Operation modes for user authentication system based on random partial pattern recognition

US 7,577,987 B2
Filed: 03/03/2003
Issued: 08/18/2009
Est. Priority Date: 12/23/2002
Status: Active Grant

First Claim

Patent Images

1. A system for authentication of a client, comprising:

a data processor including an interface to a database, an interface to a data network, and authentication system programs executable by the data processor, the database including records of client accounts, the record of a client account in the database holding client credentials, the client credentials including an account user name, client profile data and a shared-secret account authentication code comprising field contents arranged in an ordered set of data fields, the data fields in the ordered set having enumerated positions, and the field contents being arranged in the enumerated positions in accordance with a full pattern chosen by the client, and the system programs including,authentication logic supporting an authentication algorithm for authentication of a client based upon comparing client credentials including an account user name and an entry based on said account authentication code entered during an authentication session with client credentials stored in advance in the record of a client account, andsystem logic supporting client account administration for the authentication algorithm, the client account administration including at least one mode of operation that presents an interface to a client via the data network having at least a first tier of security requiring entry of one of the account user name and an email address, and a second tier of security, the system logic supporting the second tier including resources for generating an authentication challenge that identifies enumerated positions of a random subset of the ordered set of data fields, for receiving an authentication response from the client, for matching the authentication response with a part of the full pattern including the field contents from the random subset of the ordered set of data fields, and for making an authentication decision based on matching said part of the full pattern, wherein the random subset includes fewer data fields than all of the data fields in the ordered set.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for authentication of a client includes logic supporting a “what user knows” algorithm for authentication of a client, such as a random partial pattern recognition algorithm, based upon client credentials including an account user name and an account authentication code. Logic supporting client account administration is operable without human intervention on the server side, and includes at least one mode of operation that presents an interface to a client via the data network having at least two tiers of security based on input by the client of secret information shared only between the client and the server. A first tier in said at least two tiers requires entry of one of the account user name and user'"'"'s email address, and a second tier in the at least two tiers requires entry of one of client profile data sufficient to identify the client and at least a subset of said account authentication code.

73 Citations

View as Search Results

18 Claims

1. A system for authentication of a client, comprising:
- a data processor including an interface to a database, an interface to a data network, and authentication system programs executable by the data processor, the database including records of client accounts, the record of a client account in the database holding client credentials, the client credentials including an account user name, client profile data and a shared-secret account authentication code comprising field contents arranged in an ordered set of data fields, the data fields in the ordered set having enumerated positions, and the field contents being arranged in the enumerated positions in accordance with a full pattern chosen by the client, and the system programs including,authentication logic supporting an authentication algorithm for authentication of a client based upon comparing client credentials including an account user name and an entry based on said account authentication code entered during an authentication session with client credentials stored in advance in the record of a client account, andsystem logic supporting client account administration for the authentication algorithm, the client account administration including at least one mode of operation that presents an interface to a client via the data network having at least a first tier of security requiring entry of one of the account user name and an email address, and a second tier of security, the system logic supporting the second tier including resources for generating an authentication challenge that identifies enumerated positions of a random subset of the ordered set of data fields, for receiving an authentication response from the client, for matching the authentication response with a part of the full pattern including the field contents from the random subset of the ordered set of data fields, and for making an authentication decision based on matching said part of the full pattern, wherein the random subset includes fewer data fields than all of the data fields in the ordered set.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein said at least one mode of operation comprises an account set up mode, and wherein said interface presented to the client includesa first graphical construct prompting entry of an email address;
    - a second graphical construct prompting entry of client profile data;
      
      an automatic system message, issued in response to acceptance of an email address and client profile data entered in response to the prompting, to the client using said email address carrying server generated temporary client credentials, including a temporary user name and a temporary authentication code including field contents arranged in an ordered set of data fields, for the authentication algorithm;
      
      a third graphical construct supporting the authentication challenge and authentication response by prompting entry of said temporary user name and field contents of a random subset of said ordered set of data fields of said temporary client credentials; and
      
      a fourth graphical construct, presented on acceptance of said temporary client credentials via said third graphical construct, prompting entry of client credentials, including the account user name and field contents arranged in the ordered set of data fields in accordance with a full pattern chosen by the client of the account authentication code, for use in the authentication algorithm.
  - 3. The system of claim 1, wherein said at least one mode of operation comprises an account authentication code reset mode for an account, and wherein said interface presented to the client includesa first graphical construct prompting entry of said account user name;
    - a second graphical construct prompting entry of client profile data;
      
      a third graphical construct, presented on acceptance of an account user name and client profile data entered in response to the prompting via said first and second graphical constructs, prompting entry of new field contents arranged in the ordered set of data fields in accordance with a full pattern chosen by the client for the account authentication code for use in the authentication algorithm.
  - 4. The system of claim 1, wherein said at least one mode of operation comprises a client credential reset mode for an account, and wherein said interface presented to the client includesa first graphical construct supporting the authentication challenge and authentication response by prompting the client for said account user name and for an authentication response, including identifying the enumerated positions of a random subset of said ordered set of data fields of said account authentication code;
    - anda second graphical construct, presented on acceptance of an account user name and an authentication response entered in response to the prompting via said first graphical construct, prompting entry of a new client credential, including a new account user name and new field contents arranged in the ordered set of data fields in accordance with a full pattern chosen by the client, for use in the authentication algorithm.
  - 5. The system of claim 1, wherein said system logic includes a program which logs events related to account administration in a security database.
  - 6. The system of claim 1, wherein said system logic supporting client account administration comprises routines supporting on-line account administration without human intervention.
  - 7. The system of claim 1, wherein said at least one mode of operation comprises a plurality of modes, including an account set up mode in which a client establishes client credentials for a record of a client account in the database, the client credentials including an account user name and field contents arranged in the ordered set of data fields in accordance with a full pattern chosen by the client, an account client credential reset mode for an account in which the client changes both the account user name and the field contents arranged in the ordered set of data fields, and an account authentication code reset mode in which the client changes only the field contents arranged in the ordered set of data fields.
  - 8. The system of claim 1, wherein said at least one mode of operation comprises a plurality of modes, including an account set up mode in which a client establishes client credentials for a record of a client account in the database, the client credentials including an account user name and field contents arranged in the ordered set of data fields in accordance with a full pattern chosen by the client, an account client credential reset mode for an account in which the client changes both the account user name and the field contents arranged in the ordered set of data fields ordered set of data fields, and an account authentication code reset mode in which the client changes only the field contents arranged in the ordered set of data fields ordered set of data fields, and wherein said system logic includes a program which logs events related to account administration in a security database for said plurality of modes.
  - 9. The system of claim 1, wherein said at least one mode of operation comprises a plurality of modes, including an account set up mode in which a client establishes client credentials for a record of a client account in the database, the client credentials including an account user name and field contents arranged in an ordered set of data fields in accordance with a full pattern chosen by the client, an account client credential reset mode for an account in which the client changes both the account user name and the field contents of the ordered set of data fields, and an account authentication code reset mode in which the client changes only the field contents of the ordered set of data fields, and wherein said system logic supporting client account administration comprises routines supporting on-line account administration without human intervention for said plurality of modes.

10. A method for authentication of a client, comprising:
- storing records of client accounts holding client credentials, including an account user name, an account authentication code and client profile data, in a database for a “
  
  what user knows”
  
  authentication algorithm based upon comparing client credentials entered during an authentication session with client credentials stored in advance in the record of a client account, the account authentication code comprising field contents arranged in an ordered set of data fields in accordance with a cognitive arrangement chosen by the client, the ordered set being stored in said database;
  
  presenting to a client via a data network, an account administration menu for the authentication algorithm, the account administration menu prompting selection of at least one mode of operation;
  
  in response to input selecting one of said modes of operation for set up or modification of said account client credentials, presenting an interface to the client via the data network having at least a first tier of security requiring entry of one of the account user name and an email address, and a second tier of security, the second tier including generating an authentication challenge that identifies enumerated positions of a random subset of the ordered set of data fields, receiving an authentication response from the client, matching the authentication response with a part of the full pattern including the field contents from the random subset of the ordered set of data fields, wherein the random subset includes fewer data fields than all of the data fields in the ordered set; and
  
  accepting and storing data in said database modifying said account client credentials if said at least two tiers of security are successfully traversed.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, wherein said at least one mode of operation comprises an account set up mode, and wherein presenting said interface includesprompting the client for entry of an email address;
    - prompting the client for entry of client profile data;
      
      issuing an automatic system message in response to acceptance of an email address and client profile data entered in response to the prompting, to the client using said email address carrying server generated temporary client credentials, including a one-time-use user name and a one-time-use account authentication code including field contents arranged in ordered set of data fields, for the authentication algorithm;
      
      prompting the client for an entry based on said one-time-use user name and a random subset of said one-time-use account authentication code; and
      
      upon acceptance of said entry based on said temporary client name and said random subset, prompting the client for entry of chosen by the client permanent client credentials, including the account user name and field contents arranged in the ordered set of data fields in accordance with a full pattern chosen by the client for use in the authentication algorithm.
  - 12. The method of claim 10, wherein said at least one mode of operation comprises an account authentication code reset mode for an account, and wherein presenting said interface includesprompting the client for entry of said account user name;
    - prompting the client for entry of client profile data; and
      
      upon acceptance of an account user name and client profile data entered in response to the prompting, prompting the client for entry of a new account authentication code including field contents arranged in the ordered set of data fields in accordance with a full pattern chosen by the client for use in the authentication algorithm.
  - 13. The method of claim 10, wherein said at least one mode of operation comprises a client credential reset mode for an account, and wherein presenting said interface includesprompting the client for said account user name and for an authentication response, including identifying on enumerated positions of a random subset of said ordered set of data fields;
    - andupon acceptance of an account user name and an authentication response, prompting the client for entry of a new client credential, including a new account user name and new field contents arranged in the ordered set of data fields in accordance with a full pattern chosen by the client, for use in the authentication algorithm.
  - 14. The method of claim 10, including logging events related to account administration in a security database.
  - 15. The system of claim 10, wherein said presenting and accepting are carried out without human intervention.
  - 16. The method of claim 10, wherein said at least one mode of operation comprises a plurality of modes, including an account set up mode in which a client establishes client credentials for a record of a client account in the database, the client credentials including an account user name and field contents arranged in the ordered set of data fields in accordance with a full pattern chosen by the client, an account client credential reset mode for an account in which the client changes both the account user name and the field contents arranged in the ordered set of data fields, and an account authentication code reset mode in which the client changes only the ordered set of data fields.
  - 17. The method of claim 10, wherein said at least one mode of operation comprises a plurality of modes, including an account set up mode in which a client establishes client credentials for a record of a client account in the database, the client credentials including an account user name and field contents arranged in the ordered set of data fields in accordance with a full pattern chosen by the client, an account client credential reset mode for an account in which the client changes both the account user name and the field contents arranged in the ordered set of data fields, and an account authentication code reset mode in which the client changes only the field contents arranged in the ordered set of data fields, and including logging events related to account administration in a security database for said plurality of modes.
  - 18. The method of claim 10, wherein said at least one mode of operation comprises a plurality of modes, including an account set up mode in which a client establishes client credentials for a record of a client account in the database, the client credentials including an account user name and field contents arranged in the ordered set of data fields in accordance with a full pattern chosen by the client, an account client credential reset mode for an account in which the client changes both the account user name and the field contents arranged in the ordered set of data fields, and an account authentication code reset mode in which the client changes only the field contents arranged in the ordered set of data fields ordered set of data fields, and wherein said presenting and accepting are carried out without human intervention.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Authernative
Original Assignee
Authernative
Inventors
Mizrah, Len L.
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
GYORFI, THOMAS A

Application Number

US10/378,226
Publication Number

US 20040123151A1
Time in Patent Office

2,360 Days
Field of Search

726/2, 726/5, 726/18, 726/19
US Class Current

726/5
CPC Class Codes

G06F 21/31   User authentication

G06F 21/36   by graphic or iconic repres...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

Operation modes for user authentication system based on random partial pattern recognition

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

73 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Operation modes for user authentication system based on random partial pattern recognition

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links