Operation modes for user authentication system based on random partial pattern recognition
First Claim
1. A system for authentication of a client, comprising:
- a data processor including an interface to a database, an interface to a data network, and authentication system programs executable by the data processor, the database including records of client accounts, the record of a client account in the database holding client credentials, the client credentials including an account user name, client profile data and a shared-secret account authentication code comprising field contents arranged in an ordered set of data fields, the data fields in the ordered set having enumerated positions, and the field contents being arranged in the enumerated positions in accordance with a full pattern chosen by the client, and the system programs including,authentication logic supporting an authentication algorithm for authentication of a client based upon comparing client credentials including an account user name and an entry based on said account authentication code entered during an authentication session with client credentials stored in advance in the record of a client account, andsystem logic supporting client account administration for the authentication algorithm, the client account administration including at least one mode of operation that presents an interface to a client via the data network having at least a first tier of security requiring entry of one of the account user name and an email address, and a second tier of security, the system logic supporting the second tier including resources for generating an authentication challenge that identifies enumerated positions of a random subset of the ordered set of data fields, for receiving an authentication response from the client, for matching the authentication response with a part of the full pattern including the field contents from the random subset of the ordered set of data fields, and for making an authentication decision based on matching said part of the full pattern, wherein the random subset includes fewer data fields than all of the data fields in the ordered set.
2 Assignments
0 Petitions
Accused Products
Abstract
A system for authentication of a client includes logic supporting a “what user knows” algorithm for authentication of a client, such as a random partial pattern recognition algorithm, based upon client credentials including an account user name and an account authentication code. Logic supporting client account administration is operable without human intervention on the server side, and includes at least one mode of operation that presents an interface to a client via the data network having at least two tiers of security based on input by the client of secret information shared only between the client and the server. A first tier in said at least two tiers requires entry of one of the account user name and user'"'"'s email address, and a second tier in the at least two tiers requires entry of one of client profile data sufficient to identify the client and at least a subset of said account authentication code.
73 Citations
18 Claims
-
1. A system for authentication of a client, comprising:
a data processor including an interface to a database, an interface to a data network, and authentication system programs executable by the data processor, the database including records of client accounts, the record of a client account in the database holding client credentials, the client credentials including an account user name, client profile data and a shared-secret account authentication code comprising field contents arranged in an ordered set of data fields, the data fields in the ordered set having enumerated positions, and the field contents being arranged in the enumerated positions in accordance with a full pattern chosen by the client, and the system programs including, authentication logic supporting an authentication algorithm for authentication of a client based upon comparing client credentials including an account user name and an entry based on said account authentication code entered during an authentication session with client credentials stored in advance in the record of a client account, and system logic supporting client account administration for the authentication algorithm, the client account administration including at least one mode of operation that presents an interface to a client via the data network having at least a first tier of security requiring entry of one of the account user name and an email address, and a second tier of security, the system logic supporting the second tier including resources for generating an authentication challenge that identifies enumerated positions of a random subset of the ordered set of data fields, for receiving an authentication response from the client, for matching the authentication response with a part of the full pattern including the field contents from the random subset of the ordered set of data fields, and for making an authentication decision based on matching said part of the full pattern, wherein the random subset includes fewer data fields than all of the data fields in the ordered set. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
10. A method for authentication of a client, comprising:
-
storing records of client accounts holding client credentials, including an account user name, an account authentication code and client profile data, in a database for a “
what user knows”
authentication algorithm based upon comparing client credentials entered during an authentication session with client credentials stored in advance in the record of a client account, the account authentication code comprising field contents arranged in an ordered set of data fields in accordance with a cognitive arrangement chosen by the client, the ordered set being stored in said database;presenting to a client via a data network, an account administration menu for the authentication algorithm, the account administration menu prompting selection of at least one mode of operation; in response to input selecting one of said modes of operation for set up or modification of said account client credentials, presenting an interface to the client via the data network having at least a first tier of security requiring entry of one of the account user name and an email address, and a second tier of security, the second tier including generating an authentication challenge that identifies enumerated positions of a random subset of the ordered set of data fields, receiving an authentication response from the client, matching the authentication response with a part of the full pattern including the field contents from the random subset of the ordered set of data fields, wherein the random subset includes fewer data fields than all of the data fields in the ordered set; and accepting and storing data in said database modifying said account client credentials if said at least two tiers of security are successfully traversed. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification