AUTHENTICATION METHOD AND DEVICE
Field of invention
[001] The present invention is directed towards a method for authentication. More
particularly, the present invention provides a method and a device using a long
cryptograph ic key to implement a personal identification number (PIN) pro
tect ion method for user authentication.
Background of the invention
[002] With the advancements in the fie ld of Web and Mobi le based commerce and
commun ications, secure authentication has emerged as one of the most impor
tant requirements for any electron ic com merce .or mobi le commerce based o r
gan ization . Various situations requ ire a user to be authenticated, in particu lar
for financial transactions and it is anticipated that such authentications will
o ly grow with time.
[003] With the increase in penetration of mobi le handheld devices, the number of
appl ications designed for these platforms is also on the rise. In some mobi le
appl ications, it is essential for users to be a ble to authenticate themselves to
other users on the phone network or to a service provider on the same net
work. One such appl ication is mobi le-phone based banking, wherei n users
maintain bank accounts with a centra l authority (both connected via a mobi le
phone network) and transfer money from thei r account into another user's ac
count using a phone-based messaging protocol. Whenever the bank ing author
ity receives requests for such transactions from a user, it must first authenti
cate the user and only then let the transaction take place.
[004] Mobi le-phone based bank ing systems are becom ing popu lar in many parts of
the world, particu larly in the developi ng cou ntries of the world. Implementi ng
authentication protocols on mobi le phones in the developing world is a cha l
lenge since a large number of such phones have low computing and storage
capabi lities and thus cannot implement robust cryptograph ic algorithms that
one may want to use fo secure user authentication. The problem is exacer
bated by the fact that mobi le phone manufacturers are upping their investment
in low-end phones due to their increasing demand in rural areas, but without
much paral lel effort to equ ip such phones with security features. In fact, several
current implementations for implementi ng secure commun ication over
mobi le phone networks (e.g., those for GSM -based telephony) have been
shown to be susceptible to easy attacks.
[005] A paper-based sol ution for authent ication in mobi le-phone based banki ng is
proposed in an article titled "Secure Branch less Banking " by Ash lesh Sharma
and Lakshm i Subraman ian and Denn is Shasha from New York University
publ ished in NSD | Please provide full form] 2009. The solution proposed
rel ies on transm itting fresh random nonces and a voice-based identi fier per
transaction. Hence, the proposed solution is not easy to use and requ ires additional
software support.
[006] Consequently, an authentication device and method which is strong, rel iable,
and resistant to security breaches, and a the same time is easy to use by a
wide variety of users hai ling from diverse backgrounds is requi red. Also is required
an authentication device and method which may be implemented on
low-end phones without the insta llation of any cryptograph ic software and
without mod ifying the commun ication protocols used for messaging through
mobi le phones
Sum mary of the Invention
[007] The present invent ion provides a method for authenticating a user of a mobi le
device by a verification authority, by making use of at least a persona l identi
fication num ber (PIN) and at least one cryptograph ic key, the PIN and the
cryptograph ic key bei ng known only to the user and the veri fication authority.
The cryptograph ic key com prises at least one session key. The method at least
comprises the steps of: a . the user encod ing the PIN by using at least one se s
sion key; b. the user transferri ng the encoded PIN to a predefined address of
the verification authority via the mobi le device; c . the verification authority
decoding the PIN by usi ng the cryptographic key; and d . the veri fication a u
thority authenticating the user if the decoded PIN matches a PIN stored corre
sponding to the user. In an embod iment, the mobi le device is a cel lular te le
phone, whereas in another it is a mobi le com puting device.
[008] In an embod iment, the PIN comprises a seq uence of predefined num ber of
characters and is known only to the user and the verification authority. The
step of encod ing the PIN by usi ng a cryptograph ic key com prises replacing
each character of the PIN by a correspond ing character of at least one session
key. In an embod iment, the cryptograph ic key com prises a seq uence of digits,
wherein each d igit is selected random ly from the number set {0, 1,..,9} by us
ing a secure random number generator, the cryptograph ic key bei ng broken up
into one or more session keys com pri s ing 10 digits each.
[009] The user is provided with a cryptograph ic key comprisi ng a p lural ity of ses
sion keys, each session key being used for authenticating the user only once.
