WO2008014336A2 - Network security software employing multi-factor authentication and related process - Google Patents
Network security software employing multi-factor authentication and related process Download PDFInfo
- Publication number
- WO2008014336A2 WO2008014336A2 PCT/US2007/074348 US2007074348W WO2008014336A2 WO 2008014336 A2 WO2008014336 A2 WO 2008014336A2 US 2007074348 W US2007074348 W US 2007074348W WO 2008014336 A2 WO2008014336 A2 WO 2008014336A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- words
- user
- sentence
- factor authentication
- word
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/36—User authentication by graphic or iconic representation
Definitions
- Multi-factor server software solutions require too much from users of such network servers. Either the user must download software, carry a token or other information or load "cookies" onto their computer. All of these options are intrusive to the end user and often can not support all situations. A need therefore exists for a way to authenticate a network appliance user which addresses these shortcomings of the known authentication systems.
- This invention offers a type of multi-factor authentication that can protect users from attacks such as, e.g., phishing while being extremely simple to use, requiring no software for downloading to the user's computer or device, and no additional hardware to complete the authentication.
- a user when a user first sets up their authentication account, they will be prompted with a very large list of words to choose from which will be known at the TITLE. Preferably, the user is required to select only one word from this list.
- This TITLE will be memorized or otherwise retained by the user for future reference.
- Fig. 1 shows a picture of what the chart of words might look like in one embodiment of this invention. The TITLE "running" has already been selected and the user must select their words to make the sentence.
- Fig. 2 shows what the sentence creation screen might look like in one embodiment of the invention, as the user selects the words for the sentence. In this case the user has chosen the sentence "I like the round ball.” The registration portion is now complete. The user will need to remember both the title and the sentence for his future login process.
- an input device e.g., a mouse
- the user enters his login name and password.
- a picture (Fig. 3) is shown with words for him to choose from for forming his particular sentence. Note that although all the words will be available for the sentence he initially formed, the order of the words will now be randomly displayed and there will no longer be a display of the colored boxes. [0008] Using his selection device (e.g., a mouse), the user will select the words in the proper order to write the sentence that he originally chose. In this case that would be I LIKE THE ROUND BALL.
- his selection device e.g., a mouse
- the user selects the appropriate title "Running” and the correct sentence "I like the round ball,” then the user will be authenticated and logged in. If the user fails to select the correct information, then he will fail the login and need to start over.
- the words may preferably be shown as an image of all the words.
- that word may be associated to an ID number that is randomly generated each time the word or the image of the word is displayed.
- the associated ID numbers are sent. This configuration reduces two main risks.
- a keyboard logger logs or records everything that a user types on the keyboard of their computer or other network device.
- the keyboard loggers are foiled.
- the second type of risk or attack is network sniffing, where content that is sent from a computer or network device is recorded as it goes over the network. Because the words or images of words are randomly displayed and because the words or word images have randomly associated numeric IDs, even if the information that the user selects with their mouse or other selection device is captured on the network, it does not tie back to any specific, or static set of, words. This in turn reduces the risk presented by network sniffers.
- the words and/or word images may be any word, number, phrase, sound or symbol, or combination of any of the foregoing, which is discernable from an audiovisual display device.
- the random generation of associated IDs can be provided by any of a number of random ID generators well know to those of skill in the art.
- the network over which the authentication takes place will typically be the Internet, but may also be any other conventional network, including but not limited to local or wide area networks, wired or wireless.
- the title selection process step carried out by some systems of this invention is not necessary in all embodiments of this invention, and that the words or other symbols displayed are not necessarily displayed using an image file in all embodiments of the invention.
- the words when words are employed to form the authentication phrase or sentence, for example, the words may be displayed as part of HTML code in a browser without employing an image file display, and such a system shall still fall within the spirit and scope of certain embodiments of the present invention.
- the associated random ID number associated with the words or images of words or other symbols is not absolutely required in all embodiments of the present invention.
- the conventional code employed to display letters which make up the words visually displayed for example, in a web browser employing convention HTML code, may be employed in situations where use of word or symbol images is not desired or advantageous. Any convention software language may be employed to code the authentication software of this invention, and the program may be a stand-alone program or a group of component software programs with appropriate application program interfaces in communication with one another over a network.
Abstract
Multi-factor authentication method and related software in which, in one embodiment, a user seeking to be authenticated composes a sequence or sentence by selecting from a randomly generated group of words or other symbols to compose the sequence or sentence, the composed sequence or sentence then being compared to a database of previously established sequences or sentences associated with authenticated use.
