Note : Les descriptions sont présentées dans la langue officielle dans laquelle elles ont été soumises.
CA 02416202 2003-O1-06
WO 02/05078 PCT/USO1/41049
1
METHOD AND APPARATUS FOR SECURE IDENTITY
AUTHENTICATION WITH AUDIBLE TONES
BACKGROUND
I. Field of the Invention
The present invention pertains generally to the field of electronic
security, and more particularly to the authentication of individuals through
audible tones.
II. Background
Access to the Internet and usage of electronic data systems have grown
steadily among the general public. Electronic commerce has been eagerly
embraced by both consumers and businesses due to the relative ease with
which one party can purchase or sell to another party without the inherent
complications involved with running a "bricks and mortar" establishment.
However, with the introduction of a system of communication wherein face-
to-face contact is eliminated or greatly reduced, opportunities for fraudulent
activity have increased. A stolen credit card in the hands of a wrong-doer can
eause damage to the credit rating of the named credit card holder and cause
damage for the credit card issuer who must absorb the loss resulting from
unauthorized purchases. In a worst-case scenario, a wrong-doer may actually
purloin a party's identity in order to exploit the credit-worthiness and
financial accounts of that party. Such an activity leaves the wronged party in
the untenable position of defending himself or herself against any criminal
activity perpetrated in his or her name, denying activities conducted at the
businesses of deceived creditors, or re-establishing a new identity with the
authorities.
In order to prevent unauthorized parties from intercepting private
information, various encryption schemes have been developed so that private
information transmitted between parties is concealed. However, the
concealment of private information is only one aspect of the security needed
CA 02416202 2003-O1-06
WO 02/05078 PCT/USO1/41049
2
to achieve a high level of consumer confidence in electronic commerce.
Another aspect is authentication.
Traditionally, signatures are placed on legal documents to identify the
parties involved in the subject matter of the documents and to show that the
parties are in formal agreement. With the advent of the electronic commerce,
some type of electronic signature is necessary to formalize the identification
of
the parties and the agreement between them. The United States government
recently enacted the "Electronic Signatures in Global and National Commerce
Act", HR 114, 105 Cong. (2000), to give such electronic signatures the same
force of law as a penned signature for certain legal contracts. However, the
actual implementation of a secure electronic signature has been left
unresolved by the U.S. government.
In the current state of the art, electronic authentication of an individual
can be performed by:
1. Authentication through knowledge, i.e., a password or a personal
identification number (PIN) entered into a machine;
2. Authentication through portable objects, i.e., a credit card, a police
badge, a SecurID token, or a proximity card; or
3. Authentication through personal characteristics, i.e., a fingerprint,
DNA, or a signature.
With the current reliance on electronic security measures, it is not
uncommon for an individual to carry multiple objects or to remember
multiple passwords. For example, an individual may perhaps need a PIN for
an ATM machine, a password to log on to a computer at work, a password to
access the Internet service provider at home, a proximity card to gain access
to a secure building, and a garage door opener to gain entry into a house.
Authentication through knowledge is thus problematic for individuals
who must remember multiple passwords or PINS, or for individuals with
poor memories. It is highly recommended that people do not write down
such information because it leaves a person vulnerable to the theft of the
passwords and PINS.
Authentication through portable objects and personal characteristics
can also be problematic for an average consumer because highly specialized
input devices are required to retrieve the authentication information. For
CA 02416202 2003-O1-06
WO 02/05078 PCT/USO1/41049
3
example, automatic teller machine (ATM) cards require an ATM, smartcards
require a smartcard reader, a voice ID would require a voice
encoder jdecoder, and a DNA sample would require a laboratory.
Hence, the current methods utilizing physical objects and personal
characteristics are inadequate for a person who must be authenticated
through a computer connection or across a telephone line. In addition,
remembering passwords and carrying multiple physical objects can be too
cumbersome. There is a present need to simplify the process of
authenticating an individual to multiple entities.
SUMMARY
The present invention pertains to an apparatus that can be used by an
individual to securely identify one's self to another party, wherein the
apparatus comprises: a processor; a storage element coupled to the processor,
wherein the storage element includes an instruction set executable by the
processor for generating a cryptographic signature; and a sound component
coupled to the processor, wherein the processor commands the sound
component to generate an audible tone associated with the eryptographic
signature.
In one aspect of an embodiment, multiple signatures using multiple
cryptographic keys can be either stored or generated by the storage element
and the processor.
