Establishing a secure channel with a human user

US 20040073813A1
Filed: 04/25/2003
Published: 04/15/2004
Est. Priority Date: 04/25/2002
Status: Active Grant

First Claim

Patent Images

1. A method of establishing a secure channel between a user and a computer application comprising:

rendering to the user a randomly selected identifier;

receiving input from the user based on both the randomly selected identifier and a secret identifier associated with the user;

determining, based on the input whether the user demonstrates knowledge of the secret identifier; and

authenticating or not authenticating the user based upon the outcome of said determining step.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of establishing a secure channel between a human user and a computer application is described. A secret unique identifier (“PIN”) is shared between a user and an application. When the user makes a request that involves utilizing the PIN for authentication purposes, the application renders a randomly selected identifier. The randomly selected identifier is in a format that is recognizable to a human but is not readily recognizable by an automated agent. The randomly selected identifier is then presented to the human user. The user identifies the relationship between the randomly selected identifier and the PIN. If the user'"'"'s input reflects the fact that the user knows the PIN, then the user is authenticated.

Citations

18 Claims

1. A method of establishing a secure channel between a user and a computer application comprising:
- rendering to the user a randomly selected identifier;
  
  receiving input from the user based on both the randomly selected identifier and a secret identifier associated with the user;
  
  determining, based on the input whether the user demonstrates knowledge of the secret identifier; and
  
  authenticating or not authenticating the user based upon the outcome of said determining step.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the input represents a difference between the secret identifier and the randomly selected identifier.
  - 3. The method of claim 1, wherein the user inputs a sequence of data, the sequence of data indicating the difference between the secret identifier and the randomly selected identifier.
  - 4. The method of claim 1, wherein the input represents a series of locations on the randomly selected identifier, the locations indicating the secret identifier.
  - 5. The method of claim 1, wherein the randomly selected identifier is used only once.
  - 6. The method of claim 1, wherein the randomly selected identifier is rendered as an image generated by a Reverse Turing Test (RTT).
  - 7. The method of claim 1, wherein the randomly selected identifier is rendered as an image formatted using various styles.

8. A method for authenticating a user with a secure application in an insecure environment comprising the steps of:
- generating a PIN that is associated with the user, the PIN being known by both the secure application and the user;
  
  requesting an operation such that the secure application renders a randomly generated identifier;
  
  sending the randomly generated identifier to a display device, which displays the randomly generated identifier to the user;
  
  receiving input in the form of at least one command such that at least one value is attributed to the at least one command, the at least one value having a relationship to the PIN;
  
  sending the at least one value to the secure application, wherein the secure application compares the at least one value to the PIN to determine if the at least one value corresponds to the PIN; and
  
  if the user input demonstrates knowledge of the PIN authenticating the user; and
  
  if the user input does not demonstrate knowledge of the PIN not authenticating the user.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8, wherein the command represents a relationship between the PIN and the randomly generated identifier.
  - 10. The method of claim 8, wherein the command represents clicks in a sequence, the clicks indicating the difference between the PIN and the randomly generated identifier.
  - 11. The method of claim 8, wherein the command represents a series of locations on the randomly generated identifier, the locations indicating the PIN.
  - 12. The method of claim 8, wherein the randomly generated identifier is used only once.

13. A system for establishing a secure channel from a user to an application over which a PIN can be submitted comprising:
- a display;
  
  a memory for storing information concerning the PIN;
  
  a processor configured for executing instructions stored in the memory wherein the memory stores instructions that;
  
  generating a random identifier in response to a request using the PIN;
  
  rendering the random identifier to the user;
  
  receive information from the user;
  
  determine if the information received sufficiently demonstrates knowledge of the PIN.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, wherein the information received represents a relationship between the value of the random identifier and the value of the PIN.
  - 15. The system of claim 13, wherein the information received represents clicks in a sequence, the clicks indicating the difference between the value of the random identifier and the value of the PIN.
  - 16. The system of claim 13, wherein the information represents a series of locations on the random identifier, the locations indicating the value of the PIN.
  - 17. The system of claim 13, wherein the image is used only once.
  - 18. The system of claim 13, wherein random identifier is rendered as an image generated by a Reverse Turing Test (RTT). 19. The system of claim 13, wherein the random identifier is rendered as an image formatted using various styles.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Inventors
Sander, Tomas, Pinkas, Binyamin, Tarjan, Robert E., Haber, Stuart A.

Granted Patent

US 7,149,899 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/202
CPC Class Codes

G06F 21/36   by graphic or iconic repres...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/4097   using mutual authentication...

G07C 9/33   by means of a password

G07F 7/10   together with a coded signa...

G07F 7/1008   Active credit-cards provide...

G07F 7/1025   Identification of user by a...

G09C 5/00   Ciphering apparatus or meth...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 9/3226   using a predetermined code,...

H04L 9/3271   using challenge-response

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/77   Graphical identity

Establishing a secure channel with a human user

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Establishing a secure channel with a human user

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links