United States Patent (19)
`Gullman et al.
`
`US005280527A
`Patent Number:
`11
`45) Date of Patent:
`
`5,280,527
`Jan. 18, 1994
`
`(73)
`
`(21)
`22)
`(51)
`(52)
`(58)
`(56)
`
`(54)
`
`(75)
`
`BIOMETRICTOKEN FOR AUTHORIZING
`ACCESS TO A HOST SYSTEM
`Inventors: Lawrence S. Gullman, Lahonda; Eric
`Edwards, Menlo Park, both of Calif;
`Norman Fast, Newton, Mass.
`Assignee: Kamahira Safe Co., Inc., Hiroshima,
`Japan
`Appl. No.: 868,167
`Filed:
`Apr. 14, 1992
`Int. C. .............................................. H04K 1/00
`U.S. C. ................
`... 380/23; 380/25
`Field of Search .................................... 380/23, 25
`References Cited
`U.S. PATENT DOCUMENTS
`4,405,829 9/1983 Rivest et al. .
`4,609,777 9/1986 Cargile.
`4,720,860 1/1988 Weiss.
`4,819,267 4/1989 Cargile et al. .
`4,856,062 8/1989 Weiss .
`4,885,778 12/1989 Weiss.
`4,926,480 5/1990 Chaum .................................. 380/23
`4,941,173 10/1990 Boule et al. ........................... 380/25
`4,972,476 11/1990 Nathans ................................ 380/25
`4,993,068 2/1991 Piosenka et al. ...................... 380/23
`4,998,279 3/1991 Weiss.
`
`5,020,105 5/1991 Rosen et al. .......................... 380/2.3
`5,056,141 10/1991 Dyke .............
`... 380/25
`5,065,429 11/1991 Lang .........
`... 380/25
`5,131,038 7/1992 Puhl et al. ............................. 380/23
`Primary Examiner-David C. Cain
`Attorney, Agent, or Firm-J. E. Brunton
`(57)
`ABSTRACT
`A security apparatus receives a biometric input from a
`user, which then is compared to a template to determine
`a correlation factor. The correlation factor, a fixed code
`and either a time-varying code or a challenge code then
`are combined to generate a token. The token is dis
`played to the user, who then enters the token at an
`access device. The access device is coupled to a secure
`host system. The access device forwards the token to
`the host, which processes the token to determine
`whether access is permitted. In one embodiment, the
`host is an electronic banking system. If access to such
`system is permitted the user is allowed to perform an
`electronic funds transfer. The security apparatus in one
`embodiment is an integrated circuit card. Each appara
`tus includes a sensor for detecting the holder's biomet
`ric information (i.e., voice, signature, fingerprint), along
`with a processor and display. The processor generates
`the token which then is displayed to the holder.
`
`10 Claims, 2 Drawing Sheets
`
`14-N
`
`20
`
`TIME
`VARYING
`CODE GEN.
`
`PROCESSOR
`WITH RAM
`
`TO ALL ELECTRONIC
`COMPONENTS
`
`
`
`BIOMETRIC
`SENSOR(S)
`
`f
`
`15
`
`
`
`16
`
`
`
`IPR2018-00067
`Unified EX1023 Page 1
`
`

`

`US. Patent
`
`aJ
`
`49918,1
`
`2
`
`5,280,527
`
`50:
`
`555
`
`mmmuo<
`
`magma
`
`82min?5Hmauum
`
`325.53
`
`w“
`
`n.7})
`
`
`
`tEm.1llama...”IIIIISmmwSE
`.m-%.1$255:5.ESmama»
`LE5mm
`£58aIf
`
`
`N.W\|\V\
`
`aEmomzmm
`
`SEES
`
`«'9,
`
`
`
`onoEumd._._<E.
`
`mhzmzogo
`
`hm
`
`hm
`
`|PR2018—00067
`
`Unified EX1023 Page 2
`
`IPR2018-00067
`Unified EX1023 Page 2
`
`
`
`
`
`
`

`

`U.S. Patent
`
`Jan. 18, 1994
`
`Sheet 2 of 2
`
`5,280,527
`
`20
`
`f4'
`/
`
`
`
`
`
`
`
`32
`
`
`
`say man quit alm on
`
`unnan won as
`
`\------ ------a
`V MULTI-CHIP
`\, \
`MODULE
`
`V V
`
`
`
`16
`
`19
`
`4-72. 3
`
`IPR2018-00067
`Unified EX1023 Page 3
`
`

