Title of Invention	METHOD AND SYSTEM FOR SECURITY VERIFICATION OF A MESSAGE TRANSMITTED AND RECEIVED IN ELECTRONIC FORM
Abstract	A method for verifying the security of a message (Msg) transmitted and received in electronic form comprises on the transmitting side the steps of associating with the message a univocal message identifier (IDMsg) and a message owner identity checking identifier (IDCR) which is obtained by applying to the univocal message identifier (IDMsg) an encoding (12) associated with the owner of the message to be transmitted. On the receiving side the method comprises the steps of verification and signaling of the fact of having or not having already received a message with the same univocal message identifier (IDMsg) associated and ascertaining agreement between the univocal message identifier (IDMsg) associated with the received message and the result (IDDCR) of a decoding of the checking username (IDCR). A verification system and device in accordance with the method are also disclosed.

Title of Invention

METHOD AND SYSTEM FOR SECURITY VERIFICATION OF A MESSAGE TRANSMITTED AND RECEIVED IN ELECTRONIC FORM

Abstract

A method for verifying the security of a message (Msg) transmitted and received in electronic form comprises on the transmitting side the steps of associating with the message a univocal message identifier (IDMsg) and a message owner identity checking identifier (IDCR) which is obtained by applying to the univocal message identifier (IDMsg) an encoding (12) associated with the owner of the message to be transmitted. On the receiving side the method comprises the steps of verification and signaling of the fact of having or not having already received a message with the same univocal message identifier (IDMsg) associated and ascertaining agreement between the univocal message identifier (IDMsg) associated with the received message and the result (IDDCR) of a decoding of the checking username (IDCR). A verification system and device in accordance with the method are also disclosed.

