The present invention relates generally to a method and system for computation and verification of authentication parameters between two entities, an originating entity and a receiving entity, more particularly a method and system for computation and verification of authentication parameters from independent measurements of time or location, and specification thereof based on configurable constraints on such measurement differences. BACKGROUND ART

At present existing one-time key (OTK) or password (OTP) solutions require a client-side generation on specialised devices or alternatively a server-side generation and subsequent transmission via Short Messaging System (SMS) to previously specified cellular phones.

These provide sole use for client-to-server authentication, without addressing the reciprocal process of server-to-client authentication, and are susceptible to man-in-the-middle (MITM) attacks, and consequent transaction fraud. These are also highly dependent on tight synchronisation between time measurements as executed on different systems and devices. Present methods utilize repeated, and possibly unauthorised, use of generated OTK within specified time-frame. In addition to this, present methods are vulnerable, in that the pair-wise secret-keys used for OTK generation are vulnerable, which results in single-points of weakness in operational systems. This leads to inflexibility with respect to management of keys for OTK generation, resulting in high costs required to undertake initial deployments and subsequent operations.

SUMMARY OF INVENTION

The present invention provides a method and system for mutual authentication between two entities. The present invention proposes a method and system for computation and verification of authentication parameters from independent measurements of time or location, and specification thereof based on configurable constraints on such measurement differences. In one aspect of the present invention is a method and system for computation and verification of authentication parameters between two entities, an originating entity and a receiving entity, upon initiating an interaction by the originating entity, a server or a client initiating a service request over a communications network which will be received by the receiving entity, the client or the server. The method comprises the client authenticating the server by visual comparison of an authentication code in numeric, symbolic or graphical form computed by the server to a plurality of the corresponding reference codes computed on a trusted application; and the server authenticating the client by manual transcription of an authentication code computed and displayed on the trusted application and comparison of the test code to a plurality of reference codes computed on the server.

According to the embodiments of the present invention, computation of the authentication code by the server and the trusted application is based on a Zero-Knowledge (ZK) transformation which further comprises the transformation of key information which is securely managed and rigorously associated to either the server or the client; service information derived from the service request or a subsequent grant; time or location information measured or inferentially computed independently by either the server or the client; and an evaluation of the authentication code received from either the server or the client based on computation of the plurality of reference codes based on predetermined approximation of time and location such that the authentication code is equal to one of the plurality of reference codes.

The trusted application comprises an application operating on a mobile device or computer workstation that does not have connectivity to the communications network or a direct connectivity the server. The time information measured or inferentially computed independently further comprises measuring of a plurality of measurement values by independently operated and calibrated system clocks capable of producing measurement values that differ and if the difference exceeds a predetermined maximum degree, authentication fails. The location information measured or inferentially computed independently further comprises computations of Global Positioning System (GPS) signals as received by the trusted application or communications parameters which comprises protocol identifiers associated with Internet access, including addresses associated with the service request initiated the client and network connectivity, including addresses associated with access points for wireless access points and cellular base stations.

Computation of the authentication code by the server and the trusted application is based on Zero-Knowledge (ZK) integration which further comprises the input of key information associated to the originating entity; and predetermined approximation of time or location measured independently on the originating entity.

Verification of the authentication code by the server and the trusted application is computed as a Zero-Knowledge (ZK) query which further comprises the input of key information associated to the receiving entity; predetermined approximation of time or location measured independently on the receiving entity; and predetermined plurality of extrapolations of time or location based on the independent measurement on the originating entity.

In a further embodiment of the present invention, the method further comprises computation of a reciprocal authentication code that integrates additional inputs associated with service information including a received authentication code. The method further comprises verification of a reciprocal authentication code that integrates additional inputs associated with service information including a transmitted authentication code.

The authentication code is computed on the server and received by the client in numeric, symbolic or graphical form suitable for use by the client, comprises visual comprehension of the authentication code; manual transcription of the authentication code into the trusted application by means of numeric, symbolic or graphical data entry; visual or computer assisted comparison of the authentication code against the plurality of reference codes computed on the trusted application; and manual or computer assisted determination as to whether the authentication code is authentic proof of the server identity.

The authentication code is computed on the server and received by the client in numeric, symbolic or graphical form suitable for sequential application by the client, comprises requesting for generation of a corresponding verification code on the trusted application; visual comparison of the authentication code and the plurality of reference codes as computed on the trusted application system; and manual or computer- assisted determination as to whether the authentication code is authentic proof of the server identity.

The authentication code associated with the server in visual or graphical form and the corresponding verification code as computed on the trusted application depend on progressive and interactive computation, wherein visual comparison of the authentication and the plurality of reference codes are executed as an iterative and interactive sequence. The authentication code is computed on the server and received by the client in an image or graphical form suitable for use by the client, comprises transferring onto the trusted application by means of a camera or an equivalent imaging device attached to a hardware platform on which the trusted application is operating or equivalent transfer of designated image or graphical data directly to the trusted application; and verification within the trusted application of the received authentication code against the plurality of reference codes as computed; and indicating to the client as to whether the authentication code is authentic proof of the server identity.

The reciprocal authentication code is computed and transmitted, upon acceptable determination of the server authenticity in numeric or symbolic form suitable for use by the client, comprises manual or automatic transcription into the trusted application by means of numeric or symbolic data entry of additional inputs associated with service information; visual comprehension of the reciprocal authentication code as computed on the trusted application; visual or computerised transcription of the reciprocal authentication code into the server interface component by means of numeric or symbolic data entry; transmission of transcribed reciprocal authentication code to the server by means of the communications 015 000053

7 network; automatic comparison of the received authentication code against the plurality of reference codes computed on the server; and automatic determination as to whether the authentication code is authentic proof of the client commitment to the service.

The computation and verification of the authentication code requires the originating entity and the receiving entity to be able to access a secret-key as used in symmetric-key cryptographic protocols, and the secret-key is exclusively and irrefutably associated to the originating entity.

The secret-key used for computation of the authentication code is associated to a key-pair as used in asymmetric-key cryptographic protocols, whereby a private-key of the key-pair is exclusively and irrefutably associated to the originating entity and the corresponding public-key of the key-pair is accessible to the receiving entity prior to initiating interactions.

The use of the secret-key or the private-key by the originating entity or the receiving entity is subject to rigorous control necessitating Zero- Knowledge (ZK) demonstration of at least one constituent key-factors associated to the originating entity, comprising a secret password that is in the exclusive knowledge of the user; or numeric or symbolic parameters uniquely associated to the server or the client. The use of the secret-key or the private-key depends on Zero-Knowledge (ZK) demonstration of a plurality of constituent key-factors, as subject to configuration prior to initiating interactions.

The client is associated with a plurality of trusted applications being utilised for computation and verification of the authentication code, comprising the client being able to rigorously and irrefutably demonstrate access to one or more of the plurality of constituent key-factors.

The public-key associated with the server is accessible to the client prior to initiating interactions between the server and the client.

The originating entity or the receiving entity computes a cryptographic signature as a Zero-Knowledge (ZK) integration of inputs which comprise the secret-key to be further utilized for a subsequent computation of authentication codes by the originating entity or the receiving entity; or the private-key previously associated with the originating entity or the receiving entity; allowing the outcome of the computation to be unambiguously and irrefutably verified by a plurality of other entities in prior possession of the corresponding public-key to the effect that the originating entity or the receiving entity is deemed to have undertaken associative commitment with respect to being associated to the secret- key.

The computation of a cryptographic secure-message as a Zero- Knowledge (ZK) integration of inputs which further comprises the public- key associated with the receiving entity as expressly specified by the originating entity; such that verification of the outcome of the computation equivalently comprises the private-key corresponding to the public-key previously utilised by the originating entity to effect that recovery of the secret-key from the outcome parameter and consequent verification thereof can only be undertaken by the receiving entity.

The computation of the cryptographic signature or secure-message is by the server, and transmitted to the trusted application to enable consequent computation of the secret-key specific to the interaction to enable correct demonstration on the trusted application of the private-key, with equivalent computation independently undertaken on the server in relation to the interaction. The reciprocal authentication code is computed using the session-key specific to the interaction as independently computed on the server and the trusted application engaged in the interaction.

The secret or the public-key associated with the originating entity or the receiving entity depends on computation of the cryptographic signature or secure-message by a trusted third-party (TTP) system, wherein the trusted third-party (TTP) is deemed to be trustworthy; and further that the trusted third-party (TTP) public-key is accessible to the originating entity and the receiving entity prior to the interaction.

The present invention consists of features and a combination of parts hereinafter fully described and illustrated in the accompanying drawings, it is being understood that various changes in the details may be made without departing from the scope of the invention or sacrificing any of the advantages of the present invention.

BRIEF DESCRIPTION OF THE ACCOMPANYING DRAWINGS

To further clarify various aspects of some embodiments of the present invention, a more particular description of the invention will be rendered by references to specific embodiments thereof, which are illustrated, in the appended drawings. It is appreciated that these drawings depict only typical embodiments of the invention and are therefore not to be considered limiting of its scope. The invention will be described and explained with additional specificity and detail through the accompanying drawings in which:

FIGURE 1 illustrates a preferred embodiment of a method and system for computation and verification of authentication parameters between two entities.

FIGURE 2 illustrates an embodiment of the present invention with visual interactive verification.

FIGURE 3 illustrates an embodiment of the present invention with computer-assisted verification, with consequent interaction-specific key.

FIGURE 4 illustrates computation Z, and recovery Z', of cryptographic signature or secure-messages. FIGURE 5 illustrates independent establishment Z", of secret-keys.

FIGURE 6 illustrates computation of TLCK T, by originating or sending entity. FIGURE 7 illustrates computation required for verification by receiving entity of TLCK from originating or sending entity.

FIGURE 8 illustrates computation of user-associated key.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

The present invention relates to a method and system for mutual authentication between two entities. Hereinafter, this specification will describe the present invention according to the preferred embodiments of the present invention. However, it is to be understood that limiting the description to the preferred embodiments of the invention is merely to facilitate discussion of the present invention and it is envisioned that those skilled in the art may devise various modifications and equivalents without departing from the scope of the appended claims.

General embodiment

The present invention discloses a method and system for computation and verification of authentication parameters between two entities. Reference is being made to FIGURE 1. FIGURE 1 illustrates a preferred embodiment of a method and system for computation and verification of authentication parameters between two entities. The two entities are an originating entity, being a server (100) or a client (110) and a receiving entity, being a server (100) or a client (110).

The server (100) component houses the application of the present invention and the client (110) component serves as an interface element for a particular human user (120) of interest. A trusted application or system (130) is installed on a computing device in the physical possession of aforesaid user which might be a desktop workstation or mobile device capable of localised computations of aforesaid server-associated Time or Location-Constrained Keys (TLCKs) as required by embodiment of interest; display of numeric, symbolic or graphical elements resulting from particular use of such embodiment; and communications with server for management of keys used for computation of TLCKs as required on routine basis, such that aforesaid TLCKs can be associated with user of interest. The user-associated keys are subject to refreshment and replacement on periodic or episodic basis. Optionally, the method may comprise image capture by means of camera attached to computing device on which trusted system (130) is installed.

An exemplary embodiment of the present invention would be a Web client- server system, in which service request is executed over the Internet to server (100) of interest from client-side User Interface (Ul) (110) as downloaded onto Web browser application on computing device of interest; following which TLCK associated with aforesaid server (100) is therein computed, and subsequently transmitted (101) to client Ul (110); on which TLCK of interest is represented as numeric or symbolic string (111 ) in a form and length suitable for human visual comparison (111 A), or visual representation (112) in a form and function suitable for human visual comparisons and interactions (112A),or image encoding (113) in a form suitable for transfer (113A) to the trusted system (130), by means inclusive of image capture by means of camera on the trusted system (130) or direct transfer as file of suitable encoded form to aforesaid trusted system (130).

Aforesaid embodiment furthermore enables user of interest (120) to undertake comparison against corresponding TLCK instance as computed on the trusted system (130), outcome of which is deemed to be trustworthy by the user; and with aforesaid TLCK in representative form of numeric or symbolic string (111 ), with visual comparison of test values (1 1 A) against reference values (131A);or in visual representation (132) with equivalent comparison of test interaction outcomes (112A) against corresponding reference outcomes (132A). Alternative embodiment enables aforesaid user (120) to entrust the trusted system (130) of interest to rigorously and unambiguously verify the authenticity and correct association of received TLCKs; in representative form of numeric or symbolic string (111 ), with verification (131) following manual transcription (131 A) onto aforesaid trusted system; or as image encoding (113) with an equivalent verification (133) following transfer (113A) as aforesaid. Embodiment with visual interactive verification

Reference is now being made to FIGURE 2. FIGURE 2 illustrates an embodiment of the present invention with visual interactive verification. FIGURE 2 depicts a client Ul component (210) with which to interact with a particular user of interest (260), and a server component (200) in communication with aforesaid client component. The server (200) computes a server-associated TLCK T, in visual form constituting a test representation X = X(T) (211), for subsequent display on aforesaid client component; and additionally a trusted application or system (250), associated with aforesaid particular user, on which verification of aforesaid server-associated TLCK representation X (211 ) is undertaken by means of computation and display of reference representation X' = X(T') (251 ), of corresponding T independently measured or computed on trusted system, on aforesaid trusted system by means of correlated interactions (261 and 262), as respectively executed on client component and trusted system. This enables the determination (263) as to whether server-associated TLCK T is correct and correctly associated with server.

Visualisation and comparison of test valuation X (211 ) against reference valuation X' (251) is undertaken by means of progressive and interactive comparison (261 ) on client component, and correspondingly (262) on trusted system; such that user can undertake verification (263) of T in substantively greater detail than would be possible with any single truncation [T] into symbolic or numeric form, and of short length suitable for human visual comprehension.

Visualisation as aforesaid is subject to progressive iteration X.i = X(T; i): in i = 1 ...n steps subject to sequence of iterative interactions (212) by user, and progressive computations (213) for test valuation X associated with server, and corresponding interactions (252) and consequent computations (253) for reference valuation X' on trusted system; subject to representation limit n as specified in representation method, and as corresponding to information content of TLCK input. Embodiment as aforesaid then allows user to verify server-associated TLCK T as being authentic if corresponding representations X.i (21 1 ) and X'.i (251 ), subject to visual interactive comparison V.i = V(X.i, X'.i) (263) as undertaken by user of interest at every step i. Embodiment then allows determination of T as authentic, arising from T = T, if V.i = true for all progressive steps interactively undertaken by user; and conversely, determination of T as inauthentic, arising from T /= T; if V.i = false for any step in sequence of interest.

Various embodiments of the present invention require prior association of Public-Key Cryptography (PKC) pair (k, K) to server of interest, such that private-key k is securely and exclusively associated with server; and corresponding public-key K is likewise uniquely and unambiguously associated, and is furthermore available to trusted systems associated to all users of interest prior to commencement of any given interaction executed by the embodiments of the present invention. All users of interest are required to be associated with their respective key- pairs, such that a particular user i is equivalently associated with key-pair (k.i, K.i), such that constituent private-key k.i is likewise secure and exclusive, on trusted system associated with user i, and corresponding public-key K.i is likewise unique and unambiguous, and furthermore reciprocally available to server prior to any interaction of interest.

Embodiment with computer-assisted verification, with consequent interaction-specific key

Reference is now being made to FIGURE 3. FIGURE 3 illustrates an embodiment of the present invention with computer-assisted verification, with consequent interaction-specific key. This embodiment allows interaction sequence comprising computation of aforesaid TLCK T (302) by server (300) on request by particular user i (360), encoding (301 ) of TLCK T into machine-readable graphical form Y = Y(T), by means of designated PKC computation, transmission (303) of Y, corresponding to particular service request to client Ul component (310), and subsequent display (311 ). Thereafter the method comprises transfer (312) of Y, upon designated action by user, by means of image capture of Y on computing device on which trusted system is installed, by means of camera attached to aforesaid device or direct transfer as file containing Y to aforesaid computing device. Following that the method comprises verification W = W(Y(T); K, k.i) (351 ) on trusted system (350), by means of another PKC computation; for determination (352) of TLCK T to be authentic if W = true, arising from T = T', and furthermore if secret-key k' = k'(K, k.i) (353) is unique to interaction of interest; and conversely for determination of TLCK to be inauthentic if T /= T if W = false. Various embodiments of the present invention require any user i of interest to have access to secret-key s associated with server; for subsequent computation by server, and verification by user i, of server-associated TLCKs; and as delivered to user i by means of secure-message Z(K.i, s; k) as generated by server, and specifically designated for user i; such that corresponding recovery Z'(Z, K; k.i) requires correct demonstration of private-key k.i by user i, as corresponds to public-key K.i used in aforesaid computation of Z by server, and as previously associated with user i; consequent to which session-key s is recovered by user i, and is verified to be correct and correctly associated with server.

These embodiments also require server to have reciprocal access to secret-key s.i associated with user i; for subsequent computation by user i, and verification by server, of user-associated TLCKs; and as delivered to server by means of reciprocal secure-message Z(K, s; k.i) generated by user i, and specifically designated for server such that corresponding recovery Z'(Z, K.i; k), and consequent verification of aforesaid secret-key s.i, requires correct demonstration and association reciprocal to aforesaid requirement.

Reference is now being made to FIGURE 4. FIGURE 4 illustrates computation Z and recovery Z' of cryptographic signatures or secure- messages. This comprises computation (410) by originating or sending entity (400) of secure-message (420) designated for receiving entity (450) with necessary inputs of receiver public-key (41 1 ) as previously associated, own private-key (412) as correctly demonstrated and secret- key (413) of interest to be protected within secure-message as subsequently transmitted and received by receiving entity previously designated as aforesaid. Thereafter, the method comprises undertaking corresponding computation for recovery (460) of previously received secure-message with necessary inputs of own private-key (462) as correctly demonstrated and as corresponding to public-key (411) used by sending entity to compute secure-message of interest, and sender public- key (461 ) as also corresponding to private-key (412) used as aforesaid. The outcome is such that receiving entity is able to recover secret-key (463) associated with sending entity as aforesaid, and furthermore to verify secret-key as correct and correctly associated.

Other embodiments of the present invention allows for user-associated s.i to be established by means of PKC computation Z" as executed independently by server and user i, such that respective computations Z"(K.i; k) by server allows computation of s.i, subject to verification of correctness and correct association; and Z"(K; k.i) by user i allows equivalent computation of s.i, subject to equivalent verification; as well as further requirement of correct demonstrations and associations as aforesaid.

Reference is now being made to FIGURE 5. FIGURE 5 illustrates independent establishment Z" of secret-keys. This comprises interacting entities (500 and 550) undertaking respective computations (510 and 560) independently of each other. The necessary inputs are other entity public- key (511) and own private-key (512), for first entity (500) of interest; and similarly other entity public-key (561 ) and own private-key (562), for second entity (550) of interest. Both entities (500 and 550) are engaged in interaction (590) of interest, resulting in independent establishment (591 and 592) of common session-key. Additionally, each entity is able to undertake verification of aforesaid session-key as correct and correctly associated. Various embodiments of the present invention would additionally require periodic or episodic execution of aforesaid key-generation by associated entity, and subsequent transport to other entity by means of secure- message; and key-establishment as independently computed by both entities. This is subject to the requirements of the particular embodiment.

Technical specifications pertaining to mutual authentication sequence

Computation of server-associated TLCK

According to the preferred embodiment of the present invention, computation of server-associated TLCK allows server to compute associated TLCK T, and correspondingly trusted system associated with any user of interest to verify aforesaid TLCK. This is accomplished by mean of secret-key s, as previously associated with server prior to any interaction of interest as aforesaid; and as additionally distributed to aforesaid trusted systems, likewise prior to any interaction.

According to the preferred embodiment of the present invention, the method further undertakes computation of server-associated TLCK T = T([t], [x], p; s) as the ZK integration of several inputs. One of these inputs comprises time t as measured from server system clock, with subsequent reduction [t] to applicable resolution previously specified, and with equivalent reduction to be executed by other entity in subsequent interaction of interest. Another input comprises location x as computed from information associated with incoming service request by user of interest, as might be inclusive of information obtained from system client, as might be inclusive of script or object operating within third-party application, as exemplified by Web browser or application previously installed on computing device associated with user or request of interest; such information inclusive of IP address associated with request of interest.or information pertaining to geographic location of system client, as exemplified by location-aware Web browser; with subsequent reduction [x] to applicable resolution previously specified, likewise with equivalent reduction to be executed by other entity of interest. Other inputs include parameter p computed from and unique to service request of interest; and secret-key s previously associated to server as aforesaid.

Resultant server-associated TLCK T is then transmitted to client-side Ul in interaction of interest, in form of symbolic or numeric string [T] of length suitable for human visual comprehension; with subsequent manual transcription to trusted system associated to particular user of interest as aforesaid; or alternatively image capture and subsequent decoding resulting in recovery of [T] on trusted system of interest; or in form of visual representation X(T) suitable for human interaction and visual comparison as aforesaid, with possibility of image capture and subsequent decoding to verify TCLK T on trusted system as aforesaid; or alternatively in form of graphical representation Y(T) in machine-readable form suitable for machine-to-machine transfer from client Ul to trusted system of interest; by means of image capture or image file receipt to recover T on trusted system as aforesaid.

Verification of server-associated TLCK According to the preferred embodiment of the present invention, verification of aforesaid TLCK received from server as test valuation T is to be compared against one or more reference valuations T', as subsequently computed on trusted system associated with interacting users of interest. Computation of reference T = T([t'], [χ'], p; s) on trusted system of interest is then executed on combination of inputs equivalent to inputs used in computation of corresponding test T to be verified. One of these inputs comprises time t' as measured from clock on trusted system, and subsequent reduction [f] to applicable resolution previously specified, and furthermore equivalent to reduction previously executed by server in interaction of interest. Another input comprises location x' by means of information obtained from apparatus for measurement of location attached to trusted system, as exemplified by GPS radio; or systems or apparatus for determination of location arising from wireless communication network(s) to which trusted system is attached, such determination obtained from characteristics of local communications environment(s) of interest, as exemplified by WLAN or cellular radio; with subsequent equivalent reduction [χ'] to applicable resolution previously specified, and furthermore equivalent to reduction previously executed by server. Other inputs include parameter p computed from and unique to service request of interest; and secret-key s previously associated to server as aforesaid, and furthermore accessible on trusted system prior to interaction of interest.

According to the preferred embodiment of the present invention, the method further undertakes additional computations of reference

T = T'([t']+/-c.dt, [x']+/-c'.dx, y; s), in which:

dt is granular unit of time resolution applicable to interaction of interest; dx is granular unit of position resolution likewise applicable;

c is multiplier for units of time displacement deemed to be acceptable for verification of interest; and

c' is multiplier for units of position displacement likewise deemed to be acceptable. Server-associated test valuation T, as received, is then deemed to be authentic or otherwise, as the case might be, subject to verification Q(T, T) against one or more reference valuations of T computed as aforesaid on trusted system of interest. TLCK T, as transmitted by server and received by trusted system; is deemed authentic with Q(T, T) = true, if T = T holds for one reference valuation computed as aforesaid during verification; or alternatively deemed inauthentic with Q(T, T) = false, if T /= T for all reference valuations computed as aforesaid. Computation of reciprocal user-associated TLCK

According to the preferred embodiment of the present invention; computation, on aforesaid trusted system associated with user i, of correspondingly associated reciprocal TLCK T.i, is subject to prior verification of received TLCK T as being correct and correctly associated with server. Such computation is by means of secret-key s.i; previously associated with particular user i of interest prior to any interaction of interest as aforesaid, and additionally distributed to server, likewise prior to any interaction; or alternatively secret-key unique to interaction of interest, as previously established to be correct and correctly associated.

The preferred embodiment of the present invention undertakes consequent computation of user-associated TLCK T.i = T.i(T, [f], [χ'], p; s.i) from the ZK integration of several inputs. One of these inputs comprises received TLCK T, as previously verified to be correct and correctly associated with server. Other inputs comprise [f] as reduction of time measurement, as used in aforesaid verification, and [χ'] as reduction of position measurement or determination, similarly used as aforesaid. Further inputs comprise parameter p computed from and unique to service request of interest; and secret-key s.i previously associated to user i as aforesaid.

Resultant user-associated TLCK T.i is furthermore subject to representation as symbolic or numeric string truncated to length suitable for human visual comprehension on Ul of trusted system of interest, manual transcription to client-side Ul of server system on which service request of interest was previously initiated; and subsequent transmission to server, for consequent verification of T.i, by means of communications network of interest.

Verification of reciprocal user-associated TLCK

According to the preferred embodiment of the present invention, verification of aforesaid reciprocal TLCK received from particular user i of interest comprises comparison of test valuation T.i against one or more reference valuations T'.i, as subsequently computed on server from which user i is requesting service of interest. Computation of reference T'.i = T'.i(T, [t], [x], p; s.i) on server is then executed as ZK integration of inputs equivalent to inputs used in computation of corresponding test T.i to be verified. One of these inputs comprises TLCK T, as previously transmitted from server to particular user i of interest, and as presumed to be verified as correct and correctly associated with server, as previously undertaken on trusted system associated with aforesaid user i. Other inputs comprise [t] as reduction of time measurement, as used in computation of T'.i on aforesaid trusted system, and [x] as reduction of position determination, as similarly used in aforesaid computation of interest. Further inputs comprise parameter p computed from and unique to service request of interest; and secret-key s.i previously associated to user i as aforesaid.

Primary embodiment of interest might additionally undertake additional computations of reference

T'.i = T.i([t] +/- c.dt, [x] +/- c'.dx, y; s.i), in which:

dtis granular unit of time resolution applicable to interaction of interest; dx is granular unit of position resolution likewise applicable;

c is multiplier for units of time displacement deemed to be acceptable for verification of interest; and

c' is multiplier for units of position displacement likewise deemed to be acceptable.

User-associated test valuation T.i as received, is then deemed to be authentic or otherwise, as the case might be. This is subject to verification Q'(T.i, T'.i) against one or more reference valuations of T'.i computed as aforesaid on server. TLCK T.i transmitted by user i and received by server; is deemed authentic, with Q'(T.i, T'.i) = true, if T.i = T'.i holds for one reference valuation computed as aforesaid during verification; or otherwise deemed inauthentic, with Q'(T.i, T'.i) = false, if T.i /= T'.i for all reference valuations computed as aforesaid.

Computation and verification of TLCKs Reference is now being made to FIGURE 6. FIGURE 6 illustrates computation of TLCK T by originating or sending entity. Computation (610) of TLCK T (620) by sending entity (600) is accomplished by means of ZK integration of several inputs. The inputs comprise secret-key s (61 1 ), as previously associated with sending entity; transaction parameter p (612), as optional input arising from interaction of interest; and received TLCK q (613), as additional optional input computed by and associated with other entity of interest in aforesaid interaction. Other inputs comprise reduction [t] (624) of time t (614), as measured on entity of interest and subject to reduction computation (620) as previously specified for time inputs, and as commonly executed on all interacting entities of interest. Further inputs comprise optional input reduction [x] (625) of location x (615); as also measured or otherwise determined on aforesaid entity, and as similarly subject to reduction computation (620) as equivalently specified for location inputs and likewise commonly executed. This results in TLCK output (630) subsequently transmitted to other interacting entity.

Reference is now being made to FIGURE 7. FIGURE 7 illustrates computation required for verification by receiving entity of TLCK from originating or sending entity. Verification computation (710) by entity (700) in receipt of TLCK from sending entity of interest is undertaken by means of ZK integration of several inputs. The inputs comprise received TLCK q (713) as aforesaid, to be regarded as test valuation in verification of interest; and secret-key s (711 );as associated with sending entity, as accessible to receiving entity prior to interaction of interest, and furthermore as presumed used in computation of received TLCK. Other inputs comprise transaction parameter p (712) as optional input arising from interaction of interest. Further inputs comprise reduction [f] (724) of time t' (714); as measured on entity of interest, and subject to reduction computation (720) as previously specified for time inputs, and furthermore as presumed executed in computation of received TLCK. Optional inputs comprise reduction [χ'] (725) of location x' (715); as also measured or otherwise determined on aforesaid entity, and as similarly subject to reduction computation (720) as equivalently specified for location inputs, and likewise presumed executed for received TLCK. These aforesaid reductions are subject to error toleration (730) inclusive of granularity dt (734) of time reduction, and corresponding multiplier c(t) (734A). This results in multiplicity of time valuations [f] +/- c(t).dt. This error toleration is optionally inclusive of granularity dx' (735) of location reduction, and corresponding multiplier c(x) (735A). This further results in multiplicity of location valuations [χ'] +/- c(x).dx; with aforesaid time and location multiplicities resulting in multiplicity of reference TLCK valuations q'(t',x') = q'([t'] +/- c(t).dt, [χ'] +/- c(x).dx) (740). With this, the method undertakes comparison against received valuation q as received; and consequently results in determination Q(q, q') (750) of received TLCK as being correct and correctly associated with sending entity, or otherwise as the case might be.

Technical requirements pertaining to key protection Various embodiments of the present invention require association of secret-key or private-key as aforesaid to particular user of interest with consequent requirement for secure protection of constituent key-factors thereof on trusted system associated with particular user i. This is such that rigorous demonstration of key-factors is required for correct computation of secret-key or private-key. Consequently, this requires correct computation of interaction parameters as required for correct outcome in interaction of interest.

According to the preferred embodiment of the present invention, the method requires demonstration of all constituent key-factors x.i, for correct computation of secret or private-key x= x (x.i: for all i = 1...n). Such key- factors are possibly inclusive of secret password, as presumed known exclusively by particular user of interest; or furthermore one or more parameters, as presumed unique to computing device on which trusted system is installed. This is so that computation of x cannot be executed in absence of any constituent key-factor x.i not correctly demonstrated; and furthermore that any compromise, to entity other than authentic user of interest, of one or more key-factors does not result in compromise of other key-factors, or consequent secret or private key.

Other embodiments of the present invention requires demonstration of specified plurality k from total of n key-factors for correct computation of secret or private-key x = x(x.i: for i = k-of-n); as might be applicable for combination of secret password, as presumed exclusive to particular user as aforesaid; and one or more parameters as presumed unique to respective computing device on which instance of trusted system is installed. This is such that computation of x can be executed to identical correct outcome, on multiple instances of trusted system installed on multiplicity of computing devices associated with particular user. This comes with additional requirements that computation of x cannot be executed in absence of any constituent key-factor x.i not correctly demonstrated, and furthermore that compromise of one or more key- factors less than previously specified plurality k-of-n does not result in compromise of other key-factors, or consequent secret-key or private key.

Technical requirements pertaining to computation of user-associated key

Reference is now being made to FIGURE 8. FIGURE 8 illustrates computation of user-associated key. Computation (830) of secret-key or private key x (840), as previously specified and associated with particular user (810) on trusted system (800) likewise associated with aforesaid user, is undertaken as ZK integration of several inputs. These said inputs comprise key-factors x.i (821 ) for i = 1..n'<n external to trusted system (800) of interest; also previously specified, as might be exemplified by password or PIN presumed to be secret and exclusive to user (810) of interest. These said inputs also comprise other key-factors x.i' (822) for i' = η'.,.η internal to trusted system (800); likewise previously specified, as might be exemplified by system or device parameters presumed unique and exclusive to trusted system (800). All key-factors are subject to factorisation condition f(x.i: i= 1...n) (820) applicable on aforesaid key- factors x.i (821 and 822); as might require correct demonstration of entire set of x.i: i = 1...n as previously specified; or alternatively plural set of x.i: i = k-of-n, for specified plurality threshold k. This might be required for single correct valuation of user-associated key arising from multiple instances of user-associated trusted system, each operating on different computing devices, as requirement for correct computation x= x(f(x.i)) (830) of key valuation x (840), as subsequently used in various other computations of interest as aforesaid. Such use is subject to non-exposure of valuation x external to trusted system; and furthermore non-compromise of valuation x arising from consequent outcome of such computations transmitted external to trusted system of interest.

System of server, client and trusted application or system The system according to the embodiments of the present invention comprises a server as a computer system in client-server form, such that client and server constituent components engage in exchange of data, inclusive of the aforesaid authentication codes, by means of a data communications network, with IP networks being exemplary embodiments. The client component is a computer application previously installed on computer system in use by human user, which might be in location physically removed from that of corresponding server component, with script, applet or application downloaded into a Web browser being exemplary embodiments. The user is deemed to have requested some specified service by means of invoking user interface element on client component.

The client component is able to determine time, location and other information circumstantial to service request necessary for computation of authentication code as aforesaid; and is then able to display said authentication code in numeric or symbolic form suitable for user visual comprehension as aforesaid. The client component is also able to accept input of reciprocal authentication code in such form suitable for user manual transcription by means of suitable user interface element, with keyboard or keypad being exemplary embodiments; and is then able to transmit such reciprocal authentication code submitted by user to server component by means of aforesaid communications network. The server component is able to execute computations necessary for verification of reciprocal authentication code as aforesaid.

The trusted system is a computer application, such that the trusted system has been installed on computer system under the control of human user, with mobile device or computer workstation being exemplary embodiments. The trusted system is in location proximate to client component of server as aforesaid; and is able to determine time, location and other information circumstantial to service request by means independent of such equivalent determinations as executed by server prior to computation of authentication code. The user is desirous of verifying authentication code previously received from server by means of invoking user interface element on trusted system. The trusted system is able to execute computations for one or more reference authentication codes; and is able to display such reference codes in numeric or symbolic form suitable for user visual comparison against test code as displayed on client component as aforesaid. The user is able to determine from such visual comparison whether server has authenticated its identity; and is desirous of undertaking computation of reciprocal authentication code to be transmitted to server by means of invoking user interface element on trusted system. The trusted system is able to accept input of numeric or symbolic parameter associated with service or transaction of interest, with keyboard or keypad being exemplary embodiments; and is able to compute, and then display reciprocal authentication code in numeric or symbolic form suitable for user visual comprehension. The user is able to manually transcribe reciprocal code as displayed on trusted system into client component by means of suitable user interface element, with keyboard or keypad being exemplary embodiments; or alternatively able to transcribe, by computerised means as aforesaid, reciprocal code into client component; with trusted system and client components being applications on the same computer system as exemplary embodiments.

The server further undertakes computation, on periodic or episodic basis, of secret-key to be used for subsequent computation of authentication codes by server, and verification thereafter by human user; with subsequent transmission to trusted system associated with particular user with authentication by means of cryptographic signature or secure- message designated for aforesaid trusted system. This is such that recovery by designated trusted system of secret-key enables aforesaid user to subsequently undertake verification of authentication codes transmitted by server; as subject to demonstration of the correct key- factors by particular user of interest, and furthermore to configuration within trusted system.

The trusted system further undertakes computation, on periodic or episodic basis, of secret-key to be used for subsequent computation of authentication codes by trusted system on behalf of associated human user, and verification thereafter by server. Subsequently, transmission of secret-key to server; with authentication by means of cryptographic signature or secure-message designated for server; so that server can subsequently undertake verification of authentication codes transmitted by user of interest.