United States Patent
`Weiss
`
`[19]
`
`[54]
`
`[75]
`
`[73]
`
`METHOD AND APPARATUS FOR
`PERSONAL IDENTIFICATION
`
`Inventor: Kenneth P. Weiss, Newton, Mass.
`
`Assignee:
`
`Security Dynamics Technologies,
`Inc., Cambridge, Mass.
`
`.
`
`[‘1
`
`Notice:
`
`The portion of the term of this patent
`subsequent to Jun. 11, 2008 has been
`disclaimed.
`
`[21]
`
`[22]
`
`[63]
`
`[511'
`[52]
`
`[58]
`
`[56]
`
`App]. No.: 670,705
`
`Filed:
`
`Mar. 18, 1991
`
`Related US. Application Data
`
`Continuation-impart of Ser. No. 341,932, Apr. 21,
`1989, Pat. No. 5,023,908, which is a continuation-in-
`part of Ser. No. 802,579, Nov. 27, 1985, Pat, No.
`4,885,778, which is a continuation-in-part of Ser. No.
`676,626, Nov. 30, 1984, Pat. No. 4,720,860.
`
`Int. Cl.5 ............................................... H04L 9/32
`US. Cl. ........................................ 380/23; 380/24;
`380/25; 380/49; 340/825.31; 340/825.34;
`235/379; 235/380; 235/382
`Field of Search ..................... 380/3, 4, 23, 24, 25,
`380/49, 50; 235/379, 380, 382; 340/825.31,
`825.34
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`......................... 380/23
`3,764,742 10/1973 Abbott et al.
`'
`...... 380/23
`3,806,874 4/ l 974 Ehrat ...........
`
`3,886,451
`5/1975 Chu et al.
`368/118
`3,900,867 8/ 1975 Wagner .............. 342/45
`
`3,995,111 11/1976 Tsuji et a1.
`375/109
`
`4,104,694
`8/1978 Hargrove
`361/172
`...... 380/28
`4,126,761 11/1978 Graupe et al.
`
`4,145,568 3/ 1979 Ehrat ......................... 380/47
`
`1/1980 Kinch, Jr. et a1.
`...... 380/43
`4,185,166
`4,193,073 3/ 1980 Kohnen ................. 342/56
`
`4,277,837
`7/1981 Stuckert
`364/900
`4,295,039 10/1981 Stuckert .......
`235/380
`
`4,302,810 11/1981 Bouricius et al.
`.......... 380/24
`
`4,320,387 3/1982 Powell .................
`340/825.34
`
`...... 380/25
`4,326,098 4/1982 Bouricius et a1.
`
`4,471,216 9/1984 Herve ..............
`235/380
`1/1985 Schwartz ............................ 375/ 107
`4,494,211
`
`U8005168520A
`
`[11] Patent Number:
`[45] Date of Patent:
`
`5,168,520
`* Dec. 1, 1992
`
`4,509,093 4/1985 Stellberger .......................... 361/172
`4,536,647
`8/1985 Atalla et al.
`1.
`.. 380/24
`
`4,543,657
`9/1985 Wilkinson .....
`.... 375/1
`4,578,530 3/1986 Zeidler ............... 330/24
`
`4,532,434 4/1986 Planggeretal. ...................... 368/46
`
`(List continued on next page.)
`‘ OTHER PUBLICATIONS
`
`“PFX Identity Authentication System”, Brochure;
`Sytek, Inc. of Mountain View, Calif.; no date.
`McLellan, “The Future of Data Security Looks
`Credit-Card Thin”, Information Week, (Oct. 7, 1985,
`pp. 24—30).
`“Watchword Generator RGSOO”, Brochure; Raca1—-
`Guardata; Bulletin R6500, Apr. 1989.
`IBM Tech. DiscI. Bull, (vol. 26; No. 7A, Dec. 1983, p.
`3293).
`IBM Tech. Disc]. Bull, (vol. 26; No. 7A, Dec. 1983, pp.
`3286—3288).
`
`Primary Examiner—Bernarr E. Gregory
`Attorney, Agent, or Firm—Wolf, Greenfield & Sacks
`
`[57]
`
`ABSTRACT
`
`A method and apparatus for providing improved secu-
`rity for a personal identification number (PIN) in a
`personal identification and verification system of the
`type wherein a time dependent nonpredictable code is
`generated at a device in the possession of the individual,
`which code is unique to the individual and this code is
`communicated to, and compared with a nonpredictable
`code generated at a central verification computer. In
`this system, the PIN is mixed with the nonpredictable
`code before transmission of these values to the central
`verification computer. A nonsecret code is previously
`transmitted to the central verification computer and is
`used to retrieve the PIN and the appropriate non-
`predictable code for the user. These values are used to
`strip the PIN from the transmitted nonpredictable code
`and the stripped PIN and remaining nonpredictable
`code are compared with the corresponding retrieved
`values in order to determine verification.
`
`19 Claims, 2 Drawing Sheets
`
`Mm '0
`
`
`WIIIIIIII1
`Ii"
`A12
`111133333'3313
`
`
`
`
`
` VERIFICATION
` 22
`
`COMPUTER
`
`IS
`
`18
`
`20
`
`Apple 1 l3 8
`Apple v. USR
`IPR2018-00812
`
`Apple 1138
`Apple v. USR
`IPR2018-00812
`
`