Full Text	The present invention relates to a method and devices for performing security control in electronic message exchanges and in particular for monetary transactions such as those made with credit or debit cards and the like. Security problems in the exchange of messages in electronic form and especially over intrinsically unsafe networks like for example the networks making up Internet are known. Among the various problems there can be listed the possibility that someone might generate messages (in particular, monetary transaction requests) by falsifying the owner of the message and the possibility that actual messages might be duplicated to obtain that a request contained in the message be met again. In the prior art it has been sought to remedy some aspects of these problems, for example by introducing systems like the so-called 'electronic signature' which however allows having reasonable certainty of the identity of the owner of the message but not of the uniqueness of the message. Known systems are however in general complicated and difficult to apply and/or they generate an overload in the processing and/or transmission of messages which are not always acceptable and especially in the case of applications which they produce and must manage a high number of message in relatively short times such as for example with monetary transactions by credit or debit card and especially if used to pay for goods or services on internet or in stores having POS terminals or the like. An example of system for performing security controls in electronic message exchanges is disclosed by WO 00/35143, wherein different identifiers and secret values are employed for generating a secure message. The general purpose of the present invention is to remedy the above mentioned shortcomings by making available a method and devices for security verification in the exchange of messages electronically which would be fast, easy to apply and intrinsically reliable. In view of this purpose it was sought to provide in accordance with the present invention a method for verifying the security of a message transmitted and received in electronic form which on the transmitting side comprises the steps of associating with the message for its later security verification a univocal message identifier and an identifier for control of the identity of the owner of the message with the control identifier being obtained by applying to the univocal message identifier an encoding associated with the owner of the message to be transmitted, and on the receiving side for security verification of a received message comprises the steps of verification and signaling of the fact of having or not having already received a message with the same univocal identifier of the associated message, applying a decoding associated with a supposed owner of the received message to the checking identifier of the owner associated with the received message, and ascertaining and signaling the agreement or not between the univocal message identifier associated with the received message and proven to be said decoding of the control username. Again in accordance with the present invention it was sought to realize a system for safety verification of a message transmitted and received in electronic form comprising on the transmitting side a univocal username generator of a message, and an encoding device receiving the message username produced by the generator and encoding it in accordance with a code associated with the owner of the message to be transmitted to obtain . therefrom an identifier for checking the identity of the message owner, and transmission means associating with the message to be transmitted the checking identifier and the univocal message identifier obtained, and on the receiving side comprises for safety verification of a received message a checking device which verifies and signals that the message identifier associated with the received message has of has not been received previously, and a decoding device which receives the owner checking identifier associated with the received message and applies thereto a decoding associated with a supposed owner of the received message, and verification means which ascertain and signal the agreement or not of the univocal message identifier with the result of the decoding of the checking username. Again in accordance with the present invention it was also sought to realize a device for association of security verification factors with a message transmitted in electronic form characterized in that it comprises a univocal message username generator, an encoding device receiving the message username produced by the generator and encoding it in accordance with a code associated with the owner of the message to be transmitted to obtain therefrom an identifier for checking the identity of the message owner, and means which associate with the message to be transmitted the checking identifier and the univocal message identifier obtained. To clarify the explanation of the innovative principles of the present invention and its advantages compared with the prior art there is described below with the aid of the annexed drawings a possible embodiment thereof by way of non-limiting example applying said principles. In the accompanying drawing: FIG 1 shows a block diagram of a device or part on the transmitting side of a security verification system realized in accordance with the present invention, FIG 2 shows a block diagram of a device or part on the receiving side of a security verification system realized in accordance with the present invention, and FIG 3 shows diagrammatically a possible combination of information in accordance with the method of the present invention. With reference to the figures, FIG 1 shows the part on the transmitting side designated as a whole by reference number 10 of a security system realized in accordance with the present invention. This part or device 10 comprises a generator 11 for generation of a univocal message username (designated by IDMsg) and an encoding device 12 which receives the message username IDMsg produced by the generator and encodes it to obtain an encoded version thereof called here identifier IDCR which will be usable as clarified below as the identifier for checking the identity of the message owner. The device 10 is associated with a known system 13 (not described here as it is well known and readily imaginable to those skilled in the art) for production of messages Msg to be transmitted and of which it is wished to ensure the security offered by the present invention. These messages can be conventional electronic messages for management of monetary transactions of, for example, a credit or debit card circuit. The generator 11 is a known generator of single keys. It can be realized either as hardware or software, for example the known GUID generator of Microsoft. Its main operational principle is based on the random generation of a key or ID sufficiently long to make the probability of generating two identical keys practically zero. For each message to be sent, the generator therefore produces an identifier which can be represented by a sequence of bits, numbers, characters et cetera and which is the only one and will never be used again. This ensures that no "twin" keys exist. The ID of the message (which can also be called LEFT KEY) is surely to be understood therefore as a key but produced before and thus a new key. The encoding device 12 encodes the IDMsg so as to obtain a username IDCR containing the IDMsg in a concealed manner making it possible if the correct decoding is known to go back to it or at least to a representation thereof allowing knowing whether IDCR was really created by correct encoding of IDMsg. The IDCR can also be called RIGHT KEY. With a message Msg are thus associated the two usernames (unique for each message) IDMsg and IDCR. As clarified below, the former allows knowledge of the uniqueness of a message while the second allows having confirmation of the identity of the owner who produced the message or to whom it refers. Indeed, encoding of IDMsg in IDCR is done in accordance with a code which was previously associated with the owner of the message to be transmitted. For example it is advantageous that the encoding and the following corresponding decoding be realized as encryption and decryption operations with a key and with a particular key or algorithm associated with the particular owner of the message. In particular, such encryption and decryption can be advantageously of the known public/private key type in which the encryption is done by the - encoding device 12 using the private secret key of the owner who sends the message or to whom it refers. Once the usernames to be associated with the message are obtained they can be sent to the receiving part of the system through a suitable known transmission means, for example internet, dedicated networks, telephone lines et cetera. The transmission means and the paths followed by the various usernames and the message can be the same for all or different from each other depending on specific requirements or desires. IDMsg and IDCR can also be assembled in a single compound identifier IDT which can also be called SUPER KEY = LEFT KEY + RIGHT KEY. If a single transmission means is used, the usernames and the message can be assembled in a single total MSGT message. All this is shown clearly in FIG 3. If desired, this total message can be in turn encrypted in accordance with known techniques. In one embodiment of the present invention the message is also associated with a username IDowner, unique for each possible owner of the message to be transmitted. For example, in case of a transaction by credit card said IDowner can be the card number. This IDowner can be produced or extracted by means 14, for example a programmed electronic memory, manual input means or reading means of owner data contained on a card used in the transaction. This IDowner can also be used to control correct encoding in the encoding device 12. Known methods of combination of the various parts and possible known transmission codifications even dependent on the particular means of transmission and even desired for implementation of additional security levels can be used. All this is readily imaginable to those skilled in the art and is not further discussed or shown. FIG 2 shows the part designated as a whole by reference number 16 of the system in accordance with the present invention present on the message receiving side. To verify the security of a received message (Msg) (which can be processed in accordance with the intended use of the message by any known processing system 17, for example a transaction manager not further discussed here, said receiving part 16 comprises a control device 18 to recognize whether an IDMsg associated with a received message has not been received previously. For recognition, the device 18 manages an archive of previously used IDs 19. Every time an IDMsg arrives the device checks in the archive 19 whether it has already been memorized and issues a corresponding ID acceptable or unacceptable signal 20. If the ID has not been used yet the associated message is considered new and the ID is memorized in the archive to prevent future new use. The receiving part 16 also comprises a decoding device 21 which receives the control identifier of the owner IDCR associated with the received message and applies to it a decoding associated with a supposed owner of the received message. At outlet from the decoder an identifier IDDCR is thus obtained. The decoding is realized in such a manner that there is a predetermined agreement between IDMsg and IDDCR if the IDCR had been obtained for encoding of the IDMsg by the method associated with the message owner. Verification means 22 receive the IDMsg and IDDCR and ascertain and signal with a signal 23 the existence or not of said predetermined agreement. If there is agreement the message can be considered as belonging to its legitimate owner. If both the conditions at the outlets 20 and 23 are verified positively the device 16 emits a positive verification signal 24 and the message Msg associated with the usernames received can be considered acceptable on the basis of the security verification in accordance with the present invention. As may be seen again in FIG 2, the agreement signal 23 can also be sent to the sole ID recognizer 18 so as to inhibit memorization of the message ID among the IDs already used in case agreement between IDMsg and IDCR is not found. This avoids useless memorization of 'false' IDs among the IDs already used. The decoding device 21 will usually operate in reverse of the encoding device 12 in such a manner that if the encoder 12 obtains a certain IDCR from a specific IDMsg the decoder will again obtain the same IDMsg starting form the IDCR. In this case the agreement verification made by the device 22 will be a verification of sameness among received IDMsg and decoded IDCR. If, as mentioned above, the encoder makes a key encryption the decoder will make a corresponding key decryption. The keys associated with the owners will be memorized in a purposeful key archive 25. For example if the encryption system chosen is with public/private key, the decoder will perform a decryption as called for by said known system by using the appropriate key corresponding to the owner associated with the message. In accordance with one aspect of the present invention, if on the transmitting side the above mentioned owner identifier (IDowner) is also associated with the message, on the receiving side the decoding to be applied can advantageously be selected from among a plurality of possible decodings on the basis of the owner identifier associated with the received message. Selection of the right key from the archive 25 thus becomes much faster since the IDowner is supplied to the decryption device 21 as a search index for the right key in the key archive 25. It is now clear that it is possible to realize a device 10 for association of safety verification factors with a message transmitted in electronic form and a system 10, 16 for a security verification of a message transmitted and received in electronic form and a method for a security verification of a message transmitted and received in electronic form. As readily imaginable to those skilled in . the art, the practical realization can be totally software, totally hardware or mixed. The device 10 can also be realized in portable form (for example a smart card) to be supplied for example to a credit card owner who can thus generate an IDT or SUPER KEY to be supplied together with the other data (amount to be debited thereto, card number et cetera) for payment by card. These data can be considered the message MSG and if necessary encrypted in accordance with a known system. As an alternative the device could be kept at the store where the purchase is made and the card owner could input therein in a reserved manner the encoding key for production of the RIGHT KEY part of the SUPER KEY which would thus be generated by the apparatus. The security of the system in accordance with the present invention is evident from the above description. The SUPER KEYs are to be considered public as they are transmitted over channels which are intrinsically unsafe but which conceal within them in protected mode the univocity of both the message and the owner. An organization supplying the above mentioned service could supply to the customer an adequate hardware and/or software support (even directly integrated in an 'intelligent' credit card) and by means of this support the customer would be able to send the SUPER KEY generated through either a private or a public position. The SUPER KEY can cover (in the example of the monetary transaction) the same steps covered by the information of the normal credit or debit card. The SUPER KEY once used is recorded in the database of the organization and thus becomes inactive. Whoever tried to reuse it would nullify the request and interception of the SUPER KEY is thus useless. The SUPER KEY can also be understood as 'single use' identification. A dishonest user could refuse to use his own unique key generator