Strong authentication systems built on combinations of "what user knows" authentication factors
First Claim
1. An interactive method for authentication of a client, comprising:
- first prompting the client to provide a first “
what user knows”
authentication factor, and verifying the first “
what user knows”
authentication factor; and
after verifying the first “
what user knows”
authentication factor, second prompting the client to provide a second “
what user knows”
authentication factor which is algorithmically and parametrically independent of the first “
what user knows”
authentication factor, and verifying the second “
what user knows”
authentication factor, wherein at least one of the first and second “
what user knows”
authentication factors is based on a random partial subset of a data set known to the client.
2 Assignments
0 Petitions
Accused Products
Abstract
A system for authentication of a client includes logic supporting combinations of more than one a “what user knows” authentication factors for strong authentication of a client, such as a static password, random partial pattern recognition factor and a random partial digitized path recognition factor. An interactive method for authentication of a client in a network environment utilizes two or more “what user knows” authentication factors. The two or more “what user knows” authentication factors are algorithmically and parametrically independent. The client is prompted to provide a server the first “what user knows” authentication factor over a communication medium. The server verifies the first “what user knows” authentication factor. If successful, then the client is prompted to provide the server the second “what user knows” authentication factor. The server verifies the second “what user knows” authentication factor, and so on, to complete the authentication process.
120 Citations
41 Claims
-
1. An interactive method for authentication of a client, comprising:
-
first prompting the client to provide a first “
what user knows”
authentication factor, and verifying the first “
what user knows”
authentication factor; and
after verifying the first “
what user knows”
authentication factor, second prompting the client to provide a second “
what user knows”
authentication factor which is algorithmically and parametrically independent of the first “
what user knows”
authentication factor, and verifying the second “
what user knows”
authentication factor, wherein at least one of the first and second “
what user knows”
authentication factors is based on a random partial subset of a data set known to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. An interactive method for authentication of a client, comprising:
-
storing a data set including data fields in a memory, data fields in said data set having respective positions in said data set and respective field contents, and storing information concerning a static password;
prompting the client to enter the static password;
accepting first input data from the client via a data communication medium, corresponding to the static password;
determining whether the first input data matches the static password;
identifying to the client via a data communication medium, positions in said data set of a random partial subset of data fields from said data set;
accepting second input data from the client via a data communication medium, corresponding to field contents of data fields in the random partial subset of said data set; and
determining whether the second input data matches the field contents of corresponding data fields in the random subset. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. An authentication system for a client, comprising:
-
data processing resources, including a processor, memory and a communication interface;
user account information stored in said memory, including for respective clients information a first “
what user knows”
authentication factor and information concerning a second “
what user knows”
authentication factor, where the information concerning one of the first and second “
what user knows”
authentication factors comprises a data set including a data set of data fields, data fields in said data set having respective positions in said data set and respective field contents;
an authentication server adapted for execution by the data processing resources, including logic to prompt the client via the communication interface to provide the first “
what user knows”
authentication factor, logic to identify to the client via the communication interface, positions in said data set of a random partial subset of data fields from said data set;
logic to accept input data from the client via the communication interface corresponding to said first “
what user knows”
authentication factor and corresponding to field contents for corresponding data fields in the random partial subset; and
logic to determine whether the input data matches said first “
what user knows”
authentication factor and said field contents of corresponding data fields in the random partial subset. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41)
-
Specification