The present invention relates to systems and methods to perform authentication of a transaction between a requesting entity, in particular a customer, and an authenticating authority.
Since the ancient invention of money, problems of counterfeiting have existed. These problems have led to ever more sophisticated measures to make the injection of false tokens, representing value, from successfully being used in a transaction. When in much more recent times credit cards were introduced, such measures were incorporated. For example, in earlier times, only a check digit formed by a secret algorithm was used to validate card numbers, the number space being very sparsely occupied so that the chance of finding a valid card number was relatively low. Then thieves learned how to forge this digit. As a result secret cryptography-based codes were added to the cards and checked by the card issuer when charges to an account were made. These measures have been useful in reducing fraud until recently.
However, with the practice of merchants storing card numbers, including some of the codes, insecurely on the Internet, there have been enough thefts of these numbers so that fraud is becoming an increasingly difficult problem. Such fraud often occurs in cases where the cards are not physically present. Fraud is reduced somewhat where the card is physically present. That is, credit cards contain fraud avoidance devices like holograms which make counterfeiting of physical cards more difficult than counterfeiting numbers off the cards.
Further, rules designed to prohibit storing the secret codes have been ignored, even by large issuers and as a result a new way to prevent fraudulent card use for remote customers is becoming necessary. Smart cards using public key encryption have been introduced, but these have met with little acceptance, due to their need for gadgetry to read them, which is not widely available.
Known techniques in the area of time based codes reach back to ancient times, when the password of the day was common in military camps. The notion of using widely synchronized times to control functions dates at least to the philosophy of Gottfried Liebniz (coinventor of the calculus and a contemporary of Isaac Newton). During World War II, codebooks valid for a particular day were used by both sides. The use of time stamps in computer communication is almost as old as computing. An example of their use in authentication can be found in the Kerberos system (MIT, 1987). Financial transactions have been timestamped to avoid replay problems also.
However, known techniques fail to provide an approach to effectively use the advance of time as an effective authentication mechanism. The present invention addresses the above, as well as other problems, that are present in known techniques.