Establishing a secure channel with a human user
First Claim
Patent Images
1. A method of establishing a secure channel between a user and a computer application comprising:
- rendering to the user a randomly selected identifier;
receiving input from the user based on both the randomly selected identifier and a secret identifier associated with the user, wherein the user inputs a sequence of data, the sequence of data indicating the difference between the secret identifier and the randomly selected identifier;
determining, based on the input whether the user demonstrates knowledge of the secret identifier; and
authenticating or not authenticating the user based upon the outcome of said determining step.
3 Assignments
0 Petitions
Accused Products
Abstract
A method of establishing a secure channel between a human user and a computer application is described. A secret unique identifier (“PIN”) is shared between a user and an application. When the user makes a request that involves utilizing the PIN for authentication purposes, the application renders a randomly selected identifier. The randomly selected identifier is in a format that is recognizable to a human but is not readily recognizable by an automated agent. The randomly selected identifier is then presented to the human user. The user identifies the relationship between the randomly selected identifier and the PIN. If the user'"'"'s input reflects the fact that the user knows the PIN, then the user is authenticated.
125 Citations
14 Claims
-
1. A method of establishing a secure channel between a user and a computer application comprising:
-
rendering to the user a randomly selected identifier; receiving input from the user based on both the randomly selected identifier and a secret identifier associated with the user, wherein the user inputs a sequence of data, the sequence of data indicating the difference between the secret identifier and the randomly selected identifier; determining, based on the input whether the user demonstrates knowledge of the secret identifier; and authenticating or not authenticating the user based upon the outcome of said determining step.
-
-
2. A method of establishing a secure channel between a user and a computer application comprising:
-
rendering to the user a randomly selected identifier; receiving input from the user based on both the randomly selected identifier and a secret identifier associated with the user, wherein the input represents a series of locations on the randomly selected identifier, the locations indicating the secret identifier; determining, based on the input whether the user demonstrates knowledge of the secret identifier; and authenticating or not authenticating the user based upon the outcome of said determining step.
-
-
3. A method of establishing a secure channel between a user and a computer application comprising:
-
rendering to the user a randomly selected identifier, wherein the randomly selected identifier is rendered as an image generated by a Reverse Turing Test (RTT); receiving input from the user based on both the randomly selected identifier and a secret identifier associated with the user; determining, based on the input whether the user demonstrates knowledge of the secret identifier; and authenticating or not authenticating the user based upon the outcome of said determining step.
-
-
4. A method of establishing a secure channel between a user and a computer application comprising:
-
rendering to the user a randomly selected identifier, wherein the randomly selected identifier is rendered as an image formatted using various styles; receiving input from the user based on both the randomly selected identifier and a secret identifier associated with the user; determining, based on the input whether the user demonstrates knowledge of the secret identifier; and authenticating or not authenticating the user based upon the outcome of said determining step.
-
-
5. A method for authenticating a user with a secure application in an insecure environment comprising the steps of:
-
generating a PIN that is associated with the user, the PIN being known by both the secure application and the user; requesting an operation such that the secure application renders a randomly generated identifier; sending the randomly generated identifier to a display device, which displays the randomly generated identifier to the user; receiving input in the form of at least one command such that at least one value is attributed to the at least one command, the at least one value having a relationship to the PIN; sending the at least one value to the secure application, wherein the secure application compares the at least one value to the PIN to determine if the at least one value corresponds to the PIN; and if the user input demonstrates knowledge of the PIN authenticating the user; and
if the user input does not demonstrate knowledge of the PIN not authenticating the user. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A system for establishing a secure channel from a user to an application over which a PIN can be submitted comprising:
-
a display; a memory for storing information concerning the PIN; a processor configured for executing instructions stored in the memory wherein the memory stores instructions that; generate a random identifier in response to a request using the PIN; render the random identifier to the user; receive information from the user, wherein the information received represents a relationship between the value of the random identifier and the value of the PIN; and determine if the information received sufficiently demonstrates knowledge of the PIN.
-
-
11. A system for establishing a secure channel from a user to an application over which a PIN can be submitted comprising:
-
a display; a memory for storing information concerning the PIN; a processor configured for executing instructions stored in the memory wherein the memory stores instructions that; generate a random identifier in response to a request using the PIN; render the random identifier to the user; receive information from the user, wherein the information received represents clicks in a sequence, the clicks indicating the difference between the value of the random identifier and the value of the PIN; and determine if the information received sufficiently demonstrates knowledge of the PIN.
-
-
12. A system for establishing a secure channel from a user to an application over which a PIN can be submitted comprising:
-
a display; a memory for storing information concerning the PIN; a processor configured for executing instructions stored in the memory wherein the memory stores instructions that; generate a random identifier in response to a request using the PIN; render the random identifier to the user; receive information from the user, wherein the information represents a series of locations on the random identifier, the locations indicating the value of the PIN; and determine if the information received sufficiently demonstrates knowledge of the PIN.
-
-
13. A system for establishing a secure channel from a user to an application over which a PIN can be submitted comprising:
-
a display; a memory for storing information concerning the PIN; a processor configured for executing instructions stored in the memory wherein the memory stores instructions that; generate a random identifier in response to a request using the PIN; render the random identifier to the user, wherein random identifier is rendered as an image generated by a Reverse Turing Test (RTT);
receive information from the user; anddetermine if the information received sufficiently demonstrates knowledge of the PIN.
-
-
14. A system for establishing a secure channel from a user to an application over which a PIN can be submitted comprising:
-
a display; a memory for storing information concerning the PIN; a processor configured for executing instructions stored in the memory wherein the memory stores instructions that; generate a random identifier in response to a request using the PIN; render the random identifier to the user, wherein the random identifier is rendered as an image formatted using various styles;
receive information from the user; anddetermine if the information received sufficiently demonstrates knowledge of the PIN.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeIntertrust Technologies Corporation (Fidelio Acquisition Co LLC)
-
Original AssigneeIntertrust Technologies Corporation (Fidelio Acquisition Co LLC)
-
InventorsSander, Tomas, Pinkas, Binyamin, Tarjan, Robert E., Haber, Stuart A.
-
Primary Examiner(s)Peeso, Thomas R.
-
Application NumberUS10/423,546Publication NumberTime in Patent Office1,327 DaysField of Search713/182, 713/181, 713/193US Class Current713/182CPC Class CodesG06F 21/36 by graphic or iconic repres...G06Q 20/341 Active cards, i.e. cards in...G06Q 20/4097 using mutual authentication...G07C 9/33 by means of a passwordG07F 7/10 together with a coded signa...G07F 7/1008 Active credit-cards provide...G07F 7/1025 Identification of user by a...G09C 5/00 Ciphering apparatus or meth...H04L 63/083 using passwords cryptograph...H04L 63/10 for controlling access to d...H04L 9/3226 using a predetermined code,...H04L 9/3271 using challenge-responseH04W 12/06 AuthenticationH04W 12/08 Access securityH04W 12/77 Graphical identity
