- , Currently available
- Sale of patent
- 2 Issued Patents - US
- 1 Issued Patent - EP
- 1 Issued Patent - AU
- 1 Issued Patent - CA
- 1 Issued Patent - DE
- 1 Issued Patent - ES
- 1 Issued Patent - FR
- 1 Issued Patent - GB
- 1 Issued Patent - JP
- 1 Issued Patent - KR
- 1 Issued Patent - AT
- 1 Issued Patent - BE
- 1 Issued Patent - CH
- 1 Issued Patent - DK
- 1 Issued Patent - HK
- 1 Issued Patent - IE
- 1 Issued Patent - IT
Patent for Sale:Authentication via Complex Picture Passwords
This technology introduces an additional, optional authentication factor that perfectly complements this invention; effectively creating a complete multi- factor authentication system for use with web applications.
It is generally recognized that any authentication factor will be susceptible to certain types of attack or misuse. However, by combining authentication factors it is possible to mitigate vulnerabilities while actually increasing usability.
When combining authentication technologies at a single point of entry to a web service, it is important to ensure that no clues are given at each authentication step as to whether the user provided a correct or incorrect credential. For example, regardless of whether users enter the correct or incorrect face combination authentication, they should be prompted for the password and only after entering both credentials will they be informed whether the authentication succeeded or failed (and not informed which part failed). If this approach is taken, then the combined entropy of the authentication factors is the result of multiplying the entropy of the two individual factors.
In this manner, a number of “lightweight” authentication technologies can be combined to create a stronger, more usable overall authentication system than a single traditional authentication factor alone. In this context, the term “lightweight” may have a number of meanings:
• Relatively low security when used alone;
• Easy for the user to comprehend and use.
Combining face combination authentication and password authentication mitigates a number of issues associated with using a password alone (this includes dictionary attacks and the predictability of user chosen passwords). This combined “something you know” also scores highly for usability because it eliminates the need for enforced password complexity rules and password change policy which have been generally shown to be counterproductive (for example, users are forced to cheat and write down their passwords and PINs).
Presenting users with the a combination of faces before prompting them for their password also provides the opportunity for the user to judge the authenticity of the web service itself before they can disclose either their face combination credential or their password. This is a useful defense against “phishing” and other forms of social engineering attack. Once users are familiar with logging on with a face password and then a password, they are likely to be suspicious if a fake site only requests their password. And in order to present a coherent face password challenge for any user, a fake site would need to contact the genuine site in order to retrieve the appropriate set of faces for that user. This query would provide an opportunity for the genuine site to detect and prevent the fake site from operating.
Primary Application of the Technology
Class 340: Communications: Electrical
Communications - the handling of information or intelligence, restricted to the conveying of said information or intelligence between geographically spaced points. Information or intelligence is defined as being, matter which is handled by signaling systems or signaling devices (such as telegraph systems) or by that portion of nonsignaling systems or nonsignaling devices (such as power supply systems) which is designated in the arts as having a control function (such as the supervisory circuits which control the circuit breakers of an electric power network). Handling, as used above, is defined as being the active coaction between the tangible communication system or device and the intangible information or intelligence, and such coaction may assume various forms, such as transmission, storage, exhibiting, etc.Subclass 5.27: Rule based input
Subclass 5.51: Manual code input
Subclass 5.6: Coded record input (e.g., IC card or key)
Class 382: Image Analysis
This is the generic class for apparatus and corresponding methods for the automated analysis of an image or recognition of a pattern. Included herein are systems that transform an image for the purpose of (a) enhancing its visual quality prior to recognition, (b) locating and registering the image relative to a sensor or stored prototype, or reducing the amount of image data by discarding irrelevant data, and (c) measuring significant characteristics of the image.Subclass 118: Using a facial characteristic
Class 709: Electrical Computers And Digital Processing Systems: Multicomputer Data Transferring
This class provides for an electrical computer or digital data processing system or corresponding data processing method including apparatus or steps for transferring data or instruction information between a plurality of computers wherein the computers employ the data or instructions before or after transferring and the employing affects said transfer of data or instruction information. The class includes - process or apparatus for transferring data among a plurality of spatially distributed (i.e., situated, at plural locations) computers or digital data processing systems via one or more communications media (e.g., computer networks).Subclass 203: Compression/decompression
Class 713: Electrical Computers And Digital Processing Systems: SupportSubclass 184: PIN/password generator device
Subclass 186: Biometric acquisition