IMAGE BASED SHARED SECRET PROXY FOR SECURE PASSWORD ENTRY
First Claim
Patent Images
1. A system that enables obscuring a password entered upon an untrusted client, comprising:
- a data store that includes a set of user images; and
a shared-secret proxy that communicates traffic between the client and a login server, the shared-secret proxy prompts a user to obscure legitimate password characters amongst random characters within a character string based upon a sequence of images that includes the user images and random images.
2 Assignments
0 Petitions
Accused Products
Abstract
The claimed subject matter provides systems and/or methods that facilitate utilizing a shared secret to obscure a password within a sequence of characters. The sequence of characters can include the password as well as noise. The shared secret can leverage utilizing a set of known images that a user can uniquely distinguish from random images. By employing the imaged based shared secret, the user can login to a server from an untrusted machine suspected to be infected with spyware such as a keylogger that tracks user input.
-
Citations
20 Claims
-
1. A system that enables obscuring a password entered upon an untrusted client, comprising:
-
a data store that includes a set of user images; and a shared-secret proxy that communicates traffic between the client and a login server, the shared-secret proxy prompts a user to obscure legitimate password characters amongst random characters within a character string based upon a sequence of images that includes the user images and random images. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method that facilitates logging in a user from an untrusted client, comprising:
-
identifying a user based upon a url for a login server and a corresponding userid received from the client; retrieving a first set of images unique to the user and a second set of random images; and randomly generating a sequence of images that mixes the first and second sets of images, the sequence of images prompts the user to enter an obscured sequence of characters from the client. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A system that enables deciphering a login password from a character string including noise, comprising:
-
means for randomly generating a sequence of images that includes a set of user images and a set of random images; and means for identifying password characters from an obscured character string obtained from a client based upon the sequence of images. - View Dependent Claims (20)
-
Specification