`

`5,168,520
`
`Page 2
`
`US. PATENT DOCUMENTS
`
`4,589,066
`4,599,489
`4,609,777
`4,636,583
`4,641,322
`4,677,617
`
`........................... 364/200
`5/1986 Lame! a1.
`7/1986 Cargile .......
`380/4
`
`9/1986 Cargile .......
`380/4
`1/1987 Bidell et a1.
`. 380/48
`
`2/1987 Hasegawa ......
`375/1‘
`6/1987 O’Connor et a1.
`.
`........ 370/50
`
`
`4,720,860
`4,731,841
`4,802,216
`4,819,267
`4,849,613
`4,856,062
`4,890,323
`5,023,908
`
`1/1988
`3/1988
`1/1989
`4/1989
`7/1989
`8/1989
`12/1989
`6/1991
`
`Weiss .................................... 380/23
`Rosen et a1.
`.
`.................. 380/23
`
`Irwin et a].
`..
`380/23
`
`Caxgile et a1.
`380/23
`Eisele ...........
`. 235/379
`
`
`Weiss ..................... 380/23
`
`Beker et a1.
`.............. 380/25
`Weiss .................................... 380/23
`
`

`

`U.S. Patent
`
`Dec. 1, 1992
`
`Sheet 1 of 2
`
`5,168,520
`
`Il‘
`
`
`
`VERIFICATION
`COMPUTER
`
`
`
`I6
`
`
`
`
`
`VERIFICATION STATION
`
`COMPUTER
`
`DISPLAY
`
`'
`INPUT
`DEVICE
`
`66
`
`
`
`
`
`
`
`FIG.2
`
`

`

`US. Patent
`
`Dec. 1, 1992
`
`Sheet 2 of 2
`
`5,168,520
`
`USER SENDS NONSECRET CODE T0 VERIFICATION COMPUTER (VCI
`
`'30
`
`
`
`
`
`USER INPUT PIN T0
`vc RETRIEVE PIN AND
`
`NONPREDICTABLE
`
`CODE FOR USER
`UD GENERATES
`
`32
`NON PREDICTABLE
`
`CODE
`
`UD MIXES PIN AND
`
`NONPREDICTABLE
`CODE', DISPLAYS RESULT
`
`7o
`
`
`VC RETURNS
`
`
`CHALLENGE
`
`
`CODE TO USER
`
`
`
`USER INPUTS PIN AND
`CHA LLENGE CODE
`TO UD
`
`72\
`
`
`
`
`
` UD USES ”CHALLENGE
`
`
`CODE T0 GENERATE
`NONPREDICTABLE CODE
`
`I
`
`I
`
`-- - --
`
`I42
`
`
`
`
`
`
`
`USER SENDS DISPLAYED
`RESULT T0 vc
`
`42
`
`
`_- vc COMBINES on MIXES
`vc USES RETRIEVED PIN T0 STRIP PIN
`RETRIEVED PIN AND
`FROM USER mm”
`D
`NONPREDICTABLE CODE
`I44
`
`
`
`VC COMPARES RESULT
`MIXED BY UD 8 RESULT
`
`
`MIXEDBY vc
`
`MATCH
`
`NO MATCH
`
`I48
`
`I50
`
`USER
`VERIFIED
`
`USER
`
`REJ ECTED
`
`44
`
`46
`
`VC COMPARES
`
`
`VC COMPARES RETRIEVED
`
`STRIPPED PIN
`AND INPUTTED
`
`
`TO RETRIEVED PIN
`NONPREDICTABLE CODES
`
`
`
`
`
`
`
`_OTH _OMATCH ON_ATCH EITHER_OMPARISON
`
`
`
`
`
`USER VERIFIED
`
`USER REJECTED
`
`FIG.3
`
`

`

`1
`
`5,168,520
`
`METHOD AND APPARATUS FOR PERSONAL
`IDENTIFICATION
`
`CROSS REFERENCE TO OTHER
`APPLICATIONS
`
`This application is a continuation in—part of applica—
`tion Ser. No. 07/341,932 filed Apr. 21, 1989, now U.S.
`Pat. No. 5,023,908, which is a continuation-in-part of
`application Ser. No. 802,579 filed Nov. 27, 1985, issued
`Dec. 5, 1989 as US. Pat. No. 4,885,778, which applica-
`tion is itself a continuation-in-part of application Ser.
`No. 676,626 filed Nov. 30, 1984, now US. Pat. No.
`4,720,860,
`issued Jan. 19, 1988. The disclosures and
`specifications of all of the foregoing applications/pat-
`ents are incorporated herein by reference as if fully set
`forth.
`
`FIELD OF THE INVENTION
`
`This invention relates to methods and apparatus for
`identifying an individual and more particularly to meth-
`ods and apparatus for providing improved security for a
`personal identification number (PIN) utilized in con—
`.junction with such an identification system.
`BACKGROUND OF THE INVENTION
`
`identification systems may be based on
`Personal
`something someone has, such as a card Or badge, some-
`thing that someone knows, such as a PIN, or some
`characteristic of the individual, such as his fingerprints
`or speech pattern.,Security for such systems is enhanced
`by utilizing two or more of the above in performing the
`identification.
`
`For example, parent US. Pat. No. 4,720,860, dis-
`closes a personal identification system wherein the indi-
`vidual has a card or other small, portable device which
`contains a microprocessor programmed to utilize a se-
`cret algorithm to generate a nonpredictable number
`from a stored value unique to the individual and a time
`varying value provided for example by a clock. The
`nonpredictable value is preferably displayed on the
`device. The individual then enters his secret PIN into a
`central verification system, either directly or over a
`telephone line, causing the central system to access
`stored information corresponding to the individual and
`to utilize at least some of this information to generate a
`nonpredictable value at the central computer utilizing
`the same algorithm as at the individual’s microproces—
`sor. At the same time this is being done, the individual
`is entering the number appearing at that period of time
`on the display of his device. The two values will match,
`signifying identification of the individual, only if the
`individual has entered the correct PIN and if the indi-
`vidual has the proper device so that the nonpredictable
`code displayed corresponds to that being generated at
`the central verification computer.
`In other systems, such as those shown in US. Pat.
`No. 4,599,489 issued Jul. 8, 1986, the PIN may either be
`stored in the user’s device, or may be entered by the
`user. If the PIN is stored in the device, it is read from
`the device by a suitable reader and causes the central
`verification computer to generate a unique challenge
`’code to the individual. This challenge code may either
`be entered by the individual into his machine, or may be
`automatically sensed by the machine, and is operated on
`by the user’s device to generate a unique nonpredictable
`
`5
`
`10
`
`15
`
`20
`
`25
`
`3O
`
`35
`
`45
`
`50
`
`55
`
`65
`
`2
`code which is then entered into the central computer to
`effect verification.
`One potential difficulty with either of the systems
`indicated above is that an unauthorized individual may
`be able to obtain access to the user 5 PIN by electronic
`eavesdropping, reducing the security provided by the
`system. If, for example, the PIN is transmitted over
`public lines, such as telephone lines, from the user to the
`central verification computer, it may be possible to tap
`these lines and intercept the PIN as it is being transmit-
`ted. If the PIN is stored in the device, someone obtain-
`ing the device surreptitiously may, through sophisti-
`cated means, be able to determine the PIN stored in the
`device and thus defeat the security of the system. Fur-
`thermore, any storing of a PIN or password in the por-
`table device for comparison defeats the purpose of an
`independent identification factor and reduces security
`to a “thing” possessed.
`A need therefore exists for an improved means of
`communicating a PIN or other user identification code
`to a central verification system such that someone tap-
`ping the line over which the code is being sent will be
`unable to determine the secret identification number
`and someone obtaining possession of the user device
`will also not be able to obtain access to the user’s secret
`identification number from the device.
`
`SUMMARY OF THE INVENTION
`
`In accordance with the above, this invention provides
`a method for personalidentification and apparatus for
`the practice thereof wherein a device in the possession
`of the individual is utilized to generate a unique, time
`varying, nonpredictable code; the nonpredictable code
`generated at a given time is mixed with a secret PIN for
`the individual; the mixed output is communicated to a
`central verification computer; and the verification com-
`puter typically strips the PIN from the communicated
`value and utilizes the stripped PIN and remaining non-
`predictable code to perform a verification operation
`Alternatively and equivalently, the mixed output which
`is communicated to the verification computer may be
`verified in the verification computer without stripping
`of the PIN. Preferably, before the mixed value is com-
`municated to the verification computer, a nonsecret
`identifying code for the individual is communicated to
`the verification computer;
`the verification computer
`utilizes the nonsecret identifying code to obtain the PIN
`and appropriate nonpredictable code for the individual;
`and the verification operation includes the PIN and
`appropriate nonpredictable code obtained during the
`obtaining step being compared with the stripped PIN
`and remaining nonpredictable code. Alternatively the
`PIN may not be stripped from the mixed value, the
`verification computer may utilize the nonsecret identi-
`fying code to retrieve or obtain the PIN and appropri-
`ate nonpredictable code, combine the retrieved PIN
`and appropriate nonpredictable code, and perform a
`verification operation between the mixed value commu-
`nicated to the verification computer and the combina-
`tion of the retrieved PIN and appropriate nonpredicta-
`ble code. The verification computer may also generate
`a unique challenge value in response to the nonsecret
`identifying code which challenge code is communi-
`cated to the device in possession of the individual. For
`one embodiment, the challenge code is communicated
`to the individual and the individual inputs the challenge
`value and the PIN to his device, the device includes
`means responsive to the challenge value for generating
`
`