Description
Network Security Software Employing Multi-factor Authentication and Related Process
Background
[0001] Multi-factor server software solutions require too much from users of such network servers. Either the user must download software, carry a token or other information or load "cookies" onto their computer. All of these options are intrusive to the end user and often can not support all situations. A need therefore exists for a way to authenticate a network appliance user which addresses these shortcomings of the known authentication systems. The Invention
[0002] This invention offers a type of multi-factor authentication that can protect users from attacks such as, e.g., phishing while being extremely simple to use, requiring no software for downloading to the user's computer or device, and no additional hardware to complete the authentication.
[0003] In accordance with one embodiment of this invention, when a user first sets up their authentication account, they will be prompted with a very large list of words to choose from which will be known at the TITLE. Preferably, the user is required to select only one word from this list. This TITLE will be memorized or otherwise retained by the user for future reference.
[0004] After the user selects the TITLE, if the same was required by the particular embodiment of this invention, then the user will be prompted with a chart of visible words which are randomly displayed. The words may be displayed in different colored boxes on one particular embodiment of this invention. The user will then be told to make a sentence of a minimum number of at least two, more preferably at least 5, words or more using the available words from the chart of words. In this embodiment of the invention employing colored boxes, the user will also be told that at least one word from each of the colored boxes must be used. [0005] Fig. 1 shows a picture of what the chart of words might look like in one embodiment of this invention. The TITLE "running" has already been selected and the user must select their words to make the sentence. The user will use an input device, e.g., a mouse, to select or click on the words in the order he wishes to make a sentence. As he clicks each word, it will become highlighted and will show up in the order he selects.
[0006] Fig. 2 shows what the sentence creation screen might look like in one embodiment of the invention, as the user selects the words for the sentence. In this case the user has chosen the sentence "I like the round ball." The registration portion is now complete. The user will need to remember both the title and the sentence for his future login process.
[0007] To login using this authentication he will do the following, though the order of events could change and certain steps may not be necessary in other embodiments of this invention.
Step 1:
Login: loginname
Password: *******
The user enters his login name and password.
Step 2:
Next he is shown a list of words on his display device. This is not the complete list that was available to him when he setup his account. Instead it is just a list of a limited number of words, say, e.g., 10 words. He selects the word that is the title.
Title: (List of words)
Step 3:
After he selects the title, a picture (Fig. 3) is shown with words for him to choose from for forming his particular sentence. Note that although all the words will be available for the sentence he initially formed, the order of the words will now be randomly displayed and there will no longer be a display of the colored boxes. [0008] Using his selection device (e.g., a mouse), the user will select the words in the proper order to write the sentence that he originally chose. In this case that would be I LIKE THE ROUND BALL.
[0009] If the user selects the appropriate title "Running" and the correct sentence "I like the round ball," then the user will be authenticated and logged in. If the user fails to select the correct information, then he will fail the login and need to start over. [0010] In certain embodiments of the present invention, it should be appreciated that when the words are displayed to the user, they may preferably be shown as an image of all the words. When the user selects a word, that word may be associated to an ID number that is randomly generated each time the word or the image of the word
is displayed. In this embodiment, once the user has selected all the words in the correct order and submits them, instead of words being sent over the network connection, the associated ID numbers are sent. This configuration reduces two main risks. First, it reduces the risk of keyboard loggers. A keyboard logger logs or records everything that a user types on the keyboard of their computer or other network device. In these embodiments of the present invention, because the user is not typing words but instead is using his mouse or other selection device to click on images of words, the keyboard loggers are foiled. The second type of risk or attack is network sniffing, where content that is sent from a computer or network device is recorded as it goes over the network. Because the words or images of words are randomly displayed and because the words or word images have randomly associated numeric IDs, even if the information that the user selects with their mouse or other selection device is captured on the network, it does not tie back to any specific, or static set of, words. This in turn reduces the risk presented by network sniffers. [0011] In embodiments of the present invention employing the colored boxes mentioned earlier, it should be appreciated that users will have a tendency to use simple words and simple sentences when selecting titles and/or sentences. By using colored boxes, one can ensure that a certain difficulty level will be maintained since the program can be configured to employ more difficult word concepts in certain boxes. The program may have access to thousands of words, but will only be offering the user a very limited number of words from which to choose. In addition, when the user first makes his sentence, if he can not find words he prefers, the program can be configured to permit him to call a refresh of the table to receive another set of word images from which to choose.
