Patent for Sale:

Authentication via Complex Picture Passwords    

Provides a robust, usable, inexpensive and scalable multi-factor authentication solution.


The technology uses the fact that the human brain is extremely good at recognizing faces that it has seen before. We created a user interface that used this universal and intuitive human skill to function as a “something you know” factor for user authentication purposes. It solves many of the problems that traditional password systems create. For example: it is very hard to forget, difficult to write the faces down, difficult to tell another person your faces. It is also inexpensive compared to hardware authentication based systems such as biometrics and tokens.

This technology introduces an additional, optional authentication factor that perfectly complements this invention; effectively creating a complete multi- factor authentication system for use with web applications.

It is generally recognized that any authentication factor will be susceptible to certain types of attack or misuse. However, by combining authentication factors it is possible to mitigate vulnerabilities while actually increasing usability.

When combining authentication technologies at a single point of entry to a web service, it is important to ensure that no clues are given at each authentication step as to whether the user provided a correct or incorrect credential. For example, regardless of whether users enter the correct or incorrect face combination authentication, they should be prompted for the password and only after entering both credentials will they be informed whether the authentication succeeded or failed (and not informed which part failed). If this approach is taken, then the combined entropy of the authentication factors is the result of multiplying the entropy of the two individual factors.
In this manner, a number of “lightweight” authentication technologies can be combined to create a stronger, more usable overall authentication system than a single traditional authentication factor alone. In this context, the term “lightweight” may have a number of meanings:

• Inexpensive;
• Relatively low security when used alone;
• Easy for the user to comprehend and use.

Combining face combination authentication and password authentication mitigates a number of issues associated with using a password alone (this includes dictionary attacks and the predictability of user chosen passwords). This combined “something you know” also scores highly for usability because it eliminates the need for enforced password complexity rules and password change policy which have been generally shown to be counterproductive (for example, users are forced to cheat and write down their passwords and PINs).

Presenting users with the a combination of faces before prompting them for their password also provides the opportunity for the user to judge the authenticity of the web service itself before they can disclose either their face combination credential or their password. This is a useful defense against “phishing” and other forms of social engineering attack. Once users are familiar with logging on with a face password and then a password, they are likely to be suspicious if a fake site only requests their password. And in order to present a coherent face password challenge for any user, a fake site would need to contact the genuine site in order to retrieve the appropriate set of faces for that user. This query would provide an opportunity for the genuine site to detect and prevent the fake site from operating.

Primary Application of the Technology

Any service or web site that requires a user to log into their account.

Patent Summary

U.S. Patent Classes & Classifications Covered in this listing:

Class 340: Communications: Electrical

Communications - the handling of information or intelligence, restricted to the conveying of said information or intelligence between geographically spaced points. Information or intelligence is defined as being, matter which is handled by signaling systems or signaling devices (such as telegraph systems) or by that portion of nonsignaling systems or nonsignaling devices (such as power supply systems) which is designated in the arts as having a control function (such as the supervisory circuits which control the circuit breakers of an electric power network). Handling, as used above, is defined as being the active coaction between the tangible communication system or device and the intangible information or intelligence, and such coaction may assume various forms, such as transmission, storage, exhibiting, etc.

Subclass 5.27: Rule based input
Subclass 5.51: Manual code input
Subclass 5.6: Coded record input (e.g., IC card or key)

Class 382: Image Analysis

This is the generic class for apparatus and corresponding methods for the automated analysis of an image or recognition of a pattern. Included herein are systems that transform an image for the purpose of (a) enhancing its visual quality prior to recognition, (b) locating and registering the image relative to a sensor or stored prototype, or reducing the amount of image data by discarding irrelevant data, and (c) measuring significant characteristics of the image.

Subclass 118: Using a facial characteristic

Class 709: Electrical Computers And Digital Processing Systems: Multicomputer Data Transferring

This class provides for an electrical computer or digital data processing system or corresponding data processing method including apparatus or steps for transferring data or instruction information between a plurality of computers wherein the computers employ the data or instructions before or after transferring and the employing affects said transfer of data or instruction information. The class includes - process or apparatus for transferring data among a plurality of spatially distributed (i.e., situated, at plural locations) computers or digital data processing systems via one or more communications media (e.g., computer networks).

Subclass 203: Compression/decompression

Class 713: Electrical Computers And Digital Processing Systems: Support

This class provides, within a computer or digital data processing system, for the following processes or apparatus for: 1. establishing original operating parameters or data for a computer or digital data processing system, such as, allocating extended or expanded memory, specifying device drivers, paths, files, buffers, disk management, etc.; 2. for changing system settings or operational modes in a computer or digital data processing system after they have been set; 3. for increasing a systems extension of protection of system hardware,software, or data frm maliciously caused destruction, unauthorized modification, or unauthorized disclosure; 4. for modifying or responding to the available power to a computer or digital data processing system or programmable calculator; 5. for synchronization of two or more processors; 6. wherein a clock or timing signals, timing pulses, or data associated with the control or regulation of any one or combination of processing components, memory components, and peripheral components are caused to operate in synchronization; 7. for generation, division, or distribution of clock signals, pulse signals, or timing signals in a computer or digital data processing system from one or more sources into groups of continuous and successive time increments, and including event timing and counting, and the correction of the clock signals, pulse signals, or timing signals; 8. wherein there is a significant temporal, incremental or sequencing control provided to one or more computers, digital data processing systems, processors, memory, or peripherals, or to data transmission between these systems or components.

Subclass 184: PIN/password generator device
Subclass 186: Biometric acquisition