System and method for user authentication with enhanced passwords

US 7,653,818 B2
Filed: 07/21/2005
Issued: 01/26/2010
Est. Priority Date: 08/27/2002
Status: Active Grant

First Claim

Patent Images

1. A method for user authentication, the method involving the use of a database storing a selected access code and the same or another database storing a selected certain pace, rhythm, or tempo, wherein said selected certain pace, rhythm, or tempo is associated with said selected access code, said method comprising:

providing a user with at least one the following to assist the user with entering the access code;

a visual timing aid, an auditory timing aid, and a tactile timing aid;

receiving an access code from the user and determining a pace, rhythm, or tempo at which the access code was entered by the user;

determining that the entered access code matches a stored access code character sequence and that the certain pace, rhythm, or tempo at which the access code was entered matches a stored certain pace, rhythm, or tempo for the stored access code; and

granting access based, at least in part, on the determination that (i) the entered access code matches the stored access code character sequence, and (ii) the certain pace, rhythm, or tempo of the access code as entered by the user matches the stored certain pace, rhythm, or tempo for the stored access code.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for enhancing passwords, access codes, and personal identification munbers by making them pace, rhythm, or tempo sensitive. The password includes a sequence of characters and an associated timing element. To access a restricted device or funcion a user enters the correct character sequence according to the correct pace, rhythm, or tempo. The entered sequence and timing elementare compared with stored values and access is granted only if the entered and stored values match. In an alternative embodiment the stored timing element is set, and periodically altered, by a computer or program without consent from the user and visual, auditory, and/or tactile prompts indicate the correct timing element to the user during the authentication process. The meaning of the prompts are provided to the user in advance.

Citations

59 Claims

1. A method for user authentication, the method involving the use of a database storing a selected access code and the same or another database storing a selected certain pace, rhythm, or tempo, wherein said selected certain pace, rhythm, or tempo is associated with said selected access code, said method comprising:
- providing a user with at least one the following to assist the user with entering the access code;
  
  a visual timing aid, an auditory timing aid, and a tactile timing aid;
  
  receiving an access code from the user and determining a pace, rhythm, or tempo at which the access code was entered by the user;
  
  determining that the entered access code matches a stored access code character sequence and that the certain pace, rhythm, or tempo at which the access code was entered matches a stored certain pace, rhythm, or tempo for the stored access code; and
  
  granting access based, at least in part, on the determination that (i) the entered access code matches the stored access code character sequence, and (ii) the certain pace, rhythm, or tempo of the access code as entered by the user matches the stored certain pace, rhythm, or tempo for the stored access code.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, further comprising requiring a user to enter a user identification string associated with the stored access code character sequence prior to granting access.
  - 3. The method of claim 1, wherein the selected certain pace, rhythm, or tempo is entered into the database as the access code is being entered into the database.

4. A method for user authentication, comprising:
- entering a first access code into a database;
  
  entering a certain pace, rhythm, or tempo into a database and associating said selected certain pace, rhythm, or tempo with said first access code;
  
  receiving a second access code from a user and determining a pace, rhythm, or tempo at which the second access code was entered by the user;
  
  determining that the entered second access code matches the stored first access code and that the certain pace, rhythm, or tempo at which the second access code was entered matches the stored certain pace, rhythm, or tempo for the stored first access code; and
  
  granting access to the user based, at least in part, on the determination that (i) the entered second access code matches the stored first access code, and (ii) the certain pace, rhythm, or tempo of the second access code as entered by the user matches the stored certain pace, rhythm, or tempo for the stored first access code;
  
  wherein the stored certain pace, rhythm, or tempo for the stored first access code is set and alterable by a computer without consent from the user; and
  
  further comprising providing prompts from the computer while receiving the second access code, wherein the prompts indicate to the user the stored certain pace, rhythm, or tempo for the stored first access code.
- View Dependent Claims (5, 6)
- - 5. The method of claim 4, further comprising providing the user with prompt meanings prior to providing prompts.
  - 6. The method of claim 4, wherein the prompts are selected from the group consisting of visual, auditory and tactile prompts.

7. A system for user authentication, the system comprising:
- a computer and a computer memory;
  
  an input device permitting input by a user;
  
  a user-defined password including a sequence of characters, wherein the sequence of characters of the user-defined password is stored in the computer memory;
  
  a computer generated timing element, the timing element defined by predetermined pauses associated with the sequence of characters, wherein the system is configured to provide user authentication when the user inputs the password sequence of characters with the input device according to the predetermined pauses of the timing element, and wherein the timing element is alterable by the computer without consent by the user; and
  
  a mechanism configured to provide the user with at least one of a visual, auditory, and tactile timing aid to assist the user with entering the access code.
- View Dependent Claims (8, 9, 10)
- - 8. The system of claim 7, further configured to selectively grant access to a domain upon entry of the password, wherein the domain comprises a physical location.
  - 9. The system of claim 7, further configured to selectively grant access to a domain upon entry of the password, wherein the domain comprises a software program or file.
  - 10. The system of claim 7, further including a user identification string associated with the password.

11. A system for user authentication, the system comprising:
- a computer and a computer memory;
  
  an input device permitting input by a user;
  
  a user-defined password including a sequence of characters, wherein the sequence of characters of the user-defined password is stored in the computer memory; and
  
  a computer generated timing element, the timing element defined by predetermined pauses associated with the sequence of characters, wherein the timing element is alterable by the computer without consent by the user, and wherein the system is configured to provide user authentication when the user inputs the password sequence of characters with the input device according to the predetermined pauses of the timing element;
  
  a ghost character feature, the ghost character feature capable of being locked and unlocked by the user;
  
  the ghost character feature permitting the user to input, during the pauses in the password or access code, additional characters; and
  
  the computer being configured to ignore the additional characters when the ghost character feature is unlocked.

12. A computer-readable storage device comprising computer readable instructions that, if executed by a computer, cause the computer to carry out a method for user authentication, the method involving the use of a database storing a selected access code and the same or another database storing a selected certain pace, rhythm, or tempo, wherein said selected certain pace, rhythm, or tempo is associated with said selected access code, the method comprising:
- providing a user with at least one of a visual, auditory, and tactile timing prompt to assist the user with entering the access code;
  
  receiving an access code from the user and determining a pace, rhythm, or tempo at which the access code was entered by the user;
  
  determining that the entered access code matches a stored access code character sequence and that the pace, rhythm, or tempo at which the access code was entered matches the certain pace, rhythm, or tempo associated with the stored access code.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 13. A computer-readable storage device as recited in claim 12, further comprising instructions for granting access based, at least in part, on the determination that (i) the entered access code matches the stored access code character sequence, and (ii) the certain pace, rhythm, or tempo of the access code as entered by the user matches the stored certain pace, rhythm, or tempo for the stored access code.
  - 14. A computer-readable storage device as recited in claim 12, further comprising instructions for altering the pace, rhythm, or tempo associated with the selected access code.
  - 15. A computer-readable storage device as recited in claim 12, wherein the timing prompt is a visual timing aid.
  - 16. A computer-readable storage device as recited in claim 12, wherein the timing prompt is an audible timing aid.
  - 17. A computer-readable storage device as recited in claim 12, wherein the timing prompt is a tactile timing aid.
  - 18. A computer-readable storage device as recited in claim 12, further comprising instructions for providing the user with advance knowledge of the timing aid.
  - 19. A computer-readable storage device as recited in claim 12, further comprising instructions for associating the selected access code with a user identification code and for denying access to a user that does not provide both the selected access code and the associated user identification code associated.
  - 20. A computer-readable storage device as recited in claim 12, wherein said computer is disposed in a network.
  - 21. A computer-readable storage device as recited in claim 12, wherein said computer is disposed in a hand-held electronic device.
  - 22. A computer-readable storage device as recited in claim 12, wherein said computer is disposed in a cellular telephone.
  - 23. A computer-readable storage device as recited in claim 12, further comprising instructions for providing false timing prompts to the user.
  - 24. A computer-readable storage device as recited in claim 12, further comprising instructions for receiving ghost characters from the user.
  - 25. A computer-readable storage device as recited in claim 24, further comprising instructions for causing said ghost characters to be disregarded when determining whether the entered access code matches the stored access code character sequence.

