INVENTION TITLE
Highly Secure and Low-Cost Dialogic Enciphered Dynamic PIN System for
Credit Card and Login
I (Peng Qin at 9 Alpine Court, Hillsborough, NJ 08844, U.S.A., Tel: 908-874-
8682) hereby claim the benefit of the priority of the early filed Provisional
Patent, with Application Number: "60/522,354", Filing Date: "09/20/2004", and Title: "Highly Secure and Low-Cost Dialogic Enciphered Dynamic PIN
System for Credit Card and Login".
DESCRIPTION
FIELD OF THE INVENTION
[Para l]The present invention relates to credit card, debit card and account access user authentication and transaction authorization in various forms of usage through Internet, telephone or terminal, to achieve high security and prevent fraudulent use of the cards or accounts by unauthorized users to the maximum extend, with automated low-cost and convenient systems.
Heading BACKGROUND OF THE INVENTION
[Para 2] Credit card and debit card frauds have become the most serious issue since online transactions are widely used a decade ago, these frauds cause huge lost and cost of billions of dollars to the cardholders, merchants and card issuers every year, and have tremendous impact on the online retail business which has great potential of growth being blocked to significant extend. Frauds not only happen to online transactions, but also happen to other remote and traditional Point Of SaIe transactions. With the increase of various online accounts generation and administration, online identification and account access fraud is becoming a more common and serious problem.
[Para 3] The battle agarrrst fraud has been going on for αecades, hardly
lost and cost of frauds grows to billions of US dollars annually, and there is no trend to a decrease or stop. With the fast growing online transactions' amount at the rate of 25% or more annually, and the increasing ratio of online to total transactions from about 4% in current market, the total damage of frauds is still going up.
[Para 4] The credit card systems were initially designed for the POS sales where cardholders are physically present allowing the merchant to check personal identity in various but fairly effective ways, the biggest flaw is the merchant's laziness of checking identity for all sales. But when credit cards and debit cards started to be used remotely over telephone or Internet, security issues got much more complicated since merchants are not able to check the users' identity face to face even if they want to do so. With various ways to get other people's personal and card information, especially the increased vulnerability of the computer network system and skills of the hackers, unauthorized users are getting more advantages and benefits from committing frauds remotely, and fighting against these frauds are getting more difficult and costly. The credit card systems are facing a critical crisis and need effective means to prevent frauds effectively and efficiently.
[Para 5] The currently means used to prevent frauds all have deficiency which result in security holes or over rejections. Card Verification Number fails when the card is stolen or this number is exposed or intercepted; Address Verification Services becomes void when the cardholder's address is filched and no physical products need to be shipped; Manual Review involves tremendous efforts and resources of the staff which significantly increases the cost for both the merchant and card issuer, and there are many cases that direct contact with the cardholder fails or delays. Password Protection like in the means of Verified by Visa and MasterCard SecureCode also fail when skillful hackers sneak some insidious virus into the users computer to monitor and filter the keystrokes and information browsed or entered, various of such detrimental virus have existence for years and are still evolving to being more perdue by hiding within the processes or threads of other legitimate
applications, the encrypτion of transmitted data provides" no protection since the iHtbrrnatfό;riuis:"rnferteptetl before being encrypted, the trend of this omnipotent hacker method will become stronger and stronger while other means become more difficult, and the threat of this method is not only to the credit cards but also to all the online accounts requesting login name and password for access, further when the virus is able to scan all local files the whole computer will be compromised; Dynamic Account Number like in American Express Private Payment system is also defeated easily with the login name and password filched by the virus, and unauthorized users can login and get new dynamic card numbers anytime; Smart Card technology has its limitation of the locations of usage and compatibility issue between different card issuers, plus bearing the extra cost of millions of card readers can be a big burden to each card issuer, and the cardholders are less willing to spend dozens of dollars for each of the cards, plus there will be a cost of billions of US dollars to replace all the plastic cards with the Smart Cards having chip embedded and data filled, in addition to the expenses of developing the various software and upgrading systems for each card issuer, the method is costly yet still very vulnerable since the card reader software can be also hacked to reveal the data in the card thus the account is purloined, though Smart Card technology does improve the security of the cards, it is still far away from effectively conquering the problem of fraud; Offline Smart Card Reader has a good step toward the solution, but it results in higher cost of the portable readers compared to the regular readers connected to the computer since all the operations will be performed in the card reader instead of the computer, the burden of such high cost has been the main obstacle of the popularity of Smart Cards in certain major markets like United States, also the size of the portable card reader can hardly be reduced to satisfactory level that these readers can be easily carried in the wallet since the parts for holding and reading the card will take space, the card is still vulnerable when fallen into the hands of skillful hackers capable of hacking the card via simulated readers.
