This invention relates to secure control of user credentials, and in particular, relates to security based on image-based generation of credentials.
Management of user identifiers and passwords in cyberspace has become a major vulnerability of computer based systems and has become one of the major issues in countering cybercrime and breaches of commercial online systems. In April 2011, the U.S. Whitehouse issued a report titled “National Strategies for Trusted Identities in Cyberspace,” which discusses a number of open issues that must be addressed to create a secure and privacy conserving ecosystem for digital identities.
One major issue in cyberspace today is that users of computer and network based services must manage a myriad of passwords to gain access to those services. For example, a user may have a different password for each online account (e.g., banking, shopping, etc.). Each service provider may have different rules for the passwords, for example, requiring a minimum number of characters, use of special characters, frequency of change, etc. The user may also provide a different identity to different service providers, for example, by providing a user-selected username or alias by which the user is identified by the provider. Such identifiers in combination with a password (or another form of shared secret) form identity credentials that the user presents to the service provider for access. From the user's perspective, the increasing complexity and risk of managing multiple credentials threaten the convenience associated with online transactions. These factors also impart an increased risk of account compromise through insecure user management of account credentials and an increased likelihood of account abandonment.
One solution to the above mentioned problem is a so-called password vault where service provider specific passwords are stored. The vault is protected by a “master” password which is in the possession of the user. Using this password the user can access or give applications access to the other passwords stored in the vault.
Some systems improve security by requiring that separately from providing a username and password, the user respond to an image-based CAPTCHA (“Completely Automated Public Turing test to tell Computers and Humans Apart”) to inhibit computer-based password guessing attacks. Some systems have used graphical passwords in which a user remembers an image, and authentication of the user by a server involves providing a set of images for display to the user, and then determining whether the user selected the same image.