WO2000062458A2 - Procedes et dispositifs pour systeme de chiffrement a variation dynamique dependant de variables et leurs applications - Google Patents

Procedes et dispositifs pour systeme de chiffrement a variation dynamique dependant de variables et leurs applications Download PDF

Info

Publication number
WO2000062458A2
WO2000062458A2 PCT/KR2000/000363 KR0000363W WO0062458A2 WO 2000062458 A2 WO2000062458 A2 WO 2000062458A2 KR 0000363 W KR0000363 W KR 0000363W WO 0062458 A2 WO0062458 A2 WO 0062458A2
Authority
WO
WIPO (PCT)
Prior art keywords
clause
variable
password
data
elements
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/KR2000/000363
Other languages
English (en)
Other versions
WO2000062458A3 (fr
Inventor
Choonyeol Yu
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to AU41492/00A priority Critical patent/AU4149200A/en
Publication of WO2000062458A2 publication Critical patent/WO2000062458A2/fr
Anticipated expiration legal-status Critical
Publication of WO2000062458A3 publication Critical patent/WO2000062458A3/fr
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key

Definitions

  • OTP One Time Password
  • My dynamic password algorithm Korean patent application number: 10-1999-0013182 (filed on: '99. 4. 15), utilizes the characteristics of variables and makes the password changed according to the points in time or location so that the secrecy would be maintained, even if the password has been disclosed.
  • the problem with the dynamic password algorithm is that the algorithm set by the user can be ransacked after a user purchases certain products several times at the same on-line shopping mall, leaving considerable amount of data behind on a shopping mall server which is set to log all data the user puts in.
  • the means for user identification such as id uses this dynamically varying system and thereby it makes harder or impossible to grasp how the algorithm is structured at the shopping mall. None of the existing calculators have such function as inputting dynamic variables.
  • this invention stores data in the form of arithmetic functions reads in these data and calculates the arithmetic functions utilizing the dynamic variables and eventually have the calculation results displayed or put in automatically on the networks.
  • This invention is to have users set the password according to the algorithm of this invention, then encrypting the data entered as a password with the existing cryptographic encryption algorithm and finally reversely decrypting it.
  • This invention is to make a hardware lock systems such as a door lock utilizing the basis of this dynamic password algorithm.
  • Adapting the dynamic password onto the network can help in improving the demerits of public protocol.
  • the data were not received through the dynamic password algorithm agreed between hosts and were not decoded through NKXNetwork Interface Card), the data would be closed up eternally.
  • Such system should be adopted onto NIC.
  • This invention utilizes and selects the elements that vary according to the point in time. Needless to say, the elements would be all variable elements including the point in time, the point in location of payment/transaction being made, etc.
  • the time elements include year, month, day, the day of the week, hour, etc.
  • Location elements are distinguished by the nation, state, city, district, etc that are the basis of exact location of the payment/transaction (called 'variable elements' hereinafter). Usage of these elements enumerated above that continuously change, has great effect as it can prevent crimes.
  • variable elements As the elements to use are selected, in supplementing constant password or static password(hereinafter called 'constant elements') this invention uses arithmetic operation with addition, subtraction, and other variable computation elements' (hereinafter 'computation elements'). Variable elements are as follows.
  • Codes for Locations National codes, states, city, county, and district codes. Telephone code, zip code, file number of a computer, etc. (Examples: Korea, USA, Australia, of49, 012, 02, 0343)
  • the positions of the variable element and constant elements can be changed and the elements may be used more than once.
  • the constant password can be formed of numbers only.
  • the method of adding constant elements is by using operators of a computer language.
  • '.' is the string operator for interconnection between letters, words.
  • the inputted password means the actual password to be inputted.
  • the password changes according to time and utilizes the arithmetic operations and others and it makes it impossible to connect to the system using the same password again. It is safe even if the password has been disclosed on-line temporarily and the users are relieved of worries about password disclosure at shopping malls as the password changes at next time.
  • the weak point of this invention is that one can notice the formation of the password structure if 2 or more passwords were to be compared and analyzed. Therefore, a dummy digit is implemented in addition to complement such demerits. Namely, if the whole password consists of 8 digits, 4 digits would be of variable password, 2 digits of the constant password and the rest 2 digits of the dummy.
  • the dummy password has no meaning what so ever and only acts to prevent the algorithm from being analyzed. That is to say, 23 inputted today, ac tomorrow, 7b the day after tomorrow and so on. The computer ignores these dummy digits no matter what they are.
  • To set a password using this invention it requires separate processes of or structures for setting each of variables, constant elements and operations.
  • 1, 2, 3 and 4 in Fig. 1 are the keys for selecting the variable password element, 5 is for selecting the constant element and the dummy digit. 6 is the key that determines the number of digits of the password, key 7 is a key that changes variable elements into alphabets or Arabic numbers. Key 8 is a group of keys required to link the dynamic variable elements and constant elements through arithmetic operators (+ , -, *, /, etc), logic operators, string operators, etc.
  • This password generator includes keys of operator for arithmetic operations, logic operations and other operations as used in a computer language. To form such automatic password calculator/generator, the capability of the CPU has to be implemented.
  • Fig. 2 is a a flow chart depicting how the password is set.
  • Variable elements can be artificial elements let alone natural elements like time and location.
  • the server can provide the user with a certain type of message or combination of letters on a display monitor or transmit to a user, then the user thereby accordingly does performing some operations linking certain letters and/or inputting the result directly.
  • Arithmetic equation for dynamic password ranges from elementary calculations to various arithmetic theories such as differential calculus, integral calculus, etc. It can even be arranged so that the ⁇ -axis on the coordinates represents the time variable of the password, while the y-axis represents the real password resulted in calculation to be inputted.
  • This dynamic password system can be implemented on a network.
  • the hosts would set a password in advance using dynamic password system, and by reusing the dynamic password system, one of the hosts codifies and transmits data to the other host. Then, the host with the received data would decode and/or decrypt utilizing the dynamic password system according to the algorithm and/or decoding/decryption algorithm pre-defined and pre-set. For example, two hosts would set a specific password beforehand. The flowing data on the network, if not received by the host's NIC and acknowledged by it, would vanish normally. If it has been hacked, on the other hand, the data would remain constantly on a hacker's computer system and the hacker using this information would keep try hacking.
  • a hardware security device like door lock can be made consisting of CPU, screen display device, input unit, and data storing unit.
  • the Screen displaying device can be omitted and the input unit can be designed to input data remotely.
  • the fixed password for example, 1234 can be changed according to day of the week, date, hour to 1324, 1432, 3214.
  • This Invention applies to all kinds methods that are used in ciphering data, whether it is based on naturally changing elements or artificially changing elements of the variable.
  • This Invention uses the dynamic password algorithm in the same way onto IDs that are used in confirming the user. Namely, it uses the dynamic password algorithm in the means for identifying the user (hereinafter called 'id'), this invention uses a dynamically varying variables as an id. Such variables include the naturally changing elements and the artificially changing elements that I have mentioned so far. If the IDs were to be set with this algorithm, there is a possibility of having identical IDs coming out made up of same numbers or alphabets. This problem, however, complicates nothing if identical numbers are not generated in simulation that at the same point in time the timing variables are applied to many password algorithms.
  • the ways to prevent such ID collisions are : 1) Set regulations of making " 10 minutes" as the minimum timing variable.
  • the computer systems have to check by calculating and generating his/her ID and password with the algorithm and check if identical ones exist. Such calculation and checking doesn't have to be done as of present but can be performed in past point in time, for example, "1945 November 23 12:36:38". The calculation records are kept in a computer system and compare a new one with it to for check purpose.
  • This dynamic id as in the same as a dynamic password system, consists of a basic ID, dynamic variables and static constants and calculates the data of the real id to enter using arithmetical equations.
  • the user can carry a magnetic card in which the basic ID, the variables and the arithmetical equations are stored so that the result password or id can be automatically calculated and inputted.
  • Fig.l shows the basic block structure of this invention.
  • Fig.2 shows the flow chart illustration the process of dynamic password algorithm setting and calculations.
  • the input, output and calculating functions can be either all formed into a system or can be implemented into each of separate systems respectively so that it would be easier to use it carrying.
  • the existing password system has fixed static passwords so that once the password is disclosed, it requires changing. It is inconvenient that the staffs at banks and shops ask the clients about the credit card's passwords and sometimes have to cover up so that no one would see worrying exposures.
  • this invention utilizes an algorithm having data to enter such as a password, etc changed being varied, even though such a password is disclosed, if others, who caught the password number, not knowing the structure of the algorithm of a password, could't get passed in a banking server in different time and in different location. Accordingly, no need to worry about password disclosure.
  • the hardware solution contains the possible risks of stealth, copy or theft.
  • This invention has no such risks. If incorporated into a hardware system such as a smart card, it intensifies the security to a great extent.
  • the data value to enter can be generated easily using a password generator.
  • the password generator may be designed to get a transmission of resource data such as variable elements, etc remotely and automatically and generates a password to enter and finally transmits it to a server for entry.
  • This invention provides various password algorithm such in the form of existing fixed static password, of simple dynamic password algorithm set like 'month x hour' or of a dynamic password algorithm set precisely to the extent to nanosecond or further meeting users' various requirements. This expands the user coverage greatly and diversely.
  • This invention eliminates the dangers of password disclosure. It will help on-line purchases with credit cards.
  • the dynamic password system would improve the existing problems of hacking of open protocols such as TCP/IP, etc. This is the way to remove the defects of TCP/IP. Adopting such functions to network cards would result in a intensified network device. And the variable network elements would be not only natural elements such as time and location but also artificial elements. Namely, when connecting to a server, the server can provide the user with a certain type of message or combination of letters on a display monitor or transmit to a user, and then the user thereby accordingly does performing some operations linking certain letters and/or inputting the result directly.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)