`

`5,168,520
`
`3
`the nonpredictable code. During the mixing step, the
`device may receive the PIN and the nonpredictable
`code and generate an output which is a predetermined
`function of the inputs. The predetermined function
`may, for example, be a sum of the inputs, for example
`the sum of the inputs without carry.
`The foregoing and other objects, features and advan-
`tages of the invention will be apparent from the follow-
`ing more particular description of preferred embodi-
`ments of the invention as illustrated in the accompany-
`ing drawings.
`
`IN THE DRAWINGS
`
`FIG. 1 is a semi-block schematic diagram of the veri-
`fication system of a first embodiment of the invention.
`FIG. 2 is a block schematic diagram of a second
`embodiment of the invention.
`
`FIG. 3 is a block flow diagram illustrating the opera-
`tion of the first embodiment of the invention and alter-
`native steps for the second embodiment of the inven-
`tion.
`
`DETAILED DESCRIPTION
`
`FIG. 1 shows illustrative structure for a personal
`identification system of a first embodiment of the inven-
`tion. In this figure, a user verification device 10 is pro
`vided which is of the type described in the parent appli-
`cations. The device is preferably of the general size and
`shape of a standard credit card, although its thickness
`dimension may be slightly greater than that of such
`cards. The device 10 has a clock which generates a time
`dependent digital output to a microprocessor which is
`programmed with a unique algorithm to operate on the
`time-dependent clock input and on a stored static value
`unique to a given user to generate a multi bit non-
`predictable code. A plurality of input areas 12 are pro-
`vided on the face of device 10. These areas are prefera-
`bly each indicative of a numerical digit, for example the
`digits 1—0 as shown in FIG. 1, and may be pressure
`sensitive pads or otherwise adapted to generate an elec-
`trical output indicative of the area when the area is
`touched by the user. Spacing may be provided between
`the individual areas 12 to assure distinctive outputs As
`will be described in greater detail hereinafter, the user
`may input his unique PIN on areas 12 which are mixed
`in the processor in device 10 with the nonpredictable
`code generated therein in response to the time-depend-
`ent and static inputs to generate a multi-bit nonpredicta-
`. ble code which is displayed on area 14 of device 10.
`Area 14 may be a liquid crystal display or other suitable
`display device for producing numeric or alpha-numeric
`characters. Each area of display 14 is adapted to display
`a different digit of the nonpredictable code.
`The user initially transmits a nonsecret identifying
`code to verification computer 16 by keying this number
`into a telephone 18 at his location. This number is trans-
`mitted over telephone lines 20 to telephone 22 at the
`verification station and through a modem 24 at this
`station to the verification computer. The user may then
`use the telephone 18 to key in and transmit the non-
`predictable code being displayed at that time on display
`14.
`»
`
`FIG. 3 is a flow diagram illustrating in greater detail
`the operation of the system of FIG. 1 to perform a
`verification operation. Referring to FIG. 3, the first step
`in the operation, step 30,
`is for the user to send his
`nonsecret code to verification computer (VC) 16. As
`previously indicated, this is accomplished by the user
`
`4
`keying his nonsecret identification number into tele-
`phone 18 for transmission through telephone line 20,