but steal one of the keys already produced by another user and create a twin thereof. The key would however be unusable because each time a user makes a transaction by using the generator of unique keys, the key generated is added to the list present in the organization's database. The database contains the list of all the LEFT KEYs produced over time and only LEFT KEYS, not RIGHT or SUPER KEYs, and ensures that the keys already produced are unusable. The predetermined biunivocal agreement between the user and the corresponding algorithm or encoding/decoding key with the corresponding archive of keys and/or algorithms with the organization ensures the possibility for the organization to really distinguish two users and reject counterfeit requests or messages. Since the message uniqueness identifier reaches the organization both in clear and encoded form it is impossible to falsify only the message uniqueness identifier within a SUPER KEY. Naturally the above description of an embodiment applying the innovative principles of the present invention is given by way of non-limiting example of said principles within the scope of the exclusive right claimed here. For example the message MSG can be of any known type, even encrypted, to be decrypted upon arrival in accordance with any known method. These operations can also be performed by the same devices 12, 21 which encode and decode the message identifier. The message identifier can also be assembled with the message before encoding and the encoding can then be performed on the result of the assembly to have an identifier IDCR incorporated in encrypted form in the transmitted message to then be decoded' and extracted on the receiving side. The owner identifier can be a specific identifier assigned by the manager of the service or a unique already existing identifier chosen conventionally. For example in the case of a natural person owner, his taxpayer's code number, driving license number, credit card number et cetera may be used. We Claim 1. Method for security verification of a message (Msg) transmitted and received in electronic form which: - on the transmitting side comprises the steps of appending to the message for its subsequent security verification a univocal message identifier (IDMsg) and an identifier (IDCR) for checking the identity of the message owner with the checking identifier (IDCR) being obtained by applying to the univocal message identifier (IDMsg) a unique coding dependent on the owner of the message to be transmitted, and - on the receiving side for security verification of a received message (Msg) comprises the steps of: - comparing the received message identifier (IDMsg) with previously received message identifiers and signaling if a a message with the same univocal message identifier (IDMsg) appended thereto has or has not been received previously, - applying a unique decoding dependent on a supposed owner of the received message to the checking identifier of the owner (IDCR) appended to the received message, and - ascertaining and signaling the agreement or not between the univocal message identifier (IDMsg) appended to the received message and the result (IDDCR) of said decoding of the checking identifier (IDCR). 2. Method as claimed in claim 1, wherein before transmission the univocal message identifier (IDMsg) and the identifier (IDCR) for checking the identity of the message owner are assembled in a unique compound identifier (IDT). 3. Method as claimed in claim 1, wherein on the transmitting side at least the checking identifier (IDCR) is assembled with the message and transmitted therewith. 4. Method as claimed in claim 3, wherein the assembling takes place by inserting the message identifier (IDMsg) in the message (Msg) and applying the coding to the result of the insertion. 5. Method as claimed in claim 1, wherein on the transmitting side, with the message to be transmitted is also associated an owner identifier (IDowner) and on the receiving side the decoding to be applied is selected from among a plurality of possible decodings on basis of the owner identifier (IDowner) associated with the received message. 6. Method as claimed in claim 1, wherein the coding and decoding are keyed encryption and decryption operations. 7. Method as claimed in claim 3, wherein encryption and decryption are the type with public/private key. 8. Method as claimed in claim 1, wherein ascertainment of the agreement between univocal message identifier (IDMsg) appended to the message received and the result of the decoding of the checking identifier (IDCR), consists of verifying the sameness between said univocal message identifier (IDMsg) and the result of the decoding of the checking identifier (IDCR). 9. System for a safety verification of a message (Msg) transmitted and received in electronic form and comprising: - on the transmitting side: - a univocal message identifier generator (IDMsg), - an encoding device which receives the message identifier (IDMsg) produced by the generator and codifies it in accordance with a unique code dependent on the owner of the message to be transmitted to obtain therefrom an identifier (IDCR) for checking the identity of the message owner, - transmission means which appends to the message to be transmitted the checking identifier (IDCR) and the univocal message identifier (IDMsg) obtained, - on the receiving side for security verification of a received message (Msg): - a control device which compares the received message identifier (IDMsg) with previously received message identifiers signals if the message identifier (IDMsg) appended to the received message has or has not been received previously, - a decoding device which receives the owner checking identifier (IDCR) appended to the received message and applies thereto a unique decoding dependent on a supposed owner of the received message, - verification means which ascertain and signal the agreement or not of the univocal message identifier (IDMsg) with the result of the decoding of the checking identifier (IDCR). 10. System as claimed in claim 8 wherein the encoding and decoding devices are keyed encryption and decryption devices. 11. System as claimed in claim 9, wherein the encryption and decryption devices are the public/private key type. 12. Device for association of security verification factors with a message transmitted in electronic form characterized in that it comprises: - a univocal message identifier generator (IDMsg), - an encoding device which receives the message identifier (IDMsg) produced by the generator and encodes it in accordance with a unique code dependent on the owner of the message to be transmitted to obtain therefrom an identifier (IDCR) for checking the identity of the message owner, - means which append to the message to be transmitted the checking identifier (IDCR) and the univocal message identifier (IDMsg) obtained. 13. Device as claimed in claim 12, wherein the encoding device is a keyed encryption device. 14. Device as claimed in claim 12 wherein it issues a compound identifier (IDT) made up of the combination of the univocal message identifier (IDMsg) and the identifier (IDCR) for checking the identity of the message owner. DATED THIS 3RD DAY OF JUNE 2005 A method for verifying the security of a message (Msg) transmitted and received in electronic form comprises on the transmitting side the steps of associating with the message a univocal message identifier (IDMsg) and a message owner identity checking identifier (IDCR) which is obtained by applying to the univocal message identifier (IDMsg) an encoding (12) associated with the owner of the message to be transmitted. On the receiving side the method comprises the steps of verification and signaling of the fact of having or not having already received a message with the same univocal message identifier (IDMsg) associated and ascertaining agreement between the univocal message identifier (IDMsg) associated with the received message and the result (IDDCR) of a decoding of the checking username (IDCR). A verification system and device in accordance with the method are also disclosed.

Full Text

The present invention relates to a method and devices for
performing security control in electronic message exchanges
and in particular for monetary transactions such as those
made with credit or debit cards and the like.
Security problems in the exchange of messages in electronic
form and especially over intrinsically unsafe networks like
for example the networks making up Internet are known.
Among the various problems there can be listed the
possibility that someone might generate messages (in
particular, monetary transaction requests) by falsifying
the owner of the message and the possibility that actual
messages might be duplicated to obtain that a request
contained in the message be met again.
In the prior art it has been sought to remedy some aspects
of these problems, for example by introducing systems like
the so-called 'electronic signature' which however allows
having reasonable certainty of the identity of the owner of
the message but not of the uniqueness of the message.
Known systems are however in general complicated and
difficult to apply and/or they generate an overload in the
processing and/or transmission of messages which are not
always acceptable and especially in the case of
applications which they produce and must manage a high
number of message in relatively short times such as for
example with monetary transactions by credit or debit card
and especially if used to pay for goods or services on
internet or in stores having POS terminals or the like.
An example of system for performing security controls in electronic message
exchanges is disclosed by WO 00/35143, wherein different identifiers and secret
values are employed for generating a secure message.
The general purpose of the present invention is to remedy the above mentioned
shortcomings by making available a method and devices for security verification
in the exchange of messages electronically which would be fast, easy to apply
and intrinsically reliable.
In view of this purpose it was sought to provide in accordance with the present
invention a method for verifying the security of a message transmitted and
received in electronic form which on the transmitting side comprises the steps of
associating with the message for its later security verification a univocal message
identifier and an identifier for control of the identity of the owner of the message
with the control identifier being obtained by applying to the univocal message
identifier an encoding associated with the owner of the message to be
transmitted, and on the receiving side for security verification of a received
message comprises the steps of verification and signaling of the fact of having or
not having already received a message with the same univocal identifier of the
associated message, applying a decoding associated with a supposed owner of
the received message to the checking identifier of the owner associated with the
received message, and ascertaining and signaling the agreement or not between
the univocal message identifier associated with the received message and proven
to be said decoding of the control username.
Again in accordance with the present invention it was sought to realize a system
for safety verification of a
message transmitted and received in electronic form
comprising on the transmitting side a univocal username
generator of a message, and an encoding device receiving
the message username produced by the generator and encoding
it in accordance with a code associated with the owner of
the message to be transmitted to obtain . therefrom an
identifier for checking the identity of the message owner,
and transmission means associating with the message to be
transmitted the checking identifier and the univocal
message identifier obtained, and on the receiving side
comprises for safety verification of a received message a
checking device which verifies and signals that the message
identifier associated with the received message has of has
not been received previously, and a decoding device which
receives the owner checking identifier associated with the
received message and applies thereto a decoding associated
with a supposed owner of the received message, and
verification means which ascertain and signal the agreement
or not of the univocal message identifier with the result
of the decoding of the checking username.
Again in accordance with the present invention it was also
sought to realize a device for association of security
verification factors with a message transmitted in
electronic form characterized in that it comprises a
univocal message username generator, an encoding device
receiving the message username produced by the generator
and encoding it in accordance with a code associated with
the owner of the message to be transmitted to obtain
therefrom an identifier for checking the identity of the
message owner, and means which associate with the message
to be transmitted the checking identifier and the univocal
message identifier obtained.
To clarify the explanation of the innovative principles of
the present invention and its advantages compared with the
prior art there is described below with the aid of the
annexed drawings a possible embodiment thereof by way of
non-limiting example applying said principles. In the
accompanying drawing:
FIG 1 shows a block diagram of a device or part on the
transmitting side of a security verification system
realized in accordance with the present invention,
FIG 2 shows a block diagram of a device or part on the
receiving side of a security verification system realized
in accordance with the present invention, and
FIG 3 shows diagrammatically a possible combination of
information in accordance with the method of the present
invention.
With reference to the figures, FIG 1 shows the part on the
transmitting side designated as a whole by reference number
10 of a security system realized in accordance with the
present invention. This part or device 10 comprises a
generator 11 for generation of a univocal message username
(designated by IDMsg) and an encoding device 12 which
receives the message username IDMsg produced by the
generator and encodes it to obtain an encoded version
thereof called here identifier IDCR which will be usable as
clarified below as the identifier for checking the identity
of the message owner.
The device 10 is associated with a known system 13 (not
described here as it is well known and readily imaginable
to those skilled in the art) for production of messages Msg
to be transmitted and of which it is wished to ensure the
security offered by the present invention. These messages
can be conventional electronic messages for management of
monetary transactions of, for example, a credit or debit
card circuit.
The generator 11 is a known generator of single keys. It
can be realized either as hardware or software, for example
the known GUID generator of Microsoft. Its main operational
principle is based on the random generation of a key or ID
sufficiently long to make the probability of generating two
identical keys practically zero. For each message to be
sent, the generator therefore produces an identifier which
can be represented by a sequence of bits, numbers,
characters et cetera and which is the only one and will
never be used again. This ensures that no "twin" keys
exist.
The ID of the message (which can also be called LEFT KEY)
is surely to be understood therefore as a key but produced
before and thus a new key.
The encoding device 12 encodes the IDMsg so as to obtain a
username IDCR containing the IDMsg in a concealed manner
making it possible if the correct decoding is known to go
back to it or at least to a representation thereof allowing
knowing whether IDCR was really created by correct encoding
of IDMsg. The IDCR can also be called RIGHT KEY.
With a message Msg are thus associated the two usernames
