Strong authentication systems built on combinations of "what user knows" authentication factors

US 20040225880A1
Filed: 05/07/2003
Published: 11/11/2004
Est. Priority Date: 05/07/2003
Status: Abandoned Application

First Claim

Patent Images

1. An interactive method for authentication of a client, comprising:

first prompting the client to provide a first “

what user knows”

authentication factor, and verifying the first “

what user knows”

authentication factor; and

after verifying the first “

what user knows”

authentication factor, second prompting the client to provide a second “

what user knows”

authentication factor which is algorithmically and parametrically independent of the first “

what user knows”

authentication factor, and verifying the second “

what user knows”

authentication factor, wherein at least one of the first and second “

what user knows”

authentication factors is based on a random partial subset of a data set known to the client.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for authentication of a client includes logic supporting combinations of more than one a “what user knows” authentication factors for strong authentication of a client, such as a static password, random partial pattern recognition factor and a random partial digitized path recognition factor. An interactive method for authentication of a client in a network environment utilizes two or more “what user knows” authentication factors. The two or more “what user knows” authentication factors are algorithmically and parametrically independent. The client is prompted to provide a server the first “what user knows” authentication factor over a communication medium. The server verifies the first “what user knows” authentication factor. If successful, then the client is prompted to provide the server the second “what user knows” authentication factor. The server verifies the second “what user knows” authentication factor, and so on, to complete the authentication process.

120 Citations

View as Search Results

41 Claims

1. An interactive method for authentication of a client, comprising:
- first prompting the client to provide a first “
  
  what user knows”
  
  authentication factor, and verifying the first “
  
  what user knows”
  
  authentication factor; and
  
  after verifying the first “
  
  what user knows”
  
  authentication factor, second prompting the client to provide a second “
  
  what user knows”
  
  authentication factor which is algorithmically and parametrically independent of the first “
  
  what user knows”
  
  authentication factor, and verifying the second “
  
  what user knows”
  
  authentication factor, wherein at least one of the first and second “
  
  what user knows”
  
  authentication factors is based on a random partial subset of a data set known to the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein at least one of said first and second prompting includes presenting to the client from a server via a data communication medium, a clue concerning said random partial subset.
  - 3. The method of claim 1, wherein at least one of said first and second prompting includes presenting a graphical user interface to the client from a server via a data communication medium, the graphical user interface displaying a clue concerning said random partial subset.
  - 4. The method of claim 1, wherein one of the first and second “
    - what user knows”
      
      authentication factors comprises static password recognition.
  - 5. The method of claim 1, wherein one of the first and second “
    - what user knows”
      
      authentication factors comprises static password recognition, and the other of the first and second “
      
      what user knows”
      
      authentication factors based on said random partial subset comprises random partial pattern recognition.
  - 6. The method of claim 1, wherein one of the first and second “
    - what user knows”
      
      authentication factors comprises static password recognition, and the other of the first and second “
      
      what user knows”
      
      authentication factors based on said random partial subset comprises random partial digitized path recognition.
  - 7. The method of claim 1, wherein one of the first and second “
    - what user knows”
      
      authentication factors comprises random partial pattern recognition, and the other of the first and second “
      
      what user knows”
      
      authentication factors comprises random partial digitized path recognition.
  - 8. The method of claim 1, wherein at least one of said first and second prompting includes presenting to the client from a server via a data communication medium, a clue concerning said random partial subset;
    - and including storing said data set in a memory, data fields in said data set having respective positions in said data set and respective field contents, the respective field contents for data fields in said data set include data known to the client based on a function of the respective positions in said data set, and wherein said clue comprises positions in said data set.
  - 9. The method of claim 8, wherein at least one of said first and second prompting includes presenting to the client from a server via a data communication medium, a graphical user interface which displays the clue, and an input construct facilitating input by the client of data corresponding to said parameters.
  - 10. The method of claim 1, wherein at least one of said first and second prompting includes presenting to the client via a data communication medium, a clue concerning said random partial subset;
    - and including storing said data set in a memory, data fields in said data set having respective positions in said data set and respective field contents, the respective field contents for data fields in said data set identifying coordinates along a digitized path known to the client on a reference grid, and wherein said clue comprises positions in said data set.
  - 11. The method of claim 10, wherein at least one of said first and second prompting includes presenting to the client from a server via a data communication medium, a graphical user interface which displays the clue, and an input construct facilitating input of data corresponding to said positions by the client.
  - 12. The method of claim 1, wherein at least one of said first and second prompting wherein at least one of said first and second prompting includes presenting to the client from a server via a data communication medium, a graphical user interface which displays the clue, and an input construct facilitating input of data corresponding to said positions by the client;
    - and including storing said data set in a memory, data fields in said data set having respective positions in said data set and respective field contents, the respective field contents for data fields in said data set identifying coordinates along a digitized path known to the client on a reference grid, and wherein said clue comprises positions in said data set;
      
