System and method for user authentication
First Claim
1. A user authentication system designed to arrange a plurality of pattern elements in a given pattern format so as to create a presentation pattern to be presented to a user subject to authentication, and apply a one-time-password derivation rule serving as a password of said user to certain ones of the pattern elements included in said presentation pattern at specific positions so as to create a one-time password, said user authentication system comprising:
- an authentication server for managing respective user IDs and passwords of users of the system; and
an authentication-requesting client connected to said authentication server via a network, to serve as a terminal for allowing each of the users to request authentication therethrough,wherein said authentication server includes;
a password storage section pre-storing the user IDs and the one-time-password derivation rules of the users in associated relation with each other on a user-by-user basis;
pattern-seed-value generation means for generating, in accordance with a given generation rule, a pattern seed value adapted to be combined with one of the user IDs so as to allow a presentation pattern to be uniquely determined;
user-ID receiving means for receiving the user ID of the user subject to authentication, from the authentication-requesting client of said user; and
pattern-seed-value transmission means for transmitting said generated pattern seed value, to the authentication-requesting client of said user subject to authentication, andwherein said authentication-requesting client includes;
user-ID input means for allowing the user to enter his/her user ID therefrom;
user-ID transmission means for transmitting said entered user ID to said authentication server;
pattern-seed-value receiving means for receiving the transmitted pattern seed value transmitted from said authentication server;
pattern-element-sequence creation means for creating, based on said entered user ID and said received pattern seed value and in accordance with a given pattern-element-sequence creation rule, a pattern element sequence consisting of a set of pattern elements for forming a presentation pattern;
pattern display means for arranging the pattern elements included in said created pattern element sequence, in said given pattern format, to create the presentation pattern, and displaying said created presentation pattern on a screen;
one-time-password input means for allowing said user to enter therefrom a one-time password created as a result of applying said one-time-password derivation rule to the pattern elements included in said displayed presentation pattern; and
one-time-password transmission means for transmitting said entered one-time password to said authentication server of the user subject to authentication,wherein said authentication server further includes;
one-time-password receiving means for receiving said transmitted one-time password;
verification-code creation means for creating a verification code as a result of applying the one-time-password derivation rule corresponding to said received user ID, to certain pattern elements included in a presentation pattern formed from a pattern element sequence which is created based on said received user ID and said transmitted pattern seed value and in accordance with said given pattern-element-sequence creation rule; and
user authentication means for comparing said received one-time password with said created verification code, and successfully authenticating the user corresponding to said received user ID if they are identical to one another.
3 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is a user authentication system, which is designed to present a presentation pattern to a user subject to authentication, and apply a one-time-password derivation rule serving as a password of the user to certain pattern elements included in the presentation pattern at specific positions so as to create a one-time password. An authentication server is operable to generate a pattern seed value adapted to be combined with a user ID so as to allow a presentation pattern to be uniquely determined, and transmit the generated pattern seed value to an authentication-requesting client. The authentication-requesting client is operable to display a presentation pattern created based on an entered user ID and the received pattern seed value and in accordance with a given pattern-element-sequence creation rule, so as to allow the user to enter therein a one-time password, and transmit the entered one-time password to the authentication server. The authentication server is operable to duplicate the presentation pattern so as to create a verification code, and compare between the received one-time password and the created verification code, so as to carry out user authentication. The present invention provides a matrix authentication scheme capable of reducing the risk of password leakage.
