WO2008014336A2 - Logiciel de sécurité de réseau employant une authentification à facteurs multiples et procédé apparenté - Google Patents

Logiciel de sécurité de réseau employant une authentification à facteurs multiples et procédé apparenté Download PDF

Info

Publication number
WO2008014336A2
WO2008014336A2 PCT/US2007/074348 US2007074348W WO2008014336A2 WO 2008014336 A2 WO2008014336 A2 WO 2008014336A2 US 2007074348 W US2007074348 W US 2007074348W WO 2008014336 A2 WO2008014336 A2 WO 2008014336A2
Authority
WO
WIPO (PCT)
Prior art keywords
words
user
sentence
factor authentication
word
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2007/074348
Other languages
English (en)
Other versions
WO2008014336A3 (fr
Inventor
James N. Stickley, Iii
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
TRACESECURITY Inc
Original Assignee
TRACESECURITY Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by TRACESECURITY Inc filed Critical TRACESECURITY Inc
Publication of WO2008014336A2 publication Critical patent/WO2008014336A2/fr
Publication of WO2008014336A3 publication Critical patent/WO2008014336A3/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation

Definitions

  • Multi-factor server software solutions require too much from users of such network servers. Either the user must download software, carry a token or other information or load "cookies" onto their computer. All of these options are intrusive to the end user and often can not support all situations. A need therefore exists for a way to authenticate a network appliance user which addresses these shortcomings of the known authentication systems.
  • This invention offers a type of multi-factor authentication that can protect users from attacks such as, e.g., phishing while being extremely simple to use, requiring no software for downloading to the user's computer or device, and no additional hardware to complete the authentication.
  • a user when a user first sets up their authentication account, they will be prompted with a very large list of words to choose from which will be known at the TITLE. Preferably, the user is required to select only one word from this list.
  • This TITLE will be memorized or otherwise retained by the user for future reference.
  • Fig. 1 shows a picture of what the chart of words might look like in one embodiment of this invention. The TITLE "running" has already been selected and the user must select their words to make the sentence.
  • Fig. 2 shows what the sentence creation screen might look like in one embodiment of the invention, as the user selects the words for the sentence. In this case the user has chosen the sentence "I like the round ball.” The registration portion is now complete. The user will need to remember both the title and the sentence for his future login process.
  • an input device e.g., a mouse
  • the user enters his login name and password.
  • a picture (Fig. 3) is shown with words for him to choose from for forming his particular sentence. Note that although all the words will be available for the sentence he initially formed, the order of the words will now be randomly displayed and there will no longer be a display of the colored boxes. [0008] Using his selection device (e.g., a mouse), the user will select the words in the proper order to write the sentence that he originally chose. In this case that would be I LIKE THE ROUND BALL.
  • his selection device e.g., a mouse
  • the user selects the appropriate title "Running” and the correct sentence "I like the round ball,” then the user will be authenticated and logged in. If the user fails to select the correct information, then he will fail the login and need to start over.
  • the words may preferably be shown as an image of all the words.
  • that word may be associated to an ID number that is randomly generated each time the word or the image of the word is displayed.
  • the associated ID numbers are sent. This configuration reduces two main risks.
  • a keyboard logger logs or records everything that a user types on the keyboard of their computer or other network device.
  • the keyboard loggers are foiled.
  • the second type of risk or attack is network sniffing, where content that is sent from a computer or network device is recorded as it goes over the network. Because the words or images of words are randomly displayed and because the words or word images have randomly associated numeric IDs, even if the information that the user selects with their mouse or other selection device is captured on the network, it does not tie back to any specific, or static set of, words. This in turn reduces the risk presented by network sniffers.
  • the words and/or word images may be any word, number, phrase, sound or symbol, or combination of any of the foregoing, which is discernable from an audiovisual display device.
  • the random generation of associated IDs can be provided by any of a number of random ID generators well know to those of skill in the art.
  • the network over which the authentication takes place will typically be the Internet, but may also be any other conventional network, including but not limited to local or wide area networks, wired or wireless.
  • the title selection process step carried out by some systems of this invention is not necessary in all embodiments of this invention, and that the words or other symbols displayed are not necessarily displayed using an image file in all embodiments of the invention.
  • the words when words are employed to form the authentication phrase or sentence, for example, the words may be displayed as part of HTML code in a browser without employing an image file display, and such a system shall still fall within the spirit and scope of certain embodiments of the present invention.
  • the associated random ID number associated with the words or images of words or other symbols is not absolutely required in all embodiments of the present invention.
  • the conventional code employed to display letters which make up the words visually displayed for example, in a web browser employing convention HTML code, may be employed in situations where use of word or symbol images is not desired or advantageous. Any convention software language may be employed to code the authentication software of this invention, and the program may be a stand-alone program or a group of component software programs with appropriate application program interfaces in communication with one another over a network.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

