1. Field of Invention
The invention relates generally to applied cryptography and more particularly, to an image-based encryption/decryption technique for secure communication of one-time passwords and other information.
2. Description of Related Art
Computer networks, particularly those with global reach such as the Internet, have greatly influenced the way that individuals, companies and institutions conduct transactions, and store and retrieve documents, images, music, and video. Convenience, ease of use, speed, and low overhead costs are contributing factors to the widespread use of the Internet for purchasing goods as well as conducting confidential transactions. Entire industries have emerged as a result of the evolution of the Internet.
Secure access to data, computer systems and computer networks has been traditionally guarded with a username and password pair. This requires the user to protect the username and password from disclosure and unauthorized use by interlopers. If the username and password are not protected, accounts and files can be compromised—often leading to, among other things, financial fraud. Unfortunately, a number of rogue individuals and organizations have emerged that are dedicated to fraudulently obtaining confidential information for unauthorized or criminal activities.
A pervasive tool used in obtaining confidential information is keystroke-logging software, which employs a program that monitors and records what users type on their respective computers. Such software often comprises the payload of viruses, worms, Trojan horses, and other forms of malware that can compromise confidentiality and negatively affect computer performance. Keystroke-logging software can reveal what a user is typing on a computer, e.g., logins and passwords, without the user's knowledge of this event occurring. Companies and institutions routinely use keystroke-logging software to monitor employee activity. Also, families may use these types of programs to monitor children's online activities. The widespread availability of this type of software, however, has led to unauthorized or criminal use, resulting in the alarming rate of identity theft seen throughout the world.
Prime targets for these attacks are financial institutions and their respective customers, as more and more consumers and businesses use electronic methods for purchasing and making payments. The future trend is in favor of electronic transactions over cash, providing a wider field for identity theft.
Login information may also be heard by sophisticated analysis of the distinct sounds made by different keys. An inexpensive microphone near a keyboard can reveal most of what is being typed with a surprising degree of accuracy. Login information and authentication codes are also vulnerable to simple spying or shoulder-surfing, as a person with malicious intent watches what an unsuspecting user types on a web page to sign in to his or her account or authenticate a transaction. The rise in popularity of portable hand-held Internet devices creates a need for these security issues to be directly addressed by a security system tailored for the limitations and security challenges associated therewith. As these devices are often used in places that are more public and less secure, shoulder-surfing is more likely. Additionally, because they are so portable, they are easier to lose or have stolen than a traditional computer.
Portable hand-held Internet devices also can be difficult to use to enter passwords, as keyboards or touch-screens are often very small on such devices and use of such to enter passwords or authentication codes may cause errors. Therefore, simplification of authentication input is desired while maintaining or increasing user security.
Additional security mechanisms are necessary in addition to the username/password paradigm to provide stronger identity authentication. There have been various other attempts do so.
Enterprises and institutions are using costly physical devices to identify legitimate customers and users. The existing devices (often referred to as tokens) generate a unique and random pass code for each user every 30 to 60 seconds. If an attacker manages to intercept a user ID and password, the information cannot be used to access the site without an additional authentication identifier. The devices significantly reduce instances of identity or information theft, but present implementation challenges for both the institutions and individual users. For example, physical tokens may be misplaced and/or lost.
The enterprise may be met with consumer resistance in implementing the use of the physical device. If the user does not have the device, he or she cannot gain access to the site. Besides the tremendous initial cost of purchasing the physical devices and implementing the new system, if the device is lost, stolen, or damaged, the enterprise will incur even more significant costs. In the context of business use of the device, the company incurs the cost of lost productivity from a worker who cannot access company information, as well as the cost of replacing the actual device. In the context of consumer use, if the consumer cannot access his or her accounts because of a lost device, the direct costs, and more significantly, the indirect costs incurred by the enterprise to assist the consumer in gaining access far outweighs the advantages of using the device system.
In U.S. Pat. No. 5,559,961, Blonder provides a solution for utilizing graphical passwords. The framework described displays a static image in which the user touches predetermined areas of the screen, called tap regions, in a particular sequence. As the user taps various areas on the display, the regions tapped are successively removed from the screen. These regions of the screen, and the order of the sequence they are tapped, are chosen by the user during an initial enrollment phase. The sequence and regions of taps is stored in the system as the user's password. One shortcoming of this solution is the likelihood of a shoulder-surfing attack: once an attacker views a user entering the sequence by touching areas of the screen, he or she is then easily able to replicate the sequence to successfully gain access to the user's account.
U.S. Pat. No. 7,549,170 to Stubblefield uses inkblots as images for authentication of a user's identity when logging into computer systems. The authentication method described in Stubblefield provides for a display of a random sequence of inkblots that the user has identified when he or she enrolled his or her login information. One drawback to this process stems from the identification of the inkblot. Although the user is required to identify and verify the alphanumeric text associated with the inkblots in the enrollment process, the unspeakable nature of inkblots will cause consumers problems in remembering the code for their inkblot selections. A frustrated user will simply save their password information on their computer, write the information down, or enter incorrect password information, which defeats the security offered by this system. Also, this process is very intimidating for users, especially those who are new users, because the inkblot is easily misconstrued as a countless number of different objects. The inkblot is just that: a blot on a screen the user will associate with a real world object. If that user misinterprets or forgets the association they have made with the inkblot, then they are denied access to their system. More importantly, the sequence process significantly increases login time for users. Currently, users are demanding more secure login techniques, but they desire to maintain the same level of convenience that they currently enjoy with the username/password login process. This authentication technique does not provide the ease of use that consumers desire.
U.S. Patent Application Publication No. 2004/0230843 to Jansen, which is a login authentication process using a sequence of images selected by the user, illustrates the potential of image-based authentication in protecting users from identity theft. The authentication method described in Jansen begins with the user selecting an image theme, such as animals, and then selecting a sequence of images within the image theme that becomes the password (e.g., if the category chosen is animals, one possible sequence is horse, cat, dog, cat, cat, horse). The success of the login process is predicated on the user's ability to replicate the sequence of images he or she has chosen within the image theme. In other words, the user must memorize the proper sequence. One drawback appears to be the complex nature of the sequence process. As defined in Jansen, if a user feels that he or she will be unable to remember the password, the user will simply write down the password so that recall becomes unnecessary. Also, because the images are typically static (the user can elect to shuffle images between login attempts, but most will likely stay with the simple default configuration), software can be created to automate the process. In this scenario, the authentication requires no human interaction to complete the login, which tremendously decreases the level of security provided. Although the positions of the images can be shuffled within the grid, the fact that they are static means that shuffling only prevents attackers from guessing the likely placement of the sequence, not the images themselves. Moreover, the traditional text password is completely removed from the login process, meaning that the security offered in this solution is only single layer, whereas authentication processes that complement the existing login process provide multiple levels of security.
U.S. Pat. No. 7,562,222 and U.S. Patent Publication No. 2005/0268101 to Gasparini et al. discloses two way authentication including images which serve as customization information so that an entity can authenticate itself to a user, but is otherwise dissimilar.
U.S. Patent Application Publication No. 2003/0210127 to Anderson discloses an authentication key formed from a number of selected icons, e.g., a heart, a spade, and a diamond. During an authentication session, the user is presented with a matrix of icons including the pre-selected icons and other non-authenticating icons. The user selects a number of the presented icons and if the user selects the pre-selected icons (rather than any non-authenticating icons), the user is authenticated. One drawback of Anderson's authentication technique is that it suffers from many of the drawbacks associated with static passwords. For example, if the password is comprised (e.g., an interloper knows of the selected icons for that user), a positive authentication may be recognized for someone other than the actual authenticated user associated with the password.
Since many users share their passwords between multiple accounts, a user may use the same password on sensitive accounts (e.g., online banking, PayPal, email, etc.) as with accounts whose system and infrastructure may not be so secure. If the password is compromised from a less secure account, the password can be used on the more secure accounts. As such, additional levels of security are needed to prevent that password from being used on the user's other accounts, to prevent fraudulent online activity, mobile device abuse and misuse, unwanted personal information disclosure, and defamation via unauthorized social network postings.
A brute force password attack is an exhaustive alphanumeric search that systematically checks all possible letters, numbers, and characters until the correct password is found. In the worst case scenario, this attack would involve traversing the entire search space. A dictionary password attack, on the other hand, is a technique for defeating a password authentication mechanism by searching likely possibilities. A dictionary attack uses a targeted technique of successively trying all the words in a prearranged list of values (e.g., from a dictionary). In contrast with the brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed. Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (e.g., 7 characters or fewer), single words found in dictionaries, or simple, easily-predicted variations on words, such as appending a digit.
Countermeasures against dictionary and brute force password attacks include limiting the number of attempts that a password can be tried unsuccessfully, introducing a time delay between successive attempts, and locking accounts out after unsuccessful logon attempts. Website administrators may also prevent a particular IP address from trying more than a predetermined number of password attempts against any account on the site.
However, these countermeasures fall short, since they do not distinguish between an authorized user who barely mistypes their password (or types another one of their passwords) and an unauthorized user whose attempts are nowhere even close, such as in a brute force or dictionary attack. As such, the countermeasures are not able to use this chance to catalog this relevant information about the unauthorized user's suspected breach, and as such, unauthorized users are less likely to be investigated and caught.
As Internet-based fraud and cybercrime continue to increase, many online businesses attempt to improve security by implementing multifactor authentication processes that rely on the user's smartphone or other mobile device as a second authentication factor. The username and password is the first factor (something the user knows) and the mobile phone is considered the second factor because it is considered something the user has. Existing two-factor authentication processes that rely on the user's smartphone typically send a one-time password or PIN to the user's phone via a simple message system (SMS) text message. When the user receives the one-time password or PIN, they type it into the web page to complete the authentication process.
Unfortunately, cybercriminals are aware of the increasing use of smartphones as an authentication factor and are increasingly targeting these channels for attack. They may use malicious software or SMS-forwarding technology to intercept the SMS-based authentication messages sent to users' phones and re-route the authentication message to a different number where they can receive the SMS text message, view it and authenticate a fraudulent transaction. Because SMS text messages are displayed in clear text, any person with access to the phone can read it. If the user's phone has been lost or stolen, anybody in possession of the phone can view the text message and authenticate a fraudulent transaction.
With the increasing number of security threats targeting this channel, businesses relying on mobile phones for two-factor, out-of-band authentication need a more secure approach than a simple SMS text message for authentication codes, one-time passwords and PINs.
Because of these noted shortcomings, an improved system and method is needed to create a security system that is exceedingly difficult for an interloper to compromise, while simultaneously easy for a business to deploy and maintain and for the legitimate user to use.