[Para 6] None of the above means come close enough to the ultimate solution of the fraud problem because the philosophy was not met. The philosophy is that anything exists in the computer is not guaranteed for security yet some
information has to exisTon the computer and be transferred through the netwof K'f anything rep'ierats"όr tias a pattern is traceable, high cost is always a big obstacle, convenience and ease of usage are the keys to the market, single generic solution for all cards is important, operability in all locations is essential, and durable effectiveness is the winning point, yet nothing is absolute, the best scheme is the combination of the achievement of the above within the reality. Here comes my invention of Dialogic Enciphered Dynamic PIN System.
OBJECTS OF THE INVENTION
[Para 7] The primary object of the present invention is to prevent credit card and debit card fraud with generic highly secure and low cost scheme.
[Para 8] Another object of the present invention is to prevent identity fraud of online account administration and usage.
[Para 9] An optional object of the present invention is to enhance the security of any system which uses static login name, password or PIN number to grant authentication and authorization to the users.
SUMMARY OF THE INVENTION
[Para 10] This invention is a highly secure Dialogic Enciphered Dynamic PIN System which is used to prevent fraud of credit card, debit card and any account access on-line and POS transactions effectively with low-cost and convenience. The card or account issuer randomly assigns and securely stores operation addend, short secure PIN number and long secret formula with encryption in the backend database for each account, three numbers are sent to the cardholder or account owner via separate mails. The cardholder or account owner can use touch-tone phones to call the card or account issuer's automated telephone account administration system to update operation addend and secure PIN number or get new secret formula based on sufficient authentication anytime. Each cardholder or account owner has a small special passcode protected calculator to encipher dynamic answer PIN numbers for all
transactions of the carcTS and accounts. The cardholder or account owner enters-inexarα or account'type, last four digit of the card number or account login name, plus the operation addend and secret formula of each card or account into the calculator once at the beginning, but only memorizes the real secure PIN number without writing it down or storing it anywhere.
[Para 1 1 ] For credit and debit card transactions, a request of authentication of the cardholder and authorization of the transaction is sent to the card issuer with the transaction amount and other details by the merchant based on the card number provided by the cardholder, the card issuer assigns a random inquiry PIN number to the transaction and sends it back to the cardholder via merchant, the card holder selects the card from the list in the calculator, enters the transaction amount as the base, then types in the inquiry PIN number and the secure PIN number separately, the calculator does special calculation to the transaction amount by the sequence of secret formula + inquiry PIN number + secure PIN number. The cardholder takes the first 4 or more digits of the result as dynamic answer PIN number and sends it back to the card issuer, the card issuer system retrieves the inquiry PIN number cached in the database plus the decrypted operation addend, secret formula and secure PIN number of this account stored in the backend database, does the same calculation and compares the first 4 or more digits of the result with the dynamic answer PIN number from the cardholder, if the two numbers match the car holder is authenticated and the transaction is authorized, otherwise both the card holder and transaction are rejected.
[Para 12] For account access, no merchant is involved, the account owner sends the login name and password to account issuer as usual, if this step succeeds the account issuer sends a random 4 digit base number and inquiry PIN number to the account owner, the account owner selects the account in the calculator, inputs the base number, inquiry PIN number and secure PIN number, then the calculator does special calculation to the base, the account owner sends the first 4 or more digits as dynamic answer PIN number back to the account issuer, the account issuer does the same calculation and compares the two results, the account owner is authenticated and access is granted if the
results match, otherwise access is denied. The card or account is automatically suspended wrtn certain' ri'umϋer of failed tries. This low-cost offline Dialogic Enciphered Dynamic PIN System ensures extremely high security of the online transactions against even the most skillful hackers who can completely monitor all the activities including keystrokes and browsed information on the client's computer while the computer is online or offline, and are capable of decrypting all the encrypted information transmitted through the network.