Abstract

La fréquence des transactions commerciales ou activités analogues sur des systèmes en réseau est en progression constante, telles que les transactions avec cartes de crédit, connexions à des systèmes informatiques bancaires, utilisation de distributeurs automatiques, etc. A cet effet, l'invention concerne un système d'algorithme de mot de passe utilisant régulièrement des éléments variables tels que l'heure, la date, le jour de la semaine, le mois, etc. qui changent continuellement, ainsi que d'autres types d'éléments, de sorte que le mot de passe change en fonction des éléments variables de temps et des autres éléments. De plus, par la mise en application d'éléments variables dynamiques liés à l'identité de l'utilisateur, l'invention permet d'éliminer l'utilisation abusive d'informations privées, telle l'identité, pouvant être interceptées par une personne sur Internet. Une personne qui intercepterait les données d'identité mais pas leur algorithme ne pourraient pas les utiliser, car le système d'ordinateur de serveur ne les accepte pas.
PCT/KR2000/000363 1999-04-14 2000-04-14 Procedes et dispositifs pour systeme de chiffrement a variation dynamique dependant de variables et leurs applications Ceased WO2000062458A2 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU41492/00A AU4149200A (en) 1999-04-14 2000-04-15 Methods and appliances for encryption system varying dynamically depending upon variables and its applications

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR1019990013182A KR20000066231A (ko) 1999-04-14 1999-04-14 시간, 장소에 따라 변하는 가변 암호 체계
KR1999/13182 1999-04-14

Publications (2)

Publication Number Publication Date
WO2000062458A2 true WO2000062458A2 (fr) 2000-10-19
WO2000062458A3 WO2000062458A3 (fr) 2007-10-25

Family

ID=19580008

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2000/000363 Ceased WO2000062458A2 (fr) 1999-04-14 2000-04-14 Procedes et dispositifs pour systeme de chiffrement a variation dynamique dependant de variables et leurs applications

Country Status (3)

Country Link
KR (1) KR20000066231A (fr)
AU (1) AU4149200A (fr)
WO (1) WO2000062458A2 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003014887A3 (fr) * 2001-08-09 2004-02-12 Activcard Inc Procede assurant un mot de passe dynamique
JP2012517139A (ja) * 2009-02-04 2012-07-26 データ セキュリティー システムズ ソリューションズ プライヴェート リミテッド 静的パスワードシステムの2ファクタ認証になる変換
US9838385B2 (en) 2015-06-30 2017-12-05 International Business Machines Corporation Password generation based on dynamic factors
CN112134696A (zh) * 2020-08-21 2020-12-25 杭州海兴电力科技股份有限公司 一种电能表动态密码生成、通讯方法及其通讯系统

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6990586B1 (en) * 2000-06-02 2006-01-24 International Business Machines Corp. Secure data transmission from unsecured input environments
KR20010071652A (ko) * 2001-06-25 2001-07-31 이영길 보안형 변동비밀번호 사용 장치
US7899753B1 (en) 2002-03-25 2011-03-01 Jpmorgan Chase Bank, N.A Systems and methods for time variable financial authentication

