Method and system for abstracted and randomized one-time use passwords for transactional authentication

US 8,869,255 B2
Filed: 10/25/2011
Issued: 10/21/2014
Est. Priority Date: 11/30/2010
Status: Expired due to Fees

First Claim

Patent Images

1. A user authentication method comprising execution, by a processing system, of the steps of:

receiving a request from a user to initiate an authentication session, the request comprising a unique identifier of the user;

accessing, using the unique identifier, a record stored in memory associated with the user, the stored record comprising at least code value complexity preference data and a user-defined keyword consisting of an ordered sequence of symbols comprising members of a predetermined symbol set selected from one or more symbol sets supported by the processing system, wherein the symbols of the ordered sequence have been previously selected by the user independently of other users'"'"' selections;

generating a one-time security matrix which is valid only for the user during the authentication session, and which comprises a mapping between each symbol within the predetermined symbol set and a code value which is specific to the authentication session and randomly selected from a code set which is distinct from the predetermined symbol set;

transmitting the one-time security matrix for presentation to the user;

receiving an ordered sequence of code values selected from the one-time security matrix and input by the user in response to presentation of the one-time security matrix, and the user'"'"'s interpretation of the one-time security matrix according to the code value complexity preference data, wherein the interpretation of the one-time security matrix according to the code value complexity preference data causes the order of the ordered sequence of code values to be unknown to the user prior to the presentation of the one-time security matrix;

validating the received ordered sequence of code values by comparison with a corresponding sequence of code values generated, but not transmitted, by the processing system based upon the user-defined keyword in the stored record, the code value complexity preference data and the one-time security matrix; and

generating an authentication result of the authentication session based upon the comparison.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security system and method for authenticating a user'"'"'s access to a system is disclosed. The security system receives an authentication request from the user and responds by generating a security matrix based on a previously stored user keyword and user preference data, the security matrix being different for each authentication request. The security system sends the security matrix to the user and awaits a one-time code in response to the security matrix. The user forms the one-time code based on the user keyword, the user preferences, and the security matrix. The security system validates the one-time code against the security matrix, the keyword, and the user preferences, and responds by sending an authentication result to the user that either permits or denies access to the system. Additionally, the security system sends a success or fail message to the system to be accessed.

24 Citations

View as Search Results

24 Claims

1. A user authentication method comprising execution, by a processing system, of the steps of:
- receiving a request from a user to initiate an authentication session, the request comprising a unique identifier of the user;
  
  accessing, using the unique identifier, a record stored in memory associated with the user, the stored record comprising at least code value complexity preference data and a user-defined keyword consisting of an ordered sequence of symbols comprising members of a predetermined symbol set selected from one or more symbol sets supported by the processing system, wherein the symbols of the ordered sequence have been previously selected by the user independently of other users'"'"' selections;
  
  generating a one-time security matrix which is valid only for the user during the authentication session, and which comprises a mapping between each symbol within the predetermined symbol set and a code value which is specific to the authentication session and randomly selected from a code set which is distinct from the predetermined symbol set;
  
  transmitting the one-time security matrix for presentation to the user;
  
  receiving an ordered sequence of code values selected from the one-time security matrix and input by the user in response to presentation of the one-time security matrix, and the user'"'"'s interpretation of the one-time security matrix according to the code value complexity preference data, wherein the interpretation of the one-time security matrix according to the code value complexity preference data causes the order of the ordered sequence of code values to be unknown to the user prior to the presentation of the one-time security matrix;
  
  validating the received ordered sequence of code values by comparison with a corresponding sequence of code values generated, but not transmitted, by the processing system based upon the user-defined keyword in the stored record, the code value complexity preference data and the one-time security matrix; and
  
  generating an authentication result of the authentication session based upon the comparison.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1 wherein the user-defined keyword is stored in encrypted form.
  - 3. The method of claim 1 wherein the step of generating the one-time security matrix comprises arranging the symbols within the predetermined symbol set in a random order.
  - 4. The method of claim 1 wherein the step of generating the one-time security matrix comprises arranging the symbols within the predetermined symbol set in an alphabetical order.
  - 5. The method of claim 1 wherein:
    - the step of receiving the request from the user comprises receiving the request from a secure system distinct from the processing system, the secure system having a corresponding secure system identifier;
      