`telephone 22 and modem 24 to the verification com-
`puter.
`In response to the user input of his nonsecret code,
`the verification computer retrieves the user’s PIN and
`generates the nonpredictable code for the user, using
`the same algorithm and stored static value as user de-
`vice 10, and using a time-related value from a clock
`device at the verification computer, which is main—
`tained in synchronism with the clock at the user device
`in a manner discussed in the parent application (step 32).
`At the same time that the verification computer is re-
`trieving the PIN and nonpredictable code for the user,
`the user is inputting his PIN into his device 10 using key
`pads or areas 12 (step 34). While the user is inputting his
`pin, the user device is continuously generating non-
`predictable code values at its internal processor in re-
`sponse to the clock value and the stored static value
`using the unique algorithm at the user device processor
`(step 36).
`is for the
`The next step in the operation, step 38,
`generated nonpredictable code and the inputted pin to
`be mixed by the processor in device 10 to generate a
`new nonpredictable code which is displayed on display
`14. The mixing operation may be a simple addition of
`the two values without carry, or with carry, (a constant
`added to a pseudo random number produces a pseudo
`random number) or may involve a more sophisticated
`mixing algorithm.
`During step 40, the user transmits the displayed value
`by use of telephone 18 through telephone line 20, tele-
`phone 22, and modem 24 to verification computer 16
`During the next step in the operation, step 42, the
`verification computer uses the PIN for the user which
`was retrieved during step 32 to strip the PIN from the
`inputted nonpredictable code, the result being a PIN
`value and a nonpredictable code value. During step 44
`the stripped PIN is compared with the PIN retrieved
`during step 32 and during step 46 the nonpredictable
`code remaining after the inputted value has the PIN
`stripped therefrom is compared with the retrieved non-
`predictable code. If matches are obtained during both
`steps 44 and 46 (step 48) the verification computer signi-
`fies verification. If a match is not found during either
`step 44 or step 46 (step 50) then the user is rejected.
`Alternatively to steps 42, 44, 46, 48 and 50, the PIN
`and nonpredictable code which are retrieved in step 32
`may be combined or mixed by the verification computer
`during step 142 according to the same mixing operation
`which was carried out by the processor or user device
`10 in step 38, e.g. by a simple addition of the two values
`without carry, with carry, or according to some other
`more sophisticated algorithm. During alternative step
`144 the separate results of the mixing operations carried
`out by the user device 10 and the verification computer
`16 are compared. If a match is obtained, step 148, the
`user is verified. If a match is not found, step 150, the
`user is rejected.
`A procedure is thus provided wherein user verifica-
`tion may be obtained using the simple and inexpensive
`proCedure disclosed in the parent applications while
`still providing a high level of security for the user PIN.
`This security is achieved since the user PIN is never
`available on an open line which could be tapped except
`in the form of a word which is a mixture of the PIN
`with a nonpredictable code and which is virtually im-
`possible to decipher.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`

