Authentication method

US 9,112,847 B2
Filed: 04/17/2014
Issued: 08/18/2015
Est. Priority Date: 10/23/2011
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating the identity of a requester seeking access by a service client to a secured resource, said method comprising the steps of:

receiving with at least one computer a request for access to a secured resource from a requester purporting to be an authorized user of said secured resource;

generating a challenge string with said at least one computer, said challenge string being at least a partially random string having a plurality of symbols, wherein at least one of the symbols of the challenge string is a specially-designated symbol indicating the absence from said random string of a single randomly-selected symbol;

communicating said challenge string to said authorized user;

receiving a response string corresponding to said challenge string;

evaluating said response string to authenticate the identity of said requester;

wherein said at least one computer comprises at least one processor coupled to at least one processor-readable medium, said at least one processor-readable medium containing a request handler component and an authenticator component.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a requester purporting to be an authorized user of a secured resource a request for access by an unauthorized user (such as, for example, a retail store, a service station, an on-line service provider or merchandiser, a healthcare provider, a medical insurer, an information consumer or the like) to the secured resource; a means for generating and communicating to the purported authorized user a challenge string adapted to provide a basis for authenticating the identity of the requester; a means for receiving a response string corresponding to the challenge string; and a means for evaluating the response string to authenticate the identity of the requester.

27 Citations

9 Claims

1. A method for authenticating the identity of a requester seeking access by a service client to a secured resource, said method comprising the steps of:
- receiving with at least one computer a request for access to a secured resource from a requester purporting to be an authorized user of said secured resource;
  
  generating a challenge string with said at least one computer, said challenge string being at least a partially random string having a plurality of symbols, wherein at least one of the symbols of the challenge string is a specially-designated symbol indicating the absence from said random string of a single randomly-selected symbol;
  
  communicating said challenge string to said authorized user;
  
  receiving a response string corresponding to said challenge string;
  
  evaluating said response string to authenticate the identity of said requester;
  
  wherein said at least one computer comprises at least one processor coupled to at least one processor-readable medium, said at least one processor-readable medium containing a request handler component and an authenticator component.
- View Dependent Claims (3, 4, 5, 6, 7)
- - 3. The method of claim 1 wherein said request for access is received from said service client.
  - 4. The method of claim 1 wherein said generating step comprises the steps of:
    - selecting said plurality of randomly-selected symbols; and
      
      generating said challenge string contemporaneously with said selecting step.
  - 5. The method of claim 1 wherein said response string is received from said service client.
  - 6. The method of claim 1 wherein said response string comprises an authentication credential generated by said requestor and provided to said service client.
  - 7. The method of claim 1 wherein said request for access is generated by and received from said requestor after receipt of request data by said requester from said service client.

2. An authentication system for authenticating the identity of a requester seeking access by a service client to a secured resource, said authentication system comprising:
- a messaging gateway being a first set of instructions embodied in a computer-readable medium, said messaging gateway operable to receive a request for access to said secured resource;
  
  a computer in communication with said messaging gateway, said computer having a second set of instructions embodied in a computer-readable medium operable to generate a challenge string, said challenge string being an at least partially random string having a plurality of randomly-selected symbols and at least one specially-designated symbol intended to indicate the absence from said challenge string of a single randomly-selected symbol;
  
  wherein said first set of instructions is further operable to communicate said challenge string to said authorized user that said requester purports to be;
  
  wherein said second set of instructions is further operable to receive a response string corresponding to said challenge string; and
  
  wherein said second set of instructions is further operable to evaluate said response string to authenticate the identity of said requester.
- View Dependent Claims (8, 9)
- - 8. The system of claim 2 further comprising a user interface in communication with said computer, said user interface being a third set of instructions embodied in a computer-readable medium operable to receive input from said requester.
  - 9. The system of claim 2 wherein said second set of instructions if further operable to generate the challenge string contemporaneously with selection of said plurality of randomly-selected symbols.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Textile Computer Systems, Inc.
Original Assignee
Textile Computer Systems, Inc.
Inventors
Nandakumar, Gopal
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Sanders, Stephen

Application Number

US14/255,342
Publication Number

US 20140230036A1
Time in Patent Office

488 Days
Field of Search

726/7
US Class Current

1/1
CPC Class Codes

G06Q 20/3823   combining multiple encrypti...

G06Q 20/40   Authorisation, e.g. identif...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/08   for authentication of entit...

H04L 9/321   involving a third party or ...

H04L 9/3271   using challenge-response

Authentication method

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication method

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links