      the request further comprises the secure system identifier; and
      
      the step of generating the one-time security matrix is based upon preferences associated with the secure system identifier.
  - 6. The method of claim 5 wherein the step of transmitting the one-time security matrix for presentation to the user comprises:
    - transmitting the one-time security matrix to the secure system;
      
      the secure system constructing a custom representation of the one-time security matrix; and
      
      the secure system presenting the custom representation of the one-time security matrix to the user.
  - 7. The method of claim 5 wherein the step of generating the one-time security matrix includes randomly selecting code values from a code set determined in accordance with preferences associated with the secure system identifier.
  - 8. The method of claim 5 wherein the step of receiving an ordered sequence of code values input by the user further comprises receiving the unique identifier of the user and the secure system identifier.
  - 9. The method of claim 1 wherein the step of generating the one-time security matrix comprises randomly selecting code values such that the one-time security matrix is different from any previously generated one-time security matrix.
  - 10. The method of claim 1 further comprising transmitting a session identifier to a secure system to which the user is granted access based upon the authentication result.
  - 11. The method of claim 1 wherein the predetermined symbol set comprises alphabetical characters, and wherein the code set is a set of numerical values.
  - 12. The method of claim 11 wherein the stored record associated with the user comprises user preferences including an offset value, and wherein the step of validating the received ordered sequence of code values comprises generating a corresponding sequence of code values based upon the user-defined keyword in the stored record, the one-time security matrix mapping of symbols to the numerical values of the code set, and calculation of modified code values based upon the offset value.
  - 13. The method of claim 11 wherein the stored record associated with the user comprises user preferences including a crawl value, and wherein the step of validating the received ordered sequence of code values comprises generating a corresponding sequence of code values based upon the user-defined keyword in the stored record, the one-time security matrix mapping of symbols to the numerical values of the code set, and calculation of modified code values based upon the crawl value.
  - 14. The method of claim 11 wherein the stored record associated with the user comprises user preferences including a jump value, and wherein the step of validating the received ordered sequence of code values comprises generating a corresponding sequence of code values based upon the user-defined keyword in the stored record, the one-time security matrix mapping of symbols to the numerical values of the code set, and calculation of modified code values based upon the jump value.
  - 15. The method of claim 11 wherein the stored record associated with the user comprises user preferences including a mask value, and wherein the step of validating the received ordered sequence of code values comprises generating a corresponding sequence of code values based upon the user-defined keyword in the stored record, the one-time security matrix mapping of symbols to the numerical values of the code set, and calculation of modified code values based upon the mask value.
  - 16. The method of claim 1 wherein the stored record associated with a user comprises an alternative user-defined keyword consisting of an ordered sequence of symbols selected from the predetermined symbol set, and wherein:
    - the step of validating the received ordered sequence of code values further comprises performing a comparison with a corresponding sequence of code values generated, but not transmitted, by the processing system based upon the alternative user-defined keyword in the stored record, the code value complexity preference data and the one-time security matrix; and
      
      in the event that the comparison results in a match, generating the authentication result of the authentication session comprising a panic indication.

17. A user authentication apparatus comprising:
- a data store containing one or more records, each of which is associated with a user by a unique identifier and comprises at least code value complexity preference data and a user-defined keyword consisting of an ordered sequence of symbols comprising members of a predetermined symbol set selected from one or more symbol sets supported by a processing system, wherein the symbols of the ordered sequence have been previously selected by the user independently of other users'"'"' selections; and
  
  a hardware processor comprising at least one processing unit and stored program instructions which, when executed, cause the at least one processing unit to;
  
  receive a request from the user to initiate an authentication session, the request comprising the unique identifier associated with the user;
  
  access in the data store, using the unique identifier, the stored one or more records associated with the user;
  
  generate a one-time security matrix which is valid only for the user during the authentication session, and which comprises a mapping between each symbol within the predetermined symbol set and a code value which is specific to the authentication session and randomly selected from a code set which is distinct from the predetermined symbol set;
  
  transmit the one-time security matrix for presentation to the user;
  
