1. Field of the Invention
The invention relates generally to user authentication systems for computer and network security access control systems employing virtual reference grids of data; and more particularly authentication systems and methods based on a random partial shared secret recognition with low entropy leakage of user credentials per an authentication session and high resilience against guessing attacks.
2. Description of Related Art
Random Partial Shared Secret Recognition (RPSSR) System
A Random Partial Shared Secret Recognition (RPSSR) system is described in my prior U.S. Pat. No. 7,073,067, entitled Authentication System and Method Based Upon Random Partial Digitized Path Recognition. In a RPSSR system, the server, having obtained from a client a user name or similar credential to initiate an authentication session, presents an authentication challenge (a clue) to the client requiring client to enter a session-specific subset of a shared secret as an authentication response corresponding with the shared secret through a cognitive association. A correct authentication response to the server leads to a successful authentication event. Otherwise, the authentication process fails.
A RPSSR system is based on a One Time Authentication Challenge (OTAC) that is generated and sent from the server to the client during each authentication session, and on a One Time Authentication Response (OTAR) that is generated by the client corresponding to the OTAC through a cognitive association with a shared secret, and then sent back to the server. Security of the RPSSR authentication credential (one or more shared secrets) depends on the security of both the OTAC and OTAR components.
Credential's Combinatorial Capacity and Entropy Leakage
There are two types of attacks against “what user knows”-based authentication credentials. Attacks of the first type occur without prior collection by an intruder of a user's login information, and include guessing or computer-processing attacks at the entry devices or system “access points”. Clearly, the higher the combinatorial capacity of the user credential, the less chance of success for these attacks. Also, there are system level defenses against this type of attacks described below. The second type of attacks occurs with prior collection of data combined with reengineering. Credential related information can be gathered, analyzed, and processed by an intruder over an interval including more than one user login session, gradually leading to a complete credential disclosure. This process is called an entropy leakage, because during each user authentication session being monitored, part of a shared secret “leaks” to the intruder.
Various attacks available at and/or after the credential entry event gather information due to entropy leakage. Examples of entropy leakage attack techniques include key logging software, videotaping, “shoulder surfing”, brute force, etc.
Typically, entropy leakage occurs as a result of information loss at and/or after a shared secret entry event. However, there are guessing attacks which may lead to entropy leakage even without any legitimate credential entry event. These guessing attacks are especially dangerous if supported by a computer-processing power. Conventional system level protection against guessing attacks is provided by limiting the number of unsuccessful credential entry events and by limiting the login time, and causing an account lock out if the limits are exceeded.
Conventional security methods used to prevent entropy leakage, include:                echo dots replacing entered characters        login time and number of wrong attempts limitations leading to session termination or account lockout if exceeded        a virtual key boards        data encryption while in transit and the like.        
An RPSSR-based authentication system provides security against entropy leakage by enabling an interactive client-server session where a user, having provided the user's name or user's ID to the server, is challenged to enter a random session-specific subset of a graphical path. An intruder, having detected just a random challenge and a random subset of a credential, would have difficulties reengineering the entire shared secret.
Nonetheless, recording challenges and respective responses of a particular user over a number of authentication sessions could provide sufficient data to a dedicated intruder to reengineer the user's credential. Therefore, it is desirable to further improve security of an authentication system based on a random partial shared secret recognition by reducing entropy leakage while doing so in a manner that remains practical for a large-scale adoption.