Establishing a secure channel with a human user
First Claim
Patent Images
1. A secure, computer implemented, and non-cryptographic method of authenticating a user over an insecure communication channel, the method comprising:
- receiving, at a first computing device associated with the user, an image sent from a second computing device over the insecure communication channel, the image comprising randomly chosen alphanumeric characters, the randomly chosen alphanumeric characters being encoded in the image such that when the image is displayed to the user, at least some of the randomly chosen alphanumeric characters at least partially intersect;
displaying the image to the user on the first computing device;
receiving, at a user interface from the user, a number of clicks on a sequence of up and down buttons associated with the randomly chosen alphanumeric characters, the number of clicks based on a relationship between each character of the randomly chosen alphanumeric characters and a corresponding character of a predefined password, and collecting the number of clicks on the sequence of up and down buttons as first input data;
sending the first input data to the second computing device over the insecure communication channel, the first input data enabling, at least in part, the second computing device to derive the predefined password from the randomly chosen alphanumeric characters; and
receiving, from the second computing device, authorization to access a service provided by the second computing device.
3 Assignments
0 Petitions
Accused Products
Abstract
A method of establishing a secure channel between a human user and a computer application is described. A secret unique identifier (“PIN”) is shared between a user and an application. When the user makes a request that involves utilizing the PIN for authentication purposes, the application renders a randomly selected identifier. The randomly selected identifier is in a format that is recognizable to a human but is not readily recognizable by an automated agent. The randomly selected identifier is then presented to the human user. The user identifies the relationship between the randomly selected identifier and the PIN. If the user'"'"'s input reflects the fact that the user knows the PIN, then the user is authenticated.
75 Citations
2 Claims
-
1. A secure, computer implemented, and non-cryptographic method of authenticating a user over an insecure communication channel, the method comprising:
-
receiving, at a first computing device associated with the user, an image sent from a second computing device over the insecure communication channel, the image comprising randomly chosen alphanumeric characters, the randomly chosen alphanumeric characters being encoded in the image such that when the image is displayed to the user, at least some of the randomly chosen alphanumeric characters at least partially intersect; displaying the image to the user on the first computing device; receiving, at a user interface from the user, a number of clicks on a sequence of up and down buttons associated with the randomly chosen alphanumeric characters, the number of clicks based on a relationship between each character of the randomly chosen alphanumeric characters and a corresponding character of a predefined password, and collecting the number of clicks on the sequence of up and down buttons as first input data; sending the first input data to the second computing device over the insecure communication channel, the first input data enabling, at least in part, the second computing device to derive the predefined password from the randomly chosen alphanumeric characters; and receiving, from the second computing device, authorization to access a service provided by the second computing device. - View Dependent Claims (2)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeIntertrust Technologies Corporation (Fidelio Acquisition Co LLC)
-
Original AssigneeIntertrust Technologies Corporation (Fidelio Acquisition Co LLC)
-
InventorsPinkas, Binyamin, Haber, Stuart A., Tarjan, Robert E., Sander, Tomas
-
Primary Examiner(s)Dinh, Minh
-
Application NumberUS13/451,369Publication NumberTime in Patent Office1,503 DaysField of SearchNoneUS Class Current1/1CPC Class CodesG06F 21/36 by graphic or iconic repres...G06Q 20/341 Active cards, i.e. cards in...G06Q 20/4097 using mutual authentication...G07C 9/33 by means of a passwordG07F 7/10 together with a coded signa...G07F 7/1008 Active credit-cards provide...G07F 7/1025 Identification of user by a...G09C 5/00 Ciphering apparatus or meth...H04L 63/083 using passwords cryptograph...H04L 63/10 for controlling access to d...H04L 9/3226 using a predetermined code,...H04L 9/3271 using challenge-responseH04W 12/06 AuthenticationH04W 12/08 Access securityH04W 12/77 Graphical identity
