Establishing a secure channel with a human user
First Claim
1. A method performed by a computer system including a processor and a memory communicatively coupled to the processor, the memory storing instructions that, when executed by the processor, cause the computer system to perform the method, the method comprising:
- rendering a first identifier to a user, the first identifier comprising a plurality of characters, wherein an offset between at least one character of the first identifier and a corresponding character of a secret identifier is negative;
receiving an input from the user, the input indicating a plurality of offsets between the characters of the first identifier and corresponding characters of the secret identifier;
determining, based on the input and the first identifier, whether the user demonstrates knowledge of the secret identifier; and
authenticating or not authenticating the user based upon the outcome of said determining step.
3 Assignments
0 Petitions
Accused Products
Abstract
A method of establishing a secure channel between a human user and a computer application is described. A secret unique identifier (“PIN”) is shared between a user and an application. When the user makes a request that involves utilizing the PIN for authentication purposes, the application renders a randomly selected identifier. The randomly selected identifier is in a format that is recognizable to a human but is not readily recognizable by an automated agent. The randomly selected identifier is then presented to the human user. The user identifies the relationship between the randomly selected identifier and the PIN. If the user'"'"'s input reflects the fact that the user knows the PIN, then the user is authenticated.
-
Citations
12 Claims
-
1. A method performed by a computer system including a processor and a memory communicatively coupled to the processor, the memory storing instructions that, when executed by the processor, cause the computer system to perform the method, the method comprising:
-
rendering a first identifier to a user, the first identifier comprising a plurality of characters, wherein an offset between at least one character of the first identifier and a corresponding character of a secret identifier is negative; receiving an input from the user, the input indicating a plurality of offsets between the characters of the first identifier and corresponding characters of the secret identifier; determining, based on the input and the first identifier, whether the user demonstrates knowledge of the secret identifier; and authenticating or not authenticating the user based upon the outcome of said determining step. - View Dependent Claims (2, 3, 4)
-
-
5. A method performed by a computer system including a processor and a memory communicatively coupled to the processor, the memory storing instructions that, when executed by the processor, cause the computer system to perform the method, the method comprising:
-
displaying a first identifier to a user, the first identifier comprising a plurality of characters, wherein an offset between at least one character of the first identifier and a corresponding character of a secret identifier is negative; receiving an input from the user, the input indicating a plurality of offsets between the characters of the first identifier and corresponding characters of the second identifier; and determining whether the input and the first identifier are related to the second identifier in a predefined manner.
-
-
6. A system comprising;
-
a display; a memory for storing information concerning a secret identifier; and a processor configured for executing instructions stored in the memory, the instructions, when executed by the processor, being configured to cause the processor to; display a first identifier to a user, the first identifier comprising a plurality of characters, wherein an offset between at least one character of the first identifier and a corresponding character of a secret identifier is negative, receive an input from the user, the input indicating a plurality of offsets between the characters of the first identifier and corresponding characters of the secret identifier, make a first determination, based on the input, whether the user demonstrates knowledge of the secret identifier, and determine whether to authenticate the user based upon the first determination. - View Dependent Claims (7)
-
-
8. A non-transitory computer-readable storage medium comprising program code, the program code being operable, when executed by a computer system comprising a processor, to cause the system to perform steps comprising:
-
rendering a first identifier to a user, the first identifier comprising a plurality of characters, wherein an offset between at least one character of the first identifier and a corresponding character of a secret identifier is negative; receiving an input from the user, the input indicating a plurality of offsets between the characters of the first identifier and corresponding characters of the secret identifier; determining, based on the input and the first identifier, whether the user demonstrates knowledge of the secret identifier; and authenticating or not authenticating the user based upon the outcome of said determining step. - View Dependent Claims (9, 10, 11)
-
-
12. A non-transitory computer-readable storage medium comprising program code, the program code being operable, when executed by a computer system comprising a processor, to cause the system to perform steps comprising:
-
displaying a first identifier to a user, the first identifier comprising a plurality of characters, wherein an offset between at least one character of the first identifier and a corresponding character of a secret identifier is negative; receiving an input from the user, the input indicating a plurality of offsets between the characters of the first identifier and corresponding characters of the second identifier; and determining whether the input and the first identifier are related to the second identifier in a predefined manner.
-
Specification