Operation modes for user authentication system based on random partial pattern recognition

US 20040123151A1
Filed: 03/03/2003
Published: 06/24/2004
Est. Priority Date: 12/23/2002
Status: Active Grant

First Claim

Patent Images

1. A system for authentication of a client, comprising:

a data processor including an interface to a database, an interface to a data network, and authentication system programs executable by the data processor, the system programs including, authentication logic supporting a “

what user knows”

authentication algorithm for authentication of a client based upon client credentials including an account user name and an account authentication code, and system logic supporting client account administration for the authentication algorithm, the client account administration including at least one mode of operation that presents an interface to a client via the data network having at least two tiers of security based on input by the client of information known to the client, a first tier in said at least two tiers requiring entry of one of the account user name and an email address, and a second tier in the at least two tiers requiring entry of one of client profile data sufficient to identify the client and at least a subset of said account authentication code.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for authentication of a client includes logic supporting a “what user knows” algorithm for authentication of a client, such as a random partial pattern recognition algorithm, based upon client credentials including an account user name and an account authentication code. Logic supporting client account administration is operable without human intervention on the server side, and includes at least one mode of operation that presents an interface to a client via the data network having at least two tiers of security based on input by the client of secret information shared only between the client and the server. A first tier in said at least two tiers requires entry of one of the account user name and user'"'"'s email address, and a second tier in the at least two tiers requires entry of one of client profile data sufficient to identify the client and at least a subset of said account authentication code.

70 Citations

View as Search Results

38 Claims

1. A system for authentication of a client, comprising:
- a data processor including an interface to a database, an interface to a data network, and authentication system programs executable by the data processor, the system programs including, authentication logic supporting a “
  
  what user knows”
  
  authentication algorithm for authentication of a client based upon client credentials including an account user name and an account authentication code, and system logic supporting client account administration for the authentication algorithm, the client account administration including at least one mode of operation that presents an interface to a client via the data network having at least two tiers of security based on input by the client of information known to the client, a first tier in said at least two tiers requiring entry of one of the account user name and an email address, and a second tier in the at least two tiers requiring entry of one of client profile data sufficient to identify the client and at least a subset of said account authentication code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein said at least one mode of operation comprises an account set up mode, and wherein said interface presented to the client includes a first graphical construct prompting entry of an email address;
    - a second graphical construct prompting entry of client profile data;
      
      a message, issued in response to acceptance of said email address and said client profile data, to the client using said email address carrying temporary client credentials, including a temporary user name and a temporary authentication code, for the authentication algorithm;
      
      a third graphical construct prompting entry based on said temporary client credentials; and
      
      a fourth graphical construct, presented on acceptance of said temporary client credentials via said third graphical construct, prompting entry of chosen client credentials, including the account user name and the account authentication code, for use in the authentication algorithm.
  - 3. The system of claim 1, wherein said at least one mode of operation comprises an account authentication code reset mode for an account, and wherein said interface presented to the client includes a first graphical construct prompting entry of said account user name;
    - a second graphical construct prompting entry of client profile data;
      
      a third graphical construct, presented on acceptance of said account user name and said client profile data via said first and second graphical constructs, prompting entry of a new authentication code of the account for use in the authentication algorithm.
  - 4. The system of claim 1, wherein said at least one mode of operation comprises a client credential reset mode for an account, and wherein said interface presented to the client includes a first graphical construct prompting the client for said account user name and for an entry based on said account authentication code;
    - and a second graphical construct, presented on acceptance of said account user name and said entry based on said account authentication code via said first graphical construct, prompting entry of a new credential of the client, including a new client name of the account and a new authentication code of the account, for use in the authentication algorithm.
  - 5. The system of claim 1, wherein said system logic includes a program which logs events related to account administration in a security database.
  - 6. The system of claim 1, wherein said system logic supporting client account administration comprises routines supporting on line account administration without human intervention.
  - 7. The system of claim 1, wherein said at least one mode of operation comprises a plurality of modes, including an account set up mode in which a client establishes an account client credential for an account, the client credential including an client name and an account authentication code, an account client credential reset mode for an account in which the client changes both the account user name and the account authentication code, and an account authentication code reset mode in which the client changes only the account authentication code.
  - 8. The system of claim 1, wherein said at least one mode of operation comprises a plurality of modes, including an account set up mode in which a client establishes an account client credential for an account, the client credential including an client name and an account authentication code, an account client credential reset mode for an account in which the client changes both the account user name and the account authentication code, and an account authentication code reset mode in which the client changes only the account authentication code, and wherein said system logic includes a program which logs events related to account administration in a security database for said plurality of modes.
  - 9. The system of claim 1, wherein said at least one mode of operation comprises a plurality of modes, including an account set up mode in which a client establishes an account client credential for an account, the client credential including a client name and an account authentication code, an account client credential reset mode for an account in which the client changes both the account user name and the account authentication code, and an account authentication code reset mode in which the client changes only the account authentication code, and wherein said system logic supporting client account administration comprises routines supporting on line account administration without human intervention for said plurality of modes.
  - 10. The system of claim 1, wherein said account client authorization code for a particular transaction includes an ordered set of data fields, the ordered set being stored in said database, data fields in said ordered set including respective field contents;
    - and said data processor includes an authentication server including logic to identify to the client via communication interface, positions in said ordered set of a random subset of data fields from said ordered set;
      
      logic to accept input data from the client via the communication interface, corresponding to field contents for corresponding data fields in the random subset of the stored ordered set; and
      
      logic to determine whether the input data matches the field contents of corresponding data fields in the random subset.

11. A method for authentication of a client, comprising:
- storing account client credentials, including an account user name and an account authentication code, in a database for a “
  
  what user knows”
  
  authentication algorithm;
  
  presenting to a client via a data network, an account administration menu for the authentication algorithm, the account administration menu prompting selection of at least one mode of operation;
  
  in response to input selecting one of said modes of operation for set up or modification of said account client credentials, presenting an interface to the client via the data network having at least two tiers of security based on input by the client of information known to the client, a first tier in said at least two tiers requiring entry of one of the account user name and an email address, and a second tier in the at least two tiers requiring entry of one of client profile data sufficient to identify the client and at least a subset of said account authentication code; and
  
  accepting and storing data in said database modifying said account client credentials if said at least two tiers of security are successfully traversed.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein said at least one mode of operation comprises an account set up mode, and wherein presenting said interface includes prompting the client for entry of an email address;
    - prompting the client for entry of client profile data;
      
      issuing an automatic system message in response to acceptance of said email address and said client profile data, to the client using said email address carrying server generated temporary client credentials, including a temporary user name and a temporary authentication code, for the authentication algorithm;
      
      prompting the client for an entry based on said temporary client credentials; and
      
      upon acceptance of said temporary client credentials, prompting the client for 1 entry of chosen by the client permanent client credentials, including the account user name and the account authentication code, for use in the authentication algorithm.
  - 13. The method of claim 11, wherein said at least one mode of operation comprises an account authentication code reset mode for an account, and wherein presenting said interface includes prompting the client for entry of said account user name;
    - prompting the client for entry of client profile data; and
      
      upon acceptance of said account user name and said client profile data, prompting the client for entry of a new authentication code of the account for use in the authentication algorithm.
  - 14. The method of claim 11, wherein said at least one mode of operation comprises a client credential reset mode for an account, and wherein presenting said interface includes prompting the client for said account user name and for an entry based on said account authentication code;
    - and upon acceptance of said account user name and said entry based on said account authentication code, prompting the client for entry of a new credential of the client, including a new client name of the account and a new authentication code of the account, for use in the authentication algorithm.
  - 15. The method of claim 11, including logging events related to account administration in a security database.
  - 16. The system of claim 11, wherein said presenting and accepting are carried out without human intervention.
  - 17. The method of claim 11, wherein said at least one mode of operation comprises a plurality of modes, including an account set up mode in which a client establishes an account client credential for an account, the client credential including an client name and an account authentication code, an account client credential reset mode for an account in which the client changes both the account user name and the account authentication code, and an account authentication code reset mode in which the client changes only the account authentication code.
  - 18. The method of claim 11, wherein said at least one mode of operation comprises a plurality of modes, including an account set up mode in which a client establishes an account client credential for an account, the client credential including a client name and an account authentication code, an account client credential reset mode for an account in which the client changes both the account user name and the account authentication code, and an account authentication code reset mode in which the client changes only the account authentication code, and, including logging events related to account administration in a security database for said plurality of modes.
  - 19. The method of claim 11, wherein said at least one mode of operation comprises a plurality of modes, including an account set up mode in which a client establishes an account client credential for an account, the client credential including a client name and an account authentication code, an account client credential reset mode for an account in which the client changes both the account user name and the account authentication code, and an account authentication code reset mode in which the client changes only the account authentication code, and wherein said presenting and accepting are carried out without human intervention.
  - 20. The method of claim 11, wherein said account authentication code includes an ordered set of data fields, the ordered set being stored in said database, data fields in said ordered set including respective field contents;
    - and including identifying to the client via the data network, positions in said ordered set of a random subset of data fields from said ordered set;
      
      accepting input data from the client via the data network, corresponding to field contents for corresponding data fields in the random subset of the stored ordered set; and
      
      determining whether the input data matches the field contents of corresponding data fields in the random subset.

21. A system for authentication of a client, comprising:
- a data processor including an interface to a database, an interface to a data network, and authentication system programs executable by the data processor, the system programs including, authentication logic supporting an authentication algorithm for authentication of a client based upon client credentials including an account user name and an account authentication code comprising an ordered set of data fields, the ordered set being stored in said database, data fields in said ordered set including respective field contents, and system logic supporting client account administration for the authentication algorithm, the client account administration including at least one mode of operation that presents an interface to a client via the data network having at least two tiers of security based on input by the client of information known to the client, a first tier in said at least two tiers requiring entry of one of the account user name and an email address, and a second tier in the at least two tiers requiring entry of one of client profile data sufficient to identify the client and a random subset of said data fields from said account authentication code.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
- - 22. The system of claim 21, wherein said at least one mode of operation comprises an account set up mode, and wherein said interface presented to the client includes a first graphical construct prompting entry of an email address;
    - a second graphical construct prompting entry of client profile data;
      
      an automatic system message, issued in response to acceptance of said email address and said client profile data, to the client using said email address carrying server generated temporary client credentials, including a temporary user name and a temporary authentication code including an ordered set of data fields, for the authentication algorithm;
      
      a third graphical construct prompting entry of said temporary user name and a random subset of said ordered set of data fields of said temporary client credentials; and
      
      a fourth graphical construct, presented on acceptance of said temporary client credentials via said third graphical construct, prompting entry of client credentials, including the account user name and the ordered set of data fields of the account authentication code, for use in the authentication algorithm.
  - 23. The system of claim 21, wherein said at least one mode of operation comprises an account authentication code reset mode for an account, and wherein said interface presented to the client includes a first graphical construct prompting entry of said account user name;
    - a second graphical construct prompting entry of client profile data;
      
      a third graphical construct, presented on acceptance of said account user name and said client profile data via said first and second graphical constructs, prompting entry of a new ordered set of data fields for the account authentication code for use in the authentication algorithm.
  - 24. The system of claim 21, wherein said at least one mode of operation comprises a client credential reset mode for an account, and wherein said interface presented to the client includes a first graphical construct prompting the client for said account user name and for a random subset of said ordered set of data fields of said account authentication code;
    - and a second graphical construct, presented on acceptance of said account user name and said random subset via said first graphical construct, prompting entry of a new client credential, including a new account user name and a new ordered set of data fields, for use in the authentication algorithm.
  - 25. The system of claim 21, wherein said system logic includes a program which logs events related to account administration in a security database.
  - 26. The system of claim 21, wherein said system logic supporting client account administration comprises routines supporting on line account administration without human intervention.
  - 27. The system of claim 21, wherein said at least one mode of operation comprises a plurality of modes, including an account set up mode in which a client establishes an account client credential for an account, the client credential including a client name and an ordered set of data fields, an account client credential reset mode for an account in which the client changes both the account user name and the ordered set of data fields, and an account authentication code reset mode in which the client changes only the ordered set of data fields.
  - 28. The system of claim 21, wherein said at least one mode of operation comprises a plurality of modes, including an account set up mode in which a client establishes an account client credential for an account, the client credential including an client name and an ordered set of data fields, an account client credential reset mode for an account in which the client changes both the account user name and the ordered set of data fields, and an account authentication code reset mode in which the client changes only the ordered set of data fields, and wherein said system logic includes a program which logs events related to account administration in a security database for said plurality of modes.
  - 29. The system of claim 21, wherein said at least one mode of operation comprises a plurality of modes, including an account set up mode in which a client establishes an account client credential for an account, the client credential including a client name and an ordered set of data fields, an account client credential reset mode for an account in which the client changes both the account user name and the ordered set of data fields, and an account authentication code reset mode in which the client changes only the ordered set of data fields, and wherein said system logic supporting client account administration comprises routines supporting on line account administration without human intervention for said plurality of modes.

