The present invention relates to password authentication, and more particularly to an improved method of two-way authentication with non-disclosing password entry.
It has long been known that the best way to identify an authorized user at a secure access point while minimizing the chances of an imposter gaining access is to base the identification on three basic items; something the authorized user has, something the authorized user is, and something the authorized user knows. The first one, something the authorized user has, is often accomplished by an ID card with electronically readable magnetic strip or, more recently, a Radio Frequency Identification (RFID) chip. The second, something the authorized user is, may be a finger print, retinal scan or some other unique biologic trait of the valid user. However, biologic ID is still new and not shown to be fully robust in allowing the authorized user access in all conditions. Therefore, these methods are used only where security is paramount. The last, something the authorized user knows, is quite often a password or Personal Identification Numbers (PIN). This password method is used by virtually everyone and remains the most common method of authentication of identity. The password or PIN is something only the authorized user knows and, with today's strong encryption, the password may be transmitted over a network to authenticate the authorized user with little fear of the password being compromised by unauthorized eavesdroppers or imposter.
However, although the password may be securely transmitted in the presence of imposters by the use of encryption, the password may still be disclosed to an imposter before or during the password entry process. For example, many ATM keypads are visible to people waiting in line where an imposter may observe the keypad selections and obtain the authorized user's PIN simply by looking over their shoulder (called “shoulder-surfing”). Alternatively, a secluded imposter may obtain the password by watching with binoculars from a nearby car or building.
Passwords are also the dominant means of user authentication via the keyboard or mouse of a computer. It may be more difficult for an imposter to see and memorize the password by watching the authorized user's fingers at the keyboard or mouse icon position on the screen than watching an ATM keypad, but it does happen. Also small cameras may be placed and removed to allow all the authorized user's keyboard strokes and mouse display clicks to be recorded for later playback.
Also, the disclosure of passwords is a serious issue with computer keyboard or mouse selection entry of passwords when using a device connected to the internet. For example, a common method of password theft is now being done by a simple spy-ware program that logs keystrokes and/or mouse screen position clicks and sends that log back over the internet without the authorized user's knowledge. This log may then be filtered to find account numbers and passwords.
U.S. Pat. No. 5,428,349, entitled “Non-disclosing Password Entry System” and issued to Daniel G. Baker on Jun. 27, 1995, discloses a method of securely entering a password as a means to authenticate a user log-in to a secure data service. The method disclosed in the '349 patent is that of selecting the row or column of a randomized (shuffled) matrix of alpha-numeric characters that contains each, in succession, of the characters of the user password. The characters of the password are not selected or typed, since only row or columns of the matrix are selected. Therefore, the '349 patent discloses a system that is resistant to all the aforementioned problems, since it does not explicitly disclose the password by the key press or mouse click entry process.
However, there is a growing problem with password theft by the method of presenting a fake or duplicate log in screen, called a “Trojan Horse”. This duplicate looks just like the one the user normally sees when the user enters the user's account number and password, but is a fake to capture the user's vital information. Using the method of the '349 patent, the password is not explicitly entered, so there is little or no danger of a Trojan Horse type web page capturing the user password. However, it is desirable to recognize a Trojan web page presenting the randomized matrix of the patented method since, after repeated use, the Trojan Horse may capture enough trials to allow the originator of the Trojan Horse to guess one or more of the password characters. It is also desirable to expose these fake pages to stop people from “phishing” for passwords.
Therefore, although the '349 patent prevents full disclosure of the user's password to the host of the Trojan web page, it does not provide a method to authenticate the true host and expose the duplicate or fake log in screen. The authentication of the host or authentication authority to the user, as well as the user authentication, is commonly called “two-way authentication.” What is needed is an improvement to the '349 patent that allows authentication of the host as well as the user.
Accordingly the present invention provides two-way authentication between a user and a known host in a non-disclosing password entry system using randomized characteristics from a set of custom symbols, pictures or patterns (rather than alpha-numeric characters) that only the user recognizes. When the user sets up an account with the known host, a subset of these characteristics may be predetermined for use specifically by the user. One or more of these may additionally be used in the user's PIN or password for easy memorization, allowing the user to first authenticate the log-in screen before the user enters the PIN for user authentication to the host. Alternatively, randomized alpha-numeric characters may be used, but with a predefined grouping or subset of the characters in a predefined position on the initial character matrix presentation. If the user doesn't see the predefined special characteristics or figures in the character matrix, or the particular alpha-numeric subset, in the character matrix, then the log-in screen is recognized as a fake.
The objects, advantages and other novel features of the present invention are apparent from the following detailed description when read in conjunction with the appended claims and attached drawing.
a and 1b are plan views of initial character matrices for two-way authentication having a given authentication word at a predefined location according to the present invention.
A method of two-way authentication that improves on U.S. Pat. No. 5,428,349, the specification of which patent is expressly included herein by reference, or with co-pending U.S. Patent Application Ser. No. 60/962,016, the specification of which is expressly included herein by reference, is described below.
When a user sets up an account with a host or authenticating authority, a key word of non-repeated characters, letters, symbols, patterns or other characteristics is chosen by the user from a large set of possible characteristics. It may be as simple as a single character or symbol to be placed at a pre-defined position of a character matrix, as described in the '349 patent. Another possibility is a pre-defined word or sequence of characters or symbols chosen during account set up. For example, it may be the word DOG at the beginning of the bottom row of the character matrix (
After the user logs into the authentication screen or webpage by typing in the appropriate user ID or using an ID card, the password entry process begins with the display of the improved character matrix, such as shown in
The user then looks at the initial character matrix for the predefined word, character pattern, or particular character position before selecting the row or column, as disclosed in the '349 patent. If the predefined word, character position or pattern is not seen, then the user knows this is a fake or Trojan web page and exits the session. In this case, the authenticating authority may be alerted to the imposter web page and take action. Otherwise, the authenticating authority has itself been authenticated and the user authentication can proceed, as in the '349 patent. The subsequently presented matrices of characters used in the password entry process may then be fully random, as described in the '349 patent, to avoid disclosure of the user password.
The improvement to the '349 patent is described above by example, but it is recognized that variations of this example are obvious to one of ordinary skill in the art. For example, although this example uses characters from the set of alpha-numeric English language characters, the '349 patent is not restricted to these, and any set of characters or symbols may be used.
For two-way authentication in the non-disclosing password entry system as described in co-pending '016 patent application, where the character matrix is fixed, but the character backgrounds are variable, a specific pattern of backgrounds, or the like, may be used as the predefined grouping.
Thus the present invention provides improved non-disclosing password entry by using two-way authentication to assure that a user is interacting with a proper host or authorizing authority prior to entering the user's password. The authentication is achieved by inserting into an initial randomized character matrix a predefined grouping of characteristics within the character matrix, which grouping is known only to the user.
Number | Date | Country | |
---|---|---|---|
60961013 | Jul 2007 | US |