Identifier data, passwords or code words, referred to as ID in the remainder of this text, are being used for security purposes in electronic transactions wherein identification or authentication of the user is required. Examples of such transactions include those based on the use of credit cards. Another example is electronic banking. Yet another example is logging in into a company's data network from a remote location and via the Internet. Yet another usage is badge access to secure sites.
In general, the following scheme is implemented. The user has been assigned an ID. The ID has to be memorized or is encrypted on some token, e.g., a card with a magnetic strip or solid state memory, a CE device such as a cellphone, etc. In order to perform an operation or transaction involving this ID, it is required for the user to transmit the ID to a controlling computer (e.g., a bank computer, the computer of a telecom service provider, a security server, etc.). The computer then compares the transmitted ID with the code stored locally in order to make an authorization decision based on the match or mismatch.
There are some drawbacks involved in this practice. For example, the ID is usually constant (i.e., does not change with time) and can be intercepted during transmission, or the token that contains the ID can be stolen. The first disadvantage can be avoided by the use of onetime encrypt codes: a new value for the ID is calculated each time a new connection with a server is required. However, this solves only part of the security problem as it is still possible to crack the code or get the information from an independent source. After some time period of data collection it may be well possible to reverse engineer the required codes. The one-time encrypt code does not solve the problem of the token being lost or stolen.
The inventors propose to increase security level by means of distributing the calculation of a new value of the ID between the user's personal electronic devices. The server or computer that decides on authorization has a simulation running per individual user of the same personal devices to synchronize the ID's values. In this case, it is not enough to steal just one ID code card or credit card. Without the other devices or the user, the card is useless.
The invention relates to a method of enabling a person to use a unique ID. Multiple devices of a PAN of the user are enabled to calculate the ID in a manner distributed among the devices. The system that has to determine whether or not the user's ID is proper can do that by checking if the ID is in conformity with a simulation of the PAN run on a remote server. Alternatively, the various IDs generated by the PAN on different occasions each are representative of this particular user and correspond to an entry in a look-up table. Preferably, each respective one of the devices comprises a respective FSM. The respective FSM calculates per time step a value of a quantity according to a respective mathematical relationship. The respective mathematical relationship has as arguments, e.g., the value of the quantity calculated at a preceding time step by at least another one of the FSMs; and a respective history of values assumed by the quantity calculated by the respective FSM. The respective mathematical relationship is such that the quantity assumes a practically stochastic behavior.
An embodiment of the invention is, e.g., software for use on a personal device for enabling the device to accommodate an FSM and to communicate with another device for implementing the practically stochastic system.
Another embodiment is, e.g., a personal appliance for use in the PAN. The appliance accommodates an FSM and is able to communicate with another appliance in the PAN for implementing the practically stochastic system.
Yet another embodiment is a service for, e.g., a banking-, credit card-, conditional access- or another security system. The service determines whether a user is authorized to access the system. The service runs a simulation of a PAN of the user. This service could be delegated to a trusted party independent of the system to be secured, or could be an integral part of the system.
In a more specific example, the invention considers a distributed information processing system that comprises a cluster of interacting devices or appliances forming, e.g., a personal area network (PAN). The devices communicate preferably through a short-range, wireless protocol, e.g., Bluetooth. The cluster comprises, for example, a cellphone, a digital watch, a PDA, the key fob of the car keys, an electronic device embedded in an inconspicuous object such as a piece of jewelry or a pin, or even in a piece of clothing using wearable electronics, etc., etc. The set of devices is unique per individual user. The devices have finite state machines (FSM's) onboard. A (remote) control server runs a simulator of the cluster's FSM's. Each respective device's FSM calculates per time step a respective numerical value that depends on the values of the other devices' FSM's in the previous step, perhaps also on the respective device's internal state (e.g., based on the device's memory's and I/O message buffers' content), and on a history of the previous values. This mathematical relationship is chosen such that it causes the collection of FSM's to behave as a dynamic process that is considered, for practical purposes, a non-periodic stochastic process. The simulator does the same on the server. The results of the simulator and the devices' FSM's should be identical. Upon a match, the user is assumed to be authorized. Upon a mismatch, the user is assumed to be not-authorized, and an alert can be generated. The ID's value is, e.g., the current numerical value calculated by a specific one of the FSM's, or a combination of values from different FSMs, or a sequence of values, etc.
The security of the system resides in the facts that in order to be able to hack the system, the hacker needs to have a snapshot of the values of all FSM's at a certain step, to collect the values of the steps taken into account in the history, and to get into the internal states of each device. All these manipulations need to be performed in one time step, which makes it a complex computational task and practically impossible due to the distributed character of the system. Several security layers that can be applied individually or combined in order to increase protection, robustness and security of the system.
Set up of the system may depend on what devices or appliances the user takes with him/her in his/her PAN. An automatic controller could be used to initialize the server and/or the devices accordingly. For example, the control system can be used as disclosed in U.S. Ser. No. 09/823,141 filed Mar. 30, 2001 for Eugene Shteyn for TASK MANAGEMENT SYSTEM, in order to determine what the user takes with him/her.