Authentication method of enumerated pattern of field positions based challenge and enumerated pattern of field positions based response through interaction between two credentials in random partial digitized path recognition system

US 8,955,074 B2
Filed: 10/23/2012
Issued: 02/10/2015
Est. Priority Date: 10/23/2012
Status: Active Grant

First Claim

Patent Images

1. A method for identification and verification of a user at a client platform in a client/server, computer-networking system that implements an authentication server, the method using an authentication credential as a shared secret with the authentication server, the authentication credential comprising a data set (i) identifying a first enumerated pattern of fields on a frame of reference, and (ii) identifying a second enumerated pattern of fields on the frame of reference;

the fields in the first and second enumerated patterns having locations on the frame of reference, and numbered positions in the corresponding enumerated patterns;

the method comprising;

using a data processing machine or data processing machines, establishing one or more communication channels to the authentication server, and sending a user identifier via said one or more communication channels to the authentication server;

receiving a session specific instance of the frame of reference as a result of successful identification of the user identifier by the authentication server, from the authentication server, from an application synchronized with a logical function used to produce an instance at the authentication server or from a combination of the authentication server and an application, the session-specific instance of the frame of reference having fields filled with a session-specific content, wherein the session-specific content comprises characters that are members of a set of characters;

rendering an interface on a display including a graphical representation of the session-specific instance of the frame of reference where;

a subset of the fields in the first enumerated pattern are populated by characters in said session specific instance identifying a first session specific set of numbered positions of fields along the second enumerated pattern, andcharacters in the fields having the first session specific set of numbered positions in the second enumerated pattern match characters in fields at locations on said session specific instance having a second session specific set of numbered positions in the first enumerated pattern;

sending authentication response data via said one or more communication channels to the authentication server, the response data identifying said second session specific set of numbered positions in the first enumerated pattern, data identifying said second session specific set of numbered positions in the first enumerated pattern being usable by the authentication server as part of a verification process; and

receiving a signal via said one or more communication channels from the authentication server that indicates completion of the verification process.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An interactive method for authentication is based on two shared secrets, both shared secrets in the form of an ordered path on the frame of reference. An instance of the frame of reference comprises a set of characters which is arranged in a random or other irregular pattern. The first step of authentication that a user performs requires the user to remember one or all of the characters in the displayed instance of the frame of reference found in the locations in the random subset of the first ordered path by indicating characters either in these locations, or any other locations having the same characters. The second step of authentication requires that a user enter the position of the second ordered path, which only they know during an authentication session, where the challenge identifying the position of the ordered path is the single or multiple values that matches the value of the digital content of the frame of reference.

Citations

40 Claims

1. A method for identification and verification of a user at a client platform in a client/server, computer-networking system that implements an authentication server, the method using an authentication credential as a shared secret with the authentication server, the authentication credential comprising a data set (i) identifying a first enumerated pattern of fields on a frame of reference, and (ii) identifying a second enumerated pattern of fields on the frame of reference;
- the fields in the first and second enumerated patterns having locations on the frame of reference, and numbered positions in the corresponding enumerated patterns;
  
  the method comprising;
  
  using a data processing machine or data processing machines, establishing one or more communication channels to the authentication server, and sending a user identifier via said one or more communication channels to the authentication server;
  
  receiving a session specific instance of the frame of reference as a result of successful identification of the user identifier by the authentication server, from the authentication server, from an application synchronized with a logical function used to produce an instance at the authentication server or from a combination of the authentication server and an application, the session-specific instance of the frame of reference having fields filled with a session-specific content, wherein the session-specific content comprises characters that are members of a set of characters;
  
  rendering an interface on a display including a graphical representation of the session-specific instance of the frame of reference where;
  
  a subset of the fields in the first enumerated pattern are populated by characters in said session specific instance identifying a first session specific set of numbered positions of fields along the second enumerated pattern, andcharacters in the fields having the first session specific set of numbered positions in the second enumerated pattern match characters in fields at locations on said session specific instance having a second session specific set of numbered positions in the first enumerated pattern;
  
  sending authentication response data via said one or more communication channels to the authentication server, the response data identifying said second session specific set of numbered positions in the first enumerated pattern, data identifying said second session specific set of numbered positions in the first enumerated pattern being usable by the authentication server as part of a verification process; and
  
  receiving a signal via said one or more communication channels from the authentication server that indicates completion of the verification process.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, including rendering the interface using a first data processing machine, and sending authentication response data using a second data processing machine.
  - 3. The method of claim 1, wherein the set of characters consists of a number N1 of characters, and the session-specific instance of the frame of reference includes a number N2 of locations populated by characters from the set of characters, where N2 is equal to or greater than a multiple M times N1, and the multiple M is at least 2.
  - 4. The method of claim 1, wherein the set of characters consists of a number of characters, and each character in the set of characters is included in at least two fields having locations on the session-specific instance of the frame of reference.
  - 5. The method of claim 1, wherein for a given session-specific instance of the frame of reference, if there are no locations in the first enumerated pattern that include a character matching one of the challenge characters, then applying a rule to determine a character to include in the response data.
  - 6. The method of claim 1, wherein said second session specific set of numbered positions in the first enumerated pattern is identified in the response data by characters in the character set.

7. An interactive method for authentication of a client using a computer, comprising:
- storing data defining a graphical representation of a frame of reference adapted for rendering on a display, the frame of reference including a number N of pre-defined fields having locations on the frame of reference;
  
  storing a data set associated with the client in a memory, the data set including a first and second shared secrets, the first shared secret comprising data identifying a first enumerated pattern of fields oil a frame of reference, and the second shared secret comprising data identifying a second enumerated pattern of fields on the frame of reference, the fields in the first and second enumerated patterns having locations on the frame of reference and numbered positions in the corresponding enumerated patterns;
  
  producing an instance of the frame of reference, in which locations in the frame of reference are populated by members of a set of characters, where;
  
  a subset of the fields in the first enumerated pattern are populated by characters in said instance identifying a first session specific set of numbered positions of fields along the second enumerated pattern, andcharacters in the fields having the first session specific set of numbered positions in the second enumerated pattern match characters in fields at locations on said instance having a second session specific set of numbered positions in the first enumerated pattern;
  
  accepting input data from the client in response to said instance, the input data identifying one or more numbered positions in the first enumerated pattern; and
  
  determining whether the input data identifies said second session specific set of numbered positions in the first enumerated pattern; and
  
  if the input data identifies said second session specific set of numbered positions, signaling successful authentication.
- View Dependent Claims (8, 9, 10)
- - 8. The method of claim 7, including sending to the client said instance of the frame of reference by sending an electronic document executable by the client to render said instance.
  - 9. The method of claim 7, wherein the set of characters consists of a number N1 of characters, and the instance of the frame of reference includes a number N2 of locations populated by characters from the set of characters, where N2 is equal to or greater than a multiple M times N1, and the multiple M is at least 2.
  - 10. The method of claim 7, wherein said producing an instance of the frame of reference includes executing logical function at the authentication server that is synchronized with an application used to produce an instance at the client.

11. A client-server authentication system to authenticate a client, comprising:
- data processing resources, including one or more processors, memory and a communication interface;
  
  data stored in said memory including authentication credentials, where an authentication credential for a particular client comprises a data set associated with the client in a memory, the data set including a first and second shared secrets, the first shared secret comprising data identifying a first enumerated pattern of fields on a frame of reference, and the second shared secret comprising data identifying a second enumerated pattern of fields on the frame of reference, the fields in the first and second enumerated patterns having locations on the frame of reference and numbered positions in the corresponding enumerated patterns;
  
  the data processing resources including executable instructions stored in said memory adapted for execution by the processor, including logic;
  
  to produce an instance of the frame of reference in which the locations are populated by members of a set of characters;
  
  where;
  
  a subset of the fields in the first enumerated pattern are populated by characters in said instance identifying a first session specific set of numbered positions of fields along the second enumerated pattern, andcharacters in the fields having the first session specific set of numbered positions in the second enumerated pattern match characters in fields at locations on said instance having a second session specific set of numbered positions in the first enumerated pattern;
  
  to accept input data from the client in response to said instance, the input data identifying one or more numbered positions in the first enumerated pattern; and
  
  to determine whether the input data identifies said second session specific set of numbered positions in the first enumerated pattern; and
  
  if the input data identifies said second session specific set of numbered positions, signaling successful authentication.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11, including logic to send to the client said instance of the frame of reference by sending to the client an electronic document executable by the client to render said instance.
  - 13. The system of claim 11, wherein the set of characters consists of a number N1 of characters, and the instance of the frame of reference includes a number N2 of locations populated by characters from the set of characters, where N2 is equal to or greater than a multiple M times N1, and the multiple M is at least 5.
  - 14. The system of claim 11, including logic to send to the client said instance of the frame of reference using a first communication medium.
  - 15. The system of claim 11, wherein said logic to produce an instance of the frame of reference includes a logical function characterized in that it can be synchronized with an application used to produce an instance at the client.

16. A non-transitory computer readable medium storing a computer program that causes a computer to authenticate a client, comprising instructions to:
- store data in a memory including authentication credentials, where an authentication credential for a particular client comprises a data set associated with the client in a memory, the data set including a first and second shared secrets, the first shared secret comprising data identifying a first enumerated pattern of fields on a frame of reference, and the second shared secret comprising data identifying a second enumerated pattern of fields on the frame of reference, the fields in the first and second enumerated patterns having locations on the frame of reference and numbered positions in the corresponding enumerated patterns;
  
  to produce an instance of the frame of reference in which the locations are populated by members of a set of characters;
  
  where;
  
  a subset of the fields in the first enumerated pattern are populated by characters in said instance identifying a first session specific set of numbered positions of fields along the second enumerated pattern, andcharacters in the fields of said instance having the first session specific set of numbered positions in the second enumerated pattern match characters in fields at locations on said instance having a second session specific set of numbered positions in the first enumerated pattern;
  
  to accept input data from the client in response to said instance, the input data identifying one or more numbered positions in the first enumerated pattern; and
  
  to determine whether the input data identifies said second session specific set of numbered positions in the first enumerated pattern; and
  
  if the input data identifies said second session specific set of numbered positions, to signal successful authentication.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory computer readable medium of claim 16, said instructions including logic to send to the client said instance of the frame of reference by sending to the client an electronic document executable by the client to render said instance.
  - 18. The non-transitory computer readable medium of claim 16, wherein the set of characters consists of a number N1 of characters, and the instance of the frame of reference includes a number N2 of locations populated by characters from the set of characters, where N2 is equal to or greater than a multiple M times N1, and the multiple M is at least 5.
  - 19. The non-transitory computer readable medium of claim 16, said instructions including logic to send to the client said instance of the frame of reference using a first communication medium.
  - 20. The non-transitory computer readable medium of claim 16, wherein said logic to produce an instance of the frame of reference includes a logical function characterized in that it can be synchronized with an application used to produce an instance at the client.

21. A method for identification and verification of a user at a client platform in a client/server, computer-networking system that implements an authentication server, the method using an authentication credential as a shared secret with the authentication server, the authentication credential comprising a data set (i) identifying a first enumerated pattern of fields on a first frame of reference, and (ii) identifying a second enumerated pattern of fields on a second frame of reference, the fields in the first and second enumerated patterns having locations on the corresponding one of the first and second frames of reference, and numbered positions in the corresponding enumerated patterns;
- the method comprising;
  
  using a data processing machine or data processing machines, establishing one or more communication channels to the authentication server, and sending a user identifier via said one or more communication channels to the authentication server;
  
  receiving a first session specific instance of the first frame of reference and a second session specific instance of the second frame of reference, in which fields locations in said first and second frames of reference are populated by members of a set of characters as a result of successful identification of the user identifier by the authentication server, from the authentication server, from an application synchronized with a logical function used to produce an instance at the authentication server or from a combination of the authentication server and an application, the first and second session-specific instances having fields filled with a session-specific content, wherein the session-specific content comprises characters that are members of a set of characters;
  
  rendering an interface or interfaces on one or more displays including graphical representations of the first and second session-specific instances where;
  
  a subset of the fields in said first session specific instance in the first enumerated pattern are populated by characters identifying a first session specific set of numbered positions of fields along the second enumerated pattern, andcharacters in the fields in said second session specific instance having the first session specific set of numbered positions in the second enumerated pattern match characters in fields at locations on said first session specific instance having a second session specific set of numbered positions in the first enumerated pattern;
  
