Method and system for abstracted and randomized one-time use passwords for transactional authentication
First Claim
1. A user authentication method comprising execution, by a processing system, of the steps of:
- receiving a request from a user to initiate an authentication session, the request comprising a unique identifier of the user;
accessing, using the unique identifier, a record stored in memory associated with the user, the stored record comprising at least code value complexity preference data and a user-defined keyword consisting of an ordered sequence of symbols comprising members of a predetermined symbol set selected from one or more symbol sets supported by the processing system, wherein the symbols of the ordered sequence have been previously selected by the user independently of other users'"'"' selections;
generating a one-time security matrix which is valid only for the user during the authentication session, and which comprises a mapping between each symbol within the predetermined symbol set and a code value which is specific to the authentication session and randomly selected from a code set which is distinct from the predetermined symbol set;
transmitting the one-time security matrix for presentation to the user;
receiving an ordered sequence of code values selected from the one-time security matrix and input by the user in response to presentation of the one-time security matrix, and the user'"'"'s interpretation of the one-time security matrix according to the code value complexity preference data, wherein the interpretation of the one-time security matrix according to the code value complexity preference data causes the order of the ordered sequence of code values to be unknown to the user prior to the presentation of the one-time security matrix;
validating the received ordered sequence of code values by comparison with a corresponding sequence of code values generated, but not transmitted, by the processing system based upon the user-defined keyword in the stored record, the code value complexity preference data and the one-time security matrix; and
generating an authentication result of the authentication session based upon the comparison.
3 Assignments
0 Petitions
Accused Products
Abstract
A security system and method for authenticating a user'"'"'s access to a system is disclosed. The security system receives an authentication request from the user and responds by generating a security matrix based on a previously stored user keyword and user preference data, the security matrix being different for each authentication request. The security system sends the security matrix to the user and awaits a one-time code in response to the security matrix. The user forms the one-time code based on the user keyword, the user preferences, and the security matrix. The security system validates the one-time code against the security matrix, the keyword, and the user preferences, and responds by sending an authentication result to the user that either permits or denies access to the system. Additionally, the security system sends a success or fail message to the system to be accessed.
-
Citations
24 Claims
-
1. A user authentication method comprising execution, by a processing system, of the steps of:
-
receiving a request from a user to initiate an authentication session, the request comprising a unique identifier of the user; accessing, using the unique identifier, a record stored in memory associated with the user, the stored record comprising at least code value complexity preference data and a user-defined keyword consisting of an ordered sequence of symbols comprising members of a predetermined symbol set selected from one or more symbol sets supported by the processing system, wherein the symbols of the ordered sequence have been previously selected by the user independently of other users'"'"' selections; generating a one-time security matrix which is valid only for the user during the authentication session, and which comprises a mapping between each symbol within the predetermined symbol set and a code value which is specific to the authentication session and randomly selected from a code set which is distinct from the predetermined symbol set; transmitting the one-time security matrix for presentation to the user; receiving an ordered sequence of code values selected from the one-time security matrix and input by the user in response to presentation of the one-time security matrix, and the user'"'"'s interpretation of the one-time security matrix according to the code value complexity preference data, wherein the interpretation of the one-time security matrix according to the code value complexity preference data causes the order of the ordered sequence of code values to be unknown to the user prior to the presentation of the one-time security matrix; validating the received ordered sequence of code values by comparison with a corresponding sequence of code values generated, but not transmitted, by the processing system based upon the user-defined keyword in the stored record, the code value complexity preference data and the one-time security matrix; and generating an authentication result of the authentication session based upon the comparison. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A user authentication apparatus comprising:
-
a data store containing one or more records, each of which is associated with a user by a unique identifier and comprises at least code value complexity preference data and a user-defined keyword consisting of an ordered sequence of symbols comprising members of a predetermined symbol set selected from one or more symbol sets supported by a processing system, wherein the symbols of the ordered sequence have been previously selected by the user independently of other users'"'"' selections; and a hardware processor comprising at least one processing unit and stored program instructions which, when executed, cause the at least one processing unit to; receive a request from the user to initiate an authentication session, the request comprising the unique identifier associated with the user; access in the data store, using the unique identifier, the stored one or more records associated with the user; generate a one-time security matrix which is valid only for the user during the authentication session, and which comprises a mapping between each symbol within the predetermined symbol set and a code value which is specific to the authentication session and randomly selected from a code set which is distinct from the predetermined symbol set; transmit the one-time security matrix for presentation to the user; receive an ordered sequence of code values selected from the one-time security matrix and input by the user in response to presentation of the one-time security matrix, and the user'"'"'s interpretation of the one-time security matrix according to the code value complexity preference data, wherein the interpretation of the one-time security matrix according to the code value complexity preference data causes the order of the ordered sequence of code values to be unknown to the user prior to the presentation of the one-time security matrix; validate the received ordered sequence of code values by comparison with a corresponding sequence of code values generated, but not transmitted, by the processing system based upon the user-defined keyword in the stored one or more records, the code value complexity preference data and the one-time security matrix; and generate an authentication result of the authentication session based upon the comparison. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. A tangible, non-transitory, computer-readable medium comprising computer-executable instructions recorded thereon which, when executed by a hardware processor result in implementation of a method comprising the steps of:
-
receiving a request from a user to initiate an authentication session, the request comprising a unique identifier of the user; accessing, using the unique identifier, a stored record associated with the user, the stored record comprising at least code value complexity preference data and a user-defined keyword consisting of an ordered sequence of symbols comprising members of a predetermined symbol set selected from one or more symbol sets supported by the hardware processor, wherein the symbols of the ordered sequence have been previously selected by the user independently of other users'"'"' selections; generating a one-time security matrix which is valid only for the user during the authentication session, and which comprises a mapping between each symbol within the predetermined symbol set and a code value which is specific to the authentication session and randomly selected from a code set which is distinct from the predetermined symbol set; transmitting the one-time security matrix for presentation to the user; receiving an ordered sequence of code values selected from the one-time security matrix and input by the user in response to presentation of the one-time security matrix, and the user'"'"'s interpretation of the one-time security matrix according to the code value complexity preference data, wherein the interpretation of the one-time security matrix according to the code value complexity preference data causes the order of the ordered sequence of code values to be unknown to the user prior to the presentation of the one-time security matrix; validating the received ordered sequence of code values by comparison with a corresponding sequence of code values generated, but not transmitted, by the hardware processor based upon the user-defined keyword in the stored record, the code value complexity preference data and the one-time security matrix; and generating an authentication result of the authentication session based upon the comparison.
-
Specification