Authentication method
First Claim
1. A method for authenticating the identity of a requester seeking access by a service client to a secured resource, said method comprising the steps of:
- receiving with at least one computer a request for access to a secured resource from a requester purporting to be an authorized user of said secured resource;
generating a challenge string with said at least one computer, said challenge string being at least a partially random string having a plurality of symbols, wherein at least one of the symbols of the challenge string is a specially-designated symbol indicating the absence from said random string of a single randomly-selected symbol;
communicating said challenge string to said authorized user;
receiving a response string corresponding to said challenge string;
evaluating said response string to authenticate the identity of said requester;
wherein said at least one computer comprises at least one processor coupled to at least one processor-readable medium, said at least one processor-readable medium containing a request handler component and an authenticator component.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a requester purporting to be an authorized user of a secured resource a request for access by an unauthorized user (such as, for example, a retail store, a service station, an on-line service provider or merchandiser, a healthcare provider, a medical insurer, an information consumer or the like) to the secured resource; a means for generating and communicating to the purported authorized user a challenge string adapted to provide a basis for authenticating the identity of the requester; a means for receiving a response string corresponding to the challenge string; and a means for evaluating the response string to authenticate the identity of the requester.
27 Citations
9 Claims
-
1. A method for authenticating the identity of a requester seeking access by a service client to a secured resource, said method comprising the steps of:
-
receiving with at least one computer a request for access to a secured resource from a requester purporting to be an authorized user of said secured resource; generating a challenge string with said at least one computer, said challenge string being at least a partially random string having a plurality of symbols, wherein at least one of the symbols of the challenge string is a specially-designated symbol indicating the absence from said random string of a single randomly-selected symbol; communicating said challenge string to said authorized user; receiving a response string corresponding to said challenge string; evaluating said response string to authenticate the identity of said requester; wherein said at least one computer comprises at least one processor coupled to at least one processor-readable medium, said at least one processor-readable medium containing a request handler component and an authenticator component. - View Dependent Claims (3, 4, 5, 6, 7)
-
-
2. An authentication system for authenticating the identity of a requester seeking access by a service client to a secured resource, said authentication system comprising:
-
a messaging gateway being a first set of instructions embodied in a computer-readable medium, said messaging gateway operable to receive a request for access to said secured resource; a computer in communication with said messaging gateway, said computer having a second set of instructions embodied in a computer-readable medium operable to generate a challenge string, said challenge string being an at least partially random string having a plurality of randomly-selected symbols and at least one specially-designated symbol intended to indicate the absence from said challenge string of a single randomly-selected symbol; wherein said first set of instructions is further operable to communicate said challenge string to said authorized user that said requester purports to be; wherein said second set of instructions is further operable to receive a response string corresponding to said challenge string; and wherein said second set of instructions is further operable to evaluate said response string to authenticate the identity of said requester. - View Dependent Claims (8, 9)
-
Specification