30. A method for authentication of a client, comprising:
- storing account client credentials, including an account user name and an account authentication code, in a database for an authentication algorithm, the account authentication code comprising an ordered set of data fields, the ordered set being stored in said database, data fields in said ordered set including respective field contents;
  
  presenting to a client via a data network, an account administration menu for the authentication algorithm, the account administration menu prompting selection of at least one mode of operation;
  
  in response to input selecting one of said modes of operation for set up or modification of said account client credentials, presenting an interface to the client via the data network having at least two tiers of security based on input by the client of information known to the client, a first tier in said at least two tiers requiring entry of one of the account user name and an email address, and a second tier in the at least two tiers requiring entry of one of client profile data sufficient to identify the client and a random subset of said ordered set of data fields of said account authentication code; and
  
  accepting and storing data in said database modifying said account client credentials if said at least two tiers of security are successfully traversed.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38)
- - 31. The method of claim 30, wherein said at least one mode of operation comprises an account set up mode, and wherein presenting said interface includes prompting the client for entry of an email address;
    - prompting the client for entry of client profile data;
      
      issuing an automatic system message in response to acceptance of said email address and said client profile data, to the client using said email address carrying server generated temporary client credentials, including a temporary user name and a temporary ordered set of data fields, for the authentication algorithm;
      
      prompting the client for an entry based on said temporary user name and a random subset of said temporary ordered set of data fields; and
      
      upon acceptance of said temporary client name and said random subset, prompting the client for entry of chosen by the client permanent client credentials, including the account user name and the ordered set of data fields, for use in the authentication algorithm.
  - 32. The method of claim 30, wherein said at least one mode of operation comprises an account authentication code reset mode for an account, and wherein presenting said interface includes prompting the client for entry of said account user name;
    - prompting the client for entry of client profile data; and
      
      upon acceptance of said account user name and said client profile data, prompting the client for entry of a new ordered set of data fields for use in the authentication algorithm.
  - 33. The method of claim 30, wherein said at least one mode of operation comprises a client credential reset mode for an account, and wherein presenting said interface includes prompting the client for said account user name and for a random subset of said ordered set of data fields;
    - and upon acceptance of said account user name and said entry based on said account authentication code, prompting the client for entry of a new client credential, including a new account user name and a new ordered set of data fields, for use in the authentication algorithm.
  - 34. The method of claim 30, including logging events related to account administration in a security database.
  - 35. The system of claim 30, wherein said presenting and accepting are carried out without human intervention.
  - 36. The method of claim 30, wherein said at least one mode of operation comprises a plurality of modes, including an account set up mode in which a client establishes an account client credential for an account, the client credential including a client name and an ordered set of data fields, an account client credential reset mode for an account in which the client changes both the account user name and the ordered set of data fields, and an account authentication code reset mode in which the client changes only the ordered set of data fields.
  - 37. The method of claim 30, wherein said at least one mode of operation comprises a plurality of modes, including an account set up mode in which a client establishes an account client credential for an account, the client credential including an client name and an ordered set of data fields, an account client credential reset mode for an account in which the client changes both the account user name and the ordered set of data fields, and an account authentication code reset mode in which the client changes only the ordered set of data fields, and including logging events related to account administration in a security database for said plurality of modes.
  - 38. The method of claim 30, wherein said at least one mode of operation comprises a plurality of modes, including an account set up mode in which a client establishes an account client credential for an account, the client credential including an client name and an ordered set of data fields, an account client credential reset mode for an account in which the client changes both the account user name and the ordered set of data fields, and an account authentication code reset mode in which the client changes only the ordered set of data fields, and wherein said presenting and accepting are carried out without human intervention.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Authernative
Original Assignee
Authernative, Inc.
Inventors
Mizrah, Len L.

Granted Patent

US 7,577,987 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

G06F 21/31   User authentication

G06F 21/36   by graphic or iconic repres...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

Operation modes for user authentication system based on random partial pattern recognition

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

70 Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Operation modes for user authentication system based on random partial pattern recognition

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links