DETAILED DESCRIPTION OF THE INVENTION [Para 1 3] Terms used in This Description:
(1 ) Card Issuer: a financial institute like a bank which issues credit cards or debit cards to cardholders.
(2) Account Issuer: a corporation or institute which generates and holds on-line accounts for the account owners.
(3) Card Service Center: a corporation which maintains and updates the card issuer directory and other software and information for clients to access and download.
(4) Merchant: a retailer which sells product or services to the customers and charge their credit cards or debit cards to get the payment.
(5) Card Processor: a service company which acts as a gateway between the merchant and card issuers, to forward the requests to appropriate card issuers based on the card number, and the feedback back to the merchant.
(6) Cardholder: the legitimate owner and holder of the card.
(7) Account owner: the legitimate owner of the account.
(8) User: a person claims to be the cardholder or account owner and requests authentication and transaction for the transaction or access.
The Preparation of the System
[Para 14] The card or account issuer system has a software component using some aigoritnrrviΘ generare-pseudo random numbers, or a hardware using electronic noise to generate real random numbers, for the 4 or more digit secure PIN numbers, fractional operation addends, and 30 or more digit secret formulas for the accounts, as well as 4 or more digit inquiry PIN numbers for the transactions; The card or account issuer system has a backend database which stores the secure PIN number, operation addend and secret formula in encrypted format for the accounts, as well as caching the transaction information and inquiry PIN number for the transactions; The card or account issuer system has another software component which does special calculation to the transaction amount or base by the sequence of secret formula + inquiry PIN number + secure PIN number, as well as comparing the results with the dynamic answer PIN numbers from the users; The card or account issuer system also has an automated telephone account administration system which allows the cardholder or account owner to call to update secure PIN number, operation addend and secret formula based on sufficient authentication.
[Para 1 5] The card service center maintains and updates the card issuer directory containing the name, number, status of enrollment of dynamic PIN program and network address of each card issuer, presents this directory on¬ line for merchants to download; The card service center also presents the information related to the Dialogic Enciphered Dynamic PIN System, as well as the card processor and merchant side software component.
[Para 16] The card processor and merchant download the software components from the card service center and install them into their websites or terminals, to provide the means for passing additional data between card issuers and users.
[Para 17] The cardholder and account owner will get a generic small special passcode protected calculator which stores the card or account type, partial card number or account login name, operation addend, secret formula and secure PIN number for each card or account, does special calculations based on the transaction amount or base by the sequence of secret formula + inquiry PIN number + secure PIN number, displays the card or account type, partial
card number or accourrriogin name, inquiry PIN numbered dynamic answer PIN rtumDer^as weil as "pmorm the functions of a regular calculator and phone address notebook.