(unique for each message) IDMsg and IDCR. As clarified below,
the former allows knowledge of the uniqueness of a message
while the second allows having confirmation of the identity
of the owner who produced the message or to whom it refers.
Indeed, encoding of IDMsg in IDCR is done in accordance with
a code which was previously associated with the owner of
the message to be transmitted. For example it is
advantageous that the encoding and the following
corresponding decoding be realized as encryption and
decryption operations with a key and with a particular key
or algorithm associated with the particular owner of the
message. In particular, such encryption and decryption can
be advantageously of the known public/private key type in
which the encryption is done by the - encoding device 12
using the private secret key of the owner who sends the
message or to whom it refers.
Once the usernames to be associated with the message are
obtained they can be sent to the receiving part of the
system through a suitable known transmission means, for
example internet, dedicated networks, telephone lines et
cetera. The transmission means and the paths followed by
the various usernames and the message can be the same for
all or different from each other depending on specific
requirements or desires.
IDMsg and IDCR can also be assembled in a single compound
identifier IDT which can also be called SUPER KEY = LEFT
KEY + RIGHT KEY.
If a single transmission means is used, the usernames and
the message can be assembled in a single total MSGT
message. All this is shown clearly in FIG 3. If desired,
this total message can be in turn encrypted in accordance
with known techniques.
In one embodiment of the present invention the message is
also associated with a username IDowner, unique for each
possible owner of the message to be transmitted. For
example, in case of a transaction by credit card said
IDowner can be the card number. This IDowner can be produced
or extracted by means 14, for example a programmed
electronic memory, manual input means or reading means of
owner data contained on a card used in the transaction.
This IDowner can also be used to control correct encoding in
the encoding device 12.
Known methods of combination of the various parts and
possible known transmission codifications even dependent on
the particular means of transmission and even desired for
implementation of additional security levels can be used.
All this is readily imaginable to those skilled in the art
and is not further discussed or shown.
FIG 2 shows the part designated as a whole by reference
number 16 of the system in accordance with the present
invention present on the message receiving side.
To verify the security of a received message (Msg) (which
can be processed in accordance with the intended use of the
message by any known processing system 17, for example a
transaction manager not further discussed here, said
receiving part 16 comprises a control device 18 to
recognize whether an IDMsg associated with a received
message has not been received previously. For recognition,
the device 18 manages an archive of previously used IDs 19.
Every time an IDMsg arrives the device checks in the archive
19 whether it has already been memorized and issues a
corresponding ID acceptable or unacceptable signal 20. If
the ID has not been used yet the associated message is
considered new and the ID is memorized in the archive to
prevent future new use.
The receiving part 16 also comprises a decoding device 21
which receives the control identifier of the owner IDCR
associated with the received message and applies to it a
decoding associated with a supposed owner of the received
message. At outlet from the decoder an identifier IDDCR is
thus obtained. The decoding is realized in such a manner
that there is a predetermined agreement between IDMsg and
IDDCR if the IDCR had been obtained for encoding of the IDMsg
by the method associated with the message owner.
Verification means 22 receive the IDMsg and IDDCR and
ascertain and signal with a signal 23 the existence or not
of said predetermined agreement. If there is agreement the
message can be considered as belonging to its legitimate
owner. If both the conditions at the outlets 20 and 23 are
verified positively the device 16 emits a positive
verification signal 24 and the message Msg associated with
the usernames received can be considered acceptable on the
basis of the security verification in accordance with the
present invention.
As may be seen again in FIG 2, the agreement signal 23 can
also be sent to the sole ID recognizer 18 so as to inhibit
memorization of the message ID among the IDs already used
in case agreement between IDMsg and IDCR is not found. This
avoids useless memorization of 'false' IDs among the IDs
already used. The decoding device 21 will usually operate
in reverse of the encoding device 12 in such a manner that
if the encoder 12 obtains a certain IDCR from a specific
IDMsg the decoder will again obtain the same IDMsg starting
form the IDCR. In this case the agreement verification made
by the device 22 will be a verification of sameness among
received IDMsg and decoded IDCR.
If, as mentioned above, the encoder makes a key encryption
the decoder will make a corresponding key decryption. The
keys associated with the owners will be memorized in a
purposeful key archive 25.
For example if the encryption system chosen is with
public/private key, the decoder will perform a decryption
as called for by said known system by using the appropriate
key corresponding to the owner associated with the message.
In accordance with one aspect of the present invention, if
on the transmitting side the above mentioned owner
identifier (IDowner) is also associated with the message, on
the receiving side the decoding to be applied can
advantageously be selected from among a plurality of
possible decodings on the basis of the owner identifier
associated with the received message. Selection of the
right key from the archive 25 thus becomes much faster
since the IDowner is supplied to the decryption device 21 as
a search index for the right key in the key archive 25.
It is now clear that it is possible to realize a device 10
for association of safety verification factors with a
message transmitted in electronic form and a system 10, 16
for a security verification of a message transmitted and
received in electronic form and a method for a security
verification of a message transmitted and received in
electronic form.
As readily imaginable to those skilled in . the art, the
practical realization can be totally software, totally
hardware or mixed.
The device 10 can also be realized in portable form (for
example a smart card) to be supplied for example to a
credit card owner who can thus generate an IDT or SUPER KEY
to be supplied together with the other data (amount to be
debited thereto, card number et cetera) for payment by
card. These data can be considered the message MSG and if
necessary encrypted in accordance with a known system.
As an alternative the device could be kept at the store
where the purchase is made and the card owner could input
therein in a reserved manner the encoding key for
production of the RIGHT KEY part of the SUPER KEY which
would thus be generated by the apparatus.
The security of the system in accordance with the present
invention is evident from the above description.
The SUPER KEYs are to be considered public as they are
transmitted over channels which are intrinsically unsafe
but which conceal within them in protected mode the
univocity of both the message and the owner.
An organization supplying the above mentioned service could
supply to the customer an adequate hardware and/or software
support (even directly integrated in an 'intelligent'
credit card) and by means of this support the customer
