CA2579826A1 - Authentication system and method based upon random partial digitized path recognition - Google Patents
Authentication system and method based upon random partial digitized path recognitionInfo
- Publication number
- CA2579826A1 CA2579826A1 CA002579826A CA2579826A CA2579826A1 CA 2579826 A1 CA2579826 A1 CA 2579826A1 CA 002579826 A CA002579826 A CA 002579826A CA 2579826 A CA2579826 A CA 2579826A CA 2579826 A1 CA2579826 A1 CA 2579826A1
- Authority
- CA
- Canada
- Prior art keywords
- data
- coordinates
- client
- frame
- input
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims 23
- 230000011664 signaling Effects 0.000 claims 3
- 238000004590 computer program Methods 0.000 claims 2
- 238000013500 data storage Methods 0.000 claims 2
- 230000002452 interceptive effect Effects 0.000 claims 1
- 230000004044 response Effects 0.000 claims 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/36—User authentication by graphic or iconic representation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/83—Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- User Interface Of Digital Computer (AREA)
- Information Transfer Between Computers (AREA)
Abstract
An authentication server (1030) provides a clue to a client (1010) indicating a random partial subset of a full pattern that characterizes a full digitized path on a frame of reference, and the client enters a data to fulfill an authentication factor suggested by the clue. The full pattern consists of an ordered set of data fields, which store parameters that specify the full digitized path on a reference grid for recognition. The server presents an instance of a graphical representation of the frame of reference, including an array of random indicators at data field coordinates in the frame of reference (3050). The server accepts indicators from the array of indicators at data field coordinates in the frame of reference. The server accepts indicators from the array of indicators corresponding to coordinates along said digitized path identified by the random partial subset as input data to fulfill the authentication factor.
Claims (41)
1. An interactive method for authentication of a client, comprising:
storing a data set in a memory, the data set including a plurality of data fields having respective positions in said data set and having field contents identifying coordinates along a digitized path known to the client on a frame of reference;
identifying to the client via a data communication medium, positions of a random partial subset of data fields in said data set;
accepting input data from the client via a data communication medium, corresponding to coordinates along said digitized path identified by data fields in the random partial subset of said data set; and determining whether the input data matches the coordinates identified by the field contents of data fields in the random partial subset.
storing a data set in a memory, the data set including a plurality of data fields having respective positions in said data set and having field contents identifying coordinates along a digitized path known to the client on a frame of reference;
identifying to the client via a data communication medium, positions of a random partial subset of data fields in said data set;
accepting input data from the client via a data communication medium, corresponding to coordinates along said digitized path identified by data fields in the random partial subset of said data set; and determining whether the input data matches the coordinates identified by the field contents of data fields in the random partial subset.
2. The method of claim 1, including if the input data matches, signaling successful authentication, and if the input data does not match, signaling failed authentication.
3. The method of claim 1, including presenting an instance of a graphical representation of the frame of reference, including an array of indicators at coordinates in the frame of reference, and wherein said input data includes said indicators.
4. The method of claim 1, including presenting an instance of a graphical representation of the frame of reference, including an array of indicators at coordinates in the frame of reference, and wherein said input data includes said indicators, wherein said indicators comprise alphanumeric characters.
5. The method of claim 1, including presenting an instance of a graphical representation of the frame of reference, including an array of indicators at coordinates in the frame of reference, and said input data includes said indicators, wherein said indicators are randomly or pseudo-randomly generated by a server so that the instance presented uses different indicators than are used in other instances of the graphical representation.
6. The method of claim 1, including presenting to the client from a server via a data communication medium, an input construct for entry of data corresponding to field contents of said random partial subset of data fields from the data set, and wherein said accepting input data from the client includes accepting data based on said input construct.
7. The method of claim 1, including presenting to the client from a server via a data communication medium, a graphical user interface including an input construct facilitating input of data corresponding to said positions by the client, wherein said input construct comprises an instance of said frame of reference having an array of indicators at coordinates in the frame of reference, and input fields for inserting indicators from said array of indicators corresponding to said random partial subset.
8. The method of claim 1, including presenting to the client an input construct for account set up, and accepting data from the client based on the input construct, to set field contents for the data fields in the data set.
9. The method of claim 1, including presenting to the client an input construct for account set up, and accepting data from the client based on the input construct, to set field contents for the data fields in the data set, wherein the input construct includes a graphical representation of said frame of reference.
10. The method of claim 1, wherein said digitized path on the frame of reference includes a first set of coordinates, and a sequence of additional sets of coordinates in an order, and wherein the field contents of data fields in said data set respectively identify the first set of coordinates and the additional sets of coordinates, and the positions of data fields in said data set correspond to said order.
11. The method of claim 1, wherein said digitized path includes a first set of coordinates, and a sequence of additional sets of coordinates in an order, wherein said first set of coordinates and said sequence of additional sets of coordinates consist of a continuous digitized path on said frame of reference.
12. The method of claim 1, wherein said digitized path includes a first set of coordinate, and a sequence of additional sets of coordinates in an order, wherein said first set of coordinates and said sequence of additional sets of coordinates consist of a non-continuous digitized path on said frame of reference.
13. The method of claim 1, wherein said digitized path on the frame of reference has a predetermined number of sets of coordinates, and includes a first set of coordinates, and a sequence of additional sets of coordinates in an order set by the client to define the full digitized path.
14. The method of claim 1, including selecting instances of said random partial subset at a server, wherein said instances include a variable number of positions of data fields in said data set.
15. The method of claim 1, including identifying positions of data fields for a plurality of random partial subsets of said data set.
16. The method of claim 1, including providing a session timer, and including disabling a client session if an elapsed time exceeds a threshold before an authentication event in a client session.
17. The method of claim 1, including:
displaying an icon during said identifying, accepting and determining, said icon having a first state during said identifying, a second state after said accepting, and a third state after said determining.
displaying an icon during said identifying, accepting and determining, said icon having a first state during said identifying, a second state after said accepting, and a third state after said determining.
18. The method of claim 1, including:
displaying a stop light icon during said identifying, accepting and determining, said icon displaying a red light during said identifying, displaying a yellow light after said accepting, and displaying a green light after said determining.
displaying a stop light icon during said identifying, accepting and determining, said icon displaying a red light during said identifying, displaying a yellow light after said accepting, and displaying a green light after said determining.
19. The method of claim 1, wherein said client provides input data in a client system coupled to communication media.
20. The method of claim 1, wherein said client provides input data in a client system, including a browser coupled to communication media.
21. The method of claim 1, including:
detecting an attempt to access a network resource by the user;
presenting, in response to the detected attempt to access a protected network resource, an interface to the client via a data communication medium, the interface supporting said indicating and said accepting; and if the input data matches, signaling authentication of the client.
detecting an attempt to access a network resource by the user;
presenting, in response to the detected attempt to access a protected network resource, an interface to the client via a data communication medium, the interface supporting said indicating and said accepting; and if the input data matches, signaling authentication of the client.
22. The method of claim 21, wherein said interface includes an instance of a graphical representation of the frame of reference, including an array of indicators at coordinates in the frame of reference, and said input data includes said indicators.
23. An authentication system for a client, comprising:
data processing resources, including a processor, memory and a communication interface;
user account information stored in said memory, including for respective clients a data set including a plurality of data fields having respective positions in said data set and having field contents identifying coordinates along a full digitized path known to the client on a frame of reference;
an authentication server adapted for execution by the data processing resources, including logic to identify to the client via the communication interface, positions in said data set of a random partial subset of data fields from said data set, logic to accept input data from the client via the communication interface, corresponding to coordinates identified by field contents of data fields in the random partial subset, and logic to determine whether the input data matches the field contents of corresponding data fields in the random partial subset.
data processing resources, including a processor, memory and a communication interface;
user account information stored in said memory, including for respective clients a data set including a plurality of data fields having respective positions in said data set and having field contents identifying coordinates along a full digitized path known to the client on a frame of reference;
an authentication server adapted for execution by the data processing resources, including logic to identify to the client via the communication interface, positions in said data set of a random partial subset of data fields from said data set, logic to accept input data from the client via the communication interface, corresponding to coordinates identified by field contents of data fields in the random partial subset, and logic to determine whether the input data matches the field contents of corresponding data fields in the random partial subset.
24. The system of claim 23, wherein the authentication server includes logic which if the input data matches, signals successful authentication, and if the input data does not match, signals failed authentication.
25. The system of claim 23, wherein the authentication server includes logic to present an instance of a graphical representation of the frame of reference, including an array of indicators at coordinates in the frame of reference, and said input data includes said indicators.
26. The system of claim 23, wherein the authentication server includes logic to present an instance of a graphical representation of the frame of reference, including an array of indicators at coordinates in the frame of reference, and said input data includes said indicators, wherein said indicators comprise alphanumeric characters.
27. The system of claim 23, wherein the authentication server includes logic to present an instance of a graphical representation of the frame of reference, including an array of indicators at coordinates in the frame of reference, and said input data includes said indicators, and logic to randomly or pseudo-randomly generate said array of indicators so that the instance presented uses different indicators than are used in other instances of the graphical representation.
28. The system of claim 23, wherein the authentication server includes logic to present a graphical user interface including an input construct facilitating input of data corresponding to said data field positions by the client, wherein said input construct comprises an instance of said frame of reference having an array of indicators at coordinates in the frame of reference, and input fields for inserting indicators from said array of indicators corresponding to said random partial subset.
29. The system of claim 23, including logic to present to the client an input construct for account set up, and to accept data from the client based on the input construct, to set field contents for the data fields in said data set, wherein the input construct includes an instance of said frame of reference.
30. The system of claim 23, wherein said a full digitized path on the frame of reference includes a first set of coordinates, and a sequence of additional sets of coordinates in an order, and wherein the field contents of data fields in said data set respectively identify the first set of coordinates and the additional sets of coordinates, and the positions of data fields in said data set correspond to said order.
31. The system of claim 23, wherein said digitized path includes a first set of coordinates, and a sequence of additional sets of coordinates in an order, wherein said first set of coordinates and said sequence of additional sets of coordinates consist of a continuous digitized path on said frame of reference.
32. The system of claim 23, wherein said digitized path includes a first set of coordinate, and a sequence of additional sets of coordinates in an order, wherein said first set of coordinates and said sequence of additional sets of coordinates consist of a non-continuous digitized path on said frame of reference.
33. The system of claim 23, wherein said full digitized path on the frame of reference characterized by a predetermined number of sets of coordinates, and includes a first set of coordinates, and a sequence of additional sets of coordinates in an order set by the client to define the digitized path.
34. The system of claim 23, wherein the authentication server includes logic to generate instances of said random partial subset, wherein said instances include a variable number of positions of data fields in said data set.
35. The system of claim 23, wherein the authentication server includes logic to identify positions of data fields for a plurality of random partial subsets of said data set in a client session.
36. The system of claim 23, including logic to present to the client an input construct for account set up, and to accept data from the client based on the input construct, to set field contents for the data fields in the data set.
37. The system of claim 23, including logic to present to the client a graphical input construct for entry of field contents of said random subset of data fields.
38. The system of claim 23, including logic to provide a session timer, and logic to disable a client session if an elapsed time exceeds a threshold before an authentication event in client session.
39. The system of claim 23, wherein said authentication server includes logic to display an icon, said icon having a first state during an initial stage of a client session, a second state after accepting input data, and a third state after determining whether the input data matches.
40. The system of claim 23, wherein said authentication server includes logic to display a stop light icon, said icon displaying a red light during an initial stage of a client session, displaying a yellow light after accepting input data, and displaying a green light after determining whether the input data matches.
41. An article storing computer programs supporting an authentication system for a client, comprising:
a machine readable data storage medium storing user account information, including for respective clients a data set including a plurality of data fields having respective positions in said data set and having field contents identifying coordinates along a digitized path known to the client on a frame of reference, and a machine readable data storage medium storing computer programs executable by a data processor including logic to identify to the client via the communication interface, positions in said data set of a random partial subset of data fields from said data set, logic to accept input data from the client via the communication interface, corresponding to coordinates identified by field contents of data fields in the random partial subset, and logic to determine whether the input data matches the field contents of corresponding data fields in the random partial subset.
a machine readable data storage medium storing user account information, including for respective clients a data set including a plurality of data fields having respective positions in said data set and having field contents identifying coordinates along a digitized path known to the client on a frame of reference, and a machine readable data storage medium storing computer programs executable by a data processor including logic to identify to the client via the communication interface, positions in said data set of a random partial subset of data fields from said data set, logic to accept input data from the client via the communication interface, corresponding to coordinates identified by field contents of data fields in the random partial subset, and logic to determine whether the input data matches the field contents of corresponding data fields in the random partial subset.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/US2004/029321 WO2006031212A1 (en) | 2004-09-09 | 2004-09-09 | Authentication system and method based upon random partial digitized path recognition |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CA2579826A1 true CA2579826A1 (en) | 2006-03-23 |
| CA2579826C CA2579826C (en) | 2012-12-18 |
Family
ID=36060325
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA2579826A Active CA2579826C (en) | 2004-09-09 | 2004-09-09 | Authentication system and method based upon random partial digitized path recognition |
Country Status (7)
| Country | Link |
|---|---|
| EP (1) | EP1794923A4 (en) |
| JP (1) | JP2008512765A (en) |
| CN (1) | CN101057444B (en) |
| AU (1) | AU2004323374B2 (en) |
| CA (1) | CA2579826C (en) |
| HK (1) | HK1113525A1 (en) |
| WO (1) | WO2006031212A1 (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7849321B2 (en) | 2006-08-23 | 2010-12-07 | Authernative, Inc. | Authentication method of random partial digitized path recognition with a challenge built into the path |
| JP5413225B2 (en) * | 2010-02-05 | 2014-02-12 | 富士通株式会社 | Program, in-vehicle device, and information processing device |
| TWI522842B (en) * | 2012-06-15 | 2016-02-21 | Pattern cryptographic track setting system and its method |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB9125540D0 (en) * | 1991-11-30 | 1992-01-29 | Davies John H E | Access control systems |
| US6209104B1 (en) * | 1996-12-10 | 2001-03-27 | Reza Jalili | Secure data entry and visual authentication system and method |
| JP3781874B2 (en) * | 1997-09-05 | 2006-05-31 | 富士通株式会社 | Electronic information management apparatus by image instruction, secret key management apparatus and method, and recording medium on which secret key management program is recorded |
-
2004
- 2004-09-09 WO PCT/US2004/029321 patent/WO2006031212A1/en active Application Filing
- 2004-09-09 AU AU2004323374A patent/AU2004323374B2/en not_active Ceased
- 2004-09-09 CN CN200480044372.9A patent/CN101057444B/en not_active Expired - Fee Related
- 2004-09-09 CA CA2579826A patent/CA2579826C/en active Active
- 2004-09-09 EP EP04783539A patent/EP1794923A4/en not_active Withdrawn
- 2004-09-09 JP JP2007531142A patent/JP2008512765A/en active Pending
-
2008
- 2008-04-02 HK HK08103648.2A patent/HK1113525A1/en not_active IP Right Cessation
Also Published As
| Publication number | Publication date |
|---|---|
| CA2579826C (en) | 2012-12-18 |
| AU2004323374A1 (en) | 2006-03-23 |
| EP1794923A4 (en) | 2010-12-29 |
| HK1113525A1 (en) | 2008-10-03 |
| AU2004323374B2 (en) | 2008-08-28 |
| EP1794923A1 (en) | 2007-06-13 |
| WO2006031212A1 (en) | 2006-03-23 |
| JP2008512765A (en) | 2008-04-24 |
| CN101057444B (en) | 2012-02-29 |
| CN101057444A (en) | 2007-10-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104836781B (en) | Distinguish the method and device for accessing user identity | |
| CA2689853A1 (en) | Secure access by a user to a resource | |
| JP5804524B2 (en) | User authentication method, apparatus and server | |
| CN103839007B (en) | A kind of method and system detecting abnormal thread | |
| US20140157382A1 (en) | Observable authentication methods and apparatus | |
| WO2015142948A2 (en) | Methods and systems of preventing an automated routine from passing a challenge-response test | |
| JP2010088523A5 (en) | ||
| US20170193217A1 (en) | Password protection question setting method and device | |
| US9582609B2 (en) | System and a method for generating challenges dynamically for assurance of human interaction | |
| CN108235122A (en) | The monitoring method and device of video ads | |
| WO2014120881A1 (en) | Authentication using a subset of a user-known code sequence | |
| CN106789837A (en) | Network anomalous behaviors detection method and detection means | |
| KR20190015327A (en) | Methods and Devices to Prevent Servers from Attacking | |
| CN104618336A (en) | Account number management method, device and system | |
| CN105740118B (en) | Chip method for detecting abnormality and device and circuit board method for detecting abnormality and device | |
| CA2579826A1 (en) | Authentication system and method based upon random partial digitized path recognition | |
| KR20140011010A (en) | Apparatus and method for authentication user using captcha | |
| CN116383622A (en) | Method, device and storage medium for labeling perception information and evaluating detection model | |
| WO2020052358A1 (en) | Method and system for game data processing, server and computer readable storage medium | |
| CN102882681A (en) | Method and system adopting number of image elements as security code | |
| CN107784228A (en) | SQL injection attack detection and device | |
| CN105631291A (en) | Fingerprint authentication method and electronic equipment | |
| CN106371772B (en) | A kind of multiple storage devices management method and system | |
| CN109086624A (en) | login method and device | |
| CN108959937A (en) | Plug-in unit processing method, device and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| EEER | Examination request |