L'invention concerne un procédé d'authentification à facteurs multiples et un logiciel apparenté dans lequel, dans un mode de réalisation, un utilisateur cherchant à être authentifié compose une séquence ou une phrase par sélection d'un groupe de mots ou autres symboles générés de manière aléatoire pour composer la séquence ou la phrase, la séquence ou la phrase composée étant comparée ensuite à une base de données de séquences ou phrases établies antérieurement et associées à l'utilisation authentifiée.
PCT/US2007/074348 2006-07-25 2007-07-25 Logiciel de sécurité de réseau employant une authentification à facteurs multiples et procédé apparenté Ceased WO2008014336A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US82027206P 2006-07-25 2006-07-25
US60/820,272 2006-07-25

Publications (2)

Publication Number Publication Date
WO2008014336A2 true WO2008014336A2 (fr) 2008-01-31
WO2008014336A3 WO2008014336A3 (fr) 2008-07-17

Family

ID=38982304

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2007/074348 Ceased WO2008014336A2 (fr) 2006-07-25 2007-07-25 Logiciel de sécurité de réseau employant une authentification à facteurs multiples et procédé apparenté

Country Status (1)

Country Link
WO (1) WO2008014336A2 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8498237B2 (en) 2006-01-11 2013-07-30 Qualcomm Incorporated Methods and apparatus for communicating device capability and/or setup information
US8595501B2 (en) * 2008-05-09 2013-11-26 Qualcomm Incorporated Network helper for authentication between a token and verifiers
US8811369B2 (en) 2006-01-11 2014-08-19 Qualcomm Incorporated Methods and apparatus for supporting multiple communications modes of operation

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7873995B2 (en) * 2003-09-29 2011-01-18 Avaya Inc. Method and apparatus for generating and reinforcing user passwords

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8804677B2 (en) 2006-01-11 2014-08-12 Qualcomm Incorporated Methods and apparatus for establishing communications between devices with differing capabilities
US8750262B2 (en) 2006-01-11 2014-06-10 Qualcomm Incorporated Communications methods and apparatus related to beacon signals some of which may communicate priority information
US8542658B2 (en) 2006-01-11 2013-09-24 Qualcomm Incorporated Support for wide area networks and local area peer-to-peer networks
US8553644B2 (en) 2006-01-11 2013-10-08 Qualcomm Incorporated Wireless communication methods and apparatus supporting different types of wireless communication approaches
US9369943B2 (en) 2006-01-11 2016-06-14 Qualcomm Incorporated Cognitive communications
US8743843B2 (en) 2006-01-11 2014-06-03 Qualcomm Incorporated Methods and apparatus relating to timing and/or synchronization including the use of wireless terminals beacon signals
US8787323B2 (en) 2006-01-11 2014-07-22 Qualcomm Incorporated Wireless communication methods and apparatus supporting synchronization
US8750868B2 (en) 2006-01-11 2014-06-10 Qualcomm Incorporated Communication methods and apparatus related to wireless terminal monitoring for and use of beacon signals
US8750261B2 (en) 2006-01-11 2014-06-10 Qualcomm Incorporated Encoding beacon signals to provide identification in peer-to-peer communication
US8755362B2 (en) 2006-01-11 2014-06-17 Qualcomm Incorporated Wireless communication methods and apparatus supporting paging and peer to peer communications
US8504099B2 (en) 2006-01-11 2013-08-06 Qualcomm Incorporated Communication methods and apparatus relating to cooperative and non-cooperative modes of operation
US8774846B2 (en) 2006-01-11 2014-07-08 Qualcomm Incorporated Methods and apparatus relating to wireless terminal beacon signal generation, transmission, and/or use
US8885572B2 (en) 2006-01-11 2014-11-11 Qualcomm Incorporated Wireless communication methods and apparatus using beacon signals
US8811369B2 (en) 2006-01-11 2014-08-19 Qualcomm Incorporated Methods and apparatus for supporting multiple communications modes of operation
US8879520B2 (en) 2006-01-11 2014-11-04 Qualcomm Incorporated Wireless communication methods and apparatus supporting wireless terminal mode control signaling
US8879519B2 (en) 2006-01-11 2014-11-04 Qualcomm Incorporated Wireless communication methods and apparatus supporting peer to peer communications
US8498237B2 (en) 2006-01-11 2013-07-30 Qualcomm Incorporated Methods and apparatus for communicating device capability and/or setup information
US8902865B2 (en) 2006-01-11 2014-12-02 Qualcomm Incorporated Wireless communication methods and apparatus supporting multiple modes
US8902864B2 (en) 2006-01-11 2014-12-02 Qualcomm Incorporated Choosing parameters in a peer-to-peer communications system
US8902860B2 (en) 2006-01-11 2014-12-02 Qualcomm Incorporated Wireless communication methods and apparatus using beacon signals
US8902866B2 (en) 2006-01-11 2014-12-02 Qualcomm Incorporated Communication methods and apparatus which may be used in the absence or presence of beacon signals
US8923317B2 (en) 2006-01-11 2014-12-30 Qualcomm Incorporated Wireless device discovery in a wireless peer-to-peer network
US9277481B2 (en) 2006-01-11 2016-03-01 Qualcomm Incorporated Wireless communication methods and apparatus supporting different types of wireless communciation approaches
US8595501B2 (en) * 2008-05-09 2013-11-26 Qualcomm Incorporated Network helper for authentication between a token and verifiers

Also Published As

Publication number Publication date
WO2008014336A3 (fr) 2008-07-17

Similar Documents

Publication Publication Date Title
Yee et al. Passpet: convenient password management and phishing protection
US9065817B2 (en) Authenticating linked accounts
US9729533B2 (en) Human verification by contextually iconic visual public turing test
US7565534B2 (en) Network side channel for a message board
US8453221B2 (en) Method for improving security in login and single sign-on procedures
Richer et al. OAuth 2 in action
US7703130B2 (en) Secure authentication systems and methods
US20080148366A1 (en) System and method for authentication in a social network service
US7904947B2 (en) Gateway log in system with user friendly combination lock
WO2009039160A2 (fr) Procédé et système pour stocker et utiliser une pluralité de mots de passe
KR20040037029A (ko) 디지털 콘텐츠 및 스트리밍 미디어에 대한 액세스 제어 방법
US7979900B2 (en) Method and system for logging into and providing access to a computer system via a communication network
US8510813B2 (en) Management of network login identities
JP2002082912A (ja) メールバック方式によるキャリアフリー端末認証システム
Van Delft et al. A security analysis of OpenID
Haber et al. Indicators of compromise
EP3273377B1 (fr) Système d'image dynamique captcha
JPH11308272A (ja) パケット通信制御システム及びパケット通信制御装置
WO2008014336A2 (fr) Logiciel de sécurité de réseau employant une authentification à facteurs multiples et procédé apparenté
Mukhopadhyay et al. An Anti-Phishing mechanism for single sign-on based on QR-code
JP2012033042A (ja) シングルサインオンシステム及びシングルサインオン方法
US9729544B2 (en) Methods and systems for passcode creation and user authentication
Grzonkowski et al. D-FOAF-Security aspects in distributed user management system
Li et al. Secure human-computer identification against peeping attacks (SecHCI): A survey
WO2002082716A1 (fr) Validation de contenu

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07813351

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS EPO FORM 1205A DATED 10.07.2009.

122 Ep: pct application non-entry in european phase

Ref document number: 07813351

Country of ref document: EP

Kind code of ref document: A2