How the System and Method Work in Typical Scenarios
[Para 18] The Credit Card or Debit Card Transaction Over the Internet or Telephone:
[Para 19] Remote user authentication and transaction authorization over the Internet or telephone are the primary usage of this Dialogic Enciphered Dynamic PIN System. The user does remote shopping on Internet or via other means, and proceeds to check out with the total charge amount, the user provides the credit or debit card number, owner name, expiration date and other information as requested to the merchant through website or telephone, then the merchant system connects to the card processor which further identifies the card issuer and connects to the card issuer, the request of transaction with the transaction amount and card information is forwarded from the user to merchant to card processor to card issuer, the card issuer system generates a 4 or more digit random inquiry PIN number and sends it back to the user via card processor and merchant, the card issuer system also caches the request of transaction with the inquiry PIN number associated in the database at the same time, the user takes out his small special calculator, types in the passcode to activate it, selects the card from the list, enters the transaction amount, inquiry PIN number and real secure PIN number respectively, then press the calculation button, the calculator takes the transaction amount as the base and applies special operations to the base by the order of secret formula + inquiry PIN number + secure PIN number, then the first 4 or more digits of the result is displayed as the dynamic answer PIN number which is sent back to the card issuer with the other transaction data and inquiry PIN number via merchant and card processor, the card issuer system retrieves the encrypted operation addend, secret formula and secure PIN number from the database based on the card number and decrypts the operation addend, secret formula and secure PIN number, the card issuer
system further takes trW transaction amount as the base and applies special operations tό 'ttie' base by the order of the secret formula + inquiry PIN number + secure PIN number, the card issuer system takes the first 4 or more digits of the result and compares it to the dynamic answer PIN number from the user, if the two number match the user is authenticated and the transaction is authorized, otherwise both are rejected, an acknowledgement is sent to the merchant and user via card processor, then the transaction is processed or rejected accordingly. The user does not really need to understand what happen in the calculator or card issuer side, all he/she needs to do is providing the regular card info, typing the transaction amount, inquiry PIN number and secure PIN number into the calculator, sending the result back to the merchant and getting approved. Since the small size passcode protected calculator is carried in the wallet, the user does not need to depend on any other software or hardware to do the calculation.
[Para 20] The Account Access Over the Internet:
[Para 21 ] The user connects to the website and loads the login page, provides the account number, login name and password as usual, then the website will respond with a 4 or more digit random base number and inquiry PIN number, the user takes out the special calculator, activates the calculator with the right passcode, selects the account from the list, enters the base number, inquiry PIN number and secure PIN number, then the calculator does special operations to the base by the order of secret formula + inquiry PIN number + secure PIN number, the user sends the first 4 or more digits of the result as dynamic answer PIN number to the website, then the website retrieves encrypted operation addend, secret formula and secure PIN number from the database and decrypts them, further applies special operations to the base by the order of secret formula + inquiry PIN number + secure PIN number, and compares the result with the dynamic answer PIN number from the user, if the two numbers match the user is authenticated and the access is granted, otherwise both are denied.
[Para 22] The Credit Card or Debit Card POS Transaction in the Retail Store or Gas Station:
[Para 23] The user does shopping and proceeds to check out, the merchant sum up the amount, the user slides the card on the terminal to provide the regular card information, the card info and the transaction amount are sent to the card issuer via card processor, the card issuer system caches the transaction request, generates a 4 or more digit inquiry PIN number and sends it to the terminal via card processor, the user takes out the special calculator, selects the card from the list, inputs transaction amount, inquiry PIN number and secure PIN number, the calculator does special operations to the base transaction amount by the order of secret formula + inquiry PIN number + secure PIN number, the first 4 or more digits of the result are sent back the card issuer as dynamic answer PIN number, the card issuer retrieves the encrypted operation addend, secret formula and secure PIN number and decrypt them, then applies special operations to the transaction amount by the order of secret formula + inquiry PIN number + secure PIN number, finally compares the result with the dynamic answer PIN number from the user, authenticates the user and authorize the transaction if the two number match, reject both if they do not match, and sends acknowledgement to the user via card processor and merchant.
[Para 24] The Secure Access to Specific Area, Region or System:
[Para 25] When secure card is needed to gain access to specific region or system, additional layer of security is applied with the inquiry and answering dialog process. The security system generates 4 or more digit base number and inquiry PIN number, the user selects the security account from the list in the special calculator, enters the base number, inquiry PIN number and secure PIN number, the calculator does special operations to the base number by the order of secret formula + inquiry PIN number + secure PIN number, the first 4 or more digits of the result are entered back into the security system via keypad, the security system does similar calculation and compares the result with the dynamic answer PIN number provided by the user, the user is authenticated and access is granted if the two numbers match, otherwise both are rejected.
What is -me Enciphering Scheme and How n Works
[Para 26] The special calculator in the user side and the main computer in the card issuer side must always be able to do calculations based on the same transaction amount, operation addend, secret formula, inquiry PIN number and secure PIN number. And it must be extremely difficult and practically impossible for anyone to break the operation addend, secret formula and secure PIN number by intercepting even a great number of inquiry PIN and answer PIN numbers for the same account.
