Authentication system and method based upon random partial digitized path recognition

US 20040225899A1
Filed: 05/07/2003
Published: 11/11/2004
Est. Priority Date: 05/07/2003
Status: Active Grant

First Claim

Patent Images

1. An interactive method for authentication of a client, comprising:

storing a data set in a memory, the data set including a plurality of data fields having respective positions in said data set and having field contents identifying coordinates along a digitized path known to the client on a frame of reference;

identifying to the client via a data communication medium, positions of a random partial subset of data fields in said data set;

accepting input data from the client via a data communication medium, corresponding to coordinates along said digitized path identified by data fields in the random partial subset of said data set; and

determining whether the input data matches the coordinates identified by the field contents of data fields in the random partial subset.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication server provides a clue to a client indicating a random partial subset of a full pattern that characterizes a full digitized path on a frame of reference, and the client enters a data to fulfill an authentication factor suggested by the clue. The full pattern consists of an ordered set of data fields, which store parameters that specify the full digitized path on a reference grid for recognition. The server presents an instance of a graphical representation of the frame of reference, including an array of random indicators at data field coordinates in the frame of reference. The server accepts indicators from the array of indicators corresponding to coordinates along said digitized path identified by the random partial subset as input data to fulfill the authentication factor.

Citations

41 Claims

1. An interactive method for authentication of a client, comprising:
- storing a data set in a memory, the data set including a plurality of data fields having respective positions in said data set and having field contents identifying coordinates along a digitized path known to the client on a frame of reference;
  
  identifying to the client via a data communication medium, positions of a random partial subset of data fields in said data set;
  
  accepting input data from the client via a data communication medium, corresponding to coordinates along said digitized path identified by data fields in the random partial subset of said data set; and
  
  determining whether the input data matches the coordinates identified by the field contents of data fields in the random partial subset.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method of claim 1, including if the input data matches, signaling successful authentication, and if the input data does not match, signaling failed authentication.
  - 3. The method of claim 1, including presenting an instance of a graphical representation of the frame of reference, including an array of indicators at coordinates in the frame of reference, and wherein said input data includes said indicators.
  - 4. The method of claim 1, including presenting an instance of a graphical representation of the frame of reference, including an array of indicators at coordinates in the frame of reference, and wherein said input data includes said indicators, wherein said indicators comprise alphanumeric characters.
  - 5. The method of claim 1, including presenting an instance of a graphical representation of the frame of reference, including an array of indicators at coordinates in the frame of reference, and said input data includes said indicators, wherein said indicators are randomly or pseudo-randomly generated by a server so that the instance presented uses different indicators than are used in other instances of the graphical representation.
  - 6. The method of claim 1, including presenting to the client from a server via a data communication medium, an input construct for entry of data corresponding to field contents of said random partial subset of data fields from the data set, and wherein said accepting input data from the client includes accepting data based on said input construct.
  - 7. The method of claim 1, including presenting to the client from a server via a data communication medium, a graphical user interface including an input construct facilitating input of data corresponding to said positions by the client, wherein said input construct comprises an instance of said frame of reference having an array of indicators at coordinates in the frame of reference, and input fields for inserting indicators from said array of indicators corresponding to said random partial subset.
  - 8. The method of claim 1, including presenting to the client an input construct for account set up, and accepting data from the client based on the input construct, to set field contents for the data fields in the data set.
  - 9. The method of claim 1, including presenting to the client an input construct for account set up, and accepting data from the client based on the input construct, to set field contents for the data fields in the data set, wherein the input construct includes a graphical representation of said frame of reference.
  - 10. The method of claim 1, wherein said digitized path on the frame of reference includes a first set of coordinates, and a sequence of additional sets of coordinates in an order, and wherein the field contents of data fields in said data set respectively identify the first set of coordinates and the additional sets of coordinates, and the positions of data fields in said data set correspond to said order.
  - 11. The method of claim 1, wherein said digitized path includes a first set of coordinates, and a sequence of additional sets of coordinates in an order, wherein said first set of coordinates and said sequence of additional sets of coordinates consist of a continuous digitized path on said frame of reference.
  - 12. The method of claim 1, wherein said digitized path includes a first set of coordinate, and a sequence of additional sets of coordinates in an order, wherein said first set of coordinates and said sequence of additional sets of coordinates consist of a non-continuous digitized path on said frame of reference.
  - 13. The method of claim 1, wherein said digitized path on the frame of reference has a predetermined number of sets of coordinates, and includes a first set of coordinates, and a sequence of additional sets of coordinates in an order set by the client to define the full digitized path.
  - 14. The method of claim 1, including selecting instances of said random partial subset at a server, wherein said instances include a variable number of positions of data fields in said data set.
  - 15. The method of claim 1, including identifying positions of data fields for a plurality of random partial subsets of said data set.
  - 16. The method of claim 1, including providing a session timer, and including disabling a client session if an elapsed time exceeds a threshold before an authentication event in a client session.
  - 17. The method of claim 1, including:
    - displaying an icon during said identifying, accepting and determining, said icon having a first state during said identifying, a second state after said accepting, and a third state after said determining.
  - 18. The method of claim 1, including:
    - displaying a stop light icon during said identifying, accepting and determining, said icon displaying a red light during said identifying, displaying a yellow light after said accepting, and displaying a green light after said determining.
  - 19. The method of claim 1, wherein said client provides input data in a client system coupled to communication media.
  - 20. The method of claim 1, wherein said client provides input data in a client system, including a browser coupled to communication media.
  - 21. The method of claim 1, including:
    - detecting an attempt to access a network resource by the user;
      
      presenting, in response to the detected attempt to access a protected network resource, an interface to the client via a data communication medium, the interface supporting said indicating and said accepting; and
      
      if the input data matches, signaling authentication of the client.
  - 22. The method of claim 21, wherein said interface includes an instance of a graphical representation of the frame of reference, including an array of indicators at coordinates in the frame of reference, and said input data includes said indicators.

23. An authentication system for a client, comprising:
- data processing resources, including a processor, memory and a communication interface;
  
  user account information stored in said memory, including for respective clients a data set including a plurality of data fields having respective positions in said data set and having field contents identifying coordinates along a full digitized path known to the client on a frame of reference;
  
  an authentication server adapted for execution by the data processing resources, including logic to identify to the client via the communication interface, positions in said data set of a random partial subset of data fields from said data set, logic to accept input data from the client via the communication interface, corresponding to coordinates identified by field contents of data fields in the random partial subset, and logic to determine whether the input data matches the field contents of corresponding data fields in the random partial subset.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 24. The system of claim 23, wherein the authentication server includes logic which if the input data matches, signals successful authentication, and if the input data does not match, signals failed authentication.
  - 25. The system of claim 23, wherein the authentication server includes logic to present an instance of a graphical representation of the frame of reference, including an array of indicators at coordinates in the frame of reference, and said input data includes said indicators.
  - 26. The system of claim 23, wherein the authentication server includes logic to present an instance of a graphical representation of the frame of reference, including an array of indicators at coordinates in the frame of reference, and said input data includes said indicators, wherein said indicators comprise alphanumeric characters.
  - 27. The system of claim 23, wherein the authentication server includes logic to present an instance of a graphical representation of the frame of reference, including an array of indicators at coordinates in the frame of reference, and said input data includes said indicators, and logic to randomly or pseudo-randomly generate said array of indicators so that the instance presented uses different indicators than are used in other instances of the graphical representation.
  - 28. The system of claim 23, wherein the authentication server includes logic to present a graphical user interface including an input construct facilitating input of data corresponding to said data field positions by the client, wherein said input construct comprises an instance of said frame of reference having an array of indicators at coordinates in the frame of reference, and input fields for inserting indicators from said array of indicators corresponding to said random partial subset.
  - 29. The system of claim 23, including logic to present to the client an input construct for account set up, and to accept data from the client based on the input construct, to set field contents for the data fields in said data set, wherein the input construct includes an instance of said frame of reference.
  - 30. The system of claim 23, wherein said a full digitized path on the frame of reference includes a first set of coordinates, and a sequence of additional sets of coordinates in an order, and wherein the field contents of data fields in said data set respectively identify the first set of coordinates and the additional sets of coordinates, and the positions of data fields in said data set correspond to said order.
  - 31. The system of claim 23, wherein said digitized path includes a first set of coordinates, and a sequence of additional sets of coordinates in an order, wherein said first set of coordinates and said sequence of additional sets of coordinates consist of a continuous digitized path on said frame of reference.
  - 32. The system of claim 23, wherein said digitized path includes a first set of coordinate, and a sequence of additional sets of coordinates in an order, wherein said first set of coordinates and said sequence of additional sets of coordinates consist of a non-continuous digitized path on said frame of reference.
  - 33. The system of claim 23, wherein said full digitized path on the frame of reference characterized by a predetermined number of sets of coordinates, and includes a first set of coordinates, and a sequence of additional sets of coordinates in an order set by the client to define the digitized path.
  - 34. The system of claim 23, wherein the authentication server includes logic to generate instances of said random partial subset, wherein said instances include a variable number of positions of data fields in said data set.
  - 35. The system of claim 23, wherein the authentication server includes logic to identify positions of data fields for a plurality of random partial subsets of said data set in a client session.
  - 36. The system of claim 23, including logic to present to the client an input construct for account set up, and to accept data from the client based on the input construct, to set field contents for the data fields in the data set.
  - 37. The system of claim 23, including logic to present to the client a graphical input construct for entry of field contents of said random subset of data fields.
  - 38. The system of claim 23, including logic to provide a session timer, and logic to disable a client session if an elapsed time exceeds a threshold before an authentication event in client session.
  - 39. The system of claim 23, wherein said authentication server includes logic to display an icon, said icon having a first state during an initial stage of a client session, a second state after accepting input data, and a third state after determining whether the input data matches.
  - 40. The system of claim 23, wherein said authentication server includes logic to display a stop light icon, said icon displaying a red light during an initial stage of a client session, displaying a yellow light after accepting input data, and displaying a green light after determining whether the input data matches.

41. An article storing computer programs supporting an authentication system for a client, comprising:
- a machine readable data storage medium storing user account information, including for respective clients a data set including a plurality of data fields having respective positions in said data set and having field contents identifying coordinates along a digitized path known to the client on a frame of reference, and a machine readable data storage medium storing computer programs executable by a data processor including logic to identify to the client via the communication interface, positions in said data set of a random partial subset of data fields from said data set, logic to accept input data from the client via the communication interface, corresponding to coordinates identified by field contents of data fields in the random partial subset, and logic to determine whether the input data matches the field contents of corresponding data fields in the random partial subset.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Authernative
Original Assignee
Authernative, Inc.
Inventors
Mizrah, Len L.

Granted Patent

US 7,073,067 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/202
CPC Class Codes

G06F 21/31 User authentication

Authentication system and method based upon random partial digitized path recognition

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication system and method based upon random partial digitized path recognition

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links