System and method for authenticating users using image selection

US 20040230843A1
Filed: 07/08/2004
Published: 11/18/2004
Est. Priority Date: 08/20/2003
Status: Abandoned Application

First Claim

Patent Images

1. A method for enrolling a password to be used in verifying the claimed identity of a user of a computer system, said method comprising:

displaying a plurality of individual images using a graphical display interface; and

generating a password responsive to a selection by a user of a sequence of said displayed images based on (i) the selected sequence of the images and (ii) the manner in which the images are selected from at least two selection styles.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A general-purpose method is provided for authenticating, i.e., verifying the claimed identity of, users of a computer system through the selection of a sequence of images from a displayed assembly of images. The method is based on the capability of computer systems to display and manipulate individual thumbnail images via a graphical user display interface. The method takes image sequences selected by a user and formulates a password that is dependent on both the sequence and style of their selection. To ease the users'"'"' burden of complying with organizational policy to change passwords after some period of time, the method allows the same image sequence to be used repeatedly in a password change dialogue, yet generate a completely different password value each time. A new method of “salting” passwords to make them less vulnerable is also provided.

Citations

21 Claims

1. A method for enrolling a password to be used in verifying the claimed identity of a user of a computer system, said method comprising:
- displaying a plurality of individual images using a graphical display interface; and
  
  generating a password responsive to a selection by a user of a sequence of said displayed images based on (i) the selected sequence of the images and (ii) the manner in which the images are selected from at least two selection styles.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. A method in accordance with claim 1 wherein input information used in the selection of the sequence of said displayed images is erased after input thereof and only a cryptographically protected form of the password is stored.
  - 3. A method in accordance with claim 1 wherein the images are presented in the form of a plurality of tiles on an area of a graphical interface window.
  - 4. A method in accordance with claim 3 wherein the tiles are presented in a regular pattern.
  - 5. A method in accordance with claim 4 wherein the tiles are grouped in a two-dimensional matrix.
  - 6. A method in accordance with claim 5 wherein the matrix includes a plurality of distinct visual images.
  - 7. A method in accordance with claim 5 wherein at least a plurality of the tiles of the matrix together form, as a mosaic, a composite visual image covering at least a portion of the plurality of tiles.
  - 8. A method in accordance with claim 1 wherein said selection styles comprise (i) individual selection wherein a single thumbnail image represents one element of an alphabet and (ii) paired selection wherein two thumbnail images are selected and linked together to form one element of an alphabet.
  - 9. A method in accordance with claim 1 wherein said images are converted into elements of an alphabet, concatenated to form a clear text value of the password.
  - 10. A method in accordance with claim 9 wherein a cryptographic hash is applied one or more times to the clear text value of password to form a cryptographically protected value of the password.
  - 11. A method in accordance with claim 10 wherein said cryptographically protected value of the password is registered, during a password enrollment, for subsequent password verification attempts.
  - 12. A method in accordance with claim 10 wherein said clear text value of the password is prepended or systematically embedded with one or more random salt values prior to applying of said cryptographic hash.
  - 13. A method in accordance with claim 1 wherein said images form an image matrix and the individual images of said image matrix are mapped, one-to-one, onto a value matrix of the same dimensions as the image matrix, which contains randomly assigned values selected from a set of binary values.
  - 14. A method in accordance with claim 13 wherein the particular assignment of random values to the value matrix is retained and remains constant from one authentication attempt to another and wherein elements of the value matrix are automatically updated during a password changeover and are randomly reassigned values from said set of binary values, such that the same image sequence, if reused, results in a different password.
  - 15. A method in accordance with claim 14 wherein the value matrix, including associated salt values used in computing the password, is retained along with (i) the cryptographically protected value of the password and (ii) the identifier of the image matrix from which individual images were selected.
  - 16. A method in accordance with claim 13 wherein the value matrix is used to hold individual random embedded salt values for forming each element of an alphabet wherein the elements of the alphabet are associated with said individual images.
  - 17. A method in accordance with claim 1 wherein selections of visual images are made based on a theme, which identifies a set of images to display, and a chosen sequence.
  - 18. A method in accordance with claim 1 wherein, after enrollment of a user and at the option of the user, said individual images are automatically shuffled between authentication attempts.
  - 19. A method in accordance with claim 1 wherein images are selected graphically using a pointing device.

20. A method for verifying the claimed identity of a user of a computer system, said method comprising:
- comparing (i) a sequence of individual visual images selected by a user as a visual password with (ii) a password previously enrolled based on a selected sequence of said visual images and stored in the computer system in a cryptographically protected form; and
  
  permitting access to the computer system when there is a match between the selected password and the previously enrolled password.

21. A method for enrolling a password to be used in verifying the claimed identity of a user of a computer system, said method comprising:
- displaying a plurality of individual images using a graphical display interface; and
  
  generating a password responsive to a selection by a user of a sequence of said displayed images, the individual images being presented in an image matrix and the individual images selected being mapped onto a value matrix populated with randomly assigned values selected from a set of binary values.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wayne Jansen
Original Assignee
Wayne Jansen
Inventors
Jansen, Wayne

Application Number

US10/886,417
Publication Number

US 20040230843A1
Time in Patent Office

Days
Field of Search
US Class Current

713/202
CPC Class Codes

G06F 21/36   by graphic or iconic repres...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2143   Clearing memory, e.g. to pr...

System and method for authenticating users using image selection

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for authenticating users using image selection

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links