Authentication method of random partial digitized path recognition with a challenge built into the path
First Claim
1. An interactive method for authentication of a client, comprising:
- storing data defining a graphical representation of a frame of reference adapted for rendering on a display, the frame of reference including a number N of pre-defined locations in the frame of reference having coordinates on the frame of reference;
storing a data set associated with the client in a memory, the data set including a first shared secret and a second shared secret,the first shared secret comprising data identifying a first plurality of the pre-defined locations defining an ordered path on the frame of reference, andthe second shared secret comprising data identifying a second plurality of the pre-defined locations on the frame of reference;
receiving via a first data communication, a client identifier from the client and initiating an authentication session;
presenting via a second data communication, to the client an instance of the graphical representation of the frame of reference in response to the request for use in the authentication session, includingcomposing the instance by positioning characters in the number N of pre-defined locations according to a pattern different than used in other authentication sessions with the client, the characters consisting of members of a character set including M members, where N is greater than 2M, andin which characters in the second plurality of pre-defined locations identified by the second shared secret comprise a challenge pointing to pre-defined locations on the ordered path in which characters comprising a response are positioned in the instance;
accepting input data from the client via a third data communication, the input data including characters entered by the client using an input device; and
determining whether the input data matches the response pointed to by the challenge and if the input data matches, signaling successful authentication, and if the input data does not match, signaling failed authentication.
1 Assignment
0 Petitions
Accused Products
Abstract
An interactive method for authentication is based on two shared secrets, including a first shared secret in the form of an ordered path on the frame of reference, and a second shared secret in the form of locations on the frame of reference at which characters identifying a subset of the ordered path are to be displayed. An instance of the frame of reference comprises a set of characters which is arranged in a random or other irregular pattern. Authentication requires that a user enter the characters in the displayed instance of the frame of reference found in the locations in the random subset of the ordered path by indicating characters either in these locations, or any other locations having the same characters. Thus, a secret challenge identifying the random partial subset is embedded within the displayed instance of the graphical representation of the frame of reference.
-
Citations
18 Claims
-
1. An interactive method for authentication of a client, comprising:
-
storing data defining a graphical representation of a frame of reference adapted for rendering on a display, the frame of reference including a number N of pre-defined locations in the frame of reference having coordinates on the frame of reference; storing a data set associated with the client in a memory, the data set including a first shared secret and a second shared secret, the first shared secret comprising data identifying a first plurality of the pre-defined locations defining an ordered path on the frame of reference, and the second shared secret comprising data identifying a second plurality of the pre-defined locations on the frame of reference; receiving via a first data communication, a client identifier from the client and initiating an authentication session; presenting via a second data communication, to the client an instance of the graphical representation of the frame of reference in response to the request for use in the authentication session, including composing the instance by positioning characters in the number N of pre-defined locations according to a pattern different than used in other authentication sessions with the client, the characters consisting of members of a character set including M members, where N is greater than 2M, and in which characters in the second plurality of pre-defined locations identified by the second shared secret comprise a challenge pointing to pre-defined locations on the ordered path in which characters comprising a response are positioned in the instance; accepting input data from the client via a third data communication, the input data including characters entered by the client using an input device; and determining whether the input data matches the response pointed to by the challenge and if the input data matches, signaling successful authentication, and if the input data does not match, signaling failed authentication. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. An authentication system for a client, comprising:
-
data processing resources, including a processor, memory and a communication interface; data stored in said memory defining a graphical representation of a frame of reference adapted for rendering on a display, the frame of reference including pre-defined locations in the frame of reference having coordinates on the frame of reference; a data set stored in the memory comprising a client identifier, a first shared secret comprising data identifying a first plurality of the pre-defined locations defining an ordered path on the frame of reference, and a second shared secret comprising data identifying a second plurality of the pre-defined locations on the frame of reference; and an authentication server comprising executable instructions stored in said memory adapted for execution by the data processing resources, including logic to receive via a first data communication, a client identifier from the client and initiate an authentication session; logic to generate and present to the client an instance of the graphical representation of the frame of reference via a second data communication, for use in the authentication session, including composing the instance by positioning characters in the number N of pre-defined locations according to a pattern different than used in other authentication sessions with the client, the characters consisting of members of a character set including M members, where N is greater than 2M, and in which characters in the second plurality of pre-defined locations identified by the second shared secret comprise a challenge pointing to pre-defined locations on the ordered path in which characters comprising a response are positioned in the instance; logic to accept input data from the client via a third data communication, the input data including characters entered by the client using an input device; and logic to determine whether the input data matches the response pointed to by the challenge, and if the input data matches, to signal successful authentication, and if the input data does not match, to signal failed authentication. - View Dependent Claims (16, 17, 18)
-
Specification