WO2008014336A2 - Network security software employing multi-factor authentication and related process - Google Patents

Network security software employing multi-factor authentication and related process Download PDF

Info

Publication number
WO2008014336A2
WO2008014336A2 PCT/US2007/074348 US2007074348W WO2008014336A2 WO 2008014336 A2 WO2008014336 A2 WO 2008014336A2 US 2007074348 W US2007074348 W US 2007074348W WO 2008014336 A2 WO2008014336 A2 WO 2008014336A2
Authority
WO
WIPO (PCT)
Prior art keywords
words
user
sentence
factor authentication
word
Prior art date
Application number
PCT/US2007/074348
Other languages
French (fr)
Other versions
WO2008014336A3 (en
Inventor
James N. Stickley, Iii
Original Assignee
Tracesecurity, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tracesecurity, Inc. filed Critical Tracesecurity, Inc.
Publication of WO2008014336A2 publication Critical patent/WO2008014336A2/en
Publication of WO2008014336A3 publication Critical patent/WO2008014336A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation

Definitions

  • Multi-factor server software solutions require too much from users of such network servers. Either the user must download software, carry a token or other information or load "cookies" onto their computer. All of these options are intrusive to the end user and often can not support all situations. A need therefore exists for a way to authenticate a network appliance user which addresses these shortcomings of the known authentication systems.
  • This invention offers a type of multi-factor authentication that can protect users from attacks such as, e.g., phishing while being extremely simple to use, requiring no software for downloading to the user's computer or device, and no additional hardware to complete the authentication.
  • a user when a user first sets up their authentication account, they will be prompted with a very large list of words to choose from which will be known at the TITLE. Preferably, the user is required to select only one word from this list.
  • This TITLE will be memorized or otherwise retained by the user for future reference.
  • Fig. 1 shows a picture of what the chart of words might look like in one embodiment of this invention. The TITLE "running" has already been selected and the user must select their words to make the sentence.
  • Fig. 2 shows what the sentence creation screen might look like in one embodiment of the invention, as the user selects the words for the sentence. In this case the user has chosen the sentence "I like the round ball.” The registration portion is now complete. The user will need to remember both the title and the sentence for his future login process.
  • an input device e.g., a mouse
  • the user enters his login name and password.
  • a picture (Fig. 3) is shown with words for him to choose from for forming his particular sentence. Note that although all the words will be available for the sentence he initially formed, the order of the words will now be randomly displayed and there will no longer be a display of the colored boxes. [0008] Using his selection device (e.g., a mouse), the user will select the words in the proper order to write the sentence that he originally chose. In this case that would be I LIKE THE ROUND BALL.
  • his selection device e.g., a mouse
  • the user selects the appropriate title "Running” and the correct sentence "I like the round ball,” then the user will be authenticated and logged in. If the user fails to select the correct information, then he will fail the login and need to start over.
  • the words may preferably be shown as an image of all the words.
  • that word may be associated to an ID number that is randomly generated each time the word or the image of the word is displayed.
  • the associated ID numbers are sent. This configuration reduces two main risks.
  • a keyboard logger logs or records everything that a user types on the keyboard of their computer or other network device.
  • the keyboard loggers are foiled.
  • the second type of risk or attack is network sniffing, where content that is sent from a computer or network device is recorded as it goes over the network. Because the words or images of words are randomly displayed and because the words or word images have randomly associated numeric IDs, even if the information that the user selects with their mouse or other selection device is captured on the network, it does not tie back to any specific, or static set of, words. This in turn reduces the risk presented by network sniffers.
  • the words and/or word images may be any word, number, phrase, sound or symbol, or combination of any of the foregoing, which is discernable from an audiovisual display device.
  • the random generation of associated IDs can be provided by any of a number of random ID generators well know to those of skill in the art.
  • the network over which the authentication takes place will typically be the Internet, but may also be any other conventional network, including but not limited to local or wide area networks, wired or wireless.
  • the title selection process step carried out by some systems of this invention is not necessary in all embodiments of this invention, and that the words or other symbols displayed are not necessarily displayed using an image file in all embodiments of the invention.
  • the words when words are employed to form the authentication phrase or sentence, for example, the words may be displayed as part of HTML code in a browser without employing an image file display, and such a system shall still fall within the spirit and scope of certain embodiments of the present invention.
  • the associated random ID number associated with the words or images of words or other symbols is not absolutely required in all embodiments of the present invention.
  • the conventional code employed to display letters which make up the words visually displayed for example, in a web browser employing convention HTML code, may be employed in situations where use of word or symbol images is not desired or advantageous. Any convention software language may be employed to code the authentication software of this invention, and the program may be a stand-alone program or a group of component software programs with appropriate application program interfaces in communication with one another over a network.