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0763160B2 (ja) * 1985-05-15 1995-07-05 富士通株式会社 暗号鍵配送方式
FR2613861B1 (fr) * 1987-04-10 1990-11-30 Pailles Jean Claude Procede et controleur pour cryptographier un message selon un algorithme a cle publique
US4995081A (en) * 1988-03-21 1991-02-19 Leighton Frank T Method and system for personal identification using proofs of legitimacy
US5054067A (en) * 1990-02-21 1991-10-01 General Instrument Corporation Block-cipher cryptographic device based upon a pseudorandom nonlinear sequence generator
KR100190157B1 (ko) * 1996-04-30 1999-06-01 니시무로 타이죠 암호화 장치 및 암호화 방법
GB2325123A (en) * 1997-05-08 1998-11-11 Ibm Data encryption/decryption using random numbers
KR20000030808A (ko) * 2000-03-17 2000-06-05 오세호 통신과정의 신분 확인 방법

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003014887A3 (fr) * 2001-08-09 2004-02-12 Activcard Inc Procede assurant un mot de passe dynamique
US7093282B2 (en) 2001-08-09 2006-08-15 Hillhouse Robert D Method for supporting dynamic password
JP2012517139A (ja) * 2009-02-04 2012-07-26 データ セキュリティー システムズ ソリューションズ プライヴェート リミテッド 静的パスワードシステムの2ファクタ認証になる変換
US9838385B2 (en) 2015-06-30 2017-12-05 International Business Machines Corporation Password generation based on dynamic factors
CN112134696A (zh) * 2020-08-21 2020-12-25 杭州海兴电力科技股份有限公司 一种电能表动态密码生成、通讯方法及其通讯系统

Also Published As

Publication number Publication date
AU4149200A (en) 2000-11-14
WO2000062458A3 (fr) 2007-10-25
KR20000066231A (ko) 2000-11-15

Similar Documents

Publication Publication Date Title
TW384593B (en) Method and apparatus for user authentication
US10089627B2 (en) Cryptographic authentication and identification method using real-time encryption
US7149899B2 (en) Establishing a secure channel with a human user
US9258296B2 (en) System and method for generating a strong multi factor personalized server key from a simple user password
US20180144114A1 (en) Securing Blockchain Transactions Against Cyberattacks
US8997177B2 (en) Graphical encryption and display of codes and text
US20180308097A1 (en) Bankcard Password Protection Method and System
CN103905188B (zh) 利用智能密钥设备生成动态口令的方法和智能密钥设备
CN103390124A (zh) 安全输入和处理口令的设备、系统和方法
WO2007092577A2 (fr) Systèmes conçus pour effectuer des transactions au niveau d'un terminal de point de vente au moyen d'identificateurs en mutation
US20110295753A1 (en) Pin protection for portable payment devices
CN100459495C (zh) 一种公开加密方式的口令动态加密输入方法
CN106911722B (zh) 一种智能密码签名身份鉴别双向认证方法及系统
CN101335754A (zh) 一种利用远程服务器进行信息验证的方法
Cobb Cryptography for dummies
WO2000062458A2 (fr) Procedes et dispositifs pour systeme de chiffrement a variation dynamique dependant de variables et leurs applications
Alese et al. Multilevel authentication system for stemming crime in online banking
KR20010053920A (ko) 변수에 따라 변하는 가변 암호 체계
CN110689351A (zh) 金融服务验证系统及金融服务验证方法
JPH04118777A (ja) Icカードによる電子署名方法
CN107889102A (zh) 一种短信中信息加解密的方法和装置
US20250158804A1 (en) Method for randomized data hybridized handshake wrapped around AES, or similar symmetric encryption allowing mutual secure exchange and generation of symmetric session keys, wherein sender, receiver and any command instructions are mutually and simultaneously authenticated, while only sending 100% randomized data, with the exception of a hashed or encrypted user ID
KR101062363B1 (ko) Otp를 이용한 사용자 정의 인증 시스템
EP3116159A1 (fr) Procédé et dispositif pour la transmission de données sécurisée
Siddiqui et al. Edge Computing and Cryptography for Securing Online Banking Transactions

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP