Authentication method of enumerated pattern of field positions based challenge and enumerated pattern of field positions based response through interaction between two credentials in random partial digitized path recognition system
First Claim
1. A method for identification and verification of a user at a client platform in a client/server, computer-networking system that implements an authentication server, the method using an authentication credential as a shared secret with the authentication server, the authentication credential comprising a data set (i) identifying a first enumerated pattern of fields on a frame of reference, and (ii) identifying a second enumerated pattern of fields on the frame of reference;
- the fields in the first and second enumerated patterns having locations on the frame of reference, and numbered positions in the corresponding enumerated patterns;
the method comprising;
using a data processing machine or data processing machines, establishing one or more communication channels to the authentication server, and sending a user identifier via said one or more communication channels to the authentication server;
receiving a session specific instance of the frame of reference as a result of successful identification of the user identifier by the authentication server, from the authentication server, from an application synchronized with a logical function used to produce an instance at the authentication server or from a combination of the authentication server and an application, the session-specific instance of the frame of reference having fields filled with a session-specific content, wherein the session-specific content comprises characters that are members of a set of characters;
rendering an interface on a display including a graphical representation of the session-specific instance of the frame of reference where;
a subset of the fields in the first enumerated pattern are populated by characters in said session specific instance identifying a first session specific set of numbered positions of fields along the second enumerated pattern, andcharacters in the fields having the first session specific set of numbered positions in the second enumerated pattern match characters in fields at locations on said session specific instance having a second session specific set of numbered positions in the first enumerated pattern;
sending authentication response data via said one or more communication channels to the authentication server, the response data identifying said second session specific set of numbered positions in the first enumerated pattern, data identifying said second session specific set of numbered positions in the first enumerated pattern being usable by the authentication server as part of a verification process; and
receiving a signal via said one or more communication channels from the authentication server that indicates completion of the verification process.
1 Assignment
0 Petitions
Accused Products
Abstract
An interactive method for authentication is based on two shared secrets, both shared secrets in the form of an ordered path on the frame of reference. An instance of the frame of reference comprises a set of characters which is arranged in a random or other irregular pattern. The first step of authentication that a user performs requires the user to remember one or all of the characters in the displayed instance of the frame of reference found in the locations in the random subset of the first ordered path by indicating characters either in these locations, or any other locations having the same characters. The second step of authentication requires that a user enter the position of the second ordered path, which only they know during an authentication session, where the challenge identifying the position of the ordered path is the single or multiple values that matches the value of the digital content of the frame of reference.
-
Citations
40 Claims
-
1. A method for identification and verification of a user at a client platform in a client/server, computer-networking system that implements an authentication server, the method using an authentication credential as a shared secret with the authentication server, the authentication credential comprising a data set (i) identifying a first enumerated pattern of fields on a frame of reference, and (ii) identifying a second enumerated pattern of fields on the frame of reference;
- the fields in the first and second enumerated patterns having locations on the frame of reference, and numbered positions in the corresponding enumerated patterns;
the method comprising;using a data processing machine or data processing machines, establishing one or more communication channels to the authentication server, and sending a user identifier via said one or more communication channels to the authentication server; receiving a session specific instance of the frame of reference as a result of successful identification of the user identifier by the authentication server, from the authentication server, from an application synchronized with a logical function used to produce an instance at the authentication server or from a combination of the authentication server and an application, the session-specific instance of the frame of reference having fields filled with a session-specific content, wherein the session-specific content comprises characters that are members of a set of characters; rendering an interface on a display including a graphical representation of the session-specific instance of the frame of reference where; a subset of the fields in the first enumerated pattern are populated by characters in said session specific instance identifying a first session specific set of numbered positions of fields along the second enumerated pattern, and characters in the fields having the first session specific set of numbered positions in the second enumerated pattern match characters in fields at locations on said session specific instance having a second session specific set of numbered positions in the first enumerated pattern; sending authentication response data via said one or more communication channels to the authentication server, the response data identifying said second session specific set of numbered positions in the first enumerated pattern, data identifying said second session specific set of numbered positions in the first enumerated pattern being usable by the authentication server as part of a verification process; and receiving a signal via said one or more communication channels from the authentication server that indicates completion of the verification process. - View Dependent Claims (2, 3, 4, 5, 6)
- the fields in the first and second enumerated patterns having locations on the frame of reference, and numbered positions in the corresponding enumerated patterns;
-
7. An interactive method for authentication of a client using a computer, comprising:
-
storing data defining a graphical representation of a frame of reference adapted for rendering on a display, the frame of reference including a number N of pre-defined fields having locations on the frame of reference; storing a data set associated with the client in a memory, the data set including a first and second shared secrets, the first shared secret comprising data identifying a first enumerated pattern of fields oil a frame of reference, and the second shared secret comprising data identifying a second enumerated pattern of fields on the frame of reference, the fields in the first and second enumerated patterns having locations on the frame of reference and numbered positions in the corresponding enumerated patterns; producing an instance of the frame of reference, in which locations in the frame of reference are populated by members of a set of characters, where; a subset of the fields in the first enumerated pattern are populated by characters in said instance identifying a first session specific set of numbered positions of fields along the second enumerated pattern, and characters in the fields having the first session specific set of numbered positions in the second enumerated pattern match characters in fields at locations on said instance having a second session specific set of numbered positions in the first enumerated pattern; accepting input data from the client in response to said instance, the input data identifying one or more numbered positions in the first enumerated pattern; and determining whether the input data identifies said second session specific set of numbered positions in the first enumerated pattern; and
if the input data identifies said second session specific set of numbered positions, signaling successful authentication. - View Dependent Claims (8, 9, 10)
-
-
11. A client-server authentication system to authenticate a client, comprising:
-
data processing resources, including one or more processors, memory and a communication interface; data stored in said memory including authentication credentials, where an authentication credential for a particular client comprises a data set associated with the client in a memory, the data set including a first and second shared secrets, the first shared secret comprising data identifying a first enumerated pattern of fields on a frame of reference, and the second shared secret comprising data identifying a second enumerated pattern of fields on the frame of reference, the fields in the first and second enumerated patterns having locations on the frame of reference and numbered positions in the corresponding enumerated patterns; the data processing resources including executable instructions stored in said memory adapted for execution by the processor, including logic; to produce an instance of the frame of reference in which the locations are populated by members of a set of characters;
where;a subset of the fields in the first enumerated pattern are populated by characters in said instance identifying a first session specific set of numbered positions of fields along the second enumerated pattern, and characters in the fields having the first session specific set of numbered positions in the second enumerated pattern match characters in fields at locations on said instance having a second session specific set of numbered positions in the first enumerated pattern; to accept input data from the client in response to said instance, the input data identifying one or more numbered positions in the first enumerated pattern; and to determine whether the input data identifies said second session specific set of numbered positions in the first enumerated pattern; and
if the input data identifies said second session specific set of numbered positions, signaling successful authentication. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A non-transitory computer readable medium storing a computer program that causes a computer to authenticate a client, comprising instructions to:
-
store data in a memory including authentication credentials, where an authentication credential for a particular client comprises a data set associated with the client in a memory, the data set including a first and second shared secrets, the first shared secret comprising data identifying a first enumerated pattern of fields on a frame of reference, and the second shared secret comprising data identifying a second enumerated pattern of fields on the frame of reference, the fields in the first and second enumerated patterns having locations on the frame of reference and numbered positions in the corresponding enumerated patterns; to produce an instance of the frame of reference in which the locations are populated by members of a set of characters;
where;a subset of the fields in the first enumerated pattern are populated by characters in said instance identifying a first session specific set of numbered positions of fields along the second enumerated pattern, and characters in the fields of said instance having the first session specific set of numbered positions in the second enumerated pattern match characters in fields at locations on said instance having a second session specific set of numbered positions in the first enumerated pattern; to accept input data from the client in response to said instance, the input data identifying one or more numbered positions in the first enumerated pattern; and to determine whether the input data identifies said second session specific set of numbered positions in the first enumerated pattern; and
if the input data identifies said second session specific set of numbered positions, to signal successful authentication. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A method for identification and verification of a user at a client platform in a client/server, computer-networking system that implements an authentication server, the method using an authentication credential as a shared secret with the authentication server, the authentication credential comprising a data set (i) identifying a first enumerated pattern of fields on a first frame of reference, and (ii) identifying a second enumerated pattern of fields on a second frame of reference, the fields in the first and second enumerated patterns having locations on the corresponding one of the first and second frames of reference, and numbered positions in the corresponding enumerated patterns;
- the method comprising;
using a data processing machine or data processing machines, establishing one or more communication channels to the authentication server, and sending a user identifier via said one or more communication channels to the authentication server; receiving a first session specific instance of the first frame of reference and a second session specific instance of the second frame of reference, in which fields locations in said first and second frames of reference are populated by members of a set of characters as a result of successful identification of the user identifier by the authentication server, from the authentication server, from an application synchronized with a logical function used to produce an instance at the authentication server or from a combination of the authentication server and an application, the first and second session-specific instances having fields filled with a session-specific content, wherein the session-specific content comprises characters that are members of a set of characters; rendering an interface or interfaces on one or more displays including graphical representations of the first and second session-specific instances where; a subset of the fields in said first session specific instance in the first enumerated pattern are populated by characters identifying a first session specific set of numbered positions of fields along the second enumerated pattern, and characters in the fields in said second session specific instance having the first session specific set of numbered positions in the second enumerated pattern match characters in fields at locations on said first session specific instance having a second session specific set of numbered positions in the first enumerated pattern; sending authentication response data via said one or more communication channels to the authentication server, the response data identifying said second session specific set of numbered positions in the first enumerated pattern, data identifying said second session specific set of numbered positions in the first enumerated pattern being usable by the authentication server as part of a verification process; and receiving a signal via said one or more communication channels from the authentication server that indicates completion of the verification process. - View Dependent Claims (22, 23, 24, 25, 26)
- the method comprising;
-
27. An interactive method for authentication of a client using a computer, comprising:
-
storing data defining a graphical representation of a frame of reference adapted for rendering on a display, the frame of reference including a number N of pre-defined fields having locations on the frame of reference; storing a data set associated with the client in a memory, the data set (i) identifying a first enumerated pattern of fields on a first frame of reference, and (ii) identifying a second enumerated pattern of fields on a second frame of reference, the fields in the first and second enumerated patterns having locations on the corresponding one of the first and second frames of reference, and numbered positions in the corresponding enumerated patterns; producing a first session specific instance of the first frame of reference and a second session specific instance of the second frame of reference, in which fields locations in said first and second frames of reference are populated by members of a set of characters, where; a subset of the fields in said first session specific instance in the first enumerated pattern are populated by characters identifying a first session specific set of numbered positions of fields along the second enumerated pattern, and characters in the fields in said second session specific instance haying the first session specific set of numbered positions in the second enumerated pattern match characters in fields at locations on said first session specific instance having a second session specific set of numbered positions in the first enumerated pattern; accepting input data from the client in response to said instance, the input data identifying one or more numbered positions in the first enumerated pattern; and determining whether the input data identifies said second session specific set of numbered positions in the first enumerated pattern; and
if the input data identifies said second session specific set of numbered positions, signaling successful authentication. - View Dependent Claims (28, 29, 30)
-
-
31. A client-server authentication system to authenticate a client, comprising:
-
data processing resources, including one or more processors, memory and a communication interface; data stored in said memory including authentication credentials, where an authentication credential for a particular client comprises a data set associated with the client in a memory, the data set (i) identifying a first enumerated pattern of fields on a first frame of reference, and (ii) identifying a second enumerated pattern of fields on a second frame of reference, the fields in the first and second enumerated patterns having locations on the corresponding one of the first and second frames of reference, and numbered positions in the corresponding enumerated patterns; the data processing resources including executable instructions stored in said memory adapted for execution by the processor, including logic; to produce a first session specific instance of the first frame of reference and a second session specific instance of the second frame of reference, in which fields locations in said first and second frames of reference are populated by members of a set of characters, where; a subset of the fields in said first session specific instance in the first enumerated pattern are populated by characters identifying a first session specific set of numbered positions of fields along the second enumerated pattern, and characters in the fields in said second session specific instance having the first session specific set of numbered positions in the second enumerated pattern match characters in fields at locations on said first session specific instance having a second session specific set of numbered positions in the first enumerated pattern; to accept input data from the client in response to said instance, the input data identifying one or more numbered positions in the first enumerated pattern; and
to determine whether the input data identifies said second session specific set of numbered positions in the first enumerated pattern; and
if the input data identifies said second session specific set of numbered positions, signaling successful authentication. - View Dependent Claims (32, 33, 34, 35)
-
-
36. A non-transitory computer readable medium storing a computer program that causes a computer to authenticate a client, comprising instructions to:
-
store data in a memory including authentication credentials, where an authentication credential for a particular client comprises a data set associated with the client in a memory, the data set (i) identifying a first enumerated pattern of fields on a first frame of reference, and (ii) identifying a second enumerated pattern of fields on a second frame of reference, the fields in the first and second enumerated patterns having locations on the corresponding one of the first and second frames of reference, and numbered positions in the corresponding enumerated patterns; to produce a first session specific instance of the first frame of reference and a second session specific instance of the second frame of reference, in which fields locations in said first and second frames of reference are populated by members of a set of characters, where; a subset of the fields in said first session specific instance in the first enumerated pattern are populated by characters identifying a first session specific set of numbered positions of fields along the second enumerated pattern, and characters in the fields in said second session specific instance having the first session specific set of numbered positions in the second enumerated pattern match characters in fields at locations on said first session specific instance having a second session specific set of numbered positions in the first enumerated pattern; to accept input data from the client in response to said instance, the input data identifying one or more numbered positions in the first enumerated pattern; and to determine whether the input data identifies said second Session specific set of numbered positions in the first enumerated pattern; and
if the input data identifies said second session specific set of numbered positions, to signal successful authentication. - View Dependent Claims (37, 38, 39, 40)
-
Specification