POINT AND CLICK AUTHENTICATION

US 20200134160A1
Filed: 10/15/2019
Published: 04/30/2020
Est. Priority Date: 10/24/2018
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a first access request identifying a protected resource from a client device, the first access request including an identifier;

generating a first interface that includes a plurality of graphical objects for presentation at random locations on a display of the client device as defined by a first object map, the plurality of graphical objects including a null object and a set of user-defined objects associated with the identifier that define a graphical password;

receiving input data including an input event for each interaction with the first interface that the client device detects, the input event for each interaction identifying a position on the display at which a corresponding interaction was detected;

determining that the input data satisfies the graphical password using the first object map; and

in response to determining that the input data satisfies the graphical password, granting access to the protected resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for multi-factor authentication using graphical passwords. An access request that includes an identifier and which identifies a protected resource is received from a client device. An interface is generated having a plurality of graphical objects for presentation at random locations on a display of the client device as defined by an object map. The plurality of graphical objects include a null object and a set of user-defined objects associated with the identifier that define a graphical password. Input data including an input event for each detected interaction with the interface is received. Each input event identifies a position on the display at which a corresponding interaction was detected. Using the object map, it is determined that the input data satisfies the graphical password. Access to the protected resource is granted in response to determining that the input data satisfies the graphical password.

Citations

20 Claims

1. A method comprising:
- receiving a first access request identifying a protected resource from a client device, the first access request including an identifier;
  
  generating a first interface that includes a plurality of graphical objects for presentation at random locations on a display of the client device as defined by a first object map, the plurality of graphical objects including a null object and a set of user-defined objects associated with the identifier that define a graphical password;
  
  receiving input data including an input event for each interaction with the first interface that the client device detects, the input event for each interaction identifying a position on the display at which a corresponding interaction was detected;
  
  determining that the input data satisfies the graphical password using the first object map; and
  
  in response to determining that the input data satisfies the graphical password, granting access to the protected resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein determining that the input data satisfies the graphical password using the first object map comprises:
    - evaluating the position on the display of each input event using the first object map; and
      
      determining, based on the evaluated position of each input event, that each user-defined object defining the graphical password was selected without selecting the null object.
  - 3. The method of claim 1, wherein determining that the input data satisfies the graphical password using the first object map comprises:
    - evaluating the position on the display of each input event using the first object map; and
      
      determining, based on the evaluated position on the display of each input event that each user-defined object defining the graphical password was selected in a specified order without selecting the null object.
  - 4. The method of claim 1, further comprising:
    - receiving a second access request including the identifier; and
      
      in response, generating a second interface that includes the set of user-defined objects for presentation at random positions on the display of the client device as defined by a second object map,wherein the first object map and the second object map define different positions on the display for at least one user-defined object among the set of user-defined objects.
  - 5. The method of claim 1, further comprising:
    - prior to granting access to the protected resource, activating a password input field of the interface in response to determining that the input data satisfies the graphical password.
  - 6. The method of claim 1, wherein each user-defined object among the set of user-defined objects share a common visual attribute.
  - 7. The method of claim 1, wherein at least one user-defined object among the set of user-defined objects is a custom object submitted by a user of the client device.
  - 8. The method of claim 1, wherein at least one user-defined object among the set of user-defined objects includes image data obtained using an image sensor of the client device.
  - 9. The method of claim 1, wherein at least one user-defined object among the set of user-defined objects is a template object selected from among a plurality of template objects stored on a host server.
  - 10. The method of claim 1, wherein granting access to the protected resource comprises:
    - sending an access token to the client device that the client device sends to a host server storing the protected resource.
  - 11. The method of claim 1, wherein granting access to the protected resource comprises:
    - generating a session in a memory space of a host server that enables the client device to access the protected resource.

12. A system comprising:
- an electronic device with a display;
  
  a processor; and
  
  a computer-readable storage medium comprising instructions that upon execution by the processor cause the system to perform operations, the operations comprising;
  
  sending an access request identifying a protected resource to an access service associated with a host server, the access request including an identifier;
  
  in response, receiving an interface from the access service that includes a plurality of graphical objects for presentation on the display;
  
  recording an input event for each detected interaction with the interface while presenting the interface on the display, each input event identifying a position on the display at which a corresponding interaction was detected;
  
  sending input data including each recorded input event to the access service; and
  
  receiving access to the protected resource when the access service determines that the input data satisfies a graphical password using an object map that defines randomly assigned positions for presenting the plurality of graphical objects on the display, the graphical password defined by a set of user-defined objects included among the plurality of graphical objects.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The system of claim 12, wherein the graphical password is further defined by a sequence-based criterion that specifies an order for selecting each user-defined object among the set of user-defined objects.
  - 14. The system of claim 12, wherein the graphical password is further defined by a behavior-based criterion that specifies a characteristic of an interaction for selecting at least one user-defined object among the set of user-defined objects.
  - 15. The system of claim 12, wherein the interface includes a password input field in an inactive state, and wherein the instructions, when executed, further cause the system to perform additional operations, the additional operations comprising:
    - prior to receiving access to the protected resource, receiving data from the access service that transitions the password input field from the inactive state to an active state when the access service determines that the input data satisfies the graphical password.
  - 16. The system of claim 12, wherein the access request further includes a password associated with the identifier, and the access service validates the password prior to sending the interface.
  - 17. The system of claim 12, wherein the interface is associated with an application executing on the host server.
  - 18. The system of claim 12, wherein receiving access to the protected resource comprises:
    - receiving an access token from the access service for inclusion in subsequent requests sent to the host server.
  - 19. The system of claim 12, wherein receiving access to the protected resource comprises:
    - receiving a session identifier from the access service corresponding to a session in a memory space of the host server that enables access to the protected resource.

20. A non-transitory computer-readable storage medium, storing program instructions that upon execution by a processor of a computing device, cause the computing device to perform operations comprising:
- at an access service associated with a host server;
  
  receiving an access request identifying a protected resource from a client device, the access request including an identifier;
  
  generating an interface that includes a plurality of graphical objects for presentation at random positions on a display of the client device as defined by an object map, the plurality of graphical objects including a null object and a set of user-defined objects associated with the identifier that define a graphical password;
  
  receiving input data including an input event for each interaction with the interface that the client device detects, each input event identifying a position on the display at which a corresponding interaction was detected;
  
  determining whether the input data satisfies the graphical password using the object map; and
  
  in accordance with a determination that the input data satisfies the graphical password, granting access to the protected resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amadeus S.A.S. (Amadeus Global Travel Distribution S.A.)
Original Assignee
Amadeus S.A.S. (Amadeus Global Travel Distribution S.A.)
Inventors
Maaroufi, Mohamed-Amine, Maupay, Florent

Granted Patent

US 11,144,629 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/36   by graphic or iconic repres...

G06F 21/45   Structures or tools for the...

G06F 2221/2133   Verifying human interaction...

H04L 63/0846   using time-dependent-passwo...

H04L 63/0892   by using authentication-aut...

POINT AND CLICK AUTHENTICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

POINT AND CLICK AUTHENTICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links