In an embod iment, the cryptograph ic key bei ng provided in the form of a pa
per booklet. Also in another embod iment, the cryptograph ic key comprises a
sequence o f alphabets, wherei n each a lphabet is selected random ly from a prede
fi ned a lphabet set by using a secure random a lphabet generator, the crypto
graph ic key bei ng broken up into one or more session keys com prisi ng a pre
defined num ber of a lphabets each, one or more transformation codes bei ng
presented to the user in a p lural ity of presentation styles.
[001 0] In an embod iment, a session key used for encod ing the PIN once is removed
from the cryptograph ic key by the user and the veri fication authority. Each
PIN is stored by the veri fication authority in a hashed format by using a cryptograph
ical ly secu re hash function. In another embod iment, the step of encod
ing the PIN by using a cryptograph ic key com prises replacing each character
of the PIN by a correspond ing character o f at least one session key by usi ng a
s lider to assist in looking up a session key. the s lider being movable over a
p lural ity of session keys enabl ing a user to lookup a desi red session key by
s lid ing the s lider over a med ium conta in ing the cryptographic key, the s lider
com prisi ng grooves o f predefined size causing each digit of a session key fal l
into one of the grooves when the s lider is placed over the session key.
[001 1] Further, in one embod iment the present invention provides an electron ic device
for storing one or more session keys used for authenticating a user of a
mobi le device having at least a personal identi fication num ber (PIN), the PIN
and the one or more session keys bei ng known only to the user and a verifica
tion authority. The user encodes the PIN by usi ng at least one session key and
transfers the encoded PIN to the verification authority for authenticating the
user by decod ing the PIN and verifyi ng if the decoded PIN matches a PIN
stored correspond ing to the user. The electron ic device comprises: a processor;
a screen for displayi ng at least one current session key; memory for storing a
p lural ity of session keys; and at least two nav igationa l buttons for accessing a
previous or a next session key.
[001 2] The PIN com prises a sequence of predefined number of characters and encod
ing the PIN by usi ng a session key comprises replacing each character of the
PIN by a correspond ing character of a least one session key. In an embod i¬
ment, each session key comprises a sequence of digits, wherein each digit is
selected random ly from the number set {0, l , ..,9} by using a secure random
num ber generator.
[001 3] In an embod iment, the sc reen is an LCD screen com prising a 3 digit display
for provid ing a session key num ber and a 10 digit display for provid ing a session
key. In another embod iment, eac h sess ion key comprises a sequence of
alphabets, wherei n each a lphabet is selected random ly from a predefi ned a l
phabet set by usi ng a secure random alphabet generator. Also, in an embod i-
. ment, the processor prom pts the user to delete a session key from the memory
once the session key has been used for encod ing the PIN. enabl ing a session
key to be used for encoding the PIN only once. The electronic device is pow
ered by one of: a power source and a battery , and further comprises a numeric
keypad for entering the P IN into the electron ic device, the encod ing of the e n
tered PIN by using a session key stored in the electron ic device bei ng pe r
formed by the processor, the encoded P IN bei ng displayed on the screen.
Brief description of the accom panying rawings
[001 4] The present invention is descri bed by way of embod iments i llustrated in the
5 accompanying drawings wherein :
[001 5] FlG . l i l lustrates a list of session keys in accordance with an embodi ment of
the present invention ;
l O [001 6] FIG . 2 i l lustrates l ist of session keys provided with a sl ider, in accordance with
an embodiment of the present invention ;
[001 7] FIG. 3 i l lustrates an electron ic dongle used for stori ng session keys, in accor¬
dance with an embodiment of the present invention ; and
I 5
[001 8] FIG . 4 i l lustrates another dongle used for stori ng session keys, in accordance
with an embod iment of the present invent ion.
Detailed description of the invention
0
[001 9] The present invention provides a device for authenticating a user of a mobi le
device such as a mobi le phone or other personal computing device. The pre¬
sent invention also provides a plural ity of methods to perform remote user au¬
thenticat ion over a comm unication network without the instal lation of any
5 cryptograph ic software on the access devices and without mod ifyi ng the de¬
fau l com municat ion protocol in any man ner. The methods rely on a shared
personal identification num ber (PIN) between the user and the verifyi ng au¬
thority. Authent icat ion is performed by havi ng the user input the PIN into an
associated network access point in an encrypted manner, transm itting the en-
0 crypted PIN and verifying, at the authority's end, that the transm itted data can
be decrypted to recover the PIN . Encryption is performed by the user prior to
P N entry using a unique cryptograph ic key that is stored on paper and the en¬
cryption protocol is designed to be usable even by low-l iterate users.
