefore, the method according to the invention can be realized in a particularly economical and secure way, in distinction to the other methods.
If the PSPI is submitted for the purpose of identification to the process steps defined in independent claim 1, joint storage of matching associated elements is not necessary. In this case, groups of associated elements normally belonging to a common category are stored separately. only during the authentication process is the complete PSPI formed from matching associated elements, and assembled into characteristic patterns. It is therefore not absolutely necessary to protect the associated elements of the same category which are stored as groups, from unauthorized access. This feature reduces investment in protection measures: there is no need for cryptographic protection of stored responses and no risk of repetitive guessing of responses by a persistent intruder.
A special type of PSPI, advantageous for certain authentication purposes, is defined in the claims: Short statements which can be apprehended at a glance (in particular those which are either true or false) are especially appropriate for representing the principal part of a PSPI, while a symbol for "true" or "false" represents the complement. For instance, such a statement could be:
Principal part of PSPI: "Village A is located in county B", PSPI complement: "false".
Contrary to other categories of PSPI, e.g. questions and answers, statements are especially simple, as only two different complements are possible, namely "true" or "false".
Such complements are amenable to being entered very easily into the system, for instance by pushing only one or two corresponding function buttons. Verification of one single statement is, however, not sufficient for safe authentication: The probability of an unauthorized person accidentally pushing the correct button is 50%. Therefore it is proposed to verify a series of different statements rather quickly one after another, and to divide the total quantity of all stored statements preferably into 50% true and 50% false ones. Thus the chance of unauthorized persons accidentally pushing the right complement buttons is minimized. For instance, if there are ten statements to be verified, the probability of an accidental authentication is only 1/2.sup.10 or 1/1024.
The authentication method according to the invention can be realized with existing simple and low-cost components. It has the potential of mass use in very different fields of application, such as:
Traffic technology: anti-theft devices;
Security technology: access control, equipment for surveillance and alarms;
Banking and trade: telebanking, electronic cash, personalized bank cards, productivity enhancement in the fields of check control and direct debit processes;
Communication and information technologies: authentication of participants;
Registration services: falsification-proof identity cards;
Cryptography: secret keys, notebooks, PIN-cards.
Particularly appropriate embodiments of the authentication method are described in the claims.
The claims define different characteristic matching schemes and arrangements of PSPI which consist of a plurality of associations of the type Ax-Bx-Cx, etc. These schemes and arrangements can be used as authentication criteria to be easily checked. In particular, it is advantageous to arrange the associated elements in the form of a matrix or of columns, and to attribute to them numbers (called "basic" numbers) BZ, from which for every arrangement A, a characteristic result number EZ can be calculated. The latter is, mathematically speaking, a function of all the basic numbers BZ and of their arrangement A:
EZ=EZ(BZ.sub.1, BZ.sub.2. . . BZ.sub.n, A)
The function EZ can be defined by most different algorithms, for instance by:
EZ=Sum of all (I.sub.x).sup.2
I.sub.x =BZ.sub.x .multidot.BZ.sub.x+1 .multidot.BZ.sub.x+2
The basic numbers BZ are advantageously integers, and the function is preferably defined by an algorithm which delivers as result number EZ an integer having many digits. Further criteria for the choice of an appropriate algorithm are the following ones: easy implementation of the calculation, easy programming, and, finally, the impossibility of calculating the inverse function with only a limited investment of calculation and time.
The claims define convenient technologies, system components and functional processes for realizing the authentication method. If a large number of persons has to be authenticated, it is advantageous to supply each of them with an individual identity card, on which are stored the surnames and first names of people who are in the first instance only known by the owner of the identity card himself/herself, as well as basic numbers attributed to these names, and the corresponding result number. The matching of the surnames and first names is advantageously performed by means of an authentication device with touch-screen, into which identity cards can be inserted. A complementary authentication on the basis of other personal characteristics can be performed in addition.
The claims define a "tele-authentication" method with a pocket-sized authentication device which allows authentication by telephone. A simple and falsification-proof teleauthentication can be implemented by: calculating an original result number and a new result number from a modified set of basic numbers, transmitting the original and new result numbers and basic numbers, and comparing the new result number with another one which is produced in a data processing device. The pocket authentication device is also suitable for all kinds of on-the-spot authentication, for storing secret codes and PINs or other personal data in an undecodable manner.
The claims point to different advantageous security measures and processing facilities of the authentication method. For instance, it is possible to program the authentication process so that new acts of authentication with new PSPI are automatically initiated at irregular intervals. By these means, the presence of a certain person can be surveyed over longer time periods. It may also be convenient to exclude the possibility of authentication temporarily or indefinitely, by means of a time switch or an external signal. For certain applications, it is advantageous to update, replace or reproduce the stored PSPI, partially or wholely, whilst observing the necessary discretion. For design reasons, the devices for the storage and processing of the PSPI have often to be placed directly at the point of interaction with the person to be authenticated. The necessary miniaturization of these components is not difficult to attain, especially if intelligent chips are utilized: 200 statements in text form, each with about 25 characters, do not need more than 5 kB of memory. In the context of the invention's embodiments, an actuator is a device for the generation of a distinct mechanical, electrical, optical or other effect.
The subject of one claim is a miniaturized unit assembling all essential system components, having a very simple design and being easy to operate, which can be used as an electronic key in many fields of application.
The embodiment according to one claim allows mutual teleauthentication of two persons who have exchanged their respective identity cards.
Another claim defines another embodiment in which the PSPI of a plurality of persons is entered and stored in a central data bank, from where they are transmitted without their PSPI complements--for the purposes of authentication and if required or during certain time periods--to a decentralized control and one or more remotely operated stations having a display and an entering means for the PSPI complements. One advantage of this configuration is the fact that those to be authenticated do not need an identity card.
The principle of concentrating the PSPI of a plurality of persons in a central data bank can be combined with the principle of identity cards. Authentication relies in this case on two complementary stores of PSPI, the one stored in the card possibly being relatively small and interchangeable.
EXAMPLES
The invention and its embodiments are explained further in the light of the following examples and with particular reference to the attached FIGS. 1 to 13.
Example 1
Application of the authentication method to authorizing telecommunications
The task may be to exchange confidential data via fax between a person P1 at a site S1 and a person P2 at a site S2. Two preferably identical authentication devices, except for the stored PSPI, are placed at the sites S1 and S2. The device at S1 stores the PSPI of person P2, the one at S2 that of person P1. Both authentication devices may be connected via a digital communications network. Person P1 establishes contact with P2 by operating a signalling apparatus. The device at S2 transmits ten texts one by one from its memory to the device at S1, where P1 pushes the function button "true" or "false" after having checked each statement which appears on his/her display. After correctly identifying all statements as true or false, an actuator of the device at S2 signals the authenticity of person P1.
Hereupon, P2 initiates his/her authentication. This happens in the same manner as implemented by P1, except for the fact that it is no longer necessary to operate the signalling apparatus, because the connection is already established.
After P2 has correctly reacted to the ten statements, the mutual authentication is terminated, and the actuator of the device at S1 opens the connection for the exchange of faxes. The total authentication will be accomplished in about twenty seconds.
Example 2
Anti-theft device for cars
In recent years, car theft has become a big problem. Therefore it is becoming more and more common to install anti-theft devices or immobilizers in vehicles. Such devices simultaneously interrupt the starter, ignition system, injection or gasoline pump, and become automatically operative within about thirty seconds after locking the car. They can only be deactivated with a coded card or a coded key to start the vehicle. Professional car thieves are, however, not discouraged by such systems: simple bridging or disconnection of the cables renders these systems ineffective in a short time. On the other hand, traditional anti-theft devices are of no value in cases of car-jacking. The invention's embodiment redresses that situation.
The example concerns an automobile with two miniaturized memory-units which are addressed from the same terminal. The first memory-unit M1 may be mounted on the gasoline pump, the second one M2 in the upper part of the vehicle body. The terminal T may be incorporated in the dashboard and connected with M1 and M2 via preferably multi-core cables. M1 may directly affect the pump by means of an actuator, thus without intermediary electrical circuitry which could be short-circuited. In the locking position, the actuator keeps the pump deactivated, the pump drive turned off, and the gasoline supply interrupted. In the operational position, the actuator keeps the gasoline pump in operation. M2 may act directly, or likewise by means of an actuator, on a highly visible and obtrusive signal, for instance a metal arm which, in the locking position of the actuator, is embedded in the vehicle body, so that it cannot be seen from the outside. In the operational position, the metal arm is directed upwards. In the locking position, the metal arm deactivates the vehicle mechanically. It is convenient to attach an identification mark of the vehicle-owner to the arm in a clearly visible manner.
To start the vehicle, the driver has first to switch on the electrical supply of the car, in practice by a mechanical key system. By the same operation, the components M1, M2 and T are made operational. Next, the driver operates the signalling apparatus of T and thereby establishes contact to M1. M1 transmits ten stored statement-texts one by one to T, the display of which exhibits these statements. After the appearance of each single statement, the driver pushes either of the function buttons "true" or "false". If all the statements are correctly marked (which will take about ten seconds), M1 releases its actuator and with its help the gasoline supply. In a second step, contact with M2 is established, and the signalling arm is likewise put in operational mode. The entire system composed of M1, M2 and T is advantageously programmed in such a way that the actuators will return to their locking positions after the expiry of certain time intervals. Further operation of the vehicle is then only possible after a new authentication. The time intervals are preferably fixed by a device for the generation of unpredictable random series of control pulses. In order to ensure traffic safety, some time will elapse after each turning-off impulse, until the actuators return to their locking positions.
Example 3
Identity card with application-specific integrated circuit chip (abbreviated as ASIC)
According to FIG. 1, a relatively large quantity (e.g. 100) of PSPI statements is introduced (arrows 5), observing the necessary security measures, into the identity card 1 which has a one-chip microcomputer, and each PSPI statement is stored in it, with its complement "true" or "false". A memory volume of about 1 to 10 kB is needed for this storage. For mathematical reasons, an optimum is reached if half of the total number of the introduced PSPI statements is true, and the other half false. The internal structure of the card ensures that the stored PSPI cannot be copied without authorization.
The identity card can be put into an authentication device 2. By interaction between the two, a sufficient number of PSPI statements (e.g. ten) is randomly released without their complements one after another, preferably such that a subsequent PSPI statement appears only after complete processing of the previous one. It is, however, also possible to treat groups of PSPI statements simultaneously. The PSPI statements wit |