`

`1.
`
`5
`
`BIOMETRICTOKEN FOR AUTHORIZNG
`ACCESS TO A HOST SYSTEM
`
`5,280,527
`2
`to combine the token with biocharacteristic informa
`tion. For example, the token may be entered by having
`the user write the token numbers on a pressure-sensing
`pad or speak the token numbers into a telephone. The
`BACKGROUND OF THE INVENTION
`access verification system then compares the token to
`see if valid and compares the bio-input (e.g., voice or
`This invention relates to identification and security
`signature) to see if from the authorized user. Thus, the
`systems which protect access to electronic host systems,
`such as computers and the like. More particularly this
`biocharacteristic information is used to identify an au
`invention relates to an apparatus for accepting a biomet
`thorized user.
`"
`ric measurement which is then used as a seed for deriv-0
`Another common security mechanism that uses a
`ing a security token. Such token is communicated to a
`personal identification number PIN and security token
`host system for determining whether access to such
`is a challenge/response token. It produces a dynamic
`host is to be authorized.
`security password not from a time varying value gener
`With the increase in private information potentially
`ated internally, but from a challenge number provided
`accessible to anyone using electronic communication
`by the host system and manually input to the token. One
`systems, there is a corresponding increase in the need to
`such example is the SafeWord (R) AccessCard produced
`provide security measures for safeguarding access to
`by Enigma Logic, Inc., of Concord, Calif.
`such information. Automatic teller machines for bank
`ing transactions allow anyone in possession of a select
`SUMMARY OF THE INVENTION
`bank card and knowledge of a corresponding personal 20
`According to the invention, biometric information is
`identification number (PIN) to access a corresponding
`input to a biometric security device which generates in
`bank account to withdraw or transfer money. Persons
`response a security token. The biometric information is
`can even pay their bills or shop by computer. The in
`used as part of the "seed' for generating the token.
`creasing opportunity to implement electronic transac
`Such token is then communicated to a host system or
`tions is accompanied by an increasing danger of elec-25
`access device to determine whether access to the host is
`tronic theft. Thus, there is a need for increasingly effec
`permitted.
`tive security mechanisms.
`According to one aspect of the invention, the biomet
`Common security mechanisms include use of a per
`ric security mechanism stores a template of user biomet
`sonal identification number (PIN) and use of a security
`ric information (i.e., signature, finger-print, voice
`token. A PIN is used to identify an individual and au- 30
`print). To access the host system, the user enters the
`thorize access to a host system (e.g., banking transaction
`corresponding biometric information to the security
`system). A security token is a non-predictable code
`mechanism. The mechanism verifies the input against
`derived from a private key, e.g. a unique fixed value,
`the template, then generates and displays a token based
`and a public key, e.g. a time varying value. For exam
`on the verification. The user then communicates the
`ple, a password (fixed key) is encoded based upon time- 35
`token to the host system which decodes the token and
`variant information. Such token then is forwarded to
`determines whether access is authorized. More specifi
`the host which decodes the token back to a password.
`cally, the token is derived from the results of the bio
`The token thus provides security during transmission to
`metric comparison, plus a time-varying value.
`prevent the unique fixed value from being identified.
`According to another embodiment of the invention,
`Even if a perpetrator intercepts a token during transmis- 40
`sion, reapplication of the intercepted token will not
`the token is derived from the results of the above de
`scribed biometric comparison, plus a user input chal
`enable access to the host system because the time-vary
`lenge code from the host, rather than a time varying
`ing "public key" will have changed. Thus, a PIN pro
`value. In a further embodiment, the biometric informa
`vides user identification, while a token provides trans
`tion is collected from the operation of the user of input
`mission security.
`45
`ting the challenge to the device, either using a keypad,
`A problem with personal identification numbers and
`writing tablet or by voice.
`tokens is that the legitimate user must remember the
`number or password. For users having many numbers
`In an exemplary embodiment of the invention, the
`biometric security mechanism is an integrated circuit
`or passwords, the task of remembering can be burden
`card including a processing unit, memory and a biomet
`some. Further, some cards, such as long distance calling 50
`ric sensor. The memory stores a template of the autho
`cards, even print the private access code directly on the
`rized user's biometric information, along with a verifi
`card. Thus, if the card is lost or stolen, the finder may
`access the system at the legitimate user's expense. Ac
`cation algorithm. Upon entry of the cardholder's bio
`cordingly, there is a need for an improved security
`metric information, the processor executes the verifica
`mechanism enabling convenient use, while providing 55
`tion algorithm. The verification algorithm uses the tem
`security safeguards.
`plate data, the biometric input, a fixed code (i.e., PIN,
`embedded serial number, account number) and time
`One known use of biometric information with secret
`varying self-generated information to derive a token
`codes and tokens is described in U.S. Pat. No. 4,998,279
`output. The token output is displayed on the card where
`issued Mar. 5, 1991 for METHOD AND APPARA
`the cardholder can view the token and manually enter
`TUS FOR PERSONAL VERIFICATION UTILIZ- 60
`the token to an access device coupled to the host sys
`ING NONPREDICTABLE CODES AND BIO
`CHARACTERISTICS (“Weiss'), the full disclosure of
`tem. In an alternative embodiment, the token output is
`which is hereby incorporated herein by reference. Ac
`transmitted directly to the host system through a direct
`cording to such disclosure, a credit card sized computer
`data communication line, eliminating the need for man
`generates a token from a secret "fixed" code (i.e., PIN) 65
`ual entry by the user.
`and a public "time-varying" code (i.e., time of day).
`A host system may be any electronic system requiring
`Such token is displayed on the card so the user can enter
`or providing security access. For example, the host
`the token to an access machine. The entry is done so as
`system may be an automatic teller machine, a bank's
`
`IPR2018-00067
`Unified EX1023 Page 4
`
`

