METHOD AND SYSTEM FOR MANAGING USER LOGIN BEHAVIOR ON AN ELECTRONIC DEVICE FOR ENHANCED SECURITY

US 20140165169A1
Filed: 12/10/2012
Published: 06/12/2014
Est. Priority Date: 12/10/2012
Status: Active Grant

First Claim

Patent Images

1. A method for managing user login behavior on an electronic device, the method comprising:

receiving, by an electronic device, information relating to an entered password having a plurality of second characters of a plurality of characters, wherein the entered password is different from a defined password associated with a user and having a plurality of first characters of the plurality of characters;

identifying, by the electronic device and for at least one second character of the entered password, at least one alternative character of the plurality of characters based on a location of a key corresponding to a second character of the at least one second characters on a keyboard used to enter the entered password, wherein the keyboard includes a plurality of keys corresponding to the plurality of characters;

generating, by the electronic device, a variation of the entered password by replacing the at least one second character with an alternative character of the at least one second character; and

determining, by the electronic device, that the entered password is valid when information relating to the variation of the entered password matches information relating to the defined password.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Security is enhanced for a user of an electronic device by providing a method for managing user login behavior. When an entered password that is different from a defined password is received, the method includes identifying alternative characters for at least one character of the entered password based on a location of a key corresponding to the character of the entered password on a keyboard used to enter the password. When the alternative characters are identified, a variation of the entered password is generated by replacing a character of the entered password with an alternative character of the character. When information relating to the variation matches information relating to the defined password, the entered password is determined to be valid.

35 Citations

View as Search Results

31 Claims

1. A method for managing user login behavior on an electronic device, the method comprising:
- receiving, by an electronic device, information relating to an entered password having a plurality of second characters of a plurality of characters, wherein the entered password is different from a defined password associated with a user and having a plurality of first characters of the plurality of characters;
  
  identifying, by the electronic device and for at least one second character of the entered password, at least one alternative character of the plurality of characters based on a location of a key corresponding to a second character of the at least one second characters on a keyboard used to enter the entered password, wherein the keyboard includes a plurality of keys corresponding to the plurality of characters;
  
  generating, by the electronic device, a variation of the entered password by replacing the at least one second character with an alternative character of the at least one second character; and
  
  determining, by the electronic device, that the entered password is valid when information relating to the variation of the entered password matches information relating to the defined password.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 26, 27, 28)
- - 2. The method of claim 1 wherein a first key on the keyboard corresponds to a second character of the entered password and a second key corresponding to an alternative character for the second character is located within a defined distance on the keyboard from the first key.
  - 3. The method of claim 2 wherein the defined distance is one adjacent key, and the second key is located immediately adjacent to the first key on the keyboard.
  - 4. The method of claim 2 wherein the defined distance is one adjacent key or one diagonal key, and the second key is located immediately adjacent to or immediately diagonal to the first key on the keyboard.
  - 5. The method of claim 1 further comprising providing an entry error value that defines a maximum number of acceptable mistakes allowed in the entered password.
  - 6. The method of claim 5 wherein the entry error value is provided by at least one of the user and an administrator.
  - 7. The method of claim 1 wherein the electronic device is an electronic client device associated with the user, and wherein the electronic client device stores the defined password.
  - 8. The method of claim 7 wherein the entered password is determined to be valid when each of the plurality of first characters of the defined password either matches a corresponding second character in a corresponding position of the entered password or matches an alternative character of the corresponding second character.
  - 9. The method of claim 8 further comprising determining that the entered password is invalid when a first character both fails to match a corresponding second character in a corresponding position of the entered password and fails to match all alternative characters of the corresponding second character.
  - 10. The method of claim 8 further comprising providing an entry error value that defines a maximum number of acceptable mistakes allowed in the entered password, wherein an acceptable mistake is one where an alternative character of a second character matches a first character in a corresponding position of the defined password.
  - 11. The method of claim 10 wherein the entry error value is an error ratio of the maximum number of acceptable mistakes to a length of the defined password so that the maximum number of acceptable mistakes varies proportionally with the length of the defined password.
  - 12. The method of claim 10 further comprising determining that the entered password is invalid when a number of alternative characters matching a first character is greater than the maximum number of acceptable mistakes.
  - 13. The method of claim 7 further comprising providing an entry error value that defines a maximum number of acceptable mistakes allowed in the entered password, wherein the entry error value is an adjustable value based on a degree of movement detected in the electronic client device.
  - 14. The method of claim 7 wherein when any variation of the entered password fails to match the defined password, the method further comprises:
    - calculating an edit distance between the defined password and the entered password, wherein the edit distance is a sum of edit weights corresponding to at least one error, wherein an edit weight corresponding to a substitution error having no association with an alternative character is equal to a first weight greater than one (1), and wherein an edit weight corresponding to each of an insertion error, a transposition error, a deletion error, and a substitution error having an association with an alternative character is equal to one (1); and
      
      determining that the entered password is valid when the edit distance is at most equal to the first weight.
  - 15. The method of claim 1 wherein the electronic device is an electronic client device, the method further comprises:
    - generating, by the electronic client device, a first hash value corresponding to the entered password;
      
      transmitting, by the electronic client device, the first hash value to a server, wherein the server stores a second hash value corresponding to the defined password associated with the user;
      
      receiving, by the electronic client device from the server, the second hash value when the first hash value fails to match the second hash value; and
      
      generating, by the electronic client device, a third hash value corresponding to the variation of the entered password, wherein the entered password is determined to be valid when the third hash value corresponding to the variation of the entered password matches the second hash value.
  - 16. The method of claim 15 further comprising providing an entry error value that defines a maximum number of acceptable mistakes allowed in the entered password, and determining that the entered password is invalid when a number of replaced second characters is greater than the entry error value.
  - 17. The method of claim 15 further comprising determining that the entered password is invalid when the third hash value corresponding to all variations of the entered password fail to match the second hash value.
  - 18. The method of claim 1 wherein the electronic device is an electronic server device that stores information relating to the defined password and that receives the entered password from an electronic client device, wherein the method further comprises:
    - receiving, by the server from the electronic client device, information identifying at least one keyboard layout corresponding to at least one keyboard provided by the electronic client device and used to generate the entered password,wherein the server device identifies the at least one alternative character for each of the second characters of the entered password based on the at least one keyboard layout, generates the variation of the entered password by replacing at least one second character with an alternative character of the at least one second character, and determines that the entered password is valid when information relating to the variation of the entered password matches the stored information relating to the defined password.
  - 19. The method of claim 18 wherein the information relating to the defined password is a hash value of the defined password and wherein after generating the variation of the entered password, the method includes generating a second hash value corresponding to the variation of the entered password.
  - 20. The method of claim 19 wherein the entered password is determined to be valid when the hash value of the defined password matches the second hash value corresponding to the variation of the entered password.
  - 21. The method of claim 18 wherein the information relating to the defined password is the defined password, and wherein the method further comprises determining that the entered password is invalid when a second character of the entered password and all alternative characters of the second character fail to match a corresponding first character in a corresponding position of the defined password.
  - 22. The method of claim 21 further comprising:
    - calculating an edit distance between the defined password and the entered password, wherein the edit distance is a sum of edit weights corresponding to at least one error, wherein an edit weight corresponding to a substitution error having no association with an alternative character is equal to a first weight greater than one (1), and wherein an edit weight corresponding to each of an insertion error, a transposition error, a deletion error, and a substitution error having an association with an alternative character is equal to one (1); and
      
      determining that the entered password is valid when the edit distance is at most equal to the first weight.
  - 26. The method of claim 1 wherein the replaced at least one second character is a letter, number, or punctuation.
  - 27. The method of claim 1 comprising:
    - after the step of determining, by the electronic device, that the entered password is valid when information relating to the variation of the entered password matches information relating to the defined password, allowing, using the entered password, access to a service protected by the previously defined password.
  - 28. The method of claim 1 wherein the variation of the entered password that matches information relating to the defined password is a first variation of the defined password, andwherein access to a service protected by the defined password is permitted with the defined password and the first variation of the defined password.

23. A method for managing user login behavior on an electronic client device including a keyboard having a plurality of keys corresponding to a plurality of characters, the method comprising:
- storing, on the electronic client device associated with a user, information relating to a password defined by the user, wherein the defined password includes a plurality of first characters of the plurality of characters;
  
  receiving, by the electronic device, an entered password having a plurality of second characters of the plurality of characters, wherein the entered password is different from the defined password;
  
  identifying, by the electronic client device and for at least one second character, at least one alternative character of the plurality of characters based on a location of a key corresponding to a second character of the at least one second characters on a keyboard used to enter the entered password;
  
  generating, by the electronic client device, a variation of the entered password by replacing the at least one second character with an alternative character of the at least one second character; and
  
  determining, by the electronic client device, that the entered password is valid when each of the plurality of first characters either matches a corresponding second character in a corresponding position of the entered password or matches an alternative character of the corresponding second character.

24. A method for managing user login behavior on an electronic client device including a keyboard having a plurality of keys corresponding to a plurality of characters, the method comprising:
- receiving, by the electronic client device associated with a user, an entered password having a plurality of second characters of a plurality of characters;
  
  generating, by the electronic client device, a first hash value corresponding to the entered password;
  
  transmitting, by the electronic client device, the first hash value to a server, wherein the server stores a second hash value corresponding to a password defined by the user, the defined password having a plurality of first characters of the plurality of characters;
  
  receiving, by the electronic client device, the second hash value from the server when the first hash value fails to match the second hash value;
  
  identifying, by the electronic client device and for at least one second character of the entered password, at least one alternative character of the plurality of characters based on a location of a key corresponding to a second character of the at least one second characters on a keyboard used to enter the entered password;
  
  generating, by the electronic client device, a variation of the entered password by replacing the at least one second character with an alternative character of the at least one second character;
  
  generating, by the electronic client device, a third hash value corresponding to the variation of the entered password; and
  
  determining, by the electronic client device, that the entered password is valid when the third hash value corresponding to the variation of the entered password matches the second hash value.

25. A method for managing user login behavior at a server, the method comprising:
- storing, on a server, information relating to a password defined by and associated with a user, wherein the defined password includes a plurality of first characters of a plurality of characters;
  
  receiving, by the server, an entered password from an electronic client device, the entered password having a plurality of second characters of the plurality of characters;
  
  receiving, by the server from the electronic client device, information identifying at least one keyboard layout corresponding to at least one keyboard provided by the electronic client device and used to generate the entered password;
  
  identifying, by the server and for at least one second character, at least one alternative character of the plurality of characters based on the at least one keyboard layout;
  
  generating, by the server, a variation of the entered password by replacing at least one second character with an alternative character of the at least one second character; and
  
  determining, by the server, that the entered password is valid when information relating to the variation of the entered password matches the information relating to the defined password.

29. A method comprising:
- receiving an entered password input through a keyboard, the entered password comprising a plurality of first characters;
  
  retrieving a defined password comprising a plurality of second characters, the defined password being different from the entered password because a first character of the entered password does not match a second character in a corresponding position of the defined password; and
  
  if a location on the keyboard for the first character of the entered password is adjacent to a location on the keyboard for the second character of the defined password, determining that access should be permitted.
- View Dependent Claims (30, 31)
- - 30. The method of claim 29 wherein the step of determining that access should be permitted comprises:
    - allowing, using the entered password, access to a service protected by the defined password.
  - 31. The method of claim 29 wherein when the location on the keyboard for the first character of the entered password is adjacent to the location on the keyboard for the second character of the defined password, the entered password is a first variation of the defined password, andwherein access to a service protected by the defined password is permitted with the defined password and the first variation of the defined password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lookout Incorporated
Original Assignee
Lookout Incorporated
Inventors
Buck, Brian James

Granted Patent

US 9,305,150 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06F 21/31   User authentication

G06F 21/46   by designing passwords or c...

H04L 63/06   for supporting key manageme...

H04L 63/083   using passwords cryptograph...

H04L 63/123   received data contents, e.g...

METHOD AND SYSTEM FOR MANAGING USER LOGIN BEHAVIOR ON AN ELECTRONIC DEVICE FOR ENHANCED SECURITY

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

35 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR MANAGING USER LOGIN BEHAVIOR ON AN ELECTRONIC DEVICE FOR ENHANCED SECURITY

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links