  receive an ordered sequence of code values selected from the one-time security matrix and input by the user in response to presentation of the one-time security matrix, and the user'"'"'s interpretation of the one-time security matrix according to the code value complexity preference data, wherein the interpretation of the one-time security matrix according to the code value complexity preference data causes the order of the ordered sequence of code values to be unknown to the user prior to the presentation of the one-time security matrix;
  
  validate the received ordered sequence of code values by comparison with a corresponding sequence of code values generated, but not transmitted, by the processing system based upon the user-defined keyword in the stored one or more records, the code value complexity preference data and the one-time security matrix; and
  
  generate an authentication result of the authentication session based upon the comparison.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. A security system comprising:
    - a user-authentication apparatus according to claim 17;
      
      a secure system for which the user requires authentication, and which is configured to;
      
      receive the unique identifier of the user;
      
      transmit the request to initiate the authentication session to the user-authentication apparatus, the request comprising the unique identifier of the user;
      
      receive, from the user-authentication apparatus, the one-time security matrix;
      
      present the one-time security matrix to the user;
      
      receive, from the user, the ordered sequence of code values selected from the one-time security matrix;
      
      transmit the ordered sequence of code values to the user-authentication apparatus; and
      
      receive, from the user-authentication apparatus, the authentication result.
  - 19. The security system of claim 18 wherein the secure system is further configured to generate a custom representation of the one-time security matrix for presentation to the user.
  - 20. The security system of claim 18 wherein the secure system is further configured to comprise a web server interface, wherein input is received from the user and the one-time security matrix is presented to the user via a web browser operated by the user.
  - 21. The security system of claim 18 wherein the secure system comprises an automatic teller machine.
  - 22. The security system of claim 18 wherein the secure system comprises a point-of-sale terminal.
  - 23. The security system of claim 18 wherein the secure system is further configured to comprise a web server interface, and the security system further comprises a computer system executing a web browser operated on behalf of the user by a customer representative associated with the secure system.

24. A tangible, non-transitory, computer-readable medium comprising computer-executable instructions recorded thereon which, when executed by a hardware processor result in implementation of a method comprising the steps of:
- receiving a request from a user to initiate an authentication session, the request comprising a unique identifier of the user;
  
  accessing, using the unique identifier, a stored record associated with the user, the stored record comprising at least code value complexity preference data and a user-defined keyword consisting of an ordered sequence of symbols comprising members of a predetermined symbol set selected from one or more symbol sets supported by the hardware processor, wherein the symbols of the ordered sequence have been previously selected by the user independently of other users'"'"' selections;
  
  generating a one-time security matrix which is valid only for the user during the authentication session, and which comprises a mapping between each symbol within the predetermined symbol set and a code value which is specific to the authentication session and randomly selected from a code set which is distinct from the predetermined symbol set;
  
  transmitting the one-time security matrix for presentation to the user;
  
  receiving an ordered sequence of code values selected from the one-time security matrix and input by the user in response to presentation of the one-time security matrix, and the user'"'"'s interpretation of the one-time security matrix according to the code value complexity preference data, wherein the interpretation of the one-time security matrix according to the code value complexity preference data causes the order of the ordered sequence of code values to be unknown to the user prior to the presentation of the one-time security matrix;
  
  validating the received ordered sequence of code values by comparison with a corresponding sequence of code values generated, but not transmitted, by the hardware processor based upon the user-defined keyword in the stored record, the code value complexity preference data and the one-time security matrix; and
  
  generating an authentication result of the authentication session based upon the comparison.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forticode Limited
Original Assignee
Forticom Group Ltd. (VK Co., Ltd.)
Inventors
Smales, Antony
Primary Examiner(s)
Shaw, Brian F

Application Number

US13/281,330
Publication Number

US 20120137352A1
Time in Patent Office

1,092 Days
Field of Search

726/19, 726/5, 726/6, 726/7, 726/18, 713/202, 713/182, 713/193
US Class Current

726/7
CPC Class Codes

G06F 21/31   User authentication

G06F 21/36   by graphic or iconic repres...

G06F 21/83   input devices, e.g. keyboar...

H04L 63/0838   using one-time-passwords

H04L 9/3226   using a predetermined code,...

H04L 9/3271   using challenge-response

Method and system for abstracted and randomized one-time use passwords for transactional authentication

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for abstracted and randomized one-time use passwords for transactional authentication

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links