[0020] The authent icat ion methods and device descri bed herein is cost effective, and
provides secure authentication to organ izations invol ving mobi le or e lectron ic
commerce, online transfer of funds other banki ng functional ities which can be
performed electron ical y and other places where user authentication is a re
quirement to access the device.
[0021 ] The fol lowi ng disclosure is prov ided in order to enable a person havi ng ord i
nary skill in the art to practice the invent ion . Exemplary embod iments are pro
vided only for illustrati ve purposes and various mod ifications will be read ily
apparent to . persons skilled in the art. The general principles de fi ned herei n
may be appl ied to other embod iments and appl ications without departing from
the spi rit and scope of the invention. Also, the term inology and phraseology
used is for the purpose of descri b ing exem plary embod iments and shou ld not
be considered limit ing. Thus, the present invent ion is to be accorded the wid
est scope encompassi ng numerous alternat ives, mod ifications and equivalents
consistent with the pri nci ples and featu res d isc losed . For purpose o f c lari ty,
detai ls re lati ng to tech nica l materia l that is known in the techn ica l fie lds re
lated to the invention have not been descri bed in detai l so as not to unnecessar
ily obscure the present invent ion .
[0022] The user authenticat ion methods provided by the present invention requ ire that
each user shares a uniq ue personal identi ficat ion num ber (PIN ) with a veri fi c a
tion authority. In various embod iments, each PIN is a sequence of d igits and
for purpose of illustration each PIN descri bed herein has 4 digits. The sol ution
provided herei n can easi ly be extended to a sett ing where P INs are longer or
shorter. Security o f the present sol ution rel ies on the secrecy of a PIN and no
party other than the legitimate user or the verification authority must be aware
of the PIN .
[0023] The present invent ion wou ld now be d iscussed in context o f embod iments as
illustrated in the accom panyi ng drawi ngs.
[0024] In various embod iments, the present invention provides methods of user a u
thenticat ion involvi ng generation of a long cryptograph ic key for each user.
The cryptograph ic key may be stored on a paper card or a book let of cards or
any other med ium from which the keys may easi ly be accessed or read by the
user. A copy of the key is g iven to t e user and another copy is mai ntained by
a verification authority in digita l form'. In an embod iment, each key is represented
by a sequence of digits wherein each digit is selected random ly from
the num ber set {0, 1,...9} by using a secure random num ber generator. The
cryptograph ic key is broken up into segments of 0 digits each and each seg
ment is referred to as a session key. FIG . illustrates a list of session keys, in
accordance with an embod iment of the present invention. Each session key illustrated
in F IG . 1 is represented as a 2 by 10 table 102 where the first row of
the table 104 is always fixed and contains the digits 0, 1,2, . . ..9 in that order.
The 0 d igits in the session key are stored in the second row 106 of the table
104.
[0025] In an embod iment of the present invention a user is req uired to use a single
session key for each encryption operati on. The user is requ ired to append each
outgoing message with his/her encrypted P IN where the encryption is pe r
formed under the first unused session key in the list of session keys. In an em
bod iment of the present invention, the session keys are provided to users in the
form of paper book lets. There are a large number of session keys in each paper
booklet, of the order of about 00. ( In the figures, only one card in such a
booklet is shown .) Upon exhaustion of a ll session keys, the user is issued a
new paper book let with a fresh cryptograph ic key suitably segmented into se s
sion keys.
[0026] With reference to F IG. 1, in order to encrypt the PIN with a particu lar session
key, the user is requ ired to perform a d igit-by-d igit lookup in the table 02 and
return the 4 d igits in the session key whose positions correspond to the digits
of the PIN . For exam ple, if the user s P IN is 78 19, the user fi rst looks up the
7l digit 108 in the fi rst session key 11 , then the 8lh digit 112, then the l digit
114 and then the 9l digit 1 6; these 4 digits pu together form the encryption
of the PIN . If the user is currently work ing with the fi rst session key 110 illus
trated in F IG. 1, the encrypted PIN wou ld consist of the 7th digit 08 in the
session key (wh ich is 5), fol lowed by the 8 h digit I 0 (wh ich is 8), fol lowed
by the I digit 112 (wh ich is 6) and fol lowed by the 9th d igit 114 (wh ich is 0),
resu lting in d igits 5860 as the encrypted P IN.