-
Citations
10 Claims
-
1. A user authentication system designed to arrange a plurality of pattern elements in a given pattern format so as to create a presentation pattern to be presented to a user subject to authentication, and apply a one-time-password derivation rule serving as a password of said user to certain ones of the pattern elements included in said presentation pattern at specific positions so as to create a one-time password, said user authentication system comprising:
-
an authentication server for managing respective user IDs and passwords of users of the system; and an authentication-requesting client connected to said authentication server via a network, to serve as a terminal for allowing each of the users to request authentication therethrough, wherein said authentication server includes; a password storage section pre-storing the user IDs and the one-time-password derivation rules of the users in associated relation with each other on a user-by-user basis; pattern-seed-value generation means for generating, in accordance with a given generation rule, a pattern seed value adapted to be combined with one of the user IDs so as to allow a presentation pattern to be uniquely determined; user-ID receiving means for receiving the user ID of the user subject to authentication, from the authentication-requesting client of said user; and pattern-seed-value transmission means for transmitting said generated pattern seed value, to the authentication-requesting client of said user subject to authentication, and wherein said authentication-requesting client includes; user-ID input means for allowing the user to enter his/her user ID therefrom; user-ID transmission means for transmitting said entered user ID to said authentication server; pattern-seed-value receiving means for receiving the transmitted pattern seed value transmitted from said authentication server; pattern-element-sequence creation means for creating, based on said entered user ID and said received pattern seed value and in accordance with a given pattern-element-sequence creation rule, a pattern element sequence consisting of a set of pattern elements for forming a presentation pattern; pattern display means for arranging the pattern elements included in said created pattern element sequence, in said given pattern format, to create the presentation pattern, and displaying said created presentation pattern on a screen; one-time-password input means for allowing said user to enter therefrom a one-time password created as a result of applying said one-time-password derivation rule to the pattern elements included in said displayed presentation pattern; and one-time-password transmission means for transmitting said entered one-time password to said authentication server of the user subject to authentication, wherein said authentication server further includes; one-time-password receiving means for receiving said transmitted one-time password; verification-code creation means for creating a verification code as a result of applying the one-time-password derivation rule corresponding to said received user ID, to certain pattern elements included in a presentation pattern formed from a pattern element sequence which is created based on said received user ID and said transmitted pattern seed value and in accordance with said given pattern-element-sequence creation rule; and user authentication means for comparing said received one-time password with said created verification code, and successfully authenticating the user corresponding to said received user ID if they are identical to one another. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A user authentication method for use in a user authentication system designed to arrange a plurality of pattern elements in a given pattern format so as to create a presentation pattern to be presented to a user subject to authentication, and apply a one-time-password derivation rule serving as a password of said user to certain ones of the pattern elements included in said presentation pattern at specific positions so as to create a one-time password, said user authentication system including an authentication server adapted to manage respective user IDs and passwords of users of the system and connected via a network to an authentication-requesting client serving as a terminal for allowing each of the users to request authentication therethrough, said authentication server being operable, in response to an authentication request from said authentication-requesting client, to perform authentication, said user authentication method comprising the steps of:
-
pre-storing the user IDs and the one-time-password derivation rules of the users in associated relation with each other on a user-by-user basis in said authentication server; allowing the user subject to authentication to enter his/her user ID into the authentication-requesting client; transmitting said entered user ID from said authentication-requesting client to said authentication server; receiving said transmitted user ID from said authentication-requesting client, at said authentication server; allowing said authentication server to generate, in accordance with a given generation rule, a pattern seed value adapted to be combined with one of the user IDs so as to allow a presentation pattern to be uniquely determined; transmitting said generated pattern seed value from said authentication server to the authentication-requesting client of the user subject to authentication; receiving said transmitted pattern seed value from said authentication server, at said authentication-requesting client; allowing said authentication-requesting client to create, based on said entered user ID and said received pattern seed value and in accordance with a given pattern-element-sequence creation rule, a pattern element sequence consisting of a set of pattern elements for forming a presentation pattern; allowing said authentication-requesting client to arrange the pattern elements included in said created pattern element sequence, in said given pattern format, to create the presentation pattern, and display said created presentation pattern on a screen; allowing said user to enter a one-time password created as a result of applying said one-time-password derivation rule to the pattern elements included in the displayed presentation pattern, into said authentication-requesting client; transmitted said entered one-time password from said authentication-requesting client to said authentication server; receiving said transmitted one-time password from said authentication-requesting client, at said authentication server; allowing said authentication server to create a verification code as a result of applying the one-time-password derivation rule corresponding to said received user ID, to certain pattern elements included in a presentation pattern formed from a pattern element sequence which is created based on said received user ID and said transmitted pattern seed value and in accordance with said given pattern-element-sequence creation rule; and allowing said authentication server to compare said received one-time password with said created verification code, and successfully authenticate the user corresponding to said received user ID if they are identical to one another.
-
Specification