`

`5,168,520
`
`5
`FIG. 2 illustrates an alternative configuration in
`which the teachings of this invention may be utilized. In
`FIG. 2, the user device 10 is of the same type shown in
`FIG. 1. However, for this embodiment of the invention,
`the user device is adapted to be used in proximity to the
`verification station rather than from a remote location
`over telephone lines. For this embodiment of the inven-
`tion, the verification station 60 includes a computer 62,
`a display 64, such as for example a CRT display, and an
`input device 66 which may, for example, be a standard
`computer input keyboard. Referring again to FIG. 3,
`the operation with this embodiment of the invention
`starts with step 30, during which the user sends a nonse-
`cret code to the verification computer 62 by, for exam-
`ple, keying this code into input device 66. In response to
`receiving the nonsecret code, computer 60 retrieves the
`PIN and generates the nonpredictable code for the user
`(step 32) and also retrieves a challenge code for the user
`which is displayed on display 64 (step 70). The user
`inputs his PIN and the challenge code in an order estab-
`lished for the system to user device 10 using input pads
`12 (step 72). During step 74, the processor in device 10
`uses the inputted challenge code and the time inputted
`from its clock to generate a nonpredictable code which,
`during step 38, is mixed with the inputted pin and the
`results are displayed on display 14 of device 10. From
`this point on, the operation for this embodiment of the
`invention is the same as that previously described with
`respect to the embodiment of FIG. 1.
`Thus, with this embodiment of the invention, as with
`the prior embodiment of the invention, the pin in un-
`coded form is never transmitted in a manner such that it
`could be observed and is not resident in the user’s de-
`vice where it might, using sophisticated technology, be
`retrieved.
`As an alternative to the embodiment shown in FIG.
`2, the nonsecret code may be recorded in machine read-
`able form on device 10 and input device 66 might in-
`clude a card reader which the card is inserted into to
`permit the nonsecret code to be read into computer 62.
`While the invention has been shown and described
`above with reference to preferred embodiments, the
`foregoing and other changes in form and detail may be
`made therein by one skilled in the art without departing
`from the spirit and scope of the invention.
`What is claimed is:
`
`identification system of the type
`1. In a personal
`wherein a user is provided with a device generating a
`unique,
`time varying, nonpredictable code, with a
`nonsecret identifying code and with a secret PIN, the
`nonpredictable code at a given instant and the PIN
`being provided to a central verification computer to
`effect verification; apparatus for providing improved
`security for the PIN comprising:
`means for mixing the nonpredictable code generated
`by the device at a given time with the PIN accord-
`ing to a predetermined algorithm to generate a
`combined coded value;
`means for separately communicating the nonsecret
`identifying code and the combined coded value to
`the central verification computer; and
`wherein the central verification computer includes
`means for utilizing the nonsecret identifying code
`to retrieve the PIN and generate an appropriate,
`unique, time varying nonpredictable code for the
`individual, and means for utilizing the retrieved
`PIN, appropriate nonprediCtable code and the
`
`6
`combined coded value in performing a verification
`operation.
`2. Apparatus as claimed in claim 1 including means
`operative prior to the communicating of the value from
`the mixing means for communicating the nonsecret
`identifying code to said verification computer.
`3. Apparatus as claimed in claim 2 wherein said verifi-
`cation computer includes means for utilizing the com-
`municated nonsecret identifying code to retrieve the
`PIN and a unique challenge value for the individual;
`and
`
`means for communicating the challenge value to the
`device.
`
`4. Apparatus as claimed in claim 3 wherein said chal-
`lenge value communicating means includes means for
`communicating the challenge value to the individual;
`and
`wherein the device includes means for permitting the
`individual to input the challenge value and his PIN
`to the device.
`
`5. Apparatus as claimed in claim 4 wherein said de-
`vice includes means responsive to the challenge value
`for generating the nonpredictable code; and
`wherein said mixing means includes means, included
`as part of the device, for receiving the inputted
`PIN and the generated nonpredictable value and
`for generating an output which is a predetermined
`function of the input.
`6. Apparatus as claimed in claim 5 wherein said mix-
`ing means adds the PIN to the nonpredictable code.
`7. Apparatus as claimed in claim 1 wherein said de-
`vice includes means for permitting the individual
`to
`input his PIN to the device; and
`wherein said means for mixing is included as part of
`said device and is adapted to reCeive the PIN input-
`ted by the individual and the nonpredictable code
`and to generate an output which is a predetermined
`function of the input.
`8. Apparatus as claimed in claim 7 wherein said mix-
`ing means adds the PIN to the nonpredictable code.
`9. Apparatus as claimed in claim 1 wherein said verifi-
`cation computer includes a means for mixing the re-
`trieved PIN and appropriate nonpredictable code gen-
`erated by the verification computer at a given time
`according to the predetermined algorithm to generate a
`second combined coded value.
`10. Apparatus as claimed in claim 9 wherein the veri-
`fication operation comprises comparing the combined
`coded value with the second combined coded value.
`11. A method for identifying an individual compris-
`ing the steps of:
`utilizing a device in the possession of the individual to
`generate a unique time varying, nonpredictable
`code;
`mixing the nonpredictable code generated at a given
`time with a secret PIN for the individual to gener-
`ate a combined code; and
`communicating a nonsecret identifying code for the
`individual and the combined code to a central veri-
`fication computer;
`the verification computer utilizing the nonsecret
`identifying code to retrieve the PIN and generate
`an appropriate, unique, time-varying nonpredicta-
`ble code for the individual, and utilizing the re-
`trieved PIN, appropriate nonpredictable code, and
`the combined code to perform a verification opera-
`tion.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`45
`
`50
`
`55
`
`60
`
`65
`
`

`

`5,168,520
`
`8
`15. A method as claimed in claim 14 wherein said
`predetermined function is a sum of said inputs.
`16. A method as claimed in claim 14 including the
`step of the individual inputting his PIN to the device;
`and
`
`wherein the mixing step includes the device receiving
`the PIN inputted by the individual and the non-
`predictable code and generating an output which is
`a predetermined function of the inputs.
`17. A method as claimed in claim 16 wherein said
`predetermined function is a sum of said input.
`18. A method as claimed in claim 11 wherein the
`verification computer utilizes the retrieved PIN and
`appropriate nonpredictable code by combining them to
`obtain a second combined code.
`19. A method as claimed in claim 18 wherein the
`verification operation comprises comparing the com-
`bined code and the second combined code.
`i
`t
`t
`t
`t
`
`7
`12. A method as claimed in claim 11 wherein the
`
`verification computer also generates a unique challenge
`value in response to the nonsecret identifying code; and
`including the step of communicating the challenge
`value to the device in possession of the individual.
`13. A method as claimed in claim 12 wherein the
`
`challenge value is communicated to the individual; and
`including the step of the individual inputting the chal-
`lenge value and his PIN to the device.
`14. A method as claimed in claim 13 wherein the
`
`device includes means responsive to the challenge value
`for generating the nonpredictable code; and
`wherein the mixing step includes the device receiving
`the PIN and the nonpredictable code and generat-
`ing an output which is a predetermined function of
`the inputs.
`
`10
`
`15
`
`20
`
`25
`
`3O
`
`35
`
`45
`
`50
`
`55
`
`65
`
`