From the earliest known times, humans have continuously striven to devise ever more sophisticated and foolproof ways of establishing and authenticating the authority of a given individual to access the environments and assets to which they are rightfully entitled. Every form of the art that attempts to grant the right of an individual to access a particular environment or asset relies on one or more of the following well known factors used to authenticate their authority to do so.
Something only the rightful individual possesses such as a key, an ID card, a credit card, or a badge.
Something only the rightful individual can exhibit as a uniquely identifying biometric characteristic such as their facial features when compared with a photograph, a voiceprint, fingerprint or the distinctive variations in the iris of their eye.
Something only the rightful individual knows like the numbers to a combination lock, a PIN number, an access code, a secret password or the correct answer to a confidential security question.
There have been steady advancements in the technologies used to verify an individual's identity through something only they posses which could well soon see the citizens of many countries issued a smart ID card or perhaps someday even be implanted with a radio frequency chip, though the later will likely concern those who do not believe the convenience of instant identification is worth the loss of privacy in conducting their every day affairs. In a similar manner, the field of biometrics has continuously yielded new techniques for establishing someone's identity by the distinctive ridges in their fingerprint, subtle variations in the sound of their voice or even through facial recognition programs that can now identity someone by their image caught on a video camera though these solutions are expensive and can be fooled, and once a biometric identifier has been compromised, there is no way to change it.
While relying on something only an authorized person would know is still the most effective and least complicated way to restrict access to a secured environment or protected asset, we are still using the same archaic password and PIN based authentication systems that were used in the days when punch cards were required to operate mainframe computers. Unfortunately, alphanumeric based password and PIN systems remain the most widely deployed methods for verifying a user's right of access or identification even though they are universally regarded as increasingly inadequate for protecting access to the pervasive computing environments and electronically guarded assets of today's modern world which are coming under increasing sophisticated forms of attack.
The numerous problems associated with traditional password and PIN based authentication systems and methods designed to address their vulnerabilities are well known and have been extensively elaborated upon by many recognized experts in widely circulated publications, open forums and by the authors of many prior forms of the art and so are only briefly summarized in this background discussion.
One of the major problems with traditional password systems is that the responsibility of formulating an effective password is generally left to the discretion of the user who is faced with the dilemma of choosing something that is easy for them to remember but that is sufficiently complex to resist being compromised by ever evolving and resourceful assaults designed to perpetrate their discovery. When left to their own inclination, most users tend to choose simple passwords that have some personal relevance, are easy to remember and that can be typed in quickly which are precisely the kinds of passwords that are easy to guess or figure out using any number of techniques that have been devised specifically for this purpose over the years. As a result, most password authentication systems have had to enact more stringent policies that set a minimum length, require a specific mix of alpha and numeric characters or even mandate that the passwords be changed on a regular basis thus making it much harder for users to choose something that they can remember or that they can type in quickly and easily without mistakes.
To further compound the problem, as an increasing percentage of every day business and commerce such as work-related telecommuting, financial transactions, shopping and interaction through social networks is conducted on-line, users are required to maintain many different passwords making them unwieldy to manage and leading to a variety of unsafe password handling practices. In an attempt to keep track of all their passwords and avoid the possibility of being denied access to a resource or asset when needed, many users carelessly record their passwords somewhere, turn to programs that manage all their passwords from a central repository or simply resort to using the same password over and over again; all of which just increases the probability of discovery and ultimately compromises the security for all the sites and assets they access. The difficulty users have in remembering their passwords is so endemