Secure authentication systems and methods
First Claim
1. A method for user authentication performed by a system comprising a processor and a non-transitory computer-readable storage medium storing instructions that, when executed by the processor, cause the system to perform the method, the method comprising:
- receiving a login request from a user attempting to access a resource;
determining whether the user possesses a cookie indicating that the user has been previously authenticated;
if the user possesses the cookie;
receiving a username/password pair associated with the user,determining whether the username/password pair is valid, andselectively granting the user access to the resource if the username/password pair is valid; and
if the user does not possess the cookie;
receiving a username/password pair associated with the user,determining whether the username/password pair is valid, andrequesting one or more responses to a first Reverse Turing Test (RTT) regardless of whether the username/password pair is valid.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are provided for authentication by combining a Reverse Turing Test (RTT) with password-based user authentication protocols to provide improved resistance to brute force attacks. In accordance with one embodiment of the invention, a method is provided for user authentication, the method including receiving a username/password pair associated with a user; requesting one or more responses to a first Reverse Turing Test (RTT); and granting access to the user if a valid response to the first RTT is received and the username/password pair is valid.
15 Citations
18 Claims
-
1. A method for user authentication performed by a system comprising a processor and a non-transitory computer-readable storage medium storing instructions that, when executed by the processor, cause the system to perform the method, the method comprising:
-
receiving a login request from a user attempting to access a resource; determining whether the user possesses a cookie indicating that the user has been previously authenticated; if the user possesses the cookie; receiving a username/password pair associated with the user, determining whether the username/password pair is valid, and selectively granting the user access to the resource if the username/password pair is valid; and if the user does not possess the cookie; receiving a username/password pair associated with the user, determining whether the username/password pair is valid, and requesting one or more responses to a first Reverse Turing Test (RTT) regardless of whether the username/password pair is valid. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for authenticating a user for access to a resource performed by a system comprising a processor and a non-transitory computer-readable storage medium storing instructions that, when executed by the processor, cause the system to perform the method, the method comprising:
-
obtaining personal information associated with a user attempting to access the resource; determining whether the personal information is valid; requesting one or more responses to a first Reverse Turing Test (RTT), regardless of whether the personal information is valid; and selectively granting the user access to the resource only if the personal information is valid and one or more responses to the first RTT are valid. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification