IMAGE BASED SHARED SECRET PROXY FOR SECURE PASSWORD ENTRY

US 20080320310A1
Filed: 06/21/2007
Published: 12/25/2008
Est. Priority Date: 06/21/2007
Status: Active Grant

First Claim

Patent Images

1. A system that enables obscuring a password entered upon an untrusted client, comprising:

a data store that includes a set of user images; and

a shared-secret proxy that communicates traffic between the client and a login server, the shared-secret proxy prompts a user to obscure legitimate password characters amongst random characters within a character string based upon a sequence of images that includes the user images and random images.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The claimed subject matter provides systems and/or methods that facilitate utilizing a shared secret to obscure a password within a sequence of characters. The sequence of characters can include the password as well as noise. The shared secret can leverage utilizing a set of known images that a user can uniquely distinguish from random images. By employing the imaged based shared secret, the user can login to a server from an untrusted machine suspected to be infected with spyware such as a keylogger that tracks user input.

Citations

20 Claims

1. A system that enables obscuring a password entered upon an untrusted client, comprising:
- a data store that includes a set of user images; and
  
  a shared-secret proxy that communicates traffic between the client and a login server, the shared-secret proxy prompts a user to obscure legitimate password characters amongst random characters within a character string based upon a sequence of images that includes the user images and random images.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, the shared-secret proxy further comprises a registration component that prepares a user account including a url, userid pair that uniquely identifies the set of user images.
  - 3. The system of claim 1, wherein each user image in the set of user images is uniquely identifiable by the user as compared to the random images.
  - 4. The system of claim 1, the data store deletes a password yielded from the character string after a predetermined amount of time.
  - 5. The system of claim 1, the shared-secret proxy further comprises a randomized selection component that randomly generates the sequence of images for a login attempt.
  - 6. The system of claim 1, the shared-secret proxy further comprises a decipher component that distinguishes legitimate password characters from random characters in the character string based upon the sequence of images to determine a password.
  - 7. The system of claim 6, the shared-secret proxy forwards the password to the login server.
  - 8. The system of claim 6, the shared-secret proxy further comprises a pre-populated reattempt component that enables sending back the character string and the corresponding sequence of images to the client to prompt the user to update a subset of the characters in the character string to reattempt logging in to the login server upon login failure.
  - 9. The system of claim 1, the shared-secret proxy further comprises a webserver that extracts a true password embedded in junk characters from the character string.
  - 10. The system of claim 1, the shared-secret proxy further comprises a proxy that alters requests and responses communicated between the client and the login server.
  - 11. The system of claim 1, the set of user images includes L images, where L is greater than a longest password of the user.
  - 12. The system of claim 1, wherein K random images are included in the sequence of images for every user image, where K is an integer.

13. A method that facilitates logging in a user from an untrusted client, comprising:
- identifying a user based upon a url for a login server and a corresponding userid received from the client;
  
  retrieving a first set of images unique to the user and a second set of random images; and
  
  randomly generating a sequence of images that mixes the first and second sets of images, the sequence of images prompts the user to enter an obscured sequence of characters from the client.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The method of claim 13, further comprising:
    - transmitting the sequence of images to the client;
      
      receiving an obscured sequence of characters from the client;
      
      unmapping the obscured sequence of characters based upon the sequence of images to decipher a password; and
      
      forwarding the password to the login server.
  - 15. The method of claim 14, further comprising:
    - temporarily storing the password; and
      
      deleting the password after a predetermined amount of time.
  - 16. The method of claim 13, further comprising:
    - receiving a notification that a login attempt failed;
      
      sending the randomly generated sequence of images and a corresponding sequence of inputted characters previously inputted at the client back to the client;
      
      receiving an updated sequence of inputted characters from the client;
      
      unmapping the updated sequence of inputted characters based upon the randomly generated sequence of images to decipher a password; and
      
      reattempting to login with the password.
  - 17. The method of claim 13, further comprising setting up a user account with a shared-secret proxy.
  - 18. The method of claim 17, further comprising:
    - initializing a user account based upon a url of a login server and a userid;
      
      receiving uploaded user images from a trusted client; and
      
      storing the uploaded user images in memory that corresponds to the user account to form a shared secret that enables subsequent obscuring and unobscuring of a password from an untrusted client.

19. A system that enables deciphering a login password from a character string including noise, comprising:
- means for randomly generating a sequence of images that includes a set of user images and a set of random images; and
  
  means for identifying password characters from an obscured character string obtained from a client based upon the sequence of images.
- View Dependent Claims (20)
- - 20. The system of claim 19, further comprising means for identifying a user based upon a url for a login server and a corresponding userid received from the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Herley, Cormac E., Florencio, Dinei A.

Granted Patent

US 8,281,147 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/184
CPC Class Codes

G06F 21/31   User authentication

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

IMAGE BASED SHARED SECRET PROXY FOR SECURE PASSWORD ENTRY

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

IMAGE BASED SHARED SECRET PROXY FOR SECURE PASSWORD ENTRY

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links