would be able to send the SUPER KEY generated through
either a private or a public position. The SUPER KEY can
cover (in the example of the monetary transaction) the same
steps covered by the information of the normal credit or
debit card. The SUPER KEY once used is recorded in the
database of the organization and thus becomes inactive.
Whoever tried to reuse it would nullify the request and
interception of the SUPER KEY is thus useless. The SUPER
KEY can also be understood as 'single use' identification.
A dishonest user could refuse to use his own unique key
generator but steal one of the keys already produced by
another user and create a twin thereof. The key would
however be unusable because each time a user makes a
transaction by using the generator of unique keys, the key
generated is added to the list present in the
organization's database. The database contains the list of
all the LEFT KEYs produced over time and only LEFT KEYS,
not RIGHT or SUPER KEYs, and ensures that the keys already
produced are unusable. The predetermined biunivocal
agreement between the user and the corresponding algorithm
or encoding/decoding key with the corresponding archive of
keys and/or algorithms with the organization ensures the
possibility for the organization to really distinguish two
users and reject counterfeit requests or messages. Since
the message uniqueness identifier reaches the organization
both in clear and encoded form it is impossible to falsify
only the message uniqueness identifier within a SUPER KEY.
Naturally the above description of an embodiment applying
the innovative principles of the present invention is given
by way of non-limiting example of said principles within
the scope of the exclusive right claimed here.
For example the message MSG can be of any known type, even
encrypted, to be decrypted upon arrival in accordance with
any known method. These operations can also be performed by
the same devices 12, 21 which encode and decode the message
identifier.
The message identifier can also be assembled with the
message before encoding and the encoding can then be
performed on the result of the assembly to have an
identifier IDCR incorporated in encrypted form in the
transmitted message to then be decoded' and extracted on the
receiving side.
The owner identifier can be a specific identifier assigned
by the manager of the service or a unique already existing
identifier chosen conventionally. For example in the case
of a natural person owner, his taxpayer's code number,
driving license number, credit card number et cetera may be
used.
We Claim
1. Method for security verification of a message (Msg) transmitted and
received in electronic form which:
- on the transmitting side comprises the steps of appending to
the message for its subsequent security verification a univocal
message identifier (IDMsg) and an identifier (IDCR) for checking
the identity of the message owner with the checking identifier
(IDCR) being obtained by applying to the univocal message
identifier (IDMsg) a unique coding dependent on the owner of
the message to be transmitted, and
- on the receiving side for security verification of a received
message (Msg) comprises the steps of:
- comparing the received message identifier (IDMsg) with
previously received message identifiers and signaling if a
a message with the same univocal message identifier
(IDMsg) appended thereto has or has not been received
previously,
- applying a unique decoding dependent on a supposed
owner of the received message to the checking identifier
of the owner (IDCR) appended to the received message,
and
- ascertaining and signaling the agreement or not between
the univocal message identifier (IDMsg) appended to the
received message and the result (IDDCR) of said decoding
of the checking identifier (IDCR).
2. Method as claimed in claim 1, wherein before transmission the univocal
message identifier (IDMsg) and the identifier (IDCR) for checking the
identity of the message owner are assembled in a unique compound
identifier (IDT).
3. Method as claimed in claim 1, wherein on the transmitting side at least
the checking identifier (IDCR) is assembled with the message and
transmitted therewith.
4. Method as claimed in claim 3, wherein the assembling takes place by
inserting the message identifier (IDMsg) in the message (Msg) and applying
the coding to the result of the insertion.
5. Method as claimed in claim 1, wherein on the transmitting side, with the
message to be transmitted is also associated an owner identifier (IDowner)
and on the receiving side the decoding to be applied is selected from
among a plurality of possible decodings on basis of the owner identifier
(IDowner) associated with the received message.
6. Method as claimed in claim 1, wherein the coding and decoding are keyed
encryption and decryption operations.
7. Method as claimed in claim 3, wherein encryption and decryption are the
type with public/private key.
8. Method as claimed in claim 1, wherein ascertainment of the agreement
between univocal message identifier (IDMsg) appended to the message
received and the result of the decoding of the checking identifier (IDCR),
consists of verifying the sameness between said univocal message
identifier (IDMsg) and the result of the decoding of the checking identifier
(IDCR).
9. System for a safety verification of a message (Msg) transmitted and
received in electronic form and comprising:
- on the transmitting side:
- a univocal message identifier generator (IDMsg),
- an encoding device which receives the message identifier
(IDMsg) produced by the generator and codifies it in
accordance with a unique code dependent on the owner
of the message to be transmitted to obtain therefrom an
identifier (IDCR) for checking the identity of the message
owner,
- transmission means which appends to the message to be
transmitted the checking identifier (IDCR) and the
univocal message identifier (IDMsg) obtained,
- on the receiving side for security verification of a received
message (Msg):
- a control device which compares the received message identifier
(IDMsg) with previously received message identifiers signals if
the message identifier (IDMsg) appended to the received
message has or has not been received previously,
- a decoding device which receives the owner checking identifier
(IDCR) appended to the received message and applies thereto a
unique decoding dependent on a supposed owner of the
received message,
- verification means which ascertain and signal the agreement or
not of the univocal message identifier (IDMsg) with the result of
the decoding of the checking identifier (IDCR).
10. System as claimed in claim 8 wherein the encoding and decoding devices
are keyed encryption and decryption devices.
11. System as claimed in claim 9, wherein the encryption and decryption
devices are the public/private key type.
12. Device for association of security verification factors with a message
transmitted in electronic form characterized in that it comprises:
- a univocal message identifier generator (IDMsg),
- an encoding device which receives the message identifier
(IDMsg) produced by the generator and encodes it in accordance
with a unique code dependent on the owner of the message to
be transmitted to obtain therefrom an identifier (IDCR) for
checking the identity of the message owner,
- means which append to the message to be transmitted the
checking identifier (IDCR) and the univocal message identifier
(IDMsg) obtained.
13. Device as claimed in claim 12, wherein the encoding device is a keyed
encryption device.
14. Device as claimed in claim 12 wherein it issues a compound identifier
(IDT) made up of the combination of the univocal message identifier
(IDMsg) and the identifier (IDCR) for checking the identity of the message
owner.
DATED THIS 3RD DAY OF JUNE 2005

A method for verifying the security of a message (Msg) transmitted and received
in electronic form comprises on the transmitting side the steps of associating
with the message a univocal message identifier (IDMsg) and a message owner
identity checking identifier (IDCR) which is obtained by applying to the univocal
message identifier (IDMsg) an encoding (12) associated with the owner of the
message to be transmitted. On the receiving side the method comprises the
steps of verification and signaling of the fact of having or not having already
received a message with the same univocal message identifier (IDMsg) associated
and ascertaining agreement between the univocal message identifier (IDMsg)
associated with the received message and the result (IDDCR) of a decoding of
the checking username (IDCR). A verification system and device in accordance
with the method are also disclosed.

Documents:

1059-kolnp-2005-granted-abstract.pdf

1059-kolnp-2005-granted-claims.pdf

1059-kolnp-2005-granted-correspondence.pdf

1059-kolnp-2005-granted-description (complete).pdf

1059-kolnp-2005-granted-drawings.pdf

1059-kolnp-2005-granted-examination report.pdf

1059-kolnp-2005-granted-form 1.pdf

1059-kolnp-2005-granted-form 18.pdf

1059-kolnp-2005-granted-form 2.pdf

1059-kolnp-2005-granted-form 26.pdf

1059-kolnp-2005-granted-form 3.pdf

1059-kolnp-2005-granted-form 5.pdf

1059-kolnp-2005-granted-reply to examination report.pdf

1059-kolnp-2005-granted-specification.pdf

« Previous Patent

Next Patent »

Patent Number

230166

Indian Patent Application Number

1059/KOLNP/2005

PG Journal Number

09/2009

Publication Date

27-Feb-2009

Grant Date

25-Feb-2009

Date of Filing

03-Jun-2005

Name of Patentee

STIGLIANI DOMENICO

Applicant Address

VIA PAVESE 2,47037 RIMINI RN(ITALY).

Inventors:

#	Inventor's Name	Inventor's Address
1	STIGLIANI DOMENICO	ITALIAN NATIONAL OF VIA PAVESE 2,47037 RIMINI RN

PCT International Classification Number

H04L 9/32

PCT International Application Number

PCT/EP03/009063

PCT International Filing date

2003-08-14

PCT Conventions:

#	PCT Application Number	Date of Convention	Priority Country
1	M12002A 002339	2002-11-05	Italy