In another aspect of an embodiment, the apparatus further comprises
an input element for bi-directional data transfers with other electronic
devices.
In another aspect of an embodiment, the apparatus further comprises a
user interface that can be used to supply an activation code.
3o BRIEF DESCRIPTION OF THE DRAWINGS
The features, objects, and advantages of the present invention will
become more apparent from the detailed description set forth below when
CA 02416202 2003-O1-06
WO 02/05078 PCT/USO1/41049
4
taken in conjunction with the drawings in which like reference characters
identify correspondingly throughout and wherein:
FIG. 1 is a block diagram of a physical implementation of an exemplary
embodiment;
FIG. 2 is a block diagram of an authentication procedure between an
individual and a database manager, wherein an exemplary embodiment is
used to authenticate the identity of the individual; and
FIG. 3 is a flow chart of an authentication method using the exemplary
embodiment.
DETAILED DESCRIPTION OF THE EXEMPLARY
EMBODIMENTS
FIG. 1 is an exemplary embodiment of a device 5 comprising a
processor 10, a storage element 20 coupled to the processor 10, and a sound
component 30 coupled to the processor 10, wherein the storage element 20 is
configured to store a set of cryptographic signatures and the processor 10 is
configured to control the generation of audible tones from the sound
component 30, wherein each audible tone is associated with a signature from
the set of cryptographic signatures. As is readily apparent to one skilled in
the art, the device 5 can be implemented in a small, portable size with the
use
of microprocessors, or application specific integrated circuits (ASICs), or
any
other logic capable of a control function. The storage element 20 can be any
memory device, such as a random access memory (RAM), flash memory, or a
disk storage medium. The sound component 30 can be implemented by any
mechanical or electronic sound generation device, such as a speaker, along
with an optional sound reception device, such as a microphone. The device 5,
which will be referred to hereinafter as a "token," can be carried and
activated
by an individual whenever some form of identification must be provided to
an entity requesting identity authentication.
One method for generating cryptographic signatures is public-key
cryptography. In a public-key cryptography scheme, a user has both a private
key and a public key for encrypting documents. The user encrypts a
CA 02416202 2003-O1-06
WO 02/05078 PCT/USO1/41049
communication with the user's private key and sends the encrypted
communication to a targeted party, who then decrypts the communication
with the user's public key. The fact that the targeted party was able to
decrypt the communication with the user's public key would be the electronic
5 signature that authenticates the communication as originating from the user.
It should be noted that the use of a public-key cryptography scheme is
illustrative only and the exemplary embodiments may incorporate other
signature-generating schemes.
It is an advantage in the exemplary embodiment that audible tones are
generated to uniquely represent the cryptographic signatures stored on or
generated by the token. Almost all desktop and laptop computers currently
integrate microphones into the computer system and almost all desktop and
laptop computers carry the capability to generate sounds. Hence, the
exemplary embodiment can be advantageously implemented to operate with
desktop and laptop computers running the appropriate software. Other
electronic devices, including, but not limited to, personal data assistants
(PDAs), mobile phones, and pagers can also be used with the exemplary
embodiment with a proper I/O add-on or software upgrade. In addition, the
exemplary embodiment can be used with any communication system that is
capable of carrying audible tones. Examples include, but are not limited to
telephone networks, building intercom systems, and radio communication
networks. Hence, an individual can use the exemplary embodiment to
identify himself or herself directly in a face-to-face transaction or
indirectly
through an acoustic communication medium.
FIG. 2 is a block diagram of a basic authentication system between an
individual and a database manager, wherein a token is used to authenticate
the identity of the individual in accordance with one embodiment. A first
party 100 intends to access information protected by a database manager 103.
The first party 100 holds a token 101 up to a microphone (not shown) coupled
to a computer 102, wherein the computer 102 is in communication with the
database manager 103. The token 101 generates audible tones to the
computer 102, which then transmits the tones, or the cryptographic signature
represented by the tones, to the database manager 103. The database manager
103 verifies the first party's identity by retrieving authentication
information
CA 02416202 2003-O1-06
WO 02/05078 PCT/USO1/41049
6
from the database 104. The individual 100 can then proceed with a private
transaction. In an alternative embodiment, the freshness of a signature can be
ensured through a challenge/response procedure chosen by the database
manager 103, wherein the signature is generated in response to a challenge
from the database manager 103. In this embodiment, the sound component of
the token 101 comprises a sound generation element and a sound reception
element, so that the token 101 can detect audible tones from the speakers of
the computer 102.
It is another advantage of the exemplary embodiment that a token can
be programmed to carry multiple keys that would identify an individual to
multiple entities. For example, a token can be programmed to generate an
audible signature that would identify a token holder to a financial
institution
over a telephone line. The token can also be programmed to generate a
second audible signature that would identify a token holder to a computer
network over a microphone hooked up to a computer in the network. The
same token can be programmed to generate a third audible signature to a
proximity card reader in order to gain access to a secure building. In an
aspect of the embodiment, the audible signatures would be generated in
accordance with one or more cryptographic keys, wherein the private key
portions of the cryptographic keys remain secret within the token, and the
corresponding public key portions are used by any entity to verify the audible
signatures. One method of generating electronic signatures using private
keys and public keys is the Digital Signature Algorithm, promulgated in
Federal Information Processing Standard Publication 186-1.
In another exemplary embodiment, the token can further comprise
another form of input element, such as a parallel port, a serial port, or a
universal serial bus, so that the token can interact with another party
through
a medium other than audible sound. Various authentication protocols exist in
which both parties must exchange information in order to confirm the
identity of the opposite party. For example, a token can be programmed with
a public-key cryptographic scheme wherein an exchange of public keys must
be made.
CA 02416202 2003-O1-06
WO 02/05078 PCT/USO1/41049
7
Hence, the token can store predetermined cryptographic signatures in
the storage element, or the token can generate cryptographic signatures in
response to a signal from an external source.
In addition to various input elements, the exemplary embodiment may
also include an output element for communicating with electronic devices
more directly, rather than through sound generation. For example, the sound
component will be engaged for authentication functions, but an output
element can be engaged for data transfers, such as the backup of the
cryptographic signatures onto a personal computer or the exchange of public
key information.
In another embodiment, an activation requirement can be programmed
into a token, so that another party may not use the token fraudulently or
accidentally. In this embodiment, a user interface can be incorporated with
the token so that an activation check can be performed. Hence, a token will
not generate an authentication signature unless it receives confirmation as to
the identify of its user. It should be noted that the token may generate
audible tones as part of a protocol interaction even though the token may
ultimately refuse to generate an audible authentication signature.
Confirmation can come in the form of a PIN entered into a keypad.
Alternatively, confirmation can be determined from a voice print, wherein the
user interface is a microphone and the processor has sufficient processing
ability to enable voice recognition. Voice recognition methods are well
known in the art and will not be discussed in detail herein.
Another method to activate a token that has a microphone input would
be to use a Dual Tone Multi-Frequency (DTMF) device to input the activation
code. This method has the advantage of requiring little processing
complexity and requiring an inexpensive and commonly available DTMF
sound generator (such as a telephone). Another implementation of the
activation requirement is to have the sound component utter numbers in a
sequential or non-sequential manner. Whenever a number in the PIN is
uttered, the user presses the activation button to register the number with
the
processor.
In another implementation that can be used in conjunction with the
activation requirement methods described above, each cryptographic
CA 02416202 2003-O1-06
WO 02/05078 PCT/USO1/41049
g
signature can be associated with its own activation requirement, so that the
token may require a different activation check for each authentication request
from separate entities. As an added security precaution, the token can be
programmed to become inactive if too many attempts are made to input the
activation code.
In another embodiment, the sound component of the token can be
configured to generate encoded audible tones, wherein the encoding will
increase the probability that the cryptographic message or signature will be
delivered without error. Modulation techniques, including, but not limited to
Dual Tone Multi-Frequency (DTMF) and Frequency Shift Keying (FSK), can
be implemented in order to create a more distinguishable sound amidst loud
background noises.
In another embodiment, the functionality of the sound component can
be supplemented with an infrared port. Various laptop computer
manufacturers, printer manufacturers, and PDA manufacturers have
incorporated infrared ports into their equipment. An infrared port may be
used advantageously in those circumstances where the use of a sound
component would be awkward and undesirable, such as in a public place.
In another embodiment, the sound component can generate ultrasonic
frequencies. Alternatively, the generation of ultrasonic frequencies can be
made by an add-on device that works in conjunction with the exemplary
embodiment. Such an add-on device would be connected to the exemplary
embodiment through audible tones or through an output element.
FIG. 3 is a flowchart of an authentication method using a token holding
a cryptographic signature. For illustrative purposes, the method is described
in relation to a customer trying to access private bank records. However, it
should be apparent to one skilled in the art that the method can be applied to
any situation wherein a party is trying to access private information or
establish access to a computer system or building. At step 300, a customer
enters a banking web site using a personal computer. At step 310, the
banking web site asks for the identity of the customer by sending a coded
challenge to the personal computer, wherein the coded challenge is encoded
using a public key of the customer. At step 320, the personal computer
requests authentication from the customer. At step 330, the customer holds a
CA 02416202 2003-O1-06
WO 02/05078 PCT/USO1/41049
9
token near the microphone and the speakers of the personal computer and
presses an activation button. At step 340, a series of audio tones plays
between the token and the personal computer. At step 350, the personal
computer decodes the audio data and encodes a response to the web site
using the coded challenge and the decoded audio data. At step 360, the web
site verifies the digital signature on the response from the personal computer
by using its own private key.
Once the banking web site has confirmed the identity of the customer,
the customer can then access his or her account information.
In another example, a token can be used to authenticate the identity of
an individual without the need of a personal computer. Most businesses have
customer service departments that are accessible through the telephone. In
many instances, customers who have accounts with a business are asked to
provide a piece of "secure" information, such as the maiden name of the
customer's mother, or the last four digits of a Social Security number, in
order
to establish the identity of the calling party. However, such "secure" methods
are inadequate precautions when a close family member, personal friend, or
other party has knowledge of the same information asked by the customer
service representative. In one embodiment, a customer service representative
can authenticate the identity of the customer through the transmission of
audible tones over a telephone network. At the transmission end, a customer
holds the token over the mouthpiece of a telephone and presses the activation
button. At the receiving end, the customer service representative holds the
ear piece of the telephone against a sound detection/deeoding device that
compares the received audible tone to a database of tones. A positive match
confirms the identity of the calling party.
It should be noted that the exemplary embodiments can be
implemented whenever a database for storing information pertaining to the
authentication process, as discussed above, exists at the receiving end. The
processor of the exemplary embodiment can be configured to implement any
one of the various cryptographic schemes that are presently available. Hence,
the exemplary embodiment can be used to implement one cryptographic
scheme with one party and another cryptographic scheme with another party.
The basic implementation of the exemplary embodiment can be performed
CA 02416202 2003-O1-06
WO 02/05078 PCT/USO1/41049
without the need for a physical connection to an intermediary device because
it can communicate with the separate parties through the almost universal
communication medium of sound. ,
Thus, a novel and improved method and apparatus fox securely
5 identifying individuals through the use of audible tones have been
described.
Those of skill in the art would understand that the various illustrative
logical
blocks, modules, circuits, and algorithm steps described in connection with
the embodiments disclosed herein may be implemented as electronic
hardware, computer software, or combinations of both. The various
10 illustrative components, blocks, modules, circuits, and steps have been
described generally in terms of their functionality. Whether the functionality
is implemented as hardware or software depends upon the particular
application and design constraints imposed on the overall system. Skilled
artisans recognize the interchangeability of hardware and software under
these circumstances, and how best to implement the described functionality
for each particular application. As examples, the various illustrative logical
blocks, modules, circuits, and algorithm steps described in connection with
the embodiments disclosed herein may be implemented or performed with a
digital signal processor (DSP), an application specific integrated circuit
(ASIC), a field programmable gate array (FPGA) or other programmable logic
device, discrete gate or transistor logic, discrete hardware components such
as, e.g., registers and FIFO, a processor executing a set of firmware
instructions, any conventional programmable software module and a
processor, or any combination thereof. The processor may advantageously be
a microprocessor, but in the alternative, the processor may be any
conventional processor, controller, micro-controller, or state machine. The
software module could reside in RAM memory, flash memory, ROM
memory, EPROM memory, EEPROM memory, registers, hard disk, a
removable disk, a CD-ROM, or any other form of storage medium known in
the art. Those of skill would further appreciate that the data, instructions,
commands, information, signals, bits, symbols, and chips that may be
referenced throughout the above description are advantageously represented
by voltages, currents, electromagnetic waves, magnetic fields or particles,
optical fields or particles, or any combination thereof.
CA 02416202 2003-O1-06
WO 02/05078 PCT/USO1/41049
11
Preferred embodiments of the present invention have thus been shown
and described. It would be apparent to one of ordinary skill in the art,
however, that numerous alterations may be made to the embodiments herein
disclosed without departing from the spirit or scope of the invention.
Therefore, the present invention is not to be limited except in accordance
with
the following claims.
WHAT IS CLAIMED IS:
