1. Field
The present disclosure relates to authentication of users in a secure network, and more particularly to knowledge-based identification using image selection in which images are selected from past user sessions.
2. Description of Related Art
Many commercial and other transactions require verifying the identity of one or more persons making the transaction. When such transactions are performed on-line, using a communications network together with a computer or other communications device to communicate with a remotely located person, identity verification may be even especially critical to completing a successful and secure transaction. When transacting with a remotely located person, Identity verification is often performed using confidential and secure passwords, account numbers, and the like, belonging to the person whose identity is being verified. One drawback of this approach is that it requires sharing confidential information at some point during the verification process. This may be unacceptable or uncomfortable in some circumstances, because the person whose identity is being verified may not trust that the entity receiving the confidential identity information will properly safeguard and use it. More fundamentally, passwords, confidential identification numbers, account numbers, and similar information are generally susceptible to discovery by other parties, leading to the problem of identity theft. Theft is also a problem with physical security tokens. Biometric-based identity methods may avoid these drawbacks in some circumstances, but are not easily implemented in other circumstances. For example, biometric identification is not currently feasible in many remote, on-line transactions. Also, some forms of biometric identification, for example photo ID cards, may be inherently unreliable or subject to attack using counterfeit models or images expressing replicated biometric data.
Knowledge-based systems for identity verification, including remote verification, are capable of user authentication that takes advantage of human visual processing and memory. Some such systems present a sequence or matrix of images to a user during an authentication process. The process authenticates an inquiry in response to the correct selection of images that are known to the user from the sequence or matrix consisting of both known and unknown images. A problem with image-based knowledge systems is the difficulty in establishing numerous “known” images between the authentication system and the user as shared secret information useful for authentication. It would be desirable, therefore, to provide an improved method and system for generating shared secret images for use in knowledge-based authentication using image recognition.