METHOD FOR AUTHENTICATION AND VERIFICATION OF USER IDENTITY

US 20130263240A1
Filed: 12/04/2011
Published: 10/03/2013
Est. Priority Date: 12/06/2010
Status: Abandoned Application

First Claim

Patent Images

1. A method for authentication and verification of an identity of a user, said method comprising:

determining, on a device, a user'"'"'s textual credentials for authenticating the user as a user of a service;

adding at least one hidden keystroke to said user'"'"'s textual credentials;

wherein said hidden keystroke is generated by an action of said user that does not generate a textual character in a textbox in which a credential is typed but does generate at least one time stamp and a key code.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention is a method for authentication and verification of the identity of a user. The method comprises adding at least one hidden keystroke to the user'"'"'s textual credentials. A hidden keystroke is an action by a user that does not generate a textual character in a textbox in which a credential is typed but does generate time stamps and a key code. The user may be required to add the hidden keystroke/s at specific location/s in his/her textual credential field. The method of the invention can be used to authenticate and verify users wanting to access addresses, websites, devices, documents, and web pages on a communication network, or a specific application installed on the user'"'"'s device or to access devices requiring confirmation of the user in order to be activated. The invention is also a document or address on a device or on a communication network or a device that can be accessed or activated only by providing one or more hidden keystrokes in a credential field comprised of a string of keystrokes

42 Citations

View as Search Results

12 Claims

1. A method for authentication and verification of an identity of a user, said method comprising:
- determining, on a device, a user'"'"'s textual credentials for authenticating the user as a user of a service;
  
  adding at least one hidden keystroke to said user'"'"'s textual credentials;
  
  wherein said hidden keystroke is generated by an action of said user that does not generate a textual character in a textbox in which a credential is typed but does generate at least one time stamp and a key code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the least one hidden keystroke is added to the user'"'"'s textual credentials at a specific location.
  - 3. The method of claim 1, wherein hidden keystrokes are generated in at least one of the following ways:
    - a) selecting at least one certain standard key on a keyboard;
      
      b) typing a hidden pattern generated by pressing a combination of keys on a keyboard that includes the use of keys that eventually do not leave any text. but whose hidden sequence can be verified based on the timestamps;
      
      c) selecting a physical button adapted to generate a hidden keystroke; and
      
      d) selecting a virtual button, icon, or key implemented on a login interface that will generate a hidden keystroke behavior.
  - 4. The method of claim 1, wherein at least one artificial character is placed in a typed area to indicate to a user that he has entered a hidden key.
  - 5. The method of claim 1, wherein the user'"'"'s textual credentials are comprised entirely of hidden keystrokes.
  - 6. The method of claim 1 further comprising:
    - a) a registration phase, wherein;
      
      i) the device receives the user'"'"'s textual credentials including at least one hidden keystroke at a specific location in at least one text box on a registration page on a login component;
      
      i) said login component sends said textual credentials, said at least one hidden keystroke and the specific location, and the time stamp of said textual credentials and at least one hidden keystroke to an authentication component; and
      
      ii) said authentication component stores said textual credentials, generates an identifier, and sends said identifier, said at least one hidden keystroke and the specific location, and said time stamp to a verification component where they are stored for later reference;
      
      b) an authentication phase, which is repeated each time said user logs into said service, wherein;
      
      i) the device receives the user'"'"'s textual credentials including at least one hidden keystroke on a login page on the login component and transfers said textual credentials, said at least one hidden keystroke and the specific location, and the time stamp of said textual credentials and said at least one hidden keystroke to said authentication component;
      
      ii) said authentication component authenticates said textual credentials by comparing said textual credentials to credentials stored in said authentication component during said registration phase;
      
      iii) said authentication component sends said at least one hidden keystroke and the specific location, said time stamp of the textual credentials, including the timestamps of the at least one hidden keystroke received on said login page, together with either a username, or with an identifier that said authentication component has generated to represent said username, to said verification component; and
      
      iv) said verification component verifies that said identifier, said at least one hidden keystroke and the specific location, and said time stamp received the login page are the same as those received during said registration phase and returns an answer to said authentication component, wherein the answer indicates whether a verification was successful or not;
      
      wherein, said authentication component and said verification component can be implemented on one or more physical devices located on one or more networks.
  - 7. The method of claim 6, wherein the time stamp is not used in the authentication phase, and wherein artificial characters are received on the device for each at least one hidden keystroke entered in the credential text boxes.
  - 8. The method of claim 6, comprising additionally using a keystroke dynamics method to verify the identity of the user.
  - 9. The method of claim 1, wherein the device comprises a login interface comprising only one textbox for the username, and wherein the password is composed entirely by hidden keystrokes entered in said textbox.
  - 10. The method of claim 1, wherein the service comprises at least one of:
    - an address, a website, a device, a document, an application, and at least one web page on a communication network.

11. (canceled)

12. A device comprising:
- at least one processor, wherein said processor is configure to;
  
  determine a user'"'"'s textual credentials for authenticating the user as a user of a service; and
  
  add at least one hidden keystroke to said user'"'"'s textual credentials, wherein said at least one hidden keystroke is generated by a user action that does not generate a textual character in a textbox in which a credential is typed but does generate at least one time stamp and a key code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Deutsche Telekom AG
Original Assignee
Deutsche Telekom AG
Inventors
Moskovitch, Robert

Application Number

US13/992,174
Publication Number

US 20130263240A1
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G07C 9/33   by means of a password

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

METHOD FOR AUTHENTICATION AND VERIFICATION OF USER IDENTITY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

42 Citations

12 Claims

Specification

Use Cases

Quick Links

Others

METHOD FOR AUTHENTICATION AND VERIFICATION OF USER IDENTITY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

12 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others