Authentication and Authorization Password/PIN System (AAPPS) US Patent 6954740 and Others Pending   AAPPS provides authentication and authorization to applications such as check systems, credit cards, debit cards, retail cards, security cards and electronic wallet.  In addition, it can provide authenticated access to software systems, sensitive legal or medical documents, HR or financial information.  In fact, as enterprises are employing the efficiencies of the Internet for e-business with suppliers and customers, AAPPS is the simplest logical next step for increased security.   AAPPS instills trust in Internet and Electronic transactions.    Principles: Limited Time/Transaction Crypto Keys (LTCK - Password/PIN/Public or Private Key pairs) are used only for a limited time or limited occurrences (once or more) per transaction, authorization or other process.  LTCK Sharing is a concept where LTCKs are maintained by individuals in a centralized individual location (USB memory device, smart card, cell phone or wireless PDA) that later can be used with other enterprises in a trusted fashion.  LTCK sharing can help address the major obstacles to deploying authentication to large consumer segments by allowing individual subscribers (consumers) to use LTCKs generated and delivered to enterprises and multiple locations and web sites.  The key concept in the sharing model is an individual LTCK service infrastructure responsible for storage and provisioning of stores of LTCKs and for the validation of a multi-factor authentication associated with the store (pool) of LTCKs.  In AAPPS model strong authentication is only required at AAPPS application, which may deploy a second-factor authentication.  Most consumers are familiar with the concept of logging in with a username password.  Typically, a consumer (individual subscriber) will log in to the AAPPS application installed using a second factor authentication.  After authentication individual subscribers can access their LTCK store and could either generate more or delete old stores of LTCK.  The LTCK stores include symmetric passwords and public-private key pairs.  LTCK stores can be shared between accounts or delegated to specific accounts as designated by the individual subscriber. The system automatically will send encrypted messages to update PINS or Passwords in the corresponding enterprises systems.     AAPPS Provides: ·         LTCK Synchronization with Financial Enterprises using SSL and PKCS#7 ·         Automatic LTCK generation and entry for current applications (Passwords or PINs) ·         In-memory data protection in addition to AES encryption of stored data ·         Support for sending keystrokes (auto-type) to windows ·         Automatic login’s to applications and web-sites ·         Automatic PIN or Credentials entry.   Credit/Debit Cards Transactions An individual subscriber account holder commonly orders an item and provides the merchant with a credit card or an AAPPS account number, amount to authorize and a LTCK.  LTCK lifetime can include 1 or more transactions or a date range.  The methods for posting LTCK are listed herein: ·         LTCKs can be attached on the credit card slip by sticking a preprinted label ·         LTCKs can be handwritten on the credit slip ·         LTCKs can be transmitted using a mobile electronic device (e.g. smart card, PDA)   The merchant can use the information to verify the individual subscriber’s authenticity and to verify that the account holder can in fact use the credit card to execute the particular transaction. If an unauthorized person obtains the credit card number, this person cannot use the credit card number in placing unauthorized transaction requests without obtaining the LTCKs available only to the account holder. Bank Check Transactions (Hard Copy/Wireless) A customer commonly uses check-writing software to print several checks at a time.  The checks contain an LTCK derived number for each check.  The LTCKs are retrieved by check writing software, which uses the same algorithm specific to the application. The algorithm can include the content of the AMOUNT, DATE and PAY TO THE ORDER OF fields.  The generated LTCK derived number can be printed on the PC field or Check Number Field on the MICR line.  For Web transactions an LTCK can be provided instead of a signature.