System and method of inkblot authentication
First Claim
1. A computerized system, comprising:
- an interface to a graphical output device;
an interface to an input device capable of generating alphanumeric characters; and
an inkblot authentication module configured to, at least;
generate an authentication inkblot image definition from an authentication inkblot seed;
issue at least one authentication inkblot image definition to the graphical output device;
receive at least one alphanumeric character corresponding to input received at the input device in response to each displayed authentication inkblot; and
generate authentication information from the at least one alphanumeric character received in response to each displayed authentication inkblot.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method that uses authentication inkblots to help computer system users first select and later recall authentication information from high entropy information spaces. An inkblot authentication module generates authentication inkblots from authentication inkblot seeds. On request, a security authority generates, stores and supplies an authentication inkblot seed set for a user. In response to an authentication inkblot, a user inputs one or more alphanumeric characters. The responses to one or more authentication inkblots serve as authentication information. A user-computable hash of the natural language description of the authentication inkblot is utilized to speed authentication information entry and provide for compatibility with conventional password-based authentication. Authentication with an authentication information match ratio of less than 100% is possible. Authentication inkblot generation methods are disclosed, as well as a detailed inkblot authentication protocol which makes it difficult for users to opt-out of high entropy authentication information generation.
69 Citations
50 Claims
-
1. A computerized system, comprising:
-
an interface to a graphical output device;
an interface to an input device capable of generating alphanumeric characters; and
an inkblot authentication module configured to, at least;
generate an authentication inkblot image definition from an authentication inkblot seed;
issue at least one authentication inkblot image definition to the graphical output device;
receive at least one alphanumeric character corresponding to input received at the input device in response to each displayed authentication inkblot; and
generate authentication information from the at least one alphanumeric character received in response to each displayed authentication inkblot. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer-implemented method, comprising:
-
initializing a pseudo-random number generator with an authentication inkblot seed;
drawing one or more blots on an authentication inkblot generation canvas and determining each blot parameter value as a function of one or more pseudo-random values generated by the pseudo-random number generator initialized with the authentication inkblot seed; and
displaying the authentication inkblot generation canvas on a graphical output device. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A computer-readable medium having thereon computer executable instructions for performing a method comprising:
-
initializing a pseudo-random number generator with an authentication inkblot seed;
drawing one or more blots on an authentication inkblot generation canvas and determining each blot parameter value as a function of one or more pseudo-random values generated by the pseudo-random number generator initialized with the authentication inkblot seed; and
displaying the authentication inkblot generation canvas on a graphical output device.
-
-
38. A computer-implemented authentication protocol, comprising:
-
displaying in a random second order an authentication inkblot associated with each authentication inkblot seed in an authentication inkblot seed set having a first order;
receiving in the random second order one or more alphanumeric characters in response to each authentication inkblot displayed in the random second order;
displaying in the first order the authentication inkblot associated with each authentication inkblot seed in the authentication inkblot seed set;
receiving in the first order one or more alphanumeric characters in response to each authentication inkblot displayed in the first order; and
verifying that the one or more alphanumeric characters received in response to each displayed authentication inkblot are the same when the authentication inkblots were displayed in the first order as when the authentication inkblots were displayed in the random second order. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45)
-
-
46. A computer-implemented authentication protocol, comprising:
-
displaying an authentication inkblot associated with each authentication inkblot seed in an authentication inkblot seed set associated with a computer system user identified by a username;
receiving one or more alphanumeric characters in response to each displayed authentication inkblot;
sending an authenticate message incorporating the username parameter that identifies the computer system user and an authentication information parameter that is the concatenation of the one or more alphanumeric characters received in response to each displayed authentication inkblot. - View Dependent Claims (47, 48, 49, 50)
-
Specification