Establishing a secure channel with a human user
First Claim
1. A secure, computer implemented, and non-cryptographic method of authenticating a user over an insecure communication channel, the method comprising:
- receiving, at a first computing device associated with the user, an image sent from a second computing device over the insecure communication channel, the image comprising randomly chosen alphanumeric characters, the randomly chosen alphanumeric characters being encoded in the image such that when the image is displayed to the user, at least some of the randomly chosen alphanumeric characters at least partially intersect;
displaying the image to the user on the first computing device;
receiving, at a user interface from the user, a number of clicks on a sequence of up and down buttons associated with the randomly chosen alphanumeric characters, the number of clicks based on a relationship between each character of the randomly chosen alphanumeric characters and a corresponding character of a predefined password, and collecting the number of clicks on the sequence of up and down buttons as first input data;
sending the first input data to the second computing device over the insecure communication channel, the first input data enabling, at least in part, the second computing device to derive the predefined password from the randomly chosen alphanumeric characters; and
receiving, from the second computing device, authorization to access a service provided by the second computing device.
3 Assignments
0 Petitions
Accused Products
Abstract
A method of establishing a secure channel between a human user and a computer application is described. A secret unique identifier (“PIN”) is shared between a user and an application. When the user makes a request that involves utilizing the PIN for authentication purposes, the application renders a randomly selected identifier. The randomly selected identifier is in a format that is recognizable to a human but is not readily recognizable by an automated agent. The randomly selected identifier is then presented to the human user. The user identifies the relationship between the randomly selected identifier and the PIN. If the user'"'"'s input reflects the fact that the user knows the PIN, then the user is authenticated.
75 Citations
2 Claims
-
1. A secure, computer implemented, and non-cryptographic method of authenticating a user over an insecure communication channel, the method comprising:
-
receiving, at a first computing device associated with the user, an image sent from a second computing device over the insecure communication channel, the image comprising randomly chosen alphanumeric characters, the randomly chosen alphanumeric characters being encoded in the image such that when the image is displayed to the user, at least some of the randomly chosen alphanumeric characters at least partially intersect; displaying the image to the user on the first computing device; receiving, at a user interface from the user, a number of clicks on a sequence of up and down buttons associated with the randomly chosen alphanumeric characters, the number of clicks based on a relationship between each character of the randomly chosen alphanumeric characters and a corresponding character of a predefined password, and collecting the number of clicks on the sequence of up and down buttons as first input data; sending the first input data to the second computing device over the insecure communication channel, the first input data enabling, at least in part, the second computing device to derive the predefined password from the randomly chosen alphanumeric characters; and receiving, from the second computing device, authorization to access a service provided by the second computing device. - View Dependent Claims (2)
-
Specification