Background of the Invention There are many examples of systems, which require some sort of user authentification before a user is permitted access to the system. A very common example is an ATM machine or Debit Card terminal. In order to withdraw funds or make a payment, a user must first prove his or her identity to the system in order to prevent unauthorized persons from accessing his or her bank account.

Other examples where a user authorization is required are when a user needs to login to his or her computer, security systems on doors in office buildings, encrypted communication systems, and so on.

In most currently available secure systems a user verifies his or her identity with the help of an ID card and a Personal Identification Number (PIN). The user inputs the ID card to the system and then enters his or her PIN which is known only to the user and the system. The system compares the PIN input by the user and the PIN stored by the system. If the two numbers are equal, the user is granted access to the system.

One problem with the current method is that it is relatively simple for an unauthorized person to observe an authorized user entering his or her PIN code. This could occur via direct observation, or with the help of, for example, a hidden camera. If the unauthorized person then gains access to, or makes a copy of, the user's ID card, the unauthorized person can gain access to the system.

Another problem with the current systems is that many people find it difficult to memorize their PIN codes. In this case, people usually choose a PIN code which is easy to remember, such as their birthday or their address, etc. This makes it easy for an unauthorized person to guess their PIN code. Other people write down their PIN code so that they won't forget it.

Usually they store the PIN code in their wallet or purse so that they can find it when they use their card. This means that an unauthorized person who steals the user's wallet or purse can find both the ID card and the PIN code and thereby gain access to the system.

Description of the Prior Art The problems listed above are well known to the banking community and other vendors of secure systems. Therefore there have been a number of attempts to solve this problem.

From US 5,655, 020 a method is known where the user has an ID card and a PIN code. However, the user never enters his or her PIN code directly, rather the user inputs a deliberately corrupted version of his or her PIN code. Each time the system is accessed, the PIN code needs to be corrupted in a different way. A code corrupted in a manner similar to a previous

attempt is not accepted in successive accesses. A main problem with this system is that there are a limited number of corrupted versions of a PIN code. This means that at some point a previously used PIN code will be valid again. An unauthorized user could therefore observe a code entered by a user and then wait a month or so before using the same code.

Another problem with this idea is that the user needs to keep track of which corrupted versions have been entered previously and then develop newly corrupted versions. This will usually result in a few guesses to find a new version. An unauthorized user could observe the attempts made by the user and deduce the underlying PIN code.

From US 5,940, 511 a method is known where the system gives the user instructions in how to modify his or her PIN code while the user is entering the code. For example, the system might tell the user to add a random number to the PIN code before he or she enters the PIN code. The problem with this system is that an unauthorized person observing the system will be able to see or hear the instructions and therefore deduce the actual PIN code.

From US 4,679, 236 is known a system where the user has a special portable calculation device, such as a calculator, which is programmed to perform a complex algorithm on a random number generated by the system. When the user starts the interaction with the system, the system presents a response number to the user. The user then inputs a part of the response number to the calculation device and then inputs a part of the result of the calculation performed by the calculation device to the system. The computer compares the result input by the user with the result of an identical

algorithm stored in the computer applied to the response number. The problem with this system is that by observing which parts of the numbers an authorized user enters into the system and stealing the calculation device an unauthorized user can gain access to the system.

Summary of the Present Invention A first aspect of the current invention is to provide a method to verify the identity of a user requesting access to a secure system, as mentioned in the opening paragraph, where an unauthorized person cannot gain access to the system by observing how an authorized user interacts with the system.

Another aspect of the current invention is to provide a method of the kind mentioned in the preamble where an unauthorized person cannot gain access to the system by stealing a piece of hardware from an authorized user of a system.

A third aspect of the current invention is to provide a method of the kind mentioned in the preamble where an unauthorized person is highly unlikely to gain access to the system even after repeated observations of an authorized user inputting his or her access code.

A fourth aspect of the current invention is to provide a method of the kind mentioned in the preamble where the user is not forced to remember any previous interactions with the system.

A fifth aspect of the current invention is to provide a method of the kind mentioned in the preamble where currently used

systems can be used without any modifications to their hardware.

A sixth aspect of the current invention is to make it easier for a user to remember his or her access code while simultaneously maintaining a high security level.

The current invention presents a new method to verify a person's identity comprising the steps of the user providing a user identity code to the system, the system providing a response code to the user, the system applying a first algorithm to the response code to get a first result, the user applying a second algorithm to the response code to get a second result, the user inputting the second result to the system, the system comparing the first result and the second result, and the system granting the user access to the secure system if the comparison of the first and second results meets a certain set of criteria.

The personal identification code can take many different forms, for example, an alphanumeric code, a multi-digit number, a voice characteristic, a fingerprint, plus many others. The response code can also take many different forms, for example a random number, a random alphanumeric string, a sentence, plus many others.

The algorithms are chosen so that they are of sufficient complexity to prevent an unauthorized user from determining the algorithm by observing the user entering his or her code, even if the observation occurs a number of times. However, the algorithms can simultaneously be chosen to be simple to

remember. The user can therefore memorize his or her algorithm to ensure high security.

Algorithms can be easier to remember than PIN codes since peoples minds are better at remembering procedures than they are in remembering abstract codes. In addition, an algorithm can be so complicated that it would be too time consuming to attempt to determine the algorithm, given both the response code provided by the system and the result input by the user.

The algorithm stored by the system and the algorithm memorized by the user can be identical, which makes the comparison of the two results a simple equality comparison. Both for simplicity and security, the response number provided by the system can be a random number. A simple random number generator can be used to provide the response number.

In order to increase the security of the method, a component of the algorithm can be a Personal Identification Number (PIN) known to the system and memorized by the user. The result of the algorithm can then be a specific combination of the users PIN code and the response number provided by the system.

The method is not limited to single terminal systems, but can also be applied to systems, which are composed of a number of remote terminals connected to a secure central server. A good example of such a system is an Automated Teller Machine (ATM) system or a debit card terminal system. In these types of systems the user accesses the central server via the remote terminals.

A system such as this can be organized in many different ways.

Some systems can be organized where the processing elements and database elements are located at a central location and the remote terminals act as"dumb"terminals, accepting user input and displaying output to the user, but where all the processing occurs at a central location. Other systems are organized into a more distributed system where the remote terminals have their own processing means, allowing the remote terminals to do part of the processing, minimizing the amount of communication between the terminal and the central computer.

In order to make the system more user friendly the user identifying number can be stored on a magnetic stripe card or the like, input to the system by the user at the start of the procedure. This is identical to currently available Debit Cards.

The algorithm and/or PIN code can also be stored in an encrypted form on a magnetic stripe card or the like, input to the system by the user at the start of the procedure. The system works as previously described, the difference being that the remote terminal can read the data on the card and compare this to the data entered by the user. This can be used in distributed systems with a number of"smart"remote terminals. In this case, the remote terminal can verify the identity of the user without any communication being necessary between the terminal and the central system.

In order to make sure that the response numbers output by the system are not repeated, after each use of the system, the response number output to the user can be stored in a table by

the system. Subsequent response numbers generated by the system are looked up in the table and if the response number is already present in the table, a new response number is chosen before being displayed to the user.

To prevent the case of an authorized user being forced to reveal his algorithm, authorized users can be given a second algorithm, which also gives access to the system, but simultaneously activates an alarm. This will dissuade unauthorized persons from attempting to coerce an authorized user.

Brief Description of the Figures The invention will be explained in greater detail below where further advantageous properties and example embodiments are described with reference to the drawings, in which Fig. 1 is a flowchart of the authorization process on a single secure system, Fig. 2 is a flowchart of the authorization process on a centralized computer system, Description of a Preferred Embodiment of the Invention The flowchart of Fig. 1 shows the authorization procedure when the current invention is applied to a single-location secure system. In this example, it is a door to a secure area. The user identifies him or her self to the system via a magnetic key card which has the user's ID number encoded on it. The system has a built in card reader to read the ID number from

the card. The user interacts with the system via a small numeric keypad and the system interacts with the user via a small alphanumeric display. The system has a database containing the IDs of all the authorized users and a specific algorithm for each user.

In step 1 the system is in an idle loop waiting for the user to enter his or her identity card. In step 2 the user enters a magnetic stripe card which has his or her identity number (ID) encoded on it. The system reads the ID number from the card in step 3 and finds the ID number in the database in step 4. If, in step 5, the ID number is not found in the database or the ID number is from an unauthorized person, the system ejects the card 6 and the system goes back to its idle state 1, waiting for a new ID card. If the user ID is found in the database the system generates a random number, N, in step 7.

In step 8 the system displays the random number, N, on the screen. In step 9 the system retrieves, from the database, an algorithm, Al, which is associated with the user ID number. In step 10 the system generates a result, R1, which is the result of applying the algorithm, Al, to the random number, N. That is to say R1=A1 (N). In step 11 the system waits for the user to enter a number. The number, R2, entered by the user, is the result of the user applying an algorithm, A2, which is memorized by the user, to the random number N. That is to say, R2=A2 (N). If the user is the authorized user, then the two algorithms, Al and A2, are the same and therefore the two results, R1 and R2, will be equal. In step 12, the system checks if the two results are equal. If the results, R1 and R2, are equal, the door opens and permits the user access to the system. In step 14 the users ID card is ejected. If the two results, R1 and R2, are not equal, then step 13 is skipped

and the user's card is ejected in step 14 without the door opening.

The flowchart of Fig. 2 shows an embodiment of the current invention applied to an Automated Teller Machine (ATM) system.

In this example, a centralized processing system is assumed, comprising a number of"dumb"remote terminals and a central processing system. The user identifies him or her self to one of the remote terminals via a magnetic key card which has his or her ID number on it. The terminals have a built in card reader to read the ID number from the user's identity card.

The user interacts with the remote terminal via a small numeric keypad and the remote terminal interacts with the user via a small alphanumeric display. The remote terminals interact with the central computer via secure telephone lines.

The central computer has a database containing all the authorized users and a specific algorithm for each user.

The procedure starts in an idle loop 15, with the remote terminal waiting for the user to enter his or her identity (ID) card. When the user enters his ID card in step 16, the terminal reads the ID from the card and sends it to a central computer in step 17. In step 18, the central computer looks up the ID number in the database. If the ID number is not found in the database in step 19, then the central computer commands the remote terminal to eject the users ID card in step 20. In step 21, the terminal ejects the users card. If the user ID is found in the database in step 19, then the central computer generates a random number, N, in step 22. The central computer sends the random number, N, to the terminal in step 23. In step 24 the terminal displays the random number, N, on its screen. In step 25 the central controller retrieves, from the

database, an algorithm, Al, associated with the user ID. In step 26, the central controller applies the algorithm, Al, to the random number, N, to get a first result, R1, where Rl=Al (N). The terminal then, in step 27, waits for the user to enter a number, R2, which is the result of the user applying a memorized algorithm, A2, to the random number, N. R2=A2 (N). In step 28 the number entered by the user, R2, is sent to the central computer. In step 29 the central computer compares the result generated by the computer and the result input by the user. If the results are equal, then central computer allows the user to perform a financial transaction starting at step 30 and ending at step 32. In step 33 the central computer commands the terminal to eject the card, which is ejected in step 34. If, in step 29, the two numbers, R1 and R2, are not equal, then the central computer skips steps 30 to 32 and commands the terminal to eject the card in step 33.

In this example, the hardware used is identical to hardware already used in many ATM machines. Therefore the only change necessary to implement this idea is a change in software.

The algorithm applied to the response code can be one of many different types. However, when choosing an algorithm it is important to choose one which doesn't have any specific frequency components. Algorithms having specific frequency components have a"rhythm"and are therefore easier to determine using statistical programs.

An example of an algorithm is as follows. Task Trial 1 Trial 2 1 Generate six digit random number 152632 652967 2 Add digits 1 and 3 1+2=3 6+2=8 3 Add digits 2 and 4 5+6=11-> 1 5+9=4 4 Replace digit 1 with first result 352632 352967 5 Replace digit 2 with second result 312632 342967 6 Drop digits 3 and 4 3132 8467 7 Enter the reverse of the result 2313 7648

In addition, one component of the algorithm could be a Personal Identification Number (PIN). An example of an algorithm with the use of a PIN code is as follows. In the example, the PIN code is assumed to be 6735. Task Trial 1 Trial 2 1 Generate six digit random number 153492 967643 2 Subtract 5 from the 3rd digit if the 3-5<0 7-5=2 3rd digit is greater than 4. =3 3 Enter the PIN number from the 3567 7356 position specified by the result.

Another example is shown below. In this example, the initial response code generated by the system is a four-digit random number. The user performs an algorithm on the four-digit number, the result of which is a single digit. The user then inputs the single digit to the system. The number system used in this example is a base 4 number system, that is to say the number system counts as follows, 0, 1, 2,3, 10,11, 12,13, 20,21, etc... As a general rule in this example, if an operation results in a 2 digit number, only the last digit is used, for example 2x2=10-> 0 is used. Task Trial 1 Trial 2 1 The system generates a four digit 0123 0131 random number 2 Pick the first digit which is equal Third Second to"2". If there is no"2"find the digit digit from first digit which is closest to and from the the left = smaller than"2". left = 2.1. 3 Choose the digits to the side of To the To the the digit chosen in step 2 where left right there are the most digits. = 1 0 = 3 1 4 Choose the value of the digit to 1st digit 3rd digit which the first number of the two = 1 = 1 numbers chosen in step 3 points to. 5 Multiply the result from step 4 by 1*0 = 0 1*1 = 1 the second of the two numbers chosen in step 3. 6 If the numbers in step 3 are to the Digits Digits left of the number chosen in step were to were to 1, add 1 to the number in step 5. the left the right If the numbers in step 3 are to the so so right of the number chosen in step 0+1 = 1 1-1 = 0 1, find the absolute difference between 1 and the number found in step 5. 7 Enter the result of step 6 1 0

In the above example, the final result entered by the user can be one of four different values. This means that there is a 25% chance that an unauthorized user will be able to gain

access to the system with a random guess. Therefore it is unlikely that this specific example would actually be implemented. However, since the result is only one digit, there will be a very large number of different algorithms which give the same result.

Increasing the number of algorithms which give the same result is of significance to security. Since an authorized person needs to perform all the algorithm's operations in his or her head, both the number of operations and the number of operator types used in the algorithm are limited. This means that with a computer it is not of great difficulty to find all the algorithms which give a certain result based on a certain input. If the system code and the result code are observed a number of times, a computer could determine the correct algorithm. However, the more algorithms there are which give the same result, the more times the codes need to be observed before the algorithm can be found.

Therefore there is a trade-off between protecting against unauthorized users gaining access to the system via random guessing and protecting against the algorithm being determined via frequent observation of the entered code. The fewer numbers the user enters to the system, the easier it is for an unauthorized user to guess the correct number. Simultaneously, the fewer numbers the user is required to enter to the system, the more difficult it is for a computer to determine the algorithm used, even after frequent observations of an authorized user entering his or her code. In a real system, a compromise is found between these two factors.

In the above examples, the codes used were numerical codes.

However this is not a requirement of the current invention.

Many different types of codes can be used, a few examples being words, sentences, sounds, pictures, and so on.

In order to increase the user friendliness of the algorithm, the"random"number generated by the system could be limited to"random"numbers which work well with the algorithm. For example if a part of the algorithm were"choose the number after the digit 7", then the"random"numbers could be limited to those random numbers where there is a 7 and where 7 is not the last digit. The way in which the"random"number is limited is stored together with the users identification code and algorithm. Some example of how the limitation could be stored are: on a magnetic user identification card, on the local terminal, in the central computer's database, and so on.

In order to increase the security of the system, users of the system can have the possibility to choose and modify their algorithms themselves. In one example, the user can establish an encrypted connection to the secure system's central computer from a personal computer via the internet and change his or her algorithm via a form. In a more secure system, a user is required to use specially designated terminals located at secure locations in order to create and/or change the algorithm.

The security of the system can also be improved by forcing the user to change his or her algorithm on a regular basis. A more advanced system could keep track of the users activity and when a user has used his or her algorithm a certain number of times from a certain location, then the user is required to

change his or her algorithm. Furthermore, the system can assign different security risks to different locations. For example using a debit card at a pizza shop could be assigned a higher security risk than using the same card at a bank terminal. In this way, the algorithm could be made to expire more quickly if the algorithm were used often in an insecure place. If the algorithm were used in a very secure place, the algorithm could be made to expire more slowly.

Depending on the use of the code, the algorithm security level can be set appropriately. If the algorithm is to be used for, for example, small cash sums, the algorithm could be made very user friendly but not very secure. If the algorithm is to be used for, for example, unlimited cash sums, then the algorithm could be made more secure but consequently also less user friendly.

The algorithm security level can also be set depending on what other security measures are in place. If extra security measures are in place, the algorithm could be made less secure, if the algorithm is the only security measure, then the algorithm should be made more complex. One example of an extra security measure would to provide screens which prevent unauthorized users from seeing the random number generated by the system. In this case, only the authorized user can see the random number. Therefore the security is much improved over a situation where unauthorized users could see the random number. In this case, the algorithm could be made simpler, for example, enter the first two digits of the random number and the last two digits. Another example of an external security measure would be for the authorized user to have an identity

card. An unauthorized user would have to steal the card plus know the algorithm.

Another possible embodiment of the current invention can be applied to voice recognition systems. In typical voice recognition systems, the user issues a command to a system.

The voice of the user is analysed and compared to a database of authorized users. If a match is found, the user's command is executed. However in this type of system, it is possible for an unauthorized person to make a copy of an authorized user's voice command via, for example, a tape recorder. By applying a system as proposed by the current invention, after a user's voice have been recognized, the user is prompted with a random number and asked to provide a result based on an algorithm known only to the authorized user and the system.

This means that the entire procedure can take place audibly.

Even if unauthorized users overhear the transaction, they will be unable to gain access to the system since the transaction will be different each time. This procedure also forms a sort of double security. Even if the unauthorized person were to both record the person's voice, and get access to the algorithm, it would be relatively difficult to manipulate the authorized user's voice recording to give the correct answer.

In order to prevent unauthorized persons from forcing authorized users into giving their algorithms away, each authorized user can be given a second algorithm. Use of the second algorithm gives full access to the system, but simultaneously activates an alarm. This feature will be well known and unauthorized persons will therefore be dissuaded from attempting to coerce authorized users to give away their algorithms, since they will be unsure as to which algorithm

they are receiving. The security could be further improved by giving the authorized users a random number of second algorithms. In this way, the unauthorized person will not know how many alarm algorithms there are.