[0012] It should be appreciated that the words and/or word images may be any word, number, phrase, sound or symbol, or combination of any of the foregoing, which is discernable from an audiovisual display device. The random generation of associated IDs can be provided by any of a number of random ID generators well know to those of skill in the art. The network over which the authentication takes place will typically be the Internet, but may also be any other conventional network, including but not limited to local or wide area networks, wired or wireless. [0013] In addition, it should be noted that the title selection process step carried out by some systems of this invention is not necessary in all embodiments of this
invention, and that the words or other symbols displayed are not necessarily displayed using an image file in all embodiments of the invention. Thus, when words are employed to form the authentication phrase or sentence, for example, the words may be displayed as part of HTML code in a browser without employing an image file display, and such a system shall still fall within the spirit and scope of certain embodiments of the present invention. Likewise, the associated random ID number associated with the words or images of words or other symbols is not absolutely required in all embodiments of the present invention. The conventional code employed to display letters which make up the words visually displayed, for example, in a web browser employing convention HTML code, may be employed in situations where use of word or symbol images is not desired or advantageous. Any convention software language may be employed to code the authentication software of this invention, and the program may be a stand-alone program or a group of component software programs with appropriate application program interfaces in communication with one another over a network.
[0014] The present invention is not limited to the specific examples illustrated above.
Claims
1. A method of authenticating a user of a network device, comprising a process as herein described.
2. A machine-readable medium encoded with a software program configured to carry out a process as herein described.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US82027206P | 2006-07-25 | 2006-07-25 | |
US60/820,272 | 2006-07-25 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2008014336A2 true WO2008014336A2 (en) | 2008-01-31 |
WO2008014336A3 WO2008014336A3 (en) | 2008-07-17 |
Family
ID=38982304
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2007/074348 WO2008014336A2 (en) | 2006-07-25 | 2007-07-25 | Network security software employing multi-factor authentication and related process |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2008014336A2 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8498237B2 (en) | 2006-01-11 | 2013-07-30 | Qualcomm Incorporated | Methods and apparatus for communicating device capability and/or setup information |
US8595501B2 (en) * | 2008-05-09 | 2013-11-26 | Qualcomm Incorporated | Network helper for authentication between a token and verifiers |
US8811369B2 (en) | 2006-01-11 | 2014-08-19 | Qualcomm Incorporated | Methods and apparatus for supporting multiple communications modes of operation |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050071686A1 (en) * | 2003-09-29 | 2005-03-31 | Amit Bagga | Method and apparatus for generating and reinforcing user passwords |
-
2007
- 2007-07-25 WO PCT/US2007/074348 patent/WO2008014336A2/en active Application Filing
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050071686A1 (en) * | 2003-09-29 | 2005-03-31 | Amit Bagga | Method and apparatus for generating and reinforcing user passwords |
Cited By (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8804677B2 (en) | 2006-01-11 | 2014-08-12 | Qualcomm Incorporated | Methods and apparatus for establishing communications between devices with differing capabilities |
US8923317B2 (en) | 2006-01-11 | 2014-12-30 | Qualcomm Incorporated | Wireless device discovery in a wireless peer-to-peer network |
US8542658B2 (en) | 2006-01-11 | 2013-09-24 | Qualcomm Incorporated | Support for wide area networks and local area peer-to-peer networks |
US8553644B2 (en) | 2006-01-11 | 2013-10-08 | Qualcomm Incorporated | Wireless communication methods and apparatus supporting different types of wireless communication approaches |
US8774846B2 (en) | 2006-01-11 | 2014-07-08 | Qualcomm Incorporated | Methods and apparatus relating to wireless terminal beacon signal generation, transmission, and/or use |
US8743843B2 (en) | 2006-01-11 | 2014-06-03 | Qualcomm Incorporated | Methods and apparatus relating to timing and/or synchronization including the use of wireless terminals beacon signals |
US8750262B2 (en) | 2006-01-11 | 2014-06-10 | Qualcomm Incorporated | Communications methods and apparatus related to beacon signals some of which may communicate priority information |
US8750868B2 (en) | 2006-01-11 | 2014-06-10 | Qualcomm Incorporated | Communication methods and apparatus related to wireless terminal monitoring for and use of beacon signals |