`

`5,280,527
`3
`4.
`computer system or even an electronic gate for access
`then compared to a stored template to derive a correla
`ing a secured area.
`tion factor, as described above.
`The invention will be better understood by reference
`For a successful biometric entry or where the user is
`to the following detailed description taken in conjunc
`not informed of a failed biometric entry, the correlation
`tion with the accompanying drawings.
`factor is combined with a fixed code (i.e., PIN, embed
`ded serial number, account number) and in one embodi
`BRIEF DESCRIPTION OF THE DRAWINGS
`ment, a time-varying code (i.e. the time of day) togen
`FIG. 1 is a block diagram of a security system includ
`erate the security token. In the challenge code embodi
`ing a biometric security apparatus for generating a
`ment, the correlation factor is combined with a fixed
`code and the challenge code to generate the security
`token according to an embodiment of this invention.
`token. The token is displayed on a display panel of the
`FIG. 2 is an electronics block diagram of the biomet
`ric security apparatus.
`security apparatus 14. The user then enters such token
`FIG. 3 is an integrated circuit card embodiment of
`at the access device 12. The access device 12 sends the
`the biometric security apparatus of FIG. 1.
`token to the host 10 which decodes the token to identify
`5 the embedded fixed code and correlation factor. In an
`DESCRIPTION OF SPECIFIC EMBODIMENTS
`alternative embodiment, the security apparatus 14 is
`coupled directly to the host system 10, such that the
`Overview
`token output is transmitted directly to the host without
`Security safeguards for accessing a host system 10 are
`the need for displaying the token or manual entry by the
`provided by an access device 12 and a biometric secu
`user. The coupling can be accomplished using, for ex
`20
`rity apparatus 14. Typically, the host system 10 is a
`ample, standard data communication cable or any other
`computer system, on-line bank system or even a secured
`known data transmission technique.
`area. The host system 10 (or host area) is presumed to
`To properly decode the token, the security apparatus
`contain confidential or valuable information which
`14 is synchronized with the host system 10 so that the
`must be secured against unauthorized access. To safe
`time varying code is identical at both the security mech
`25
`guard access to such information, access is limited by an
`anism 14 and the host system 10. In the challenge code
`access device 12. Such access device 12 communicates
`embodiment, the host system, having generated the
`with the host system to verify authorized personnel and
`challenge code, retains the challenge code in memory to
`transfer information. The access device may be a termi
`decode the token. The host 10 identifies the user with
`nal in communication with a host computer, an auto
`the fixed code and verifies the identification based on
`30
`mated teller machine in communication with a banking
`the correlation factor. The host system 10 permits full
`network having a host database management system, a
`or limited entry based upon the level of authorization
`telephone linked to a computer system or even an elec
`assigned to a given user (as identified by the fixed code).
`tronic lock restricting access to a secured area. The
`For example, a given user may be allowed to perform
`biometric security mechanism 14 adds another level of
