METHOD FOR IMPROVING SECURITY IN LOGIN AND SINGLE SIGN-ON PROCEDURES

US 20090165104A1
Filed: 12/18/2008
Published: 06/25/2009
Est. Priority Date: 12/19/2007
Status: Active Grant

First Claim

Patent Images

1. A method for improving clients'"'"' login and sign-on security in accessing services offered by service providers on shared network resources such as Internet and particularly from service providers working within the framework of the world wide web wherein a client in order to gain access to the goods and services offered by the service provider initiates a creation of an account in the client'"'"'s name at the service provider, wherein the client sends the service provider a chosen user name when receiving a message that an account has been created, wherein all communication in connection with transactions carried out between a client and a service provider takes place on shared network resources, and wherein the method is characterized by steps fora) initiating a procedure for creating a unique password for the client in response to a creation of an account in the name thereof by transmitting a request from the service provider to an authentication authority,b) enabling creation of a unique password for the client and storing the created password at the authentication authority,c) generating upon the client'"'"'s login to the account a number of strings of random characters, the number of strings being at least equal to the number of characters in the password and assigning each password character to a specific string, the strings being ordered following the sequence of characters in the password,d) transmitting the strings to the client and presenting the strings to the client in the manner that allows the latter to select each character of the password in a correct order from the respective strings,e) transmitting the client'"'"'s selection of the characters constituting the password as a positional code or image to the authentication authority for validating the password, andf) verifying the client'"'"'s password for the service provider thus enabling upon the verification of the password the client'"'"'s sign-on to the account with a service provider.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a method for improving client'"'"'s login and sign-on security in accessing services offered by service providers over shared network resources such as Internet and particularly working within the framework of the www, a password is created for the client at a first attempt to access the service provider. The client'"'"'s password is generated either at an authentication authority in trust relationship with the service provider and transmitted to the client, or the client is allowed to create his or her password on the basis of random character sequences transmitted from the authentication authority. For subsequent access to the service provider the authentication authority presents a client for characters in ordered sequences or in a diagram containing in an appropriate order a single occurrence of each password character. The client performs a selection of the password for validation and transmits the validation back to the authentication authority, which verifies the password and informs the service provider of the verification. In a most preferred embodiment the password characters are never transmitted between the authentication authority and the client in a validation and verification procedure, and the former is wholly disconnected from either the client'"'"'s credentials or any transactions subsequently to be undertaken between the service provider and the client.

31 Citations

View as Search Results

10 Claims

1. A method for improving clients'"'"' login and sign-on security in accessing services offered by service providers on shared network resources such as Internet and particularly from service providers working within the framework of the world wide web wherein a client in order to gain access to the goods and services offered by the service provider initiates a creation of an account in the client'"'"'s name at the service provider, wherein the client sends the service provider a chosen user name when receiving a message that an account has been created, wherein all communication in connection with transactions carried out between a client and a service provider takes place on shared network resources, and wherein the method is characterized by steps fora) initiating a procedure for creating a unique password for the client in response to a creation of an account in the name thereof by transmitting a request from the service provider to an authentication authority,b) enabling creation of a unique password for the client and storing the created password at the authentication authority,c) generating upon the client'"'"'s login to the account a number of strings of random characters, the number of strings being at least equal to the number of characters in the password and assigning each password character to a specific string, the strings being ordered following the sequence of characters in the password,d) transmitting the strings to the client and presenting the strings to the client in the manner that allows the latter to select each character of the password in a correct order from the respective strings,e) transmitting the client'"'"'s selection of the characters constituting the password as a positional code or image to the authentication authority for validating the password, andf) verifying the client'"'"'s password for the service provider thus enabling upon the verification of the password the client'"'"'s sign-on to the account with a service provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method according to claim 1,characterized by creating the password in step b) at the authentication authority, and transmitting the password to the client via a secure electronic mail connection or as an SMS.
  - 3. A method according to claim 2,characterized by creating the password in step b) at the client by transmitting an ordered sequence of strings of random characters such that no string contains the same character twice, and allowing the client to select one character from each string to form a password of characters ordered in the same sequence as the strings, whereafter the client transmits the selected password to the authentication authority.
  - 4. A method according to claim 3,characterized by transmitting the password to the authentication authority via a secure electronic mail connection or as an SMS.
  - 5. A method according to claim 3,characterized by presenting the strings for the client as an m·
    - n array such that each string forms a column of the array, and creating the password by selecting one character from each column such that password is formed with a number of characters equal to the number of columns.
  - 6. A method according to claim 5,characterized by creating the password by sliding the columns or displacing the columns of the array mutually such that characters of the selected password is aligned on one and the same row in the resulting pattern of displaced columns, and transmitting the thus created password to the authentication authority as a positional code or image comprising an indication of the position of at least one character of the password.
  - 7. A method according to claim 1,characterized by presenting the strings in step d) as an m·
    - n array, such that each string forms a column of the array, each string or column comprising one and only one occurrence of a character of the password, such that the columns in successive order contains the password symbols as given by this order in the password, performing the password selection by the user aligning the password character on one and the same row by displacing or sliding the columns relative to each other, such the displaced columns with the password character forms a unique pattern, and transmitting this pattern to the authentication authority as a positional code or image.
  - 8. A method according to claim 7,characterized by generating one or more dummy strings with same number of random characters as the strings comprising the password characters, such that the dummy strings contain no occurrence of a password character, and interspersing said one or more dummy string(s) as dummy columns in the array at arbitrary chosen positions, whereby said one or more dummy string(s) on aligning the columns comprising the password can be arbitrarily displaced relative to each and every other column of the array.
  - 9. A method according to claim 1,characterized by performing login and sign-on procedures using the service provider for relaying any communication between the client and authentication authority.
  - 10. A method according to claim 1, implementing the verification and sign-on using basic web technologies selected as one of HTTP, cookies, JavaScript or SSL.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Corporation
Original Assignee
Microsoft International Holdings BV (Microsoft Corporation)
Inventors
DANIELSEN, Stein H., Leistad, Geirr I.

Granted Patent

US 8,453,221 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/6
CPC Class Codes

G06F 21/41 where a single sign-on prov...

G09C 1/00 Apparatus or methods whereb...

METHOD FOR IMPROVING SECURITY IN LOGIN AND SINGLE SIGN-ON PROCEDURES

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR IMPROVING SECURITY IN LOGIN AND SINGLE SIGN-ON PROCEDURES

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links