1. Field of the Invention
The invention relates generally to computer security, and systems that store and authenticate user-based credentials. In particular, the invention relates to improving the front end security of in- and out-of-band authentication algorithms.
2. Description of Related Art
The problem with passwords: passwords are static user credentials. This is a fundamental weakness in the secret. Even if a strong password is chosen by a user, it's long with alpha-numeric and special characters, it can still be stolen by an attacker by many different means including sniffing, key logging, phishing, shoulder surfing, man-in-the-middle, and many different types of malware. An additional consideration with passwords is that if network vulnerability were discovered, then all the passwords that flowed through the network during the window of exposure would have to be considered compromised.
Increasing password length and complexity (upper/lower case letters, adding alphanumeric characters and special marks, and the like) are well beyond users' comfort level to memorize such credential, which is leading to the increased cost of frequent credential reset requests. Hence, the problems with passwords cannot be solved by improving upon the password; a paradigm shift is required. The Random Partial Digitized Path Recognition (RPDPR) and the Random Partial Pattern Recognition (RPPR) algorithms—invented by Mizrah in U.S. Pat. Nos. 7,188,314 and 7,073,067, respectively—describe just such a paradigm shift. These algorithms were created to solve some of the many deficiencies of static passwords including: memorization difficulties, low security, and a number of front end attack vectors like phishing, man-in-the-browser, malware, and Trojans. To reduce memorization pressure, significantly improve ease of use, and solve many front end security flaws with static credentials like passwords, the RPDPR and RPPR technologies utilize dynamic grids of fields, and a graphical pattern of fields that is the shared secret.
To define a couple of terms to be used in this specification:
Enumerated pattern is an authentication factor term—and it is a graphical credential based on enumerated pattern of fields on a grid of fields. The enumerated pattern term can also be used to describe any number of authentication algorithms that can be applied to the graphical credential based on an enumerated pattern of fields on a grid of fields. The enumerated pattern includes an ordered, or otherwise enumerated, list of credential elements, where each element has a credential value, and where the ordered list in combination can be characterized as a pattern on the grid.
A grid is a frame of reference. Other types of frames of reference can be utilized as well. An instance of a frame of reference includes fields that have locations on the frame of reference. A data set identifying an enumerated pattern of fields on a frame of reference can include data fields identifying locations on the frame of reference and numbered positions in the enumerated pattern. Such a data set can for example include an array of data entries having addresses (byte or word boundary addresses for example) by which the numbered positions are identifiable, where the entries in the array store coordinates of the locations of the fields on the frame of reference in the enumerated pattern. In another alternative, rather than using addresses to identify numbered positions in the enumerated pattern, the entries in the array can directly store the numbers of the corresponding enumerated positions. Of course other organizations and structures for the data set can be used.
An example of an enumerated pattern based authentication credential can be understood as follows. An enumerated pattern credential is based on a visual pattern and visual pattern recognition. This type of credential is easier to remember than strong traditional passwords while still being very secure. Since an enumerated pattern credential is a visual pattern, it is best introduced with a picture (See FIG. 1). The credential is an enumerated pattern. In this example, it is in the shape of an ‘L’ that starts at the top and goes down and then right. A grid with empty fields, like the one in FIG. 1, would be used for the credential setup. The login grid could be populated to form an instance of the grid, using characters from a character set, arranged randomly and in a redundant manner, in the sense that the same character appears more than once on an instance of the grid. The character set can include anything from letters to numbers to symbols. See FIG. 2 for an example of using the characters 0 to 9 as the character set.
Further, using FIG. 2 as the basis of an example that is merely one way to implement the login operation for an enumerated pattern credential authentication:
To authenticate a user who has already submitted their digital identifier to the server (e.g., a fictitious user name), the server sends back to the user a 10×10 grid of fields filled with random content (with some redundancy), which is different every session. In addition, the user is challenged with certain field positions along the pattern—say, the 2nd, 4th, 5th, and 9th positions. These positions could simply be called the challenge(s). It is important to note that sometimes the challenge can refer to the full challenge or a single challenge position. In this text, the difference is either clearly stated or it is obvious from context.
Since the response includes the characters on the grid in the enumerated pattern credential challenge positions, the user could enter the response by typing them, clicking on the appropriate field, or even clicking on a totally different field that has the same digit in it. Referencing FIG. 2, where the enumerated pattern credential is highlighted for easy reference (FIG. 1 has the explicitly enumerated pattern credential field positions):
The digital content in the enumerated pattern credential field position 2 is 7.
The digital content in the enumerated pattern credential field position 4 is 3.
The digital content in the enumerated pattern credential field position 5 is 10.
The digital content in the enumerated pattern credential field position 9 is 9.
Since the instance of the grid is different every session, the authentication response code would be different even if the next full challenge was 2, 4, 5, and 9 again. However, note that the full challenge can be also randomized, can be any number of positions, and does not have to be in ascending or descending order.
For example, the next full authentication challenge could be 10, 2, 3, 8, and 5. This allows for different levels of security, randomness, and usability that can easily be changed to suit the needs of a particular user base. The characters in the identified positions on the pattern, in this case 7, 3, 10, and 9, are sent to the server and checked.
The enumerated pattern credential in the example using FIG. 1 is a simple shape. And while even simple credential patterns have high security, it is possible to create shapes that increase the security even further. Similar to the way password security is increased through parameters: more characters, requiring upper and lower case letters and numeric characters, etc.—the enumerated pattern credential can use parameters specific to enumerated patterns to increase security. These could include things like limiting the number of chosen fields in a row or column, not allowing the same field to be chosen more than once, having a break in the pattern, i.e., the pattern is not continuous, amongst others. Changing these parameters increases security by increasing the combinatorial capacity and reducing credential entropy leakage. An example of an enumerated pattern credential with a couple of break points, or discontinuities, that has much higher security than the credential in FIG. 1, is shown in FIG. 8.
The enumerated pattern credential authentication algorithm can also be used with in- and out-of-band techniques as described in Mizrah's U.S. Pat. No. 7,849,321 (a hidden, in-band secret challenge) and U.S. Pat. No. 8,006,300 (an out-of-band challenge). There are multiple ways to do this. For example, the random full challenge could be sent out of band. The instance of the grid could be sent out of band. Both of them could be sent out of band to the same, or different, devices. This solves one of the biggest problems with hard- and soft-what-you-have tokens in that if the tokens are stolen, then the factor is compromised.
Even if the hard- or soft-token is password or pin protected, this is, at best, a minor protection since the problems with passwords/pins are well known and fairly easy to circumvent. This means that traditional out-of-band factors really are what-user-has factors of authentication, which, by definition, are compromised if the user no longer has the token. An example of a simple way that the full challenge and the full response use a what-you-have authentication factor is to send the full authentication challenge out-of-band via SMS/MMS to a mobile device. This means that even if the device is stolen (or the SMS/MMS channel is pre-empted), the malicious attacker merely has access to the full challenge and the grid with the session specific random content. This is not enough to authenticate since the credential is still unknown to the attacker.