`an electronic funds transfer only from a prescribed
`35
`security to the access process.
`account.
`According to the invention, the biometric security
`mechanism 14 generates a security token which the user
`inputs to the access device 12 Such security token is
`formed from biometric information, a fixed code and, in
`one embodiment, a time-varying code or, in a second
`embodiment, a host-generated challenge code. The
`biometric information may be a fingerprint, voiceprint
`or writing sample. The security apparatus 14 receives
`the biometric input, then compares the biometric input
`45
`to a stored template to derive a correlation factor. If the
`correlation factor is below a prescribed threshold level,
`the correlation is unsuccessful. In some embodiments,
`the security apparatus may then display that the biomet
`ric entry is invalid. In other embodiments, the security
`apparatus need not notify the user that the biometric
`entry was invalid. Instead an invalid token is displayed,
`so that upon input to the access device 12 access to the
`host system 10 is denied and the host is informed of an
`access attempt.
`55
`In an embodiment of the invention using the chal
`lenge code, in addition to providing biometric input to
`the security apparatus, the user inputs a challenge code
`by, for example, handwriting, voice, or typing, which
`will usually be generated by the host system and dis
`60
`played to the user. In another exemplary embodiment of
`the invention using the challenge code, the biometric
`information is obtained from the very operation of in
`putting the challenge code by the user. For example, as
`the user inputs the challenge code by voice, handwrit
`65
`ing, or typing on a keypad, the security apparatus makes
`biometric measurements of the input to generate the
`necessary biometric information. This information is
`
`Biometric Securitv Apparatus
`FIG. 2 shows an electronic block diagram of the
`biometric security apparatus 14. The apparatus 14 in
`cludes a power source 15, on/off switch 16, biometric
`sensor 18, display 20, processor 22 with on-chip random
`access memory, biometric input section 33 for receiving
`biometric information from the biometric sensor a read
`only memory (ROM) 24 (which may be a PROM,
`EPROM or the like), time-varying code generator 26
`and display drivers 30. Preferably, the processor 22,
`ROM 24, generator 26 and drivers 30 are formed as a
`multi-chip module 32, or a single ASIC.
`In one embodiment the processor 22 is an 8-bit micro
`processor with 156 bytes of random access memory
`available on-chip, such as a type 8051 microprocessor
`manufactured by Intel Corporation of Santa Clara,
`Calif. An amount of random access memory, e.g., 16
`kbytes of RAM, may be located apart from the 8051
`microprocessor off-chip. A nonvolatile memory ele
`ment, e.g., ROM 24 is for example a 32 kbyte memory.
`Each security apparatus 14 comes with an embedded
`"fixed' code stored in PROM 24. Such fixed code is
`used to form a token and is thus available to the host
`system 10 to identify a person requesting access The
`display 20 is a 7-10 character LCD panel, although the
`number of characters may vary according to the em
`bodiment. Conventional LCD driver circuits 30 are
`coupled between the processor 22 and LCD display 20.
`The time-varying code generator 26 may be a time
`based generator available from Security Dynamics
`Technologies of Cambridge, Mass, and described in
`
`10
`
`50
`
`IPR2018-00067
`Unified EX1023 Page 5
`
`

`

`10
`
`15
`
`5,280,527
`5
`6
`U.S. Pat. No. 4,720,860, the complete disclosure of
`ments, the enroll mode can be re-entered or reset only
`which is hereby incorporated herein by reference. The
`by an authorized user after valid biometric input is en
`generator 26 utilizes a real time clock 25 to generate a
`tered. If such input has the priority level authorizing
`time-varying code for use in deriving a token. The time
`re-entry or resetting to the enroll mode, then the enroll
`varying code is based on the time of day. The U.S. Pat.
`mode is entered.
`No. 4,720,860 describes a method for keeping the time
`of day the same as in a host system without interconnec
`tion between the generator 26 and host system such that
`biometric security apparatus 14 and host system 10 can
`generate the same token for a given input at a given
`time. Processor 22 generates a security token based on
`the time-varying code, fixed code and biometric input
`from biometric sensor 18, and outputs the token to dis
`play 20.
`Alternatively, processor 20 may include a standard
`encryption module which applies an encryption algo
`rithm to the time of day from real time clock 25, the
`fixed code and a biometric correlation factor, generat
`ing an encrypted security token. Such an encryption
`module is described in U.S. Pat. No. 4,819,267 and U.S.
`20
`Pat. No. 4,405,829, the complete disclosures of both
`patents hereby being incorporated herein by reference.
`The security token is output to display 20. In this em
`bodiment, the host system 10 includes a decryption
`module, capable of decrypting the encrypted code gen
`25
`erated by the encryption module of biometric security
`apparatus 14. The capability to decrypt the token at the
`host system allows the token input by the user to be
`broken down into its biometric, time-varying and fixed
`code components. In some applications, this has distinct
`30
`advantages over systems which are capable only of
`comparing the input token to a stored or time-generated
`value.
`FIG. 3 shows an integrated circuit card 14 embodi
`ment of the security apparatus 14. The card 14' serves as
`35
`a convenient accessible security device kept in the pos
`session of a person seeking access to the host system 10.
`The card may be the length, width and thickness of a
`conventional credit card.
`Biometric Sensor Embodiments
`The biometric sensor 18 detects biometric input from
`a user (i.e., card-holder, pen-holder), the exact nature of
`which is not critical to the invention, so long as it senses
`information which is basically personal and substan
`45
`tially invariant in characteristics which are detected.
`According to various embodiments, the sensor 18 may
`detect a fingerprint, a signature, a voice or other like
`information. For the card embodiment 14, the sensor 18
`may be a scanning device which detects a fingerprint or
`50
`pressure sensing device which detects a signature. Al
`ternatively, a CCD imaging device could be used to
`capture a picture of the fingerprint or signature. The
`sensor 18 also could be a voice detector.
`Enroll Mode
`The security apparatus 14 initially is configured in an
`"enroll' mode. During the enroll mode, one or more,
`preferably several, biometric samples are obtained and
`permanently stored as templates. In alternate embodi
`ments, multiple templates for multiple users are stored.
`During normal operations, a biometric input sample is
`compared to one or more of the templates to identify
`whether the person entering the sample is a person
`whose templates are stored.
`65
`To permanently store the templates and prevent reen
`try into enroll mode, the enroll software is normally
`inaccessible after the first use. For multi-user embodi
`
`Normal Mode
`Once enrollment is complete, the security apparatus
`14 permanently enters normal mode. In normal mode a
`user turns on the apparatus 14 using switch 16, then
`enters biometric input based on the type of biometric
`sensor 18 installed. The biometric input is received from
`the biometric sensor 18 into input section33. Regardless
`of whether a fingerprint, signature or voice entry, the
`biometric input is compared to one or more stored tem
`plates. A correlation factor is calculated for each tem
`plate. If the correlation factor indicates correlation
`closer than a prescribed threshold level (i.e., 90 on a
`scale of 0 to 100) for any template, then the biometric
`verification is successful. If none of the correlation
`factors satisfy the prescribed level, then the biometric
`verification is unsuccessful. In one embodiment, a mes
`sage is displayed to indicate an invalid biometric input.
`In another embodiment, where it may be undesirable to
`notify the holder that the entry is invalid, an invalid
`token is displayed, which when entered at the access
`device 12 does not enable access to the host system 10,
`but which allows the host system to record the unsuc
`cessful attempt.
`Each security apparatus includes a unique embedded
`code (e.g., fixed code) as previously described. The
`correlation factor, fixed code and a time-varying code
`from the time code generator 26 together are used to
`derive a security token.
`The derived token is then displayed. The user then
`reads the token from the display 20 and enters the token
`at the access device 12. The access device 12 transmits
`the token to the host 10 which decrypts or decodes the
`token to derive the fixed code and correlation factor. If
`the fixed code identifies a valid user and the correlation
`factor is above the threshold level, then access is per
`mitted. If not, then access is denied. With a fixed code to
`identify a particular person or group of persons, the
`host can be programmed to control the type of access or
`transactions allowed for such fixed code.
`The method and apparatus of the present invention
`have significant advantages over known security sys
`tems. Reliable and secure identification is provided
`which eliminates the need for the user to memorize a
`code or carry a printed memorandum of the code.
`Transmission security is provided which is convenient,
`secure and useful on existing access devices of host
`systems in current use. In particular, the method and
`apparatus obviate the need for specially-designed hard
`ware additions or modifications to existing access de
`vices. The security token generated by the present in
`vention may be input in the same manner as PINs or
`other security codes in common use. The security token
`could even be input from a telephone or computer at a
`remote location via electronic transmission to an access
`device.
`Although a preferred embodiment of the invention
`has been illustrated and described, various alternatives,
`modifications and equivalents may be used. Therefore,
`the foregoing description should not be taken as limiting
`the scope of the inventions which are defined by the
`appended claims.
`What is claimed is:
`
`40
`
`55
`
`IPR2018-00067
`Unified EX1023 Page 6
`
`

