Abstract: A system, method, and access device enabling a user to securely access a plurality of password-protected servers with a single entry of the user's User ID and associated password. When the access device receives the User ID and password from the user, it sends only the User ID to each of the password-protected servers. The servers each return a unique index value to the access device. The access device uses each index value to retrieve different password modification information from a database or lookup table. The access device then creates a plurality of modified passwords based at least in part on the password modification information. The access device then transmits each of the modified passwords to the corresponding password-protected server.

Abstract: An apparatus, system, and method for constructing, transmitting, and authenticating a password utilized by an authentication device to authenticate an access device. The authentication device receives the password from the access device, authenticates the access device if the password matches stored information, and returns an acknowledgment message that includes an index value associated with a stored character set. The access device constructs and transmits the password. The access device receives from a user, a plurality of predefined characters forming a User ID. The access device also receives the acknowledgment message and index value from the authentication device. The index value is used to identify a set of password modification factors from a plurality of sets stored in a lookup table. The access device utilizes the identified set to modify a password, and transmits the password to the authentication device.

Abstract: A system and method for providing secure access to a computer system. An access device divides the password into multiple segments and places them in data packets. In one embodiment, an authentication server has multiple addresses, and each packet is sent to a different address. The server then reassembles the password. In another embodiment, when the server receives a password, the server sends an index value back to the access device, which then accesses the server on another address indicated by the index value. Alternatively, the password is sent to multiple addresses for the server, and the server determines whether any of the received packets have been altered. The multiple password packets may be forced to follow different paths to the server, thereby denying hackers the ability to intercept all of the password characters or determine the inter-packet timing factor. The system is effective against passive and active hackers, Trojans, and phishing techniques.

Abstract: A system and method for providing secure credit and debit transactions across unsecure data networks. The present invention provides a one-time-use combination of account number, PIN, and added factors. A merchant terminal receives a customer identifier such as a PIN from a customer and combines secret information with the PIN when the terminal sends the PIN to an authorization server. The secret information is stored in an indexed database protected by a mechanical switch, which must be physically closed to access the database. The database may be implemented in the merchant terminal or in a customer device in communication with the merchant terminal. The authorization server provides an index pointing to one or more secret factors to be combined with the PIN for each given transaction.

Abstract: A system and method for providing secure access to a computer system. An access device divides the password into multiple segments and places them in data packets. In one embodiment, an authentication server has multiple addresses, and each packet is sent to a different address. The server then reassembles the password. In another embodiment, when the server receives a password, the server sends an index value back to the access device, which then accesses the server on another address indicated by the index value. Alternatively, the password is sent to multiple addresses for the server, and the server determines whether any of the received packets have been altered. The multiple password packets may be forced to follow different paths to the server, thereby denying hackers the ability to intercept all of the password characters or determine the inter-packet timing factor. The system is effective against passive and active hackers, Trojans, and phishing techniques.

Abstract: A system and method for generating and authenticating a password to protect a computer system from unauthorized access. The characters of the password are placed in data packets by an access device. Prior to sending the packets, the device inserts predefined time intervals between each of the data packets. The value of the time intervals is retrieved from a sequence of time intervals that is shared between the access device and an authentication device. The authentication device determines whether the received set of password characters matches a stored set of password characters, measures the time intervals between the packets, and determines whether the measured time intervals match the predefined time intervals. The authentication device positively authenticates the access device only if both the characters and the time intervals match. Periodically, different time intervals from the sequence are inserted to change the password.

Abstract: An apparatus, system, and method for constructing, transmitting, and authenticating a password utilized by an authentication device to authenticate an access device. The authentication device receives the password from the access device, authenticates the access device if the password matches stored information, and returns an acknowledgment message that includes an index value associated with a stored character set. The access device constructs and transmits the password. The access device receives from a user, a plurality of predefined characters forming a User ID. The access device also receives the acknowledgment message and index value from the authentication device. The index value is used to identify a character set from a plurality of character sets stored in a lookup table. The access device integrates the User ID and the identified character set to generate a password, and transmits the password to the authentication device.