Establishing a secure channel with a human user
First Claim
1. A method of establishing a secure channel between a user and a computer application comprising:
- rendering to the user a randomly selected identifier;
receiving input from the user based on both the randomly selected identifier and a secret identifier associated with the user, wherein the user inputs a sequence of data, the sequence of data indicating the difference between the secret identifier and the randomly selected identifier;
determining, based on the input whether the user demonstrates knowledge of the secret identifier; and
authenticating or not authenticating the user based upon the outcome of said determining step.
3 Assignments
0 Petitions
Accused Products
Abstract
A method of establishing a secure channel between a human user and a computer application is described. A secret unique identifier (“PIN”) is shared between a user and an application. When the user makes a request that involves utilizing the PIN for authentication purposes, the application renders a randomly selected identifier. The randomly selected identifier is in a format that is recognizable to a human but is not readily recognizable by an automated agent. The randomly selected identifier is then presented to the human user. The user identifies the relationship between the randomly selected identifier and the PIN. If the user'"'"'s input reflects the fact that the user knows the PIN, then the user is authenticated.
125 Citations
14 Claims
-
1. A method of establishing a secure channel between a user and a computer application comprising:
-
rendering to the user a randomly selected identifier; receiving input from the user based on both the randomly selected identifier and a secret identifier associated with the user, wherein the user inputs a sequence of data, the sequence of data indicating the difference between the secret identifier and the randomly selected identifier; determining, based on the input whether the user demonstrates knowledge of the secret identifier; and authenticating or not authenticating the user based upon the outcome of said determining step.
-
-
2. A method of establishing a secure channel between a user and a computer application comprising:
-
rendering to the user a randomly selected identifier; receiving input from the user based on both the randomly selected identifier and a secret identifier associated with the user, wherein the input represents a series of locations on the randomly selected identifier, the locations indicating the secret identifier; determining, based on the input whether the user demonstrates knowledge of the secret identifier; and authenticating or not authenticating the user based upon the outcome of said determining step.
-
-
3. A method of establishing a secure channel between a user and a computer application comprising:
-
rendering to the user a randomly selected identifier, wherein the randomly selected identifier is rendered as an image generated by a Reverse Turing Test (RTT); receiving input from the user based on both the randomly selected identifier and a secret identifier associated with the user; determining, based on the input whether the user demonstrates knowledge of the secret identifier; and authenticating or not authenticating the user based upon the outcome of said determining step.
-
-
4. A method of establishing a secure channel between a user and a computer application comprising:
-
rendering to the user a randomly selected identifier, wherein the randomly selected identifier is rendered as an image formatted using various styles; receiving input from the user based on both the randomly selected identifier and a secret identifier associated with the user; determining, based on the input whether the user demonstrates knowledge of the secret identifier; and authenticating or not authenticating the user based upon the outcome of said determining step.
-
-
5. A method for authenticating a user with a secure application in an insecure environment comprising the steps of:
-
generating a PIN that is associated with the user, the PIN being known by both the secure application and the user; requesting an operation such that the secure application renders a randomly generated identifier; sending the randomly generated identifier to a display device, which displays the randomly generated identifier to the user; receiving input in the form of at least one command such that at least one value is attributed to the at least one command, the at least one value having a relationship to the PIN; sending the at least one value to the secure application, wherein the secure application compares the at least one value to the PIN to determine if the at least one value corresponds to the PIN; and if the user input demonstrates knowledge of the PIN authenticating the user; and
if the user input does not demonstrate knowledge of the PIN not authenticating the user. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A system for establishing a secure channel from a user to an application over which a PIN can be submitted comprising:
-
a display; a memory for storing information concerning the PIN; a processor configured for executing instructions stored in the memory wherein the memory stores instructions that; generate a random identifier in response to a request using the PIN; render the random identifier to the user; receive information from the user, wherein the information received represents a relationship between the value of the random identifier and the value of the PIN; and determine if the information received sufficiently demonstrates knowledge of the PIN.
-
-
11. A system for establishing a secure channel from a user to an application over which a PIN can be submitted comprising:
-
a display; a memory for storing information concerning the PIN; a processor configured for executing instructions stored in the memory wherein the memory stores instructions that; generate a random identifier in response to a request using the PIN; render the random identifier to the user; receive information from the user, wherein the information received represents clicks in a sequence, the clicks indicating the difference between the value of the random identifier and the value of the PIN; and determine if the information received sufficiently demonstrates knowledge of the PIN.
-
-
12. A system for establishing a secure channel from a user to an application over which a PIN can be submitted comprising:
-
a display; a memory for storing information concerning the PIN; a processor configured for executing instructions stored in the memory wherein the memory stores instructions that; generate a random identifier in response to a request using the PIN; render the random identifier to the user; receive information from the user, wherein the information represents a series of locations on the random identifier, the locations indicating the value of the PIN; and determine if the information received sufficiently demonstrates knowledge of the PIN.
-
-
13. A system for establishing a secure channel from a user to an application over which a PIN can be submitted comprising:
-
a display; a memory for storing information concerning the PIN; a processor configured for executing instructions stored in the memory wherein the memory stores instructions that; generate a random identifier in response to a request using the PIN; render the random identifier to the user, wherein random identifier is rendered as an image generated by a Reverse Turing Test (RTT);
receive information from the user; anddetermine if the information received sufficiently demonstrates knowledge of the PIN.
-
-
14. A system for establishing a secure channel from a user to an application over which a PIN can be submitted comprising:
-
a display; a memory for storing information concerning the PIN; a processor configured for executing instructions stored in the memory wherein the memory stores instructions that; generate a random identifier in response to a request using the PIN; render the random identifier to the user, wherein the random identifier is rendered as an image formatted using various styles;
receive information from the user; anddetermine if the information received sufficiently demonstrates knowledge of the PIN.
-
Specification