[0027] l the user is c urrently work ing with the second session key I illustrated in
FIG . 1, and the user' s PIN is 7 19, the encrypted PIN wou ld be obtained by
suitably looking up the digits 1, 8, I. 9 in the second table 120, which gives
digits 5860 as the encrypted P IN. In an embod iment, the paper card or book let
is implemented in a way such that once a session key has been used for e n
crypt ion, i is de leted from the book let by the user. The deletion of used ses
sion keys is important to guarantee strong security; however, the method of
the present invention works even if the deletion faci lity is not implemented. In
various embod iments, it is important that both the user and the verification a u
thority keep track of the f irst unused session key in the seq uence of session
keys correspond ing to the user. This is the key that is used for encryption as
wel l as decryption o f the P IN in every .transm ission from the user to the veri fi
cation authority.
[0028] In various embod iments of the present invention, the user appends the e n
crypted PIN to the message that needs to be transm itted and sends the resu lt
ing message to the veri fication authority, a long with his/her identifier ( like
mobi le phone num ber). Upon receipt of the message, the verification a uthority
decrypts the last 4 digits in the message using the copy of the user' s key i
ma intai ns (decrypt ion involves perform ing a reverse lookup in the table corre
spond ing to the session key) and checks if the decryption is the same as the
user's PIN . If it is. authentication succeeds; e lse it fa ils.
Exem plary Embod iment 1
[0029] In an embod iment of the present invention, in certa in scenarios encryption of
multi ple PINs may resu lt in the same digits, i.e multiple P Ns may have the
same encrypt ion . This wou ld happen if the session key bei ng used has re
peated digits causing two digits from two different PINs to be mapped to the
same encryption digi t . In order to address th is possi b ility, n an embod iment of
the present invention an encrypted P IN received by the verification authority
may be decrypted to multi ple user P IN val ues. The verification authority determ
ines if any one of obtai ned use PIN val ues correspond to the expected
PIN . Authentication fa ils only if none of the obtai ned user PIN va lues corre
sponds to an expected Pin val ue. In a embod iment, the session keys are ge n
erated in a manner such that each session key is a random perm utation of the
digits {0. ,2, . . . . 9 }, picked uniform ly at random from a ll such perm utations.
Such a random selection of session key d igits automatical ly e lim inates the
possi b ility of an encryption bei n decrypted to mult iple cand idate P INs . In
various embod iments, the user PIN s are stored in a hashed manner at the veri
fication authority usi ng a cryptogra phica lly secu re hash function. This is
meant to ensure that an attacker who gels access to the storage at the veri fi ca
tion authority has litt le advantage in deri v ing the users' PINs which are meant
to remai n secret.
Exemplary Embod iment # 2
[0030] In an embod iment of the present invent ion the encrypted P IN is not numeric,
but cons ists o f sym bols from an arbitrary a lphabet. For exam ple, the PINs
cou ld be obtai ned from the Engl ish a lphabet or from any other a lphabet read
able by the target users. Session keys wou ld be of the same length as the a -
. phabet size and wou ld consi s of rancfom sym bol s from the a lphabet. For e n
crypt ing the PIN, the same lookup operat ion wou ld be used as in the case of
d igits descri bed with reference to FIG. 1.
Exemplary Embod iment 3
[0031] In an embod iment of the present invention, the session keys are represented
not as tables but j us as a sequence of digits (or alphabets, in the general case).
To make the looku p process easy for the user a "sl ider" is implemented . F IG.
