Authentication method of field contents based challenge and enumerated pattern of field positions based response in random partial digitized path recognition system
First Claim
1. A method for identification and verification of a user at a client platform in a client/server, computer-networking system that implements an authentication server, the method using an authentication credential as a shared secret with the authentication server, the authentication credential comprising a data set identifying an enumerated pattern of fields on a frame of reference, the fields in the enumerated pattern having locations on the frame of reference and numbered positions in the enumerated pattern;
- the method comprising;
using a data processing machine or data processing machines, establishing one or more communication channels to the authentication server, and sending a user identifier via said one or more communication channels to the authentication server;
receiving a session specific instance of the frame of reference as a result of successful identification of the user identifier by the authentication server, from the authentication server, from an application synchronized with a logical function used to produce an instance at the authentication server or from a combination of the authentication server and an application, the session-specific instance of the frame of reference having fields filled with a session-specific content, wherein the session-specific content comprises characters that are members of a set of characters;
rendering an interface on a display including a graphical representation of the session-specific instance of the frame of reference;
using an authentication challenge including a plurality of challenge characters from said set of characters, to determine a subset of session-specific numbered positions in the enumerated pattern of fields at which said plurality of challenge characters match the characters in said session-specific instance of the frame of reference;
sending authentication response data via said one or more communication channels to the authentication server, the response data identifying said session-specific numbered positions in the enumerated pattern, said session specific numbered positions being usable by the authentication server as part of a verification process; and
receiving a signal via said one or more communication channels from the authentication server that indicates completion of the verification process.
1 Assignment
0 Petitions
Accused Products
Abstract
An interactive method for authentication is based on a shared secret which is in the form of an enumerated pattern of fields on a frame of reference. An instance of the frame of reference comprises an array of characters in which the characters are arranged in a random or other irregular pattern on a grid of content fields. An authentication challenge includes characters from the character set, and is delivered in- or out-of-band. The authentication response includes the enumerated position numbers on the enumerated pattern of the field locations on the grid at which the challenge characters are found.
57 Citations
44 Claims
-
1. A method for identification and verification of a user at a client platform in a client/server, computer-networking system that implements an authentication server, the method using an authentication credential as a shared secret with the authentication server, the authentication credential comprising a data set identifying an enumerated pattern of fields on a frame of reference, the fields in the enumerated pattern having locations on the frame of reference and numbered positions in the enumerated pattern;
- the method comprising;
using a data processing machine or data processing machines, establishing one or more communication channels to the authentication server, and sending a user identifier via said one or more communication channels to the authentication server; receiving a session specific instance of the frame of reference as a result of successful identification of the user identifier by the authentication server, from the authentication server, from an application synchronized with a logical function used to produce an instance at the authentication server or from a combination of the authentication server and an application, the session-specific instance of the frame of reference having fields filled with a session-specific content, wherein the session-specific content comprises characters that are members of a set of characters; rendering an interface on a display including a graphical representation of the session-specific instance of the frame of reference; using an authentication challenge including a plurality of challenge characters from said set of characters, to determine a subset of session-specific numbered positions in the enumerated pattern of fields at which said plurality of challenge characters match the characters in said session-specific instance of the frame of reference; sending authentication response data via said one or more communication channels to the authentication server, the response data identifying said session-specific numbered positions in the enumerated pattern, said session specific numbered positions being usable by the authentication server as part of a verification process; and receiving a signal via said one or more communication channels from the authentication server that indicates completion of the verification process. - View Dependent Claims (2, 3, 4, 5, 6, 7)
- the method comprising;
-
8. An interactive method for authentication of a client, comprising:
-
storing data defining a graphical representation of a frame of reference adapted for rendering on a display, the frame of reference including a number N of pre-defined fields having locations on the frame of reference; storing a data set associated with the client in a memory, the data set including a shared secret, the shared secret comprising data identifying an enumerated pattern of fields on a frame of reference, the fields in the enumerated pattern having locations on the frame of reference and the locations having numbered positions in the enumerated pattern; receiving via data communications, a client identifier from the client and initiating a request for use in an authentication session; presenting using data communications, to the client an instance of the graphical representation of the frame of reference in response to the request for use in the authentication session, the instance including characters in the number N of pre-defined fields according to a pattern different than used in other authentication sessions with the client, the characters consisting of members of a character set including M members, where N is greater than or equal to 2M, and using challenge characters known or delivered to the client via data communications, which match characters in the fields at a session-specific subset of the locations along the enumerated pattern, whereby the position numbers of said session-specific subset comprise an authentication response for the instance; accepting input data from the client via data communications, the input data including said authentication response entered by the client using an input device; and determining whether the input data matches the authentication response, and if the input data matches, signaling successful authentication, and if the input data does not match, signaling failed authentication. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. An interactive method for authentication of a client, comprising:
-
storing data defining a graphical representation of a frame of reference adapted for rendering on a display, the frame of reference including a number N of pre-defined fields in the frame of reference having locations on the frame of reference; storing a data set associated with the client in a memory, the data set including a first shared secret and a second shared secret, the first shared secret comprising data identifying a first enumerated pattern of fields on a frame of reference, the fields in the first enumerated pattern having locations in the frame of reference and the locations have numbered positions in the first enumerated pattern, and the second shared secret comprising data identifying a second enumerated pattern of fields on a frame of reference, the fields in the second enumerated pattern having locations in the frame of reference and the locations have numbered positions in the second enumerated pattern; receiving via a first data communication, a client identifier from the client and initiating a request for use in an authentication session; presenting via a second data communication, to the client an instance of the graphical representation of the frame of reference in response to the request for use in the authentication session, the instance including characters positioned in the number N of pre-defined fields according to a pattern different than used in other authentication sessions with the client, the characters consisting of members of a character set including M members, where N is greater than or equal to 2M, and in which characters in the fields of the second enumerated pattern comprise challenge characters which match characters in the fields at a session-specific subset of the locations along the first enumerated pattern, whereby the position numbers of said session-specific subset comprise an authentication response for the instance; accepting input data from the client via a third data communication, the input data including said authentication response entered by the client using an input device; and determining whether the input data matches the authentication response, and if the input data matches, signaling successful authentication, and if the input data does not match, signaling failed authentication.
-
-
21. A client-server authentication system to authenticate a client, comprising:
-
data processing resources, including one or more processors, memory and a communication interface; data stored in said memory defining a graphical representation of a frame of reference adapted for rendering on a display, the frame of reference including a number N of pre-defined fields in the frame of reference having locations on the frame of reference, and including data including authentication credentials for clients, the authentication credential for a particular client comprising a data set identifying a first enumerated pattern of fields on a frame of reference, the fields in the first enumerated pattern having locations in the frame of reference and the locations have numbered positions in the first enumerated pattern; the data processing resources including executable instructions stored in said memory adapted for execution by the processor, including logic to receive via data communications, a client identifier from the client and initiating a request for use in an authentication session; present using data communications, to the client an instance of the graphical representation of the frame of reference in response to the request for use in the authentication session, the instance including characters positioned in the number N of pre-defined fields according to a pattern different than used in other authentication sessions with the client, the characters consisting of members of a character set including M members, where N is greater than or equal to 2M, and to use challenge characters known or delivered to the client via data communications, which match characters in the fields at a session-specific subset of the locations along the enumerated pattern, whereby the position numbers of said session-specific subset comprise an authentication response for the instance; accept input data from the client via data communications, the input data including said authentication response entered by the client using an input device; and determine whether the input data matches the authentication response, and if the input data matches, to signal successful authentication, and if the input data does not match, to signal failed authentication. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A computer program stored on a non-transitory computer readable medium and executable by a computer to authenticate a client, comprising instructions to:
-
use data stored in a memory defining a graphical representation of a frame of reference adapted for rendering on a display, the frame of reference including a number N of pre-defined fields in the frame of reference having locations on the frame of reference, and including data including authentication credentials for clients, the authentication credential for a particular client comprising a data set identifying a first enumerated pattern of fields on a frame of reference, the fields in the first enumerated pattern having locations in the frame of reference and the locations have numbered positions in the first enumerated pattern; receive via data communications, a client identifier from the client and initiating a request for use in an authentication session; present using data communications, to the client an instance of the graphical representation of the frame of reference in response to the request for use in the authentication session, the instance including characters positioned in the number N of pre-defined fields according to a pattern different than used in other authentication sessions with the client, the characters consisting of members of a character set including M members, where N is greater than or equal to 2M, and to use challenge characters known or delivered to the client via data communications, which match characters in the fields at a session-specific subset of the locations along the enumerated pattern, whereby the position numbers of said session-specific subset comprise an authentication response for the instance; accept input data from the client via data communications, the input data including said authentication response entered by the client using an input device; and determine whether the input data matches the authentication response, and if the input data matches, to signal successful authentication, and if the input data does not match, to signal failed authentication. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
-
Specification