Abstract

Multi-factor authentication method and related software in which, in one embodiment, a user seeking to be authenticated composes a sequence or sentence by selecting from a randomly generated group of words or other symbols to compose the sequence or sentence, the composed sequence or sentence then being compared to a database of previously established sequences or sentences associated with authenticated use.

Description

Network Security Software Employing Multi-factor Authentication and Related Process
Background
[0001] Multi-factor server software solutions require too much from users of such network servers. Either the user must download software, carry a token or other information or load "cookies" onto their computer. All of these options are intrusive to the end user and often can not support all situations. A need therefore exists for a way to authenticate a network appliance user which addresses these shortcomings of the known authentication systems. The Invention
[0002] This invention offers a type of multi-factor authentication that can protect users from attacks such as, e.g., phishing while being extremely simple to use, requiring no software for downloading to the user's computer or device, and no additional hardware to complete the authentication.
[0003] In accordance with one embodiment of this invention, when a user first sets up their authentication account, they will be prompted with a very large list of words to choose from which will be known at the TITLE. Preferably, the user is required to select only one word from this list. This TITLE will be memorized or otherwise retained by the user for future reference.
[0004] After the user selects the TITLE, if the same was required by the particular embodiment of this invention, then the user will be prompted with a chart of visible words which are randomly displayed. The words may be displayed in different colored boxes on one particular embodiment of this invention. The user will then be told to make a sentence of a minimum number of at least two, more preferably at least 5, words or more using the available words from the chart of words. In this embodiment of the invention employing colored boxes, the user will also be told that at least one word from each of the colored boxes must be used. [0005] Fig. 1 shows a picture of what the chart of words might look like in one embodiment of this invention. The TITLE "running" has already been selected and the user must select their words to make the sentence. The user will use an input device, e.g., a mouse, to select or click on the words in the order he wishes to make a sentence. As he clicks each word, it will become highlighted and will show up in the order he selects. [0006] Fig. 2 shows what the sentence creation screen might look like in one embodiment of the invention, as the user selects the words for the sentence. In this case the user has chosen the sentence "I like the round ball." The registration portion is now complete. The user will need to remember both the title and the sentence for his future login process.
[0007] To login using this authentication he will do the following, though the order of events could change and certain steps may not be necessary in other embodiments of this invention.
Step 1:
Login: loginname
Password: *******
The user enters his login name and password.
Step 2:
Next he is shown a list of words on his display device. This is not the complete list that was available to him when he setup his account. Instead it is just a list of a limited number of words, say, e.g., 10 words. He selects the word that is the title.
Title: (List of words)
Step 3:
After he selects the title, a picture (Fig. 3) is shown with words for him to choose from for forming his particular sentence. Note that although all the words will be available for the sentence he initially formed, the order of the words will now be randomly displayed and there will no longer be a display of the colored boxes. [0008] Using his selection device (e.g., a mouse), the user will select the words in the proper order to write the sentence that he originally chose. In this case that would be I LIKE THE ROUND BALL.
[0009] If the user selects the appropriate title "Running" and the correct sentence "I like the round ball," then the user will be authenticated and logged in. If the user fails to select the correct information, then he will fail the login and need to start over. [0010] In certain embodiments of the present invention, it should be appreciated that when the words are displayed to the user, they may preferably be shown as an image of all the words. When the user selects a word, that word may be associated to an ID number that is randomly generated each time the word or the image of the word is displayed. In this embodiment, once the user has selected all the words in the correct order and submits them, instead of words being sent over the network connection, the associated ID numbers are sent. This configuration reduces two main risks. First, it reduces the risk of keyboard loggers. A keyboard logger logs or records everything that a user types on the keyboard of their computer or other network device. In these embodiments of the present invention, because the user is not typing words but instead is using his mouse or other selection device to click on images of words, the keyboard loggers are foiled. The second type of risk or attack is network sniffing, where content that is sent from a computer or network device is recorded as it goes over the network. Because the words or images of words are randomly displayed and because the words or word images have randomly associated numeric IDs, even if the information that the user selects with their mouse or other selection device is captured on the network, it does not tie back to any specific, or static set of, words. This in turn reduces the risk presented by network sniffers. [0011] In embodiments of the present invention employing the colored boxes mentioned earlier, it should be appreciated that users will have a tendency to use simple words and simple sentences when selecting titles and/or sentences. By using colored boxes, one can ensure that a certain difficulty level will be maintained since the program can be configured to employ more difficult word concepts in certain boxes. The program may have access to thousands of words, but will only be offering the user a very limited number of words from which to choose. In addition, when the user first makes his sentence, if he can not find words he prefers, the program can be configured to permit him to call a refresh of the table to receive another set of word images from which to choose.
[0012] It should be appreciated that the words and/or word images may be any word, number, phrase, sound or symbol, or combination of any of the foregoing, which is discernable from an audiovisual display device. The random generation of associated IDs can be provided by any of a number of random ID generators well know to those of skill in the art. The network over which the authentication takes place will typically be the Internet, but may also be any other conventional network, including but not limited to local or wide area networks, wired or wireless. [0013] In addition, it should be noted that the title selection process step carried out by some systems of this invention is not necessary in all embodiments of this invention, and that the words or other symbols displayed are not necessarily displayed using an image file in all embodiments of the invention. Thus, when words are employed to form the authentication phrase or sentence, for example, the words may be displayed as part of HTML code in a browser without employing an image file display, and such a system shall still fall within the spirit and scope of certain embodiments of the present invention. Likewise, the associated random ID number associated with the words or images of words or other symbols is not absolutely required in all embodiments of the present invention. The conventional code employed to display letters which make up the words visually displayed, for example, in a web browser employing convention HTML code, may be employed in situations where use of word or symbol images is not desired or advantageous. Any convention software language may be employed to code the authentication software of this invention, and the program may be a stand-alone program or a group of component software programs with appropriate application program interfaces in communication with one another over a network.
[0014] The present invention is not limited to the specific examples illustrated above.

Claims

CLAIMS:
1. A method of authenticating a user of a network device, comprising a process as herein described.
2. A machine-readable medium encoded with a software program configured to carry out a process as herein described.
PCT/US2007/074348 2006-07-25 2007-07-25 Network security software employing multi-factor authentication and related process WO2008014336A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US82027206P 2006-07-25 2006-07-25
US60/820,272 2006-07-25

Publications (2)

Publication Number Publication Date
WO2008014336A2 true WO2008014336A2 (en) 2008-01-31
WO2008014336A3 WO2008014336A3 (en) 2008-07-17

Family

ID=38982304

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2007/074348 WO2008014336A2 (en) 2006-07-25 2007-07-25 Network security software employing multi-factor authentication and related process

Country Status (1)

Country Link
WO (1) WO2008014336A2 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8498237B2 (en) 2006-01-11 2013-07-30 Qualcomm Incorporated Methods and apparatus for communicating device capability and/or setup information
US8595501B2 (en) * 2008-05-09 2013-11-26 Qualcomm Incorporated Network helper for authentication between a token and verifiers
US8811369B2 (en) 2006-01-11 2014-08-19 Qualcomm Incorporated Methods and apparatus for supporting multiple communications modes of operation

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050071686A1 (en) * 2003-09-29 2005-03-31 Amit Bagga Method and apparatus for generating and reinforcing user passwords

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050071686A1 (en) * 2003-09-29 2005-03-31 Amit Bagga Method and apparatus for generating and reinforcing user passwords

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8804677B2 (en) 2006-01-11 2014-08-12 Qualcomm Incorporated Methods and apparatus for establishing communications between devices with differing capabilities
US8923317B2 (en) 2006-01-11 2014-12-30 Qualcomm Incorporated Wireless device discovery in a wireless peer-to-peer network
US8542658B2 (en) 2006-01-11 2013-09-24 Qualcomm Incorporated Support for wide area networks and local area peer-to-peer networks
US8553644B2 (en) 2006-01-11 2013-10-08 Qualcomm Incorporated Wireless communication methods and apparatus supporting different types of wireless communication approaches
US8774846B2 (en) 2006-01-11 2014-07-08 Qualcomm Incorporated Methods and apparatus relating to wireless terminal beacon signal generation, transmission, and/or use
US8743843B2 (en) 2006-01-11 2014-06-03 Qualcomm Incorporated Methods and apparatus relating to timing and/or synchronization including the use of wireless terminals beacon signals
US8750262B2 (en) 2006-01-11 2014-06-10 Qualcomm Incorporated Communications methods and apparatus related to beacon signals some of which may communicate priority information
US8750868B2 (en) 2006-01-11 2014-06-10 Qualcomm Incorporated Communication methods and apparatus related to wireless terminal monitoring for and use of beacon signals
US8750261B2 (en) 2006-01-11 2014-06-10 Qualcomm Incorporated Encoding beacon signals to provide identification in peer-to-peer communication
US8755362B2 (en) 2006-01-11 2014-06-17 Qualcomm Incorporated Wireless communication methods and apparatus supporting paging and peer to peer communications
US9369943B2 (en) 2006-01-11 2016-06-14 Qualcomm Incorporated Cognitive communications
US8504099B2 (en) 2006-01-11 2013-08-06 Qualcomm Incorporated Communication methods and apparatus relating to cooperative and non-cooperative modes of operation
US8879520B2 (en) 2006-01-11 2014-11-04 Qualcomm Incorporated Wireless communication methods and apparatus supporting wireless terminal mode control signaling
US8811369B2 (en) 2006-01-11 2014-08-19 Qualcomm Incorporated Methods and apparatus for supporting multiple communications modes of operation
US8498237B2 (en) 2006-01-11 2013-07-30 Qualcomm Incorporated Methods and apparatus for communicating device capability and/or setup information
US8879519B2 (en) 2006-01-11 2014-11-04 Qualcomm Incorporated Wireless communication methods and apparatus supporting peer to peer communications
US8885572B2 (en) 2006-01-11 2014-11-11 Qualcomm Incorporated Wireless communication methods and apparatus using beacon signals
US8902860B2 (en) 2006-01-11 2014-12-02 Qualcomm Incorporated Wireless communication methods and apparatus using beacon signals
US8902865B2 (en) 2006-01-11 2014-12-02 Qualcomm Incorporated Wireless communication methods and apparatus supporting multiple modes
US8902864B2 (en) 2006-01-11 2014-12-02 Qualcomm Incorporated Choosing parameters in a peer-to-peer communications system
US8902866B2 (en) 2006-01-11 2014-12-02 Qualcomm Incorporated Communication methods and apparatus which may be used in the absence or presence of beacon signals
US8787323B2 (en) 2006-01-11 2014-07-22 Qualcomm Incorporated Wireless communication methods and apparatus supporting synchronization
US9277481B2 (en) 2006-01-11 2016-03-01 Qualcomm Incorporated Wireless communication methods and apparatus supporting different types of wireless communciation approaches
US8595501B2 (en) * 2008-05-09 2013-11-26 Qualcomm Incorporated Network helper for authentication between a token and verifiers

Also Published As

Publication number Publication date
WO2008014336A3 (en) 2008-07-17

Similar Documents

Publication Publication Date Title
Yee et al. Passpet: convenient password management and phishing protection
US9692747B2 (en) Authenticating linked accounts
US7565534B2 (en) Network side channel for a message board
US8453221B2 (en) Method for improving security in login and single sign-on procedures
Richer et al. OAuth 2 in action
US8510813B2 (en) Management of network login identities
US20080148366A1 (en) System and method for authentication in a social network service
Van Delft et al. A security analysis of OpenID
WO2009039160A2 (en) Method and system for storing and using a plurality of passwords
KR20040037029A (en) Method and controlling access to digital content and streaming media
KR20090019443A (en) User authentication system using ip address and method thereof
US7904947B2 (en) Gateway log in system with user friendly combination lock
JP2002082912A (en) Carrier free terminal authentication system using mail back system
EP3273377B1 (en) System for dynamic image captcha
JPH11308272A (en) Packet communication control system and packet communication controller
WO2008014336A2 (en) Network security software employing multi-factor authentication and related process
JP2012033042A (en) Single sign-on system and single sign-on method
Li et al. Secure human-computer identification against peeping attacks (SecHCI): A survey
Prandini et al. Security considerations about the adoption of web 2.0 technologies in sensitive e-government processes
US9729544B2 (en) Methods and systems for passcode creation and user authentication
Haber et al. Password Hacking
Karlof Human factors in web authentication
Nitin et al. Image based authentication system with sign-in seal
Chauhan et al. On a Software Architecture of JUIT-Image Based Authentication System
Katuk et al. Authenticate Yourself Once Using OpenID.

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07813351

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase in:

Ref country code: DE

NENP Non-entry into the national phase in:

Ref country code: RU

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS EPO FORM 1205A DATED 10.07.2009.

122 Ep: pct application non-entry in european phase

Ref document number: 07813351

Country of ref document: EP

Kind code of ref document: A2