[Para 27] Ten specific operations are defined for the digit 0-9. A special function AbsShiftTrimPlus ensures that the output of each operation is bigger than 0 and independent of the precision of the different systems used; since the output of the previous operation is the input of the next operation in chain, this AbsShiftTrimPlus function also ensures the input of each operation is bigger than 0. Please note that the computer takes input in radian and calculator takes input in degree for trigonometric functions such as sin(x), cos(x) and taπ(x), so the conversion of the input is needed in order to have the output on both systems matching. The function and operations are defined as below:
[Para 28] Function:
(1 ) addend is a fractional number with 3 significant digits after decimal point, bigger than 0.100, and smaller than 0.999
(2) AbsShiftTrimPlus(x) = trim(shift(abs(x)))+addend > 1
(3) abs(x) means the absolute value of x, so abs(x) >= 0
(4) shift(x) means shift xxxx.xxx to x.xxxxxx
(5) trim(x) means trim x.xxxxxx to x.xxx
[Para 29] Operations:
(1) 1 (x) = trim(shift(abs(x2)))+addend = AbsShiftTrimPlus(x2) > addend & <= 9.999+addend
(2) 2(x) = trim(shift(abs(sqrt(x))))+addend = AbsShiftTrimPlus(sqrt(x)) > addend & <= 9.999+addeπd
(3) computer: siTT(x) input - radian
3(k) = trim(shift(abs(sin(x))))+addend = AbsShiftTrimPlus(sin(x)) > addend & < 1 +addend
(4) calculator: sin(x) input - degree
3(x) = trim(shift(abs(sin(1 80*x/3.141 592654))))+addend = AbsShiftTrimPlus(sin(1 80*x/3.141 592654)) > addend & < 1 + addend
(5) computer: cos(x) input - radian
4(x) = trim(shift(abs(cos(x))))+addend = AbsShiftTrimPlus(cos(x)) > addend & < 1 + addend
(6) calculator: cos(x) input - degree
4(x) = trim(shift(abs(cos(1 80*x/3.141 592654))))+addend = AbsShiftTrimPlus(cos(180*x/3.141 592654)) > addend & < 1 +addend
(7) computer: tan(x) input - radian, can not be (n+0.5)*pi, and it will not be.
5(x) = trim(shift(abs(tan(x))))+addend = AbsShiftTrimPlus(tan(x)) > addend & <= 9.999+addend
(8) calculator: tan(x) input - degree, can not be (n+0.5)*l 80, and it will not be.
5(x) = trim(shift(abs(tan(1 80*x/3.141 592654))))+addend = AbsShiftTrimPlus(tan(1 80*x/3.141 592654)) > addend a < = 9.999+addend
(9) 6(x) = trim(shift(abs(l 0*)))+addend) = AbsShiftTrimPlus(l 0") > addend & <= 9.999+addend
(10) 7(x) = trim(shift(abs(log(x))))+addend = AbsShiftTrimPlus(log(x)) > addend & <= 9.999+addend
(1 1 ) 8(x) = trim(shift(abs(eχ)))+addend = AbsShiftTrimPlus(ex) > addend & <= 9.999+addend
(1 2) 9(x) = trim(shift(abs(ln(x)))+addend = AbsShiftTrimPlus(ln(x)) > addend & < = 9.999+addend
(1 3) 0(x) = trim(shift(abs(l /x)))+addend = AbsShiftTrimPlus(l /x) > addend & <= 9.999+addend
(14) so we alwayTTiave output: f(x)>0, thus input x>0
[Para 30] Now let's take an example case, one user has a operation addend as 0.1 23, secret formula as 57931 50793 1 3486 1 8034 73604 91 372 581 , and a secure PIN number as 71 63, three numbers are confidential. This user makes a purchase of $ 1 23.45 at a merchant's site, the merchant system sends the transaction amount $ 1 23.45 to the card issuer, card issuer assigns a random inquiry PIN number as 5942 and this number is forwarded to the user. Now the user takes out the special calculator and does the following calculation:
[Para 31 ] First the transaction amount will be used as the base, the input of the first operation will be AbsShiftTrimPlus(x), this gives the merchant a chance to shift the transaction amount to high value as $ 1 2345.00 to cheat the card issuer, since AbsShiftTrimPlus(l 23.45) = AbsShiftTrimPlus(l 2345.00) = 1 .234
[Para 32] In order to lock the transaction amount, we add one digit to the left of the transaction amount, this digit represents the number of digits of the transaction amount starting from the penny, so the base of this case will become 51 23.45, the merchant can not simply shift the base to 51 2345.00 or even 71 2345.00, since 51 2345.00 violates the rule, and AbsShiftTrimPlus(51 23.45) = 5.1 23 does not equal AbsShiftTrimPlus(71 2345.00) = 7.1 23, thus the transaction amount is locked.
[Para 33] So the calculations in the user side calculator will be:
(1 ) Operation addend = 0.1 23
(2) Transaction Amount = 1 23.45
(3) Base = 51 23.45
(4) l *Unput = AbsShiftTrimPlus(51 23.45) = 5.246
(5) Operations by secret formula:
(6) 5(5.246) = AbsShiftTrimPlus(tanO 80*5.246/3.141 592654)) = 1 .692+0.1 23 = 1 .81 5
(7) 7(1 .81 5) = AbsShiftTrimPlus(log(l .81 5)) = 2.588+0.1 23 = 2.71 1
(8) 9(2.71 1 ) = AbsShiftTrimPlus(ln(2.71 1 )) = 9.973+0.1 23 = 10.096
(9) 3(10.096) = AbsShiftTrimPlus(sin(l 80*1 0.096/3.141 592654)) = 6.21 9+0.1 23 = 6.342
(10) 1(6.342) = #bsShiftTrimPlus(6.3422) = 4.022+0.123 = 4.145
"(M J 5WNS1)1 ^A'bsSHiftTrimPlusdand 80*4.145/3.141592654)) = 1.569+0.123 = 1.692
(12) 0(1.692) = AbsShiftTrimPlusd / 1.692) = 5.910+0.123 = 6.033
(13) 7(6.033) = AbsShiftTrimPlus(log(6.033)) = 7.805+0.123 = 7.928
(14) 9(7.928) = AbsShiftTrimPlus(ln(7.928)) = 2.070+0.123 = 2.193 (15) 3(2.193) = AbsShiftTrimPlus(sin(l 80*2.193/3.141592654)) =
8.125+0.123 = 8.248
(16) 1(8.248) = AbsShiftTrimPlus(8.2482) = 6.802+0.123 = 6.925 (17) 3(6.925) = AbsShiftTrimPlus(sin(l 80*6.925/3.141592654)) =
5.986+0.123 = 6.109
(18) 4(6.109) = AbsShiftTrϊmPlus(cos(l 80*6.109/3.141592654)) = 9.848+0.123 = 9.971
(19) 8(9.971) = AbsShiftTrimPlus(e997i) = 2.139+0.123 = 2.262
(20) 6(2.262) - AbsShiftTrimPlusd O2-2")= 1.828+0.123 - 1.951
(21) 1(1.951) = AbsShiftTrimPlusd.9512) = 3.806+0.123 = 3.929
(22) 8(3.929) = AbsShiftTrimPlusd3-929) = 5.085 + 0.123 = 5.208
(23) 0(5.208) = AbsShiftTrimPlusd /5.208) = 1.920+0.123 - 2.043
(24) 3(2.043) = AbsShiftTrimPlus(sin(l 80*2.043/3.141592654)) = 8.905+0.123 = 9.028
(25) 4(9.028) = AbsShiftTrimPlus(cos(l 80*9.028/3.141592654)) = 9.223+0.123 = 9.346
(26) 7(9.346) = AbsShiftTrimPlus(log(9.346)) = 9.706+0.123 = 9.829
(27) 3(9.829) = AbsShiftTrimPlus(sin(l 80*9.829/3.141592654)) = 3.933+0.123 = 4.056
(28) 6(4.056) = AbsShiftTrimPlusd O4-05*) = 1.137+0.123 = 1.260
(29) 0(1.260) = AbsShiftTrimPlusd /1.260) = 7.936+0.123 = 8.059
(30) 4(8.059) = AbsShiftTrimPlus(cos(l 80*8.059/3.141592654)) = 2.035+0.123 = 2.158
(31) 9(2.158) = AbsShiftTrimPlus(ln(2.158)) = 7.691+0.123 = 7.814
(32) 1(7.814) = AbsShiftTrimPlus(7.8142) = 6.105+0.123 = 6.228
(33) 3(6.228) = AbsShiftTrimPlus(sin(l 80*6.228/3.141592654)) = 5.515+0.123 = 5.638
(34) 7(5.638) = ΛJsShiftTrimPlus(log(5.638)) = 7.TT 1 +0.1 23 = 7.634 (3K)TZ(W6Sl^ ^δ5«SS6aiaTπmPlus(sqrt(7.634)) = 2.762+0.1 23 = 2.885
(36) 5(2.885) = AbsShiftTrimPlus(tan(l 80*2.885 /3.1 41 592654)) = 2.623+0.1 23 = 2.746
(37) 8(2.746) = AbsShiftTrimPlus^ ™) = 1 .558+0.1 23 = 1 .681
