Method and system for providing a secure login solution using one-time passwords
First Claim
1. A method for enabling a user to obtain access to protected resources, the method comprising:
- (a) providing a matrix to the user via a display means, the matrix containing, in random positions, the individual characters contained in a static PIN code previously defined by the user, with the remaining positions of the matrix filled exclusively by randomly selected characters;
(b) receiving from the user, via an input means;
(i) identification information that identifies the user; and
(ii) a single passcode which is generated by the user in response to providing the matrix, the passcode comprising two distinct components;
(A) a variable component, the variable component comprising characters selected by the user from those contained in the matrix based on a login combination previously defined by the user, the login combination comprising a specific number of characters entered in a specific, user defined sequential pattern, the pattern determined solely by relative positions of the characters in the matrix; and
(B) the static PIN code previously defined by the user, the characters of which are contained in the matrix;
(c) an authentication process performed by a computer processor, wherein the user obtains access to the protected resources when;
(i) the user supplied identification information matches identification information associated with the user; and
(ii) the user supplied passcode comprises both the static PIN code associated with the user and the variable component comprising the characters from the matrix matching the login combination associated with the user.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and system for a secure login solution for users logging into computers and systems that require authentication is provided incorporating one-time passwords. The method and system allows a user to establish a login key combination in relation to a login key structure. The login key combination is in association with an identification means, such as a username/ID, and allows the user to generate a one-time passcode in response to a random login key. The method and system is directed at situations where the user desires to log into a system from a computer or other electronic device that may not be secure, including for example from computers or devices other than the user'"'"'s own and/or by using a communications connection that may not be secure, such as a wireless network connection. The method and system is simple and easy to implement and does not require the use of physical devices.
230 Citations
3 Claims
-
1. A method for enabling a user to obtain access to protected resources, the method comprising:
-
(a) providing a matrix to the user via a display means, the matrix containing, in random positions, the individual characters contained in a static PIN code previously defined by the user, with the remaining positions of the matrix filled exclusively by randomly selected characters; (b) receiving from the user, via an input means; (i) identification information that identifies the user; and (ii) a single passcode which is generated by the user in response to providing the matrix, the passcode comprising two distinct components; (A) a variable component, the variable component comprising characters selected by the user from those contained in the matrix based on a login combination previously defined by the user, the login combination comprising a specific number of characters entered in a specific, user defined sequential pattern, the pattern determined solely by relative positions of the characters in the matrix; and (B) the static PIN code previously defined by the user, the characters of which are contained in the matrix; (c) an authentication process performed by a computer processor, wherein the user obtains access to the protected resources when; (i) the user supplied identification information matches identification information associated with the user; and (ii) the user supplied passcode comprises both the static PIN code associated with the user and the variable component comprising the characters from the matrix matching the login combination associated with the user.
-
-
2. A system for authenticating a user requesting access to protected resources, the system comprising:
-
(a) a display means linked to a computer providing instructions to the user, including a matrix containing, in random positions, the individual characters contained in a static PIN code previously defined by the user, with the remaining positions of the matrix filled exclusively by randomly selected characters; (b) an input means linked to the computer enabling the user to supply information allowing the system to determine the user identity and a passcode generated by the user; (c) a means for storing and retrieving the user credentials, the user credentials comprising; (i) identification information associated with the user to establish the identity of the user; and (ii) a login combination previously defined by the user, the login combination comprising a specific number of characters entered in a specific, user defined sequential pattern, the pattern determined solely by relative positions of the characters in the matrix; and (iii) the static PIN code previously defined by the user; (d) an authentication facility linked to the computer, the authentication facility providing instructions to the computer to; (i) provide the matrix to the user via the display means; (ii) receive from the user, via the input means, the identification information associated with the user and a passcode generated by the user; (iii) the authentication facility performing an authentication process, wherein the user obtains access to the protected resources when; (A) the user supplied identification information matches the identification information associated with the user; and (B) the user supplied passcode comprises both the static PIN code associated with the user and the characters from the matrix matching the login combination associated with the user.
-
-
3. A computer program product, for use on a computer, the computer program product comprising:
-
(a) a computer usable storage medium, excluding signals; and (b) computer readable program code recorded or storable on the computer usable storage medium, the computer readable program code defining an authentication application which, when executed by the computer, causes the computer to perform a method for enabling a user to obtain access to protected resources, comprising the steps of; (i) providing a matrix to the user via a display means, the matrix containing, in random positions, the individual characters contained in a static PIN code previously defined by the user, with the remaining positions of the matrix filled exclusively by randomly selected characters; (ii) receiving from the user, via an input means, identification information associated with the user and a passcode generated by the user; (iii) performing an authentication process wherein the user obtains access to the protected resources when; (A) the user supplied identification information matches the identification information associated with the user; and (B) the user supplied passcode comprises both the static PIN code associated with the user and, the characters from the matrix matching a login combination associated with the user, the login combination comprising a specific number of characters entered in a specific, user defined sequential pattern, the pattern determined solely by relative positions of the characters in the matrix.
-
Specification