Establishing a secure channel with a human user
First Claim
Patent Images
1. A method performed by a computer system including a processor and a memory communicatively coupled to the processor, the memory storing instructions that, when executed by the processor, cause the computer system to perform the method, the method comprising:
- rendering a first identifier to a user, the first identifier comprising a plurality of characters, wherein an offset between at least one character of the first identifier and a corresponding character of a secret identifier is negative;
receiving an input from the user, the input indicating a plurality of offsets between the characters of the first identifier and corresponding characters of the secret identifier;
determining, based on the input and the first identifier, whether the user demonstrates knowledge of the secret identifier; and
authenticating or not authenticating the user based upon the outcome of said determining step.
3 Assignments
0 Petitions
Accused Products
Abstract
A method of establishing a secure channel between a human user and a computer application is described. A secret unique identifier (“PIN”) is shared between a user and an application. When the user makes a request that involves utilizing the PIN for authentication purposes, the application renders a randomly selected identifier. The randomly selected identifier is in a format that is recognizable to a human but is not readily recognizable by an automated agent. The randomly selected identifier is then presented to the human user. The user identifies the relationship between the randomly selected identifier and the PIN. If the user'"'"'s input reflects the fact that the user knows the PIN, then the user is authenticated.
-
Citations
12 Claims
-
1. A method performed by a computer system including a processor and a memory communicatively coupled to the processor, the memory storing instructions that, when executed by the processor, cause the computer system to perform the method, the method comprising:
-
rendering a first identifier to a user, the first identifier comprising a plurality of characters, wherein an offset between at least one character of the first identifier and a corresponding character of a secret identifier is negative; receiving an input from the user, the input indicating a plurality of offsets between the characters of the first identifier and corresponding characters of the secret identifier; determining, based on the input and the first identifier, whether the user demonstrates knowledge of the secret identifier; and authenticating or not authenticating the user based upon the outcome of said determining step. - View Dependent Claims (2, 3, 4)
-
-
5. A method performed by a computer system including a processor and a memory communicatively coupled to the processor, the memory storing instructions that, when executed by the processor, cause the computer system to perform the method, the method comprising:
-
displaying a first identifier to a user, the first identifier comprising a plurality of characters, wherein an offset between at least one character of the first identifier and a corresponding character of a secret identifier is negative; receiving an input from the user, the input indicating a plurality of offsets between the characters of the first identifier and corresponding characters of the second identifier; and determining whether the input and the first identifier are related to the second identifier in a predefined manner.
-
-
6. A system comprising;
-
a display; a memory for storing information concerning a secret identifier; and a processor configured for executing instructions stored in the memory, the instructions, when executed by the processor, being configured to cause the processor to; display a first identifier to a user, the first identifier comprising a plurality of characters, wherein an offset between at least one character of the first identifier and a corresponding character of a secret identifier is negative, receive an input from the user, the input indicating a plurality of offsets between the characters of the first identifier and corresponding characters of the secret identifier, make a first determination, based on the input, whether the user demonstrates knowledge of the secret identifier, and determine whether to authenticate the user based upon the first determination. - View Dependent Claims (7)
-
-
8. A non-transitory computer-readable storage medium comprising program code, the program code being operable, when executed by a computer system comprising a processor, to cause the system to perform steps comprising:
-
rendering a first identifier to a user, the first identifier comprising a plurality of characters, wherein an offset between at least one character of the first identifier and a corresponding character of a secret identifier is negative; receiving an input from the user, the input indicating a plurality of offsets between the characters of the first identifier and corresponding characters of the secret identifier; determining, based on the input and the first identifier, whether the user demonstrates knowledge of the secret identifier; and authenticating or not authenticating the user based upon the outcome of said determining step. - View Dependent Claims (9, 10, 11)
-
-
12. A non-transitory computer-readable storage medium comprising program code, the program code being operable, when executed by a computer system comprising a processor, to cause the system to perform steps comprising:
-
displaying a first identifier to a user, the first identifier comprising a plurality of characters, wherein an offset between at least one character of the first identifier and a corresponding character of a secret identifier is negative; receiving an input from the user, the input indicating a plurality of offsets between the characters of the first identifier and corresponding characters of the second identifier; and determining whether the input and the first identifier are related to the second identifier in a predefined manner.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeIntertrust Technologies Corporation (Fidelio Acquisition Co LLC)
-
Original AssigneeIntertrust Technologies Corporation (Fidelio Acquisition Co LLC)
-
InventorsPinkas, Binyamin, Haber, Stuart A., Tarjan, Robert E., Sander, Tomas
-
Primary Examiner(s)Dinh, Minh
-
Application NumberUS11/609,822Publication NumberTime in Patent Office2,037 DaysField of SearchNoneUS Class Current726/7CPC Class CodesG06F 21/36 by graphic or iconic repres...G06Q 20/341 Active cards, i.e. cards in...G06Q 20/4097 using mutual authentication...G07C 9/33 by means of a passwordG07F 7/10 together with a coded signa...G07F 7/1008 Active credit-cards provide...G07F 7/1025 Identification of user by a...G09C 5/00 Ciphering apparatus or meth...H04L 63/083 using passwords cryptograph...H04L 63/10 for controlling access to d...H04L 9/3226 using a predetermined code,...H04L 9/3271 using challenge-responseH04W 12/06 AuthenticationH04W 12/08 Access securityH04W 12/77 Graphical identity