(38) 1 (1 .681 ) = AbsShiftTrimPlus(1 .681 2) = 2.825+0.1 23 = 2.948
(39) Operations by inquiry PIN number:
(40) 5(2.948) = AbsShiftTrimPlus(tan(l 80*2.948/3.141 592654)) = 1 .960+0.1 23 = 2.083
(41 ) 9(2.083) = AbsShiftTrimPlus(ln(2.083)) = 7.338+0.1 23 = 7.461
(42) 4(7.461 ) = AbsShiftTrimPlus(cos(l 80*7.461 /3.141 592654)) = 3.829+0.1 23 = 3.952
(43) 2(3.952) = AbsShiftTrimPlus(sqrt(3.952)) = 1 .987+0.1 23 = 2.1 1 0
(44) Operations by secure PIN number:
(45) 7(2.1 1 0) = AbsShiftTrimPlus(log(2.1 1 O)) = 3.242+0.1 23 = 3.365
(46) 1 (3.365) = AbsShiftTrimPlus(3.3652) = 1 .1 32+0.1 23 = 1 .255
(47) 6(1 .255) = AbsShiftTrimPlus(l 01-255) = 1 .798+0.1 23 = 1 .921
(48) 3(1 .921 ) = AbsShiftTrimPlus(sin(l 80*1 .921 /3.1 41 592654)) = 9.393+0.1 23 = 9.51 6
(49) So the Answer PIN Number is: 951 6
[Para 34] The user sends this answer PIN number to the card issuer, card issuer computer system does the same calculations and gets the result, if the two numbers match the card issuer authorizes the transaction, otherwise rejects the transaction.
How Secure this Method is
[Para 35] Since the user authentication and transaction authorization are based on the inquiry PIN number and answer PIN number transmitted over the network in addition to the regular card or account information and transaction data, and the inquiry PIN number and answer PIN number are different every time, the security of this Dialogic Enciphered Dynamic PIN System is ensured by the extreme difficulty or impossibility of breaking the operation addend,
secret formula and secure PIN number with intercepted sets of transaction amount, inquiry PIN ήuTrrøer and answer PIN number.
[Para 36] Since there is no way to solve the puzzle by just solving the equation since each operation can not be reversed, so the only way is to build a matrix of or go through all the possibilities. The operations to the base are in the sequence of 30 to 40 digit secret formula + 4 or more digit inquiry PIN number + 4 or more digit secure PIN number, so the total operations are 30+n+4+4, with the consideration of the operation addend, total number of possible operation sets is about i θ(4+38+ 1 1> = 1 053.
[Para 37] If the hacker has a super computer which is capable of doing 1 trillion operations per second, which is 1 012, it will take him 1 O33 years to finish all the possibilities, and also needs at least 1 053 bytes of space to store the matrix which is beyond the capacity of any existing computer.
[Para 38] So we are assured breaking the Dialogic Enciphered Dynamic PIN System is a mission impossible, thus the security of this system is ensured.