26. A computer-implemented method for user authentication, wherein the computer is coupled to a database including a first access code for a user and a pace, rhythm, or tempo associated with said first access code, comprising:
- providing, via an output device, at least one of a visual, auditory, and tactile timing prompt;
  
  receiving, via an input device, a second access code and determining a pace, rhythm, or tempo at which the second access code was entered; and
  
  authenticating the user by determining that the entered second access code matches the stored first access code and that the pace, rhythm, or tempo at which the second access code was entered matches the stored pace, rhythm, or tempo associated with the stored first access code.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 27. A method as recited in claim 26, further comprising granting access to a domain, wherein the domain comprises a physical location.
  - 28. A method as recited in claim 26, further comprising granting access to a domain, wherein the domain comprises a software program.
  - 29. A method as recited in claim 26, further comprising granting access to a domain, wherein the domain comprises a file.
  - 30. A method as recited in claim 26, further comprising granting access to a domain, wherein the domain comprises a bank account.
  - 31. A method as recited in claim 26, further comprising altering the pace, rhythm, or tempo associated with the stored first access code.
  - 32. A method as recited in claim 26, wherein the timing prompt is a visual timing aid.
  - 33. A method as recited in claim 26, wherein the timing prompt is an audible timing aid.
  - 34. A method as recited in claim 26, wherein the timing prompt is a tactile timing aid.
  - 35. A method as recited in claim 26, further comprising providing the user with advance knowledge of the timing prompt.
  - 36. A method as recited in claim 26, further comprising associating the first access code with a user identification code and authenticating the user only if the user provides a correct user identification code.
  - 37. A method as recited in claim 26, wherein said computer is disposed in or communicatively coupled to a hand-held electronic device.
  - 38. A method as recited in claim 26, wherein said computer is disposed in or communicatively coupled to a cellular telephone.
  - 39. A method as recited in claim 26, wherein said computer is disposed in or communicatively coupled to an automated teller machine (ATM).
  - 40. A method as recited in claim 26, further comprising providing false timing prompts.
  - 41. A method as recited in claim 26, further comprising receiving and recognizing ghost characters.
  - 42. A method as recited in claim 41, further comprising disregarding said ghost characters when determining whether the entered second access code matches the stored first access code.

43. A computer-implemented system for user authentication, wherein the computer is coupled to a database including a first access code for a user and a pace, rhythm, or tempo associated with said first access code, comprising:
- means for providing the user with at least one of a visual, auditory, and tactile timing prompt to assist the user with entering the access code;
  
  means for receiving a second access code from the user and determining a pace, rhythm, or tempo at which the second access code was entered by the user;
  
  means for authenticating the user by determining that the entered second access code matches the stored first access code and that the pace, rhythm, or tempo at which the second access code was entered matches the stored pace, rhythm, or tempo associated with the stored first access code; and
  
  means for granting access to the user to a domain.
- View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59)
- - 44. A system as recited in claim 43, wherein the domain comprises a physical location.
  - 45. A system as recited in claim 43, wherein the domain comprises a software program.
  - 46. A system as recited in claim 43, wherein the domain comprises a file.
  - 47. A system as recited in claim 43, wherein the domain comprises a bank account.
  - 48. A system as recited in claim 43, further comprising means for altering the pace, rhythm, or tempo associated with the stored first access code.
  - 49. A system as recited in claim 43, wherein the timing prompt is a visual timing aid.
  - 50. A system as recited in claim 43, wherein the timing prompt is an audible timing aid.
  - 51. A system as recited in claim 43, wherein the timing prompt is a tactile timing aid.
  - 52. A system as recited in claim 43, further comprising means for providing the user with advance knowledge of the timing prompt.
  - 53. A system as recited in claim 43, further comprising means for associating the first access code with a user identification code and authenticating the user only if the user provides a correct user identification code.
  - 54. A system as recited in claim 43, wherein said computer is disposed in or communicatively coupled to a hand-held electronic device.
  - 55. A system as recited in claim 43, wherein said computer is disposed in or communicatively coupled to a cellular telephone.
  - 56. A system as recited in claim 43, wherein said computer is disposed in or communicatively coupled to an automated teller machine (ATM).
  - 57. A system as recited in claim 43, further comprising means for providing false timing prompts to the user.
  - 58. A system as recited in claim 43, further comprising receiving and recognizing ghost characters from the user.
  - 59. A system as recited in claim 43, further comprising means for disregarding said ghost characters when determining whether the entered second access code matches the stored first access code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
S Aqua Semiconductor LLC (Intellectual Ventures LLC)
Original Assignee
Fastfixnet LLC (Intellectual Ventures LLC)
Inventors
Serpa, Michael Lawrence
Primary Examiner(s)
Smithers; Matthew B

Application Number

US11/187,345
Publication Number

US 20050273624A1
Time in Patent Office

1,650 Days
Field of Search

713/184
US Class Current

713/184
CPC Class Codes

G06F 21/31 User authentication

G06F 21/316 by observing the pattern of...

System and method for user authentication with enhanced passwords

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

59 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for user authentication with enhanced passwords

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

59 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links