System and method for password throttling
First Claim
Patent Images
1. A method for authenticating a user, comprising:
- receiving a request for access from a user claiming to be a particular user;
transmitting a first challenge having a first level of complexity, corresponding to a size of the first challenge, to the user;
transmitting a response to the transmitted first challenge;
determining if the transmitted response authenticates the user as the particular user;
allowing the requested access to the user if the transmitted response authenticates the user; and
transmitting a second challenge having a second level of complexity, corresponding to a size of the second challenge, the second level of complexity being greater than the first level of complexity, to the user if the transmitted response does not authenticate the user.
5 Assignments
0 Petitions
Accused Products
Abstract
A method for authenticating a user includes receiving a request for access from a user claiming to be a particular user. A first challenge having a first level of complexity is transmitted to the user. A response to the transmitted first challenge is transmitted. A determination is made as to whether or not the transmitted response authenticates the user as the particular user. The requested access by the user is allowed if the transmitted response authenticates the user. However, a second challenge having a second level of complexity, greater than the first level of complexity, is transmitted to the user if the transmitted response does not authenticate the user.
113 Citations
18 Claims
-
1. A method for authenticating a user, comprising:
-
receiving a request for access from a user claiming to be a particular user;
transmitting a first challenge having a first level of complexity, corresponding to a size of the first challenge, to the user;
transmitting a response to the transmitted first challenge;
determining if the transmitted response authenticates the user as the particular user;
allowing the requested access to the user if the transmitted response authenticates the user; and
transmitting a second challenge having a second level of complexity, corresponding to a size of the second challenge, the second level of complexity being greater than the first level of complexity, to the user if the transmitted response does not authenticate the user. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for authenticating a user, comprising:
-
receiving a request for access from a user claiming to be a particular user;
transmitting, after passage of a first time period following receipt of the request, a first challenge to the user;
receiving a response to the transmitted first challenge;
determining if received response authenticates the user as the particular user;
allowing the requested access to the user if the received response authenticates the user; and
transmitting, after passage of a second time period, which is longer than the first time period, following receipt of the response, a second challenge to the user if the received response does not authenticate the user. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A system for authenticating a user, comprising:
-
a communications port configured to receive communications from and to transmit communications to a user; and
a processor configured (i) to generate a first challenge having a first level of complexity, corresponding to size of the first challenge, responsive to a first communication requesting access from a user claiming to be a particular user which is received via the communications port, (ii) to direct transmission of the generated first challenge to the user via the communications port, (iii) to allow the requested access to the user responsive to a second communication from the user responding to the generated first challenge which is received via the communications port, if the second communication authenticates the user as the particular user, (iv) to generate a second challenge having a second level of complexity, corresponding to a size of the second challenge, the second level of complexity being greater than the first level of complexity, responsive to the second communication, if the second communication does not authenticate the user as the particular user, and (v) to direct transmission of the generated second challenge to the user via the communications port. - View Dependent Claims (12, 13)
-
-
14. A system for authenticating a user, comprising:
-
a communications port configured to receive communications from and to transmit communications to a user; and
a processor configured to (i) to direct transmission of a first challenge via the communications port, responsive to a first communication requesting access from a user claiming to be a particular user which is received via the communications port, after passage of a first time period following the receipt of the first communication, (ii) to allow the requested access to the user, responsive to a second communication from the user responding to the transmitted first challenge which is received via the communications port, if the second communication authenticates the user as the particular user, (iii) to direct transmission of a second challenge via the communications port, responsive to the second communication, after passage of a second time period following the receipt of the second communication which is greater than the first time period, if the second communication does not authenticate the user as the particular user.
-
-
15. A networked system for authenticating a user, comprising:
-
a first network processor configured to transmit a request for access from a user claiming to be a particular user; and
a second network processor configured to transmit a first challenge having a first level of complexity, corresponding to a size of the first challenge, to the first network processor responsive to the transmitted request;
wherein the first network processor is further configured to transmit a response to the transmitted first challenge;
wherein the second network processor is further configured (i) to allow the requested access to the user, if the transmitted response authenticates the user as the particular user, and (ii) to transmit a second challenge having a second level of complexity, corresponding to a size of the second challenge, the second level of complexity being greater than the first level of complexity to the first network station, if the transmitted response does not authenticate the user. - View Dependent Claims (16, 17)
-
-
18. A networked system for authenticating a user, comprising:
-
a first network processor configured to transmit a request for access from a user claiming to be a particular user; and
a second network processor configured to transmit a first challenge to the first network processor responsive to the transmitted request, after passage of a first time period following receipt of the request;
wherein the first network processor is further configured to transmit a response to the transmitted first challenge;
wherein the second network processor is further configured (i) to allow the requested access to the user, if the transmitted response authenticates the user as the particular user, and (ii) to transmit a second challenge to the first network processor after passage of a second time period, which is longer than the first period, following receipt of the transmitted response, if the transmitted response does not authenticate the user.
-
Specification