System for two way authentication

US 8,931,060 B2
Filed: 01/06/2012
Issued: 01/06/2015
Est. Priority Date: 07/01/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented online authentication system having at least two levels of authentication including a first level of authentication and a second level of authentication, said system comprising:

a plurality of client devices having;

sensing means adapted to sense an incoming authentication request on said client device on successful completion of the first level of authentication and provide a sensed signal;

graphical display means adapted to generate a grid comprising dots having pre-determined coordinates, said graphical display means further adapted to display the grid on a display of the client device on receiving the sensed signal;

drawing means to reproduce a vector pattern comprising definitive lines formed by sequentially joining pre-determined dots in the grid, wherein the vector pattern has a specific length and a specific direction and passes through specific coordinates in the grid, the drawing means to reproduce further configured to produce a graphical password comprising the vector pattern;

accepting means adapted to receive the graphical password and to generate an accepted password, wherein the accepted password includes the vector pattern;

encoding means adapted to receive the accepted password and to encode the accepted password into a unique signature;

transmitter means adapted to transmit the unique signature over a wireless communication channel;

a web server remotely co-operating with the client devices, the web server having;

a repository to store user credentials and graphical passwords, each of the graphical passwords having a corresponding specific length, specific direction, specific pattern, and specific coordinates, said repository having a lookup table to match a user'"'"'s client device identification number with a graphical password in the repository;

receiving means adapted to receive the unique signature from the client device along with a client device identification number;

decoding means adapted to decode the unique signature and provided a decoded password;

pattern matching means adapted to match the length, direction, pattern, and coordinates corresponding to the decoded password and the client device identification number with a corresponding entry in the lookup table and further adapted to generate a status indicator; and

authorization means adapted to grant access to privileged information/service/URL to users based on a success status indicator, wherein the success status indicator is generated only in the event that the pattern, length, direction, and coordinates corresponding to the decoded password exactly match the pattern, length, direction, and coordinates of the stored defined graphical password.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for online authentication having at least two levels of authentication has been disclosed. The two levels of authentication provide total security of privileged information by requiring users to authenticate themselves in two stages/levels. The first level of authentication involves simple alphanumeric password verification, which if successful, is followed by a second level of graphical password verification. The graphical password verification is based on the novel concept of challenging users with a dotted grid to enable users to create a non-definable vector pattern of definitive lines by sequentially joining pre-determined dots in the grid.

17 Citations

View as Search Results

15 Claims

1. A computer-implemented online authentication system having at least two levels of authentication including a first level of authentication and a second level of authentication, said system comprising:
- a plurality of client devices having;
  
  sensing means adapted to sense an incoming authentication request on said client device on successful completion of the first level of authentication and provide a sensed signal;
  
  graphical display means adapted to generate a grid comprising dots having pre-determined coordinates, said graphical display means further adapted to display the grid on a display of the client device on receiving the sensed signal;
  
  drawing means to reproduce a vector pattern comprising definitive lines formed by sequentially joining pre-determined dots in the grid, wherein the vector pattern has a specific length and a specific direction and passes through specific coordinates in the grid, the drawing means to reproduce further configured to produce a graphical password comprising the vector pattern;
  
  accepting means adapted to receive the graphical password and to generate an accepted password, wherein the accepted password includes the vector pattern;
  
  encoding means adapted to receive the accepted password and to encode the accepted password into a unique signature;
  
  transmitter means adapted to transmit the unique signature over a wireless communication channel;
  
  a web server remotely co-operating with the client devices, the web server having;
  
  a repository to store user credentials and graphical passwords, each of the graphical passwords having a corresponding specific length, specific direction, specific pattern, and specific coordinates, said repository having a lookup table to match a user'"'"'s client device identification number with a graphical password in the repository;
  
  receiving means adapted to receive the unique signature from the client device along with a client device identification number;
  
  decoding means adapted to decode the unique signature and provided a decoded password;
  
  pattern matching means adapted to match the length, direction, pattern, and coordinates corresponding to the decoded password and the client device identification number with a corresponding entry in the lookup table and further adapted to generate a status indicator; and
  
  authorization means adapted to grant access to privileged information/service/URL to users based on a success status indicator, wherein the success status indicator is generated only in the event that the pattern, length, direction, and coordinates corresponding to the decoded password exactly match the pattern, length, direction, and coordinates of the stored defined graphical password.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-implemented system as claimed in claim 1, wherein the vector pattern comprises at least three definitive lines.
  - 3. The computer-implemented system as claimed in claim 1, wherein the client device is selected from the group of devices consisting of a mobile phone, a wireless telecommunication device, a personal digital assist, a node, a personal computer, a laptop, a digitizer and a notebook.
  - 4. The computer-implemented system as claimed in claim 1, wherein the drawing means to reproduce the graphical password is selected from the group of devices consisting of a stylus, direction keys of the client device, pre-designated keys provided on the keypad of the client device and touch screen interface of the client device.
  - 5. The computer-implemented system as claimed in claim 1, wherein the accepting means accepts the reproduced graphical password in the form of co-ordinates of the reproduced pattern on the grid.
  - 6. The computer-implemented system as claimed in claim 1, wherein the transmitter means transmits the unique signature over the wireless communication channel in forms selected from the group comprising of text message, multimedia message and packet based data.
  - 7. The computer-implemented system as claimed in claim 1, wherein the client device includes an embedded application for providing the at least two levels of authentication.
  - 8. The computer-implemented system as claimed in claim 1, wherein the client device includes an embedded application, the embedded application comprising a simulation tool to enable users to practice the graphical password.
  - 9. The computer-implemented system as claimed in claim 1, wherein the web server comprises registration means adapted to register users and their details including the name, IP address/identification number of the client device, the pre-determined username, alphanumeric password and the graphical password.
  - 10. The computer-implemented system as claimed in claim 1, wherein the web server comprises a fraud detection engine to capture and identify client device characteristics, geo position and behavior to detect suspect transactions.

11. A method for providing online authentication for secure access to Internet enabled services, said method comprising the following steps:
- a. registering a username, an alphanumeric password, a graphical password and a client device identification number for each user, wherein the registered graphical password includes a vector pattern having a specific length and a specific direction and passes through specific dots having pre-determined coordinates in a grid;
  
  b. storing the registration details in a repository;
  
  c. sensing a request for a first level of authentication;
  
  d. accepting a username and a alphanumeric password for the first level of authentication;
  
  e. generating a grid comprising dots having pre-determined coordinates and displaying the grid on a client device on successful completion of the first level of authentication;
  
  f. providing tools for drawing a graphical password on the client device, wherein the graphical password comprises a vector pattern having a specific length and a specific direction and passes through dots having specific coordinates;
  
  g. accepting the graphical password;
  
  h. encoding the graphical password into a unique signature;
  
  i. transmitting the encoded graphical password in the form of the unique signature to a web server for verification;
  
  j. decoding the unique signature at the web server into the graphical password;
  
  k. matching the pattern, length, direction, and coordinates of the decoded graphical password with the pattern, length, direction, and coordinates of the registered graphical password; and
  
  l. authorizing the user to access the Internet enabled service only in the event that the pattern, length, direction, and coordinates of the decoded graphical password exactly match the pattern, length, direction, and coordinates of the registered graphical password.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method as claimed in claim 11, wherein the step of registering the graphical password includes the step of providing a vector pattern by sequentially joining pre-determined dots having pre-determined coordinates to form definitive lines on a dotted grid.
  - 13. The method as claimed in claim 11, wherein the step of encoding the graphical password includes the step of converting the graphical password to a unique signature.
  - 14. The method as claimed in claim 11, wherein the step of transmitting the encoded graphical password includes the steps of packing the encoded graphical password in a text message/multimedia message/in the form of data packets and sending over the wireless communication channel.
  - 15. The method as claimed in claim 11, wherein the step of matching the pattern, length, direction, and coordinates of the decoded graphical password with the pattern, length, direction, and coordinates of the registered graphical password further includes matching the sequences followed for connecting the dots in the grid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
TATA Consultancy Services Limited (Tata Sons Pvt Ltd.)
Original Assignee
TATA Consultancy Services Limited (Tata Sons Pvt Ltd.)
Inventors
Bidare, Prasanna
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
TRUONG, THONG P

Application Number

US13/344,762
Publication Number

US 20120102551A1
Time in Patent Office

1,096 Days
Field of Search

726/4, 726/2, 726/18
US Class Current

726/4
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/36   by graphic or iconic repres...

H04L 2209/80   Wireless network architectu...

H04L 2463/082   applying multi-factor authe...

H04L 9/3226   using a predetermined code,...

H04L 9/3247   involving digital signatures

H04W 12/06   Authentication

H04W 12/77   Graphical identity

System for two way authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

17 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

System for two way authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others