Secure authentication systems and methods
First Claim
1. A method for authenticating a user for access to an electronic resource managed by a system, the system comprising a processor and a non-transitory computer-readable storage medium storing instructions that, when executed by the processor, cause the-system to perform the method, the method comprising:
- receiving personal information from a user device attempting to access the electronic resource;
determining whether the personal information is valid;
determining that the personal information has not been previously provided to the system;
requesting, after and in response to receiving the personal information from the user device and determining that the personal information has not been previously provided to the system, one or more responses to a Reverse Turing Test (RTT), regardless of whether the personal information is valid;
receiving one or more responses to the RTT;
determining whether the one or more responses to the RTT are valid; and
selectively granting the user device access to the electronic resource only if the personal information is valid and the one or more responses to the RTT are valid.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are provided for authentication by combining a Reverse Turing Test (RTT) with password-based user authentication protocols to provide improved resistance to brute force attacks. In accordance with one embodiment of the invention, a method is provided for user authentication, the method including receiving a username/password pair associated with a user; requesting one or more responses to a first Reverse Turing Test (RTT); and granting access to the user if a valid response to the first RTT is received and the username/password pair is valid.
40 Citations
22 Claims
-
1. A method for authenticating a user for access to an electronic resource managed by a system, the system comprising a processor and a non-transitory computer-readable storage medium storing instructions that, when executed by the processor, cause the-system to perform the method, the method comprising:
-
receiving personal information from a user device attempting to access the electronic resource; determining whether the personal information is valid; determining that the personal information has not been previously provided to the system; requesting, after and in response to receiving the personal information from the user device and determining that the personal information has not been previously provided to the system, one or more responses to a Reverse Turing Test (RTT), regardless of whether the personal information is valid; receiving one or more responses to the RTT; determining whether the one or more responses to the RTT are valid; and selectively granting the user device access to the electronic resource only if the personal information is valid and the one or more responses to the RTT are valid. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification