Robust visual passwords
First Claim
1. A method for establishing a secret to authenticate a user comprising the steps of receiving a secret pattern on a graphical interface, wherein the secret pattern comprises a sequence of discrete graphical choices;
- converting each discrete graphical choice in the sequence of discrete graphical choices into a value to produce a sequence of values, wherein the sequence of values corresponds to the sequence of discrete graphical choices;
for the sequence of values selecting codewords from a plurality of codewords to generate a sequence of codewords, the plurality of codewords defining an error-correcting code;
calculating an offset between each value in the sequence of values and the corresponding codeword in the sequence of codewords to generate a sequence of offsets; and
hashing the sequence of codewords to produce a hash of the sequence of codewords.
23 Assignments
0 Petitions
Accused Products
Abstract
Enrollment and authentication of a user based on a sequence of discrete graphical choices is described. A graphical interface presents various images and memory cues that a user may associate with their original graphical choices. Enrollment may require the input to have a security parameter value that meets or exceeds a threshold. An acceptable sequence of graphical choices is converted to a sequence of values and mapped to a sequence of codewords. Both a hash of the sequence of codewords and a sequence of offsets are stored for use in authenticating the user. An offset is the difference between a value and its corresponding codeword. Authentication requires the user to enter another sequence of discrete graphical choices that is approximately the same as original. The offsets are summed with the corresponding values before mapping to codewords. Authentication requires the sequence of codewords, or a hash thereof, to match.
365 Citations
54 Claims
-
1. A method for establishing a secret to authenticate a user comprising the steps of receiving a secret pattern on a graphical interface, wherein the secret pattern comprises a sequence of discrete graphical choices;
-
converting each discrete graphical choice in the sequence of discrete graphical choices into a value to produce a sequence of values, wherein the sequence of values corresponds to the sequence of discrete graphical choices; for the sequence of values selecting codewords from a plurality of codewords to generate a sequence of codewords, the plurality of codewords defining an error-correcting code; calculating an offset between each value in the sequence of values and the corresponding codeword in the sequence of codewords to generate a sequence of offsets; and hashing the sequence of codewords to produce a hash of the sequence of codewords. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for authenticating a user comprising the steps of
receiving an input pattern on a graphical interface, wherein the input pattern comprises a sequence of discrete graphical choices; -
converting each discrete graphical choice in the sequence of discrete graphical choices into an input value to produce a sequence of input values, wherein the sequence of input values corresponds to the sequence of discrete graphical choices; retrieving a sequence of offsets; summing each input value from the sequence of input values with the corresponding offset from the sequence of offsets to generate a sequence of intermediate values; for the sequence of intermediate values selecting codewords from a plurality of codewords to generate a sequence of codewords, the plurality of codewords defining an error-correcting code; hashing the sequence of codewords to produce a hash of the sequence of codewords; and authenticating a user if the hash matches a stored hash. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. An apparatus for establishing a secret to authenticate a user, the apparatus comprising:
-
a graphical interface capable of receiving graphical input, the graphical interface receiving a secret pattern as graphical input, the secret pattern comprising a sequence of discrete graphical choices; a converter in signal communication with the graphical interface, the converter converting each discrete graphical choice in the sequence of discrete graphical choices into a value to produce a sequence of values, wherein the sequence of values corresponds to the sequence of discrete graphical choices; a codeword generator in signal communication with the converter, the codeword generator producing a sequence of codewords by applying a decoding function of an error correcting code to the sequence of values; an offset calculator in signal communication with the codeword generator, the offset calculator calculating an offset between each value in the sequence of values and the corresponding codeword in the sequence of codewords to generate a sequence of offsets; and a hasher in signal communication with the codeword generator, the hasher applying a hash function to the sequence of codewords to produce a hash of the sequence of codewords. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. An apparatus for authenticating a user, the apparatus comprising:
-
a graphical interface capable of receiving graphical input, the graphical interface receiving an input pattern as graphical input, the input pattern comprising a sequence of discrete graphical choices; a converter in signal communication with the graphical interface, the converter converting each discrete graphical choice in the sequence of discrete graphical choices into an input value to produce a sequence of input values, wherein the sequence of input values corresponds to the sequence of discrete graphical choices; a memory element in signal communication with a summer, the memory element containing a sequence of offsets; the summer in signal communication with the converter and the memory element, the summer summing each input value from the sequence of input values with the corresponding offset from the sequence of offsets to generate a sequence of intermediate values; a codeword generator in signal communication with the summer, the codeword generator producing a sequence of codewords by applying a decoding function of an error correcting code to the sequence of intermediate values; and a hasher in signal communication with the codeword generator, the hasher applying a hash function to the sequence of codewords to produce a hash of the sequence of codewords for use in authenticating a user. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
-
-
49. A method for generating a cryptographic secret from a visual password, the method comprising the steps of:
-
receiving a secret pattern on a graphical interface, wherein the secret pattern comprises a sequence of discrete graphical choices; converting each discrete graphical choice in the sequence of discrete graphical choices into a value to produce a sequence of values, wherein the sequence of values corresponds to the sequence of discrete graphical choices; for the sequence of values, selecting codewords from a plurality of codewords to generate a sequence of codewords, the plurality of codewords defining an error-correcting code; manipulating the sequence of codewords to produce a cryptographic secret; and calculating an offset between each value in the sequence of values and the corresponding codeword in the sequence of codewords to generate a sequence of offsets for use in regenerating the secret. - View Dependent Claims (50, 51, 52, 53, 54)
-
Specification