Method for improving security in login and single sign-on procedures
First Claim
1. A method for authenticating a client, comprising:
- initiating a procedure for creating a password for the client in response to a creation of an account in the name thereof by transmitting a request from the service provider to an authentication authority,determining a password for the client and storing the created password at the authentication authority,generating at the authentication authority upon a login attempt by the client a number of strings of random characters, the number of strings being at least equal to the number of characters in the password and assigning each password character to a specific string, the strings being ordered following the sequence of characters in the password,receiving from the authentication authority the strings to the client and presenting each string of the strings in a different column to the client that allows the client to select each character of the password in a correct order from the respective strings,receiving selections aligning the password characters by displacing or sliding the columns relative to each other without changing an ordering of the characters of the string within its respective column; and
verifying the client'"'"'s password based on the selections aligning the password characters at the authentication authority for the service provider thus enabling upon the verification of the password a sign-on to the account of the client with a service provider.
4 Assignments
0 Petitions
Accused Products
Abstract
In a method for improving client'"'"'s login and sign-on security in accessing services offered by service providers over shared network resources such as Internet and particularly working within the framework of the www, a password is created for the client at a first attempt to access the service provider. The client'"'"'s password is generated either at an authentication authority in trust relationship with the service provider and transmitted to the client, or the client is allowed to create his or her password on the basis of random character sequences transmitted from the authentication authority. For subsequent access to the service provider the authentication authority presents a client for characters in ordered sequences or in a diagram containing in an appropriate order a single occurrence of each password character. The client performs a selection of the password for validation and transmits the validation back to the authentication authority, which verifies the password and informs the service provider of the verification. In a most preferred embodiment the password characters are never transmitted between the authentication authority and the client in a validation and verification procedure, and the former is wholly disconnected from either the client'"'"'s credentials or any transactions subsequently to be undertaken between the service provider and the client.
-
Citations
20 Claims
-
1. A method for authenticating a client, comprising:
-
initiating a procedure for creating a password for the client in response to a creation of an account in the name thereof by transmitting a request from the service provider to an authentication authority, determining a password for the client and storing the created password at the authentication authority, generating at the authentication authority upon a login attempt by the client a number of strings of random characters, the number of strings being at least equal to the number of characters in the password and assigning each password character to a specific string, the strings being ordered following the sequence of characters in the password, receiving from the authentication authority the strings to the client and presenting each string of the strings in a different column to the client that allows the client to select each character of the password in a correct order from the respective strings, receiving selections aligning the password characters by displacing or sliding the columns relative to each other without changing an ordering of the characters of the string within its respective column; and verifying the client'"'"'s password based on the selections aligning the password characters at the authentication authority for the service provider thus enabling upon the verification of the password a sign-on to the account of the client with a service provider. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for authenticating a client, comprising:
-
receiving from an authentication authority a number of strings, the number of strings being at least equal to the number of characters in a password used to authenticate the client, wherein each of the characters of the password are assigned to a specific string, the strings being ordered following the sequence of characters in the password; displaying each of the strings in one of;
a separate row and a separate column;receiving a selection of each character of the password from at least a number of displayed strings as the number of characters in the password by changing a relative displayed position of one or more of the displayed strings with regard to the other displayed strings without changing an ordering of the characters in the string; and transmitting the selected characters of the password to the authentication authority for authentication of the client. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A computer-readable storage medium, excluding signals, that stores computer-executable instructions for authenticating a client, comprising:
-
receiving a number of strings being at least equal to the number of characters in a password used to authenticate the client, wherein each of the characters of the password are assigned to a specific string, the strings being ordered following the sequence of characters in the password; displaying each of the strings in one of;
a separate row and a separate column;receiving a selection of each character of the password from at least a number of displayed strings as the number of characters in the password by changing a relative position of one or more of the displayed strings with regard to the other displayed strings without changing an ordering of the characters in the string; and transmitting the selected characters of the password to the authentication authority for authentication of the client. - View Dependent Claims (18, 19, 20)
-
Specification