2 illustrates list of session keys prov ided with a s lider. The s lider 202 has the
d igits 0, I, 2. 9 written on it, suitab ly spaced out so that when placed on
top of a session key 204, the 0 206 in the s lider 202 is located above the f irst
digit 208 of the session key. is located above the second digit. ' 2' above
the th ird digit and so on. The s lider 202 is movable from being situated above
one sess ion key 204 to bei ng situated above another session key 2 10 and
wou ld assist in perform ing look ups for a ll session keys in the list . The session
keys 2 2 situated above the s lider 202 are the session keys that have been used
whereas those 2 4 situated below the s lider are the unused session keys. In an
embod iment, the s lider 202 may itsel f be a paper obj ect or may be made of
some other materials, and it may either be attached to a paper book let of ses
sion keys or may be separate. In an embod iment, the s lider has 10 grooves
built into it of suitab le size so that when i is placed over a session key, each
digi of the session key fa lls into one of the grooves.
Exemplary Embod iment 4
[0032] In an embod iment of the present invention, where PlN-based transactions are
very frequent and session keys expire early, the session keys are stored eleciron
ica lly rather than on paper. F IG. 3 illustrates an electron ic dongle used for
stori ng session keys, in accordance wi h an embod iment of the present inven
tion . Each user holds an electron ic dongle 302 comprising a processor 304 and
an LCD screen 306 that displays the current session key. The LCD screen 306
com pri ses a 3 digit display for provid ing a session key num ber and a 10 digit
display for provid ing a session key. The electron ic dongle 302 is equ ipped
with read only memory (ROM) 308 or flash memory which stores all the se s
sion keys provided to the user. Navigationa l buttons 3 10 and 2 may be used
to access a previous or a next session; key respecti ve ly. Session keys may be
deleted from memory as and when they are used for encrypt ion . The dongle
302 may be powered by a powers source or battery 3 14.
[0033] In an embod iment, the dongle is equipped with a numeric keypad and the e n
cryption operation itself is performed by the dongle, thus making the user in
terface even more accessi ble to illiterate users. FIG. 4 illustrates another dongle
used for stori ng session keys, in accordance with a embod iment of the
present invention . In add ition to the com ponents described with reference to
FIG . 4, the dongle 402 com prises a s t of 0 keys 404 for entering a user' s
P IN num ber. The entered P IN is encrypted usi ng a session key and the lookup
method descri bed with reference to FIG. 1 electron ica lly by the processor of
the dongle 502, and the encrypted P is displayed on the LCD screen.
[0034] Hence the present invent ion provides a paper-based interface for storing a long
sequence of cryptograph ic session keys and usi ng secu re methods for perform
ing P IN encryption . The invent ion also provides a low-cost electron ic equ ipment
for performing the encryption. The present invention also provides a
method for performing PIN encryption, or more generally, of short numeric
messages, where both the encryption and decryption operations are easy to
implement and can be performed by humans with very limited literacy and
numeric skills. Consequently, a method for encrypting messages at the "user
interface" layer (above the application layer) of the communication protocol is
provided, i.e., even before messages are received by a software application,
they have been encrypted by the user. This makes the encryption more robust
against potential mal-ware on the communication network. Hence, the present
invention builds upon a simple cryptographic scheme like the one-time pad to
design an encryption method which can be implemented entirely by humans
and without any software support.
While the exemplary embodiments of the present invention are described and
illustrated herein, it will be appreciated that they are merely illustrative. It will
be understood by those skilled in the art that various changes in form and de¬
tail may be made therein without departing from or offending the spirit and
scope of the invention.

What is claimed is:
1. A method for authenticati ng a user of a mobi le device by a veri fication author
ity, by mak ing use of at least a persona l identification num ber (PIN) and at
least one cryptograph ic key. the PIN and the cryptograph ic key bei ng known
only to the user and the verificat ion authority, the cryptograph ic key com pr is
ing a least o ne session key, the method at least com prising the steps of:
a. the user encod ing the PIN by usi ng at least one session key;
b. the user transferring the encoded PIN to a predefi ned address of the
verification authority via the mobi le dev ice;
c. the veri fication authority decod ing the PIN by using the cryptograph ic
key; and
d. the veri fication authority authenticating the user if the decoded PIN
matches a P IN stored correspond ing to the user.
2 . The method as cla imed in clai m I wherei n the mobi le device is a ce llular te le
phone.
3. The method as c la imed in cla im I wherei n the mobi le device is a computi ng
device.
4 . The method as cla imed in c la im I where in the PIN com prises a seq uence of
prede fi ned number of characters the PIN be ing known only to the user and the
verification authority.
5. The method as cla imed in cla im I wherei n the step of encod ing the P IN by us
ing a cryptograph ic key com prises replaci ng each character of the PIN by a
correspond ing character of a least one session key.
6 . The method as claimed in clai m I wherei n the cryptograph ic key com prises a
sequence of digits where in each digi t is se lected random ly from the number
set {0, ,...9} by usi ng a secure random number generator, the cryptograph ic
key bei ng broken up into one or more session keys com prising 10 d igits each.
The method as cla imed in cla im I wherein the user is provided with a crypto
graph ic key com pri s ing a p lura lity o f session keys, each session key being
used for authenticat ing the user only once, the cryptograph ic key bei ng pro
vided in the form of a paper booklet.
The method as clai med i clai m 1 where in the cryptograph ic key com prises a
seq uence of a lphabets, where in each a lphabet is selected random ly from a pre
defi ned a lphabet set by using a secure random a lphabet generator, the crypto
graph ic key bei ng broken up into one or more session keys comprisi ng a pre
de fi ned number of a lphabets each . one or more transformation codes being
presented to the user in a p lura lity of presentat ion sty les.
The method as cla imed in c la im I where in a session key used for encod ing the
PIN once is removed from the cryptograph ic key by the user and the verifica
tion authority.
The method as c la imed in cla im wherei n at least one PIN is stored by the
veri fication authority in a hashed format by usi ng a cryptograph ica lly secu re
hash function .
I I. The method as clai med in cla im I where in the step o f encod ing the P IN by u s
ing a cryptograph ic key com prises replaci ng each character of the PIN by a
correspond ing character o f a least one session key by usi ng a s lider to assist in
look ing up a session key. the s lider bei ng movable over a plural ity o f session
keys enabl ing a user to look up a desired session key by s lid ing the s lider over
a med ium contai ning the cryptograph ic key, the s lider comprising grooves of
predefi ned size causi ng each digit of a session key fa ll into one of the grooves
when the s lider is placed over the session key.
12. An e lect ron ic dev ice for stori ng one or; more session keys used for authenticat
ing a user of a mobi le device having at least a persona l identification num ber
(PIN) the P IN and the one or more session keys bei n known only to the user
and a veri ficat ion authority, the user encod ing the PIN by usi ng at least one
sess ion key and transferri ng the encoded PIN to the veri fication authority for
authenticating the user by decod ing the PIN and veri fyi ng i f the decoded PIN
matches a PIN stored correspond ing to he user, the electron ic device com pris¬
ing:
a. a processor;
b. a screen for d isplayi ng at least one current session key:
c. memory for stori ng a plura l ity of session keys; and
d. -at least two nav igat iona l button s for accessing a previous or a next ses
sion key.
1 . The electron ic dev ice as c laimed in cla im 12 where in the PIN com prises a se
quence of prede f ined number of characters.
14. The electron ic device as claimed in clai m 12 wherei n encod ing the PIN by us¬
ing a session key com prises replaci ng each character of the PIN by a corre
spond ing character of at least one session key.
. The electron ic device as cla imed in cla im 1 wherei n each session key com
prises a sequence of digits, wherei n each d igit is se lected random ly from the
num ber se {0, ...9 by using a secu re random number generator.
16 . The electron ic device as cla imed in cla im 12 wherei n the screen is an LC D'
screen com prisi ng a 3 digit d isplay for provid ing a session key num ber and a
10 digit display for provid ing a session key.
17 . The electron ic device as cla imed in c laim 12 where in each session key com¬
prises a seq uence of alphabets, wherei n each alphabet is selected random ly
from a predefi ned alphabet set by usi ng a secu re random alphabet generator.
18. The electron ic device as cla imed in clai m 12 where in the processor prom pts
the user to delete a session key from' the memory once the session key has
been used for encod ing the PIN . enabl ing a session key to be used for encod
ing the PIN only once.
19 . The electron ic dev ice as cla imed in ;cla im 12 bei ng powered by one of: a
power source and a battery.
20. The electron ic device as cla imed in claim 2 further com prising a numeric
keypad for entering the PIN into the erectron ic dev ice the encoding of the e n
tered PIN by using a session key stored in the e lectron ic device bei ng pe r
formed by the processor, the encoded P IN be ing displayed on the screen.