Secure authentication systems and methods

US 10,425,405 B2
Filed: 10/12/2018
Issued: 09/24/2019
Est. Priority Date: 04/25/2002
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a user for access to an electronic resource managed by a system, the system comprising a processor and a non-transitory computer-readable storage medium storing instructions that, when executed by the processor, cause the-system to perform the method, the method comprising:

receiving personal information from a user device attempting to access the electronic resource;

determining whether the personal information is valid;

determining that the personal information has not been previously provided to the system;

requesting, after and in response to receiving the personal information from the user device and determining that the personal information has not been previously provided to the system, one or more responses to a Reverse Turing Test (RTT), regardless of whether the personal information is valid;

receiving one or more responses to the RTT;

determining whether the one or more responses to the RTT are valid; and

selectively granting the user device access to the electronic resource only if the personal information is valid and the one or more responses to the RTT are valid.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided for authentication by combining a Reverse Turing Test (RTT) with password-based user authentication protocols to provide improved resistance to brute force attacks. In accordance with one embodiment of the invention, a method is provided for user authentication, the method including receiving a username/password pair associated with a user; requesting one or more responses to a first Reverse Turing Test (RTT); and granting access to the user if a valid response to the first RTT is received and the username/password pair is valid.

40 Citations

View as Search Results

22 Claims

1. A method for authenticating a user for access to an electronic resource managed by a system, the system comprising a processor and a non-transitory computer-readable storage medium storing instructions that, when executed by the processor, cause the-system to perform the method, the method comprising:
- receiving personal information from a user device attempting to access the electronic resource;
  
  determining whether the personal information is valid;
  
  determining that the personal information has not been previously provided to the system;
  
  requesting, after and in response to receiving the personal information from the user device and determining that the personal information has not been previously provided to the system, one or more responses to a Reverse Turing Test (RTT), regardless of whether the personal information is valid;
  
  receiving one or more responses to the RTT;
  
  determining whether the one or more responses to the RTT are valid; and
  
  selectively granting the user device access to the electronic resource only if the personal information is valid and the one or more responses to the RTT are valid.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method of claim 1, wherein determining that the personal information has not been previously provided to the system comprises determining that information indicating that the personal information has been previously provided to the system by the user device has not been received by the system.
  - 3. The method of claim 2, wherein the information indicating that the personal information has been previously provided to the system comprises a cookie.
  - 4. The method of claim 1, wherein determining that the personal information has not been previously provided to the system comprises determining that information indicating that the personal information has been previously provided to the system by the user device is not stored by the system.
  - 5. The method of claim 4, wherein the information indicating that the personal information has been previously provided to the system comprises a cookie.
  - 6. The method of claim 4, wherein the information indicating that the personal information has been previously provided to the system comprises identification information associated with the user device.
  - 7. The method of claim 6, wherein the identification information associated with the user device comprises an internet protocol address.
  - 8. The method of claim 1, wherein the method further comprises determining that one or more valid responses to a prior RTT have not been previously provided to the system and wherein requesting one or more responses to the RTT is further in response to determining that one or more valid responses to a prior RTT have not been previously provided to the system.
  - 9. The method of claim 1, wherein determining that the personal information has not been previously provided to the system comprises determining that invalid personal information has been a provided to the system a predetermined threshold number of times.
  - 10. The method of claim 1, wherein the personal information is provided by the user manually.
  - 11. The method of claim 1, wherein the personal information is provided automatically.
  - 12. The method of claim 1, wherein the RTT is independent of the personal information.
  - 13. The method of claim 1, wherein the RTT is based on a non-deterministic or random function that depends on the personal information.
  - 14. The method of claim 1, wherein the method further comprises presenting the RTT only after receiving the personal information.
  - 15. The method of claim 1, wherein the personal information comprises a username/password pair, and wherein a time between receiving the username/password pair and requesting the one or more responses to the RTT is not increased in response to a determination that the username/password pair is invalid.
  - 16. The method of claim 1, wherein the RTT comprises at least one of:
    - a deterministic function;
      
      a non-deterministic function; and
      
      a random function.
  - 17. The method of claim of claim 1, wherein the RTT comprises an audible sound.
  - 18. The method of claim 1, wherein the electronic resource comprises at least one of:
    - a bank account;
      
      an Internet auction;
      
      a stock trading account; and
      
      an email account.
  - 19. The method of claim 1, wherein the method further comprises determining whether the one or more responses to the RTT are valid comprises determining whether the one or more responses to the RTT are within a defined threshold margin of error of a valid response.
  - 20. The method of claim 1, wherein the RTT comprises a deterministic function of the valid personal information.
  - 21. The method of claim 1, wherein the RTT comprises an image on which the user is instructed to locate certain characters.
  - 22. The method of claim 21, wherein the user is instructed to locate the certain characters using at least one of a cursor control device and a touch screen display.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Pinkas, Binyamin, Sander, Tomas
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Gao, Shu Chun

Application Number

US16/159,040
Publication Number

US 20190149536A1
Time in Patent Office

347 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/36   by graphic or iconic repres...

G06F 21/6218   to a system of files or obj...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/105   Multiple levels of security

H04L 63/12   Applying verification of th...

H04L 63/1458   Denial of Service

Secure authentication systems and methods

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Secure authentication systems and methods

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links