  sending authentication response data via said one or more communication channels to the authentication server, the response data identifying said second session specific set of numbered positions in the first enumerated pattern, data identifying said second session specific set of numbered positions in the first enumerated pattern being usable by the authentication server as part of a verification process; and
  
  receiving a signal via said one or more communication channels from the authentication server that indicates completion of the verification process.
- View Dependent Claims (22, 23, 24, 25, 26)
- - 22. The method of claim 21, including rendering a first interface including the first session specific instance, using a first data processing machine, rendering a second interface including the second session specific instance using a second data processing machine, and sending authentication response data using one of the first and second data processing machines.
  - 23. The method of claim 21, wherein the set of characters consists of a number N1 of characters, and the first and second session-specific instances include a number N2 of locations populated by characters from the set of characters, where N2 is equal to or greater than a multiple M times N1, and the multiple M is at least 2.
  - 24. The method of claim 21, wherein the set of characters consists of a number of characters, and each character in the set of characters is included in at least two fields on the first and second session-specific instances.
  - 25. The method of claim 21, wherein for a given one of the first session-specific instance of the frame of reference, if there are no fields in the first enumerated pattern that include a character matching a character in the one of the fields in said second session specific instance having the first session specific set of numbered positions, then applying a rule to determine a character to include in the response data.
  - 26. The method of claim 21, wherein said second session specific set of numbered positions in the first enumerated pattern is identified in the response data by characters in the character set.

27. An interactive method for authentication of a client using a computer, comprising:
- storing data defining a graphical representation of a frame of reference adapted for rendering on a display, the frame of reference including a number N of pre-defined fields having locations on the frame of reference;
  
  storing a data set associated with the client in a memory, the data set (i) identifying a first enumerated pattern of fields on a first frame of reference, and (ii) identifying a second enumerated pattern of fields on a second frame of reference, the fields in the first and second enumerated patterns having locations on the corresponding one of the first and second frames of reference, and numbered positions in the corresponding enumerated patterns;
  
  producing a first session specific instance of the first frame of reference and a second session specific instance of the second frame of reference, in which fields locations in said first and second frames of reference are populated by members of a set of characters, where;
  
  a subset of the fields in said first session specific instance in the first enumerated pattern are populated by characters identifying a first session specific set of numbered positions of fields along the second enumerated pattern, andcharacters in the fields in said second session specific instance haying the first session specific set of numbered positions in the second enumerated pattern match characters in fields at locations on said first session specific instance having a second session specific set of numbered positions in the first enumerated pattern;
  
  accepting input data from the client in response to said instance, the input data identifying one or more numbered positions in the first enumerated pattern; and
  
  determining whether the input data identifies said second session specific set of numbered positions in the first enumerated pattern; and
  
  if the input data identifies said second session specific set of numbered positions, signaling successful authentication.
- View Dependent Claims (28, 29, 30)
- - 28. The method of claim 27, including sending to the client said first session-specific instance by sending an electronic document executable by the client to render said instance.
  - 29. The method of claim 27, wherein the set of characters consists of a number N1 of characters, and the first session-specific instance and the second session specific instance include a number N2 of locations populated by characters from the set of characters, where N2 is equal to or greater than a multiple M times N1, and the multiple M is at least 2.
  - 30. The method of claim 27, wherein said producing a first session-specific instance includes executing logical function at the authentication server that is synchronized with an application used to produce an instance at the client.

31. A client-server authentication system to authenticate a client, comprising:
- data processing resources, including one or more processors, memory and a communication interface;
  
  data stored in said memory including authentication credentials, where an authentication credential for a particular client comprises a data set associated with the client in a memory, the data set (i) identifying a first enumerated pattern of fields on a first frame of reference, and (ii) identifying a second enumerated pattern of fields on a second frame of reference, the fields in the first and second enumerated patterns having locations on the corresponding one of the first and second frames of reference, and numbered positions in the corresponding enumerated patterns;
  
  the data processing resources including executable instructions stored in said memory adapted for execution by the processor, including logic;
  
  to produce a first session specific instance of the first frame of reference and a second session specific instance of the second frame of reference, in which fields locations in said first and second frames of reference are populated by members of a set of characters, where;
  
  a subset of the fields in said first session specific instance in the first enumerated pattern are populated by characters identifying a first session specific set of numbered positions of fields along the second enumerated pattern, andcharacters in the fields in said second session specific instance having the first session specific set of numbered positions in the second enumerated pattern match characters in fields at locations on said first session specific instance having a second session specific set of numbered positions in the first enumerated pattern;
  
  to accept input data from the client in response to said instance, the input data identifying one or more numbered positions in the first enumerated pattern; and
  
  to determine whether the input data identifies said second session specific set of numbered positions in the first enumerated pattern; and
  
  if the input data identifies said second session specific set of numbered positions, signaling successful authentication.
- View Dependent Claims (32, 33, 34, 35)
- - 32. The system of claim 31, including logic to send to the client said instance of the frame of reference by sending to the client an electronic document executable by the client to render said instance.
  - 33. The system of claim 31, wherein the set of characters consists of a number N1 of characters, and the instance of the frame of reference includes a number N2 of locations populated by characters from the set of characters, where N2 is equal to or greater than a multiple M times N1, and the multiple M is at least 5.
  - 34. The system of claim 31, including logic to send to the client said instance of the frame of reference using a first communication medium.
  - 35. The system of claim 31, wherein said logic to produce an instance of the frame of reference includes a logical function characterized in that it can be synchronized with an application used to produce an instance at the client.

36. A non-transitory computer readable medium storing a computer program that causes a computer to authenticate a client, comprising instructions to:
- store data in a memory including authentication credentials, where an authentication credential for a particular client comprises a data set associated with the client in a memory, the data set (i) identifying a first enumerated pattern of fields on a first frame of reference, and (ii) identifying a second enumerated pattern of fields on a second frame of reference, the fields in the first and second enumerated patterns having locations on the corresponding one of the first and second frames of reference, and numbered positions in the corresponding enumerated patterns;
  
  to produce a first session specific instance of the first frame of reference and a second session specific instance of the second frame of reference, in which fields locations in said first and second frames of reference are populated by members of a set of characters, where;
  
  a subset of the fields in said first session specific instance in the first enumerated pattern are populated by characters identifying a first session specific set of numbered positions of fields along the second enumerated pattern, andcharacters in the fields in said second session specific instance having the first session specific set of numbered positions in the second enumerated pattern match characters in fields at locations on said first session specific instance having a second session specific set of numbered positions in the first enumerated pattern;
  
  to accept input data from the client in response to said instance, the input data identifying one or more numbered positions in the first enumerated pattern; and
  
  to determine whether the input data identifies said second Session specific set of numbered positions in the first enumerated pattern; and
  
  if the input data identifies said second session specific set of numbered positions, to signal successful authentication.
- View Dependent Claims (37, 38, 39, 40)
- - 37. The non-transitory computer readable medium of claim 36, said instructions including logic to send to the client said instance of the frame of reference by sending to the client an electronic document executable by the client to render said instance.
  - 38. The non-transitory computer readable medium of claim 36, wherein the set of characters consists of a number N1 of characters, and the instance of the frame of reference includes a number N2 of locations populated by characters from the set of characters, where N2 is equal to or greater than a multiple M times N1, and the multiple M is at least 5.
  - 39. The non-transitory computer readable medium of claim 36, said instructions including logic to send to the client said instance of the frame of reference using a first communication medium.
  - 40. The non-transitory computer readable medium of claim 36, wherein said logic to produce an instance of the frame of reference includes ea logical function that can be synchronized with an application used to produce an instance at the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Authernative
Original Assignee
Authernative
Inventors
Barton, Edward M., Mizrah, Len L.
Primary Examiner(s)
To, Baotran N

Application Number

US13/658,812
Publication Number

US 20140115679A1
Time in Patent Office

840 Days
Field of Search

713/182, 726/7, 726/5
US Class Current

726/7
CPC Class Codes

G09C 5/00   Ciphering apparatus or meth...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 9/3273   for mutual authentication n...

Authentication method of enumerated pattern of field positions based challenge and enumerated pattern of field positions based response through interaction between two credentials in random partial digitized path recognition system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication method of enumerated pattern of field positions based challenge and enumerated pattern of field positions based response through interaction between two credentials in random partial digitized path recognition system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links