METHOD FOR IMPROVING SECURITY IN LOGIN AND SINGLE SIGN-ON PROCEDURES
First Claim
1. A method for improving clients'"'"' login and sign-on security in accessing services offered by service providers on shared network resources such as Internet and particularly from service providers working within the framework of the world wide web wherein a client in order to gain access to the goods and services offered by the service provider initiates a creation of an account in the client'"'"'s name at the service provider, wherein the client sends the service provider a chosen user name when receiving a message that an account has been created, wherein all communication in connection with transactions carried out between a client and a service provider takes place on shared network resources, and wherein the method is characterized by steps fora) initiating a procedure for creating a unique password for the client in response to a creation of an account in the name thereof by transmitting a request from the service provider to an authentication authority,b) enabling creation of a unique password for the client and storing the created password at the authentication authority,c) generating upon the client'"'"'s login to the account a number of strings of random characters, the number of strings being at least equal to the number of characters in the password and assigning each password character to a specific string, the strings being ordered following the sequence of characters in the password,d) transmitting the strings to the client and presenting the strings to the client in the manner that allows the latter to select each character of the password in a correct order from the respective strings,e) transmitting the client'"'"'s selection of the characters constituting the password as a positional code or image to the authentication authority for validating the password, andf) verifying the client'"'"'s password for the service provider thus enabling upon the verification of the password the client'"'"'s sign-on to the account with a service provider.
4 Assignments
0 Petitions
Accused Products
Abstract
In a method for improving client'"'"'s login and sign-on security in accessing services offered by service providers over shared network resources such as Internet and particularly working within the framework of the www, a password is created for the client at a first attempt to access the service provider. The client'"'"'s password is generated either at an authentication authority in trust relationship with the service provider and transmitted to the client, or the client is allowed to create his or her password on the basis of random character sequences transmitted from the authentication authority. For subsequent access to the service provider the authentication authority presents a client for characters in ordered sequences or in a diagram containing in an appropriate order a single occurrence of each password character. The client performs a selection of the password for validation and transmits the validation back to the authentication authority, which verifies the password and informs the service provider of the verification. In a most preferred embodiment the password characters are never transmitted between the authentication authority and the client in a validation and verification procedure, and the former is wholly disconnected from either the client'"'"'s credentials or any transactions subsequently to be undertaken between the service provider and the client.
-
Citations
10 Claims
-
1. A method for improving clients'"'"' login and sign-on security in accessing services offered by service providers on shared network resources such as Internet and particularly from service providers working within the framework of the world wide web wherein a client in order to gain access to the goods and services offered by the service provider initiates a creation of an account in the client'"'"'s name at the service provider, wherein the client sends the service provider a chosen user name when receiving a message that an account has been created, wherein all communication in connection with transactions carried out between a client and a service provider takes place on shared network resources, and wherein the method is characterized by steps for
a) initiating a procedure for creating a unique password for the client in response to a creation of an account in the name thereof by transmitting a request from the service provider to an authentication authority, b) enabling creation of a unique password for the client and storing the created password at the authentication authority, c) generating upon the client'"'"'s login to the account a number of strings of random characters, the number of strings being at least equal to the number of characters in the password and assigning each password character to a specific string, the strings being ordered following the sequence of characters in the password, d) transmitting the strings to the client and presenting the strings to the client in the manner that allows the latter to select each character of the password in a correct order from the respective strings, e) transmitting the client'"'"'s selection of the characters constituting the password as a positional code or image to the authentication authority for validating the password, and f) verifying the client'"'"'s password for the service provider thus enabling upon the verification of the password the client'"'"'s sign-on to the account with a service provider.
Specification