US8750261B2 (en) | 2006-01-11 | 2014-06-10 | Qualcomm Incorporated | Encoding beacon signals to provide identification in peer-to-peer communication |
US8755362B2 (en) | 2006-01-11 | 2014-06-17 | Qualcomm Incorporated | Wireless communication methods and apparatus supporting paging and peer to peer communications |
US9369943B2 (en) | 2006-01-11 | 2016-06-14 | Qualcomm Incorporated | Cognitive communications |
US8504099B2 (en) | 2006-01-11 | 2013-08-06 | Qualcomm Incorporated | Communication methods and apparatus relating to cooperative and non-cooperative modes of operation |
US8879520B2 (en) | 2006-01-11 | 2014-11-04 | Qualcomm Incorporated | Wireless communication methods and apparatus supporting wireless terminal mode control signaling |
US8811369B2 (en) | 2006-01-11 | 2014-08-19 | Qualcomm Incorporated | Methods and apparatus for supporting multiple communications modes of operation |
US8498237B2 (en) | 2006-01-11 | 2013-07-30 | Qualcomm Incorporated | Methods and apparatus for communicating device capability and/or setup information |
US8879519B2 (en) | 2006-01-11 | 2014-11-04 | Qualcomm Incorporated | Wireless communication methods and apparatus supporting peer to peer communications |
US8885572B2 (en) | 2006-01-11 | 2014-11-11 | Qualcomm Incorporated | Wireless communication methods and apparatus using beacon signals |
US8902860B2 (en) | 2006-01-11 | 2014-12-02 | Qualcomm Incorporated | Wireless communication methods and apparatus using beacon signals |
US8902865B2 (en) | 2006-01-11 | 2014-12-02 | Qualcomm Incorporated | Wireless communication methods and apparatus supporting multiple modes |
US8902864B2 (en) | 2006-01-11 | 2014-12-02 | Qualcomm Incorporated | Choosing parameters in a peer-to-peer communications system |
US8902866B2 (en) | 2006-01-11 | 2014-12-02 | Qualcomm Incorporated | Communication methods and apparatus which may be used in the absence or presence of beacon signals |
US8787323B2 (en) | 2006-01-11 | 2014-07-22 | Qualcomm Incorporated | Wireless communication methods and apparatus supporting synchronization |
US9277481B2 (en) | 2006-01-11 | 2016-03-01 | Qualcomm Incorporated | Wireless communication methods and apparatus supporting different types of wireless communciation approaches |
US8595501B2 (en) * | 2008-05-09 | 2013-11-26 | Qualcomm Incorporated | Network helper for authentication between a token and verifiers |
Also Published As
Publication number | Publication date |
---|---|
WO2008014336A3 (en) | 2008-07-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Yee et al. | Passpet: convenient password management and phishing protection | |
US9692747B2 (en) | Authenticating linked accounts | |
US7565534B2 (en) | Network side channel for a message board | |
US8453221B2 (en) | Method for improving security in login and single sign-on procedures | |
Richer et al. | OAuth 2 in action | |
US8510813B2 (en) | Management of network login identities | |
US20080148366A1 (en) | System and method for authentication in a social network service | |
Van Delft et al. | A security analysis of OpenID | |
WO2009039160A2 (en) | Method and system for storing and using a plurality of passwords | |
KR20040037029A (en) | Method and controlling access to digital content and streaming media | |
KR20090019443A (en) | User authentication system using ip address and method thereof | |
US7904947B2 (en) | Gateway log in system with user friendly combination lock | |
JP2002082912A (en) | Carrier free terminal authentication system using mail back system | |
EP3273377B1 (en) | System for dynamic image captcha | |
JPH11308272A (en) | Packet communication control system and packet communication controller | |
WO2008014336A2 (en) | Network security software employing multi-factor authentication and related process | |
JP2012033042A (en) | Single sign-on system and single sign-on method | |
Li et al. | Secure human-computer identification against peeping attacks (SecHCI): A survey | |
Prandini et al. | Security considerations about the adoption of web 2.0 technologies in sensitive e-government processes | |
US9729544B2 (en) | Methods and systems for passcode creation and user authentication | |
Haber et al. | Password Hacking | |
Karlof | Human factors in web authentication | |
Nitin et al. | Image based authentication system with sign-in seal | |
Chauhan et al. | On a Software Architecture of JUIT-Image Based Authentication System | |
Katuk et al. | Authenticate Yourself Once Using OpenID. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 07813351 Country of ref document: EP Kind code of ref document: A2 |
|
NENP | Non-entry into the national phase in: |
Ref country code: DE |
|
NENP | Non-entry into the national phase in: |
Ref country code: RU |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS EPO FORM 1205A DATED 10.07.2009. |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 07813351 Country of ref document: EP Kind code of ref document: A2 |