`

`10
`
`15
`
`25
`
`35
`
`20
`
`5,280,527
`7
`8
`1. A user verification apparatus for use in verifying
`(a) input means for receiving biometric input from the
`user and for generating an input signal in response
`the identify of a user of a remote host system as that of
`thereof;
`an authorized user, comprising:
`(b) memory means for storing biometric information
`(a) means for receiving biometric information from
`of the authorized user and for storing acceptance
`the user;
`level data;
`(b) memory means for storing acceptance threshold
`(c) data processing means communicating with said
`level data along with previously obtained biomet
`input means and said memory means for:
`ric information of the authorized user and a fixed
`(i) receiving said input signal from said input
`code;
`means;
`(c) comparison means for comparing said biometric
`(ii) receiving said biometric information of the
`information from the user with said previously
`authorized user from said memory means;
`obtained biometric information and for generating
`(iii) comparing said input signal and said biometric
`a correlation factor;
`information of the authorized user, and
`(iv) generating a similarity signal.
`(d) signal generating means for comparing said corre
`(d) signal generating means for comparing said
`lation factor with said acceptance threshold level
`threshold acceptance level data with said similarity
`data to generate a transmittable code, including an
`signal to generate a transmittable code including an
`authentication code; and
`authentication code; and
`(e) transmission means for receiving said transmitta
`(e) transmission means for receiving said transmitta
`ble code from said signal generating means and for
`ble code from said signal generating means and for
`transmitting said transmittable code, including said
`transmitting said transmittable code, including said
`authentication code, to the host system for a deter
`authentication code to the host system for a deter
`mination by the host system of whether to grant to
`mination by the host system whether to grant to the
`the user access to the host system.
`user access to the host system.
`2. An apparatus as defined in claim 1 in which said
`7. An apparatus as defined in claim 6 further includ
`signal generating means is further adapted to combine
`ing means for generating a time code signal and for
`inputting said time code signal into said memory means,
`said first authentication code and said fixed code to
`said signal generating means being adapted to combine
`generate a transmittable code adapted to be transmitted
`said time code signal and said authentication code to
`to said transmission means for subsequent transmission
`30
`generate a transmittable code for transmission to said
`to the host system for a determination by the host sys
`transmission means.
`ten of whether to grant to the user access to the host
`8. A method for authenticating a user's identity as
`system.
`being that of an authorized user and securing access to
`3. An apparatus as defined in claim 2 further includ
`a host system, comprising the steps of
`ing means for inputting a time varying code into said
`(a) receiving a user's biometric input;
`memory means and in which said signal generating
`(b) comparing the biometric input with a stored tem
`means is adapted to combine said first authentication
`plate to generate a correlation factor;
`code with said time varying code to generate a transmit
`(c) comparing said correlation factor with predeter
`table code adapted to be transmitted to said transmis
`mined acceptance threshold level data to generate
`sion means for subsequent transmission to the host sys
`a transmittable code;
`ten for a determination by the host system of whether
`(d) transmitting said transmittable code to the host
`to grant to the user access to the host system.
`system; and
`(e) determining at the host system from the received
`4. An apparatus as defined in claim 2 further includ
`ing means for inputting a challenge code to said signal
`transmittable code whether to grant access to the
`45
`host system.
`generating means and in which said signal generating
`9. A method as defined in claim 8 in which said corre
`means is adapted to combine said authentication code
`lation factor is combined with said acceptance thresh
`and said challenge code to generate a transmittable code
`old level data to generate an authentication code which
`and in which said transmission means is adapted to
`is then combined with a time varying code to generate
`50
`transmit said transmittable code to the host system for a
`a transmittable code for transmitting to the host system
`determination by the host system of whether to grant
`for use in determining whether to grant access.
`the user access to the host system.
`10. A method as defined in claim 9 in which said
`5. An apparatus as defined in claim 4 in which said
`transmittable code thus generated is further combined
`transmittable code is numerical.
`with a challenge code to generate a numerical code for
`6. An apparatus for use in verifying the identity of a
`transmitting to the host system to determine at the host
`user of a host system as that of the authorized user,
`system whether access is authorized.
`comprising:
`
`a
`
`sk
`
`sk
`
`k
`
`55
`
`65
`
`IPR2018-00067
`Unified EX1023 Page 7
`
`