      wherein said input construct comprises a representation of said reference grid having a randomized array of indicators occupying locations in the reference grid, and input fields for inserting indicators from said randomized array of indicators corresponding to said random partial subset.
  - 13. The method of claim 1, including:
    - detecting an attempt to access a protected network resource by the client, and wherein one of said first prompting and second prompting is responsive to detecting the attempt; and
      
      after verifying said first and second “
      
      what user knows”
      
      authentication factors, signaling authentication of the client to the protected network resource.
  - 14. The method of claim 1, including:
    - after verifying the second “
      
      what user knows”
      
      authentication factor, third prompting the client to provide a third authentication factor which is algorithmically and parametrically independent of the first and second “
      
      what user knows”
      
      authentication factors, and verifying the third authentication factor.
  - 15. The method of claim 14, wherein one of the first, second and third authentication factors comprises random partial pattern recognition, another of the first, second and third authentication factors comprises random partial digitized path recognition, and yet another of the first, second and third authentication factors comprises static password recognition.
  - 16. The method of claim 1, including:
    - displaying an icon during at least one of said first and second prompting and verifying, said icon having a first state during said prompting, a second state while waiting for verification, and a third state after verification.
  - 17. The method of claim 1, including:
    - displaying a stop light icon during at least one of said first and second prompting and verifying, said icon displaying a red light during said prompting, displaying a yellow light while waiting for verification, and displaying a green light after verification.

18. An interactive method for authentication of a client, comprising:
- storing a data set including data fields in a memory, data fields in said data set having respective positions in said data set and respective field contents, and storing information concerning a static password;
  
  prompting the client to enter the static password;
  
  accepting first input data from the client via a data communication medium, corresponding to the static password;
  
  determining whether the first input data matches the static password;
  
  identifying to the client via a data communication medium, positions in said data set of a random partial subset of data fields from said data set;
  
  accepting second input data from the client via a data communication medium, corresponding to field contents of data fields in the random partial subset of said data set; and
  
  determining whether the second input data matches the field contents of corresponding data fields in the random subset.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 19. The method of claim 18, including if the first and second input data matches, signaling successful authentication, and if the first or the second input data does not match, signaling failed authentication.
  - 20. The method of claim 18, wherein the respective field contents for data fields in said data set includes data known to the client based on a function of the respective positions in said data set.
  - 21. The method of claim 18, wherein the respective field contents for data fields in said data set identify coordinates along a digitized path known to the client on a reference grid.
  - 22. The method of claim 18, including storing said data set in a memory, wherein the respective field contents for data fields in said data set identify coordinates along a digitized path known to the client on a reference grid;
    - wherein said identifying includes presenting graphical user interface to the client from a server via a data communication medium, the graphical user interface including a representation of positions of data fields in said data set of said random partial subset, a representation of said reference grid having an array of indicators locations at coordinates in the reference grid, and input fields for inserting indicators from said array of indicators from locations coordinates identified by field contents of data fields at the positions in said data set of said random partial subset.
  - 23. The method of claim 18, including presenting to the client an input construct for account set up, and accepting data from the client based on the input construct, to set field contents for the data fields in the data set.
  - 24. The method of claim 18, including presenting to the client an input construct for entry of data corresponding to field contents of said random partial subset, and wherein said accepting second input data from the client includes accepting data based on said input construct.
  - 25. The method of claim 18, including providing a session timer, and including disabling a client session if an elapsed time exceeds a threshold before an event in an authentication session.
  - 26. The method of claim 18, wherein said client provides input data in a client system coupled to communication media.
  - 27. The method of claim 18, wherein said client provides input data in a client system, including a browser coupled to communication media.
  - 28. The method of claim 18, including:
    - displaying an icon during said identifying, accepting and determining, said icon having a first state during said identifying positions in said data set, a second state after said accepting second input data and while waiting for said determining whether the second input data matches the random partial subset of said data set, and a third state if it is determined that the second input data matches the random partial subset of said data set.
  - 29. The method of claim 18, including:
    - displaying a stop light icon during said identifying, accepting and determining, said icon displaying a red light during said identifying positions in said random partial subset, displaying a yellow light after said accepting second input data and while waiting for said determining whether the second input data matches the random partial subset of said data set, and displaying a green light if it is determined that the second input data matches the random partial subset of said data set if it is determined that the second input data matches the random partial subset of said data set.
  - 30. The method of claim 18, including:
    - displaying an icon during said prompting, accepting and determining, said icon having a first state during said prompting, a second state after said accepting first input data and while waiting for said determining whether the first input data matches the static password, and a third state if it is determined that the first input data matches the static password.
  - 31. The method of claim 18, including:
    - displaying a stop light icon during said prompting, accepting and determining, said icon displaying a red light during said prompting, displaying a yellow light after said accepting first input data and while waiting for said determining whether the first input data matches the static password, and displaying a green light if it is determined that the first input data matches the static password.

32. An authentication system for a client, comprising:
- data processing resources, including a processor, memory and a communication interface;
  
  user account information stored in said memory, including for respective clients information a first “
  
  what user knows”
  
  authentication factor and information concerning a second “
  
  what user knows”
  
  authentication factor, where the information concerning one of the first and second “
  
  what user knows”
  
  authentication factors comprises a data set including a data set of data fields, data fields in said data set having respective positions in said data set and respective field contents;
  
  an authentication server adapted for execution by the data processing resources, including logic to prompt the client via the communication interface to provide the first “
  
  what user knows”
  
  authentication factor, logic to identify to the client via the communication interface, positions in said data set of a random partial subset of data fields from said data set;
  
  logic to accept input data from the client via the communication interface corresponding to said first “
  
  what user knows”
  
  authentication factor and corresponding to field contents for corresponding data fields in the random partial subset; and
  
  logic to determine whether the input data matches said first “
  
  what user knows”
  
  authentication factor and said field contents of corresponding data fields in the random partial subset.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41)
- - 33. The system of claim 32, wherein the authentication server includes logic which if the input data matches, signals successful authentication, and if the input data does not match, signals failed authentication.
  - 34. The system of claim 32, wherein the respective field contents for data fields in the data set include data based on a function known to the client of the respective positions of corresponding data fields in said data set.
  - 35. The system of claim 32, wherein the respective field contents for data fields in the data set include coordinates along a digitized path known to the client on a reference grid.
  - 36. The system of claim 32, including logic to present to the client a graphical input construct for entry of data corresponding to field contents of said random partial subset.
  - 37. The system of claim 32, wherein the respective field contents for data fields in said data set identify coordinates along a digitized path known to the client on a reference grid;
    - wherein said logic to identify includes a graphical user interface for presentation to the client, the graphical user interface including a representation of positions of data fields in said data set of said random partial subset, a representation of said reference grid having an array of indicators locations at coordinates in the reference grid, and input fields for inserting indicators from said array of indicators from coordinates identified by field contents of data fields at the positions in said data set of said random partial subset.
  - 38. The system of claim 32, including logic to provide a session timer, and logic to disable a client session if an elapsed time exceeds a threshold before an event in an authentication session.
  - 39. The system of claim 32, wherein said authentication server includes:
    - logic to display an icon to the client, said icon having a first state while said logic identifies positions of said random partial subset, a second state after said logic accepts input data and waits for said logic to determine whether the input data matches the random partial subset of said data set, and a third state if it is determined that the input data matches the random partial subset of said data set.
  - 40. The system of claim 32, including:
    - logic to display a stop light icon to the client, said icon displaying a red light while said logic identifies positions of said random partial subset, displaying a yellow light after said logic accepts input data and waits for said logic to determine whether the input data matches the random partial subset of said data set, and displaying a green light if it is determined that the input data matches the random partial subset of said data set.
  - 41. The system of claim 32, including:
    - logic to display a stop light icon displaying red, yellow and green light conditions to the client indicating progress of an authentication session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Authernative
Original Assignee
Authernative, Inc.
Inventors
Mizrah, Len L.

Application Number

US10/431,396
Publication Number

US 20040225880A1
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

G06F 21/46   by designing passwords or c...

G06Q 20/347   Passive cards

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4014   Identity check for transact...

G07C 9/33   by means of a password

G07F 7/10   together with a coded signa...

G07F 7/1075   PIN is checked remotely

H04L 63/08   for authentication of entit...

Strong authentication systems built on combinations of "what user knows" authentication factors

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

120 Citations

41 Claims

Specification

Use Cases

Quick Links

Others

Strong authentication systems built on combinations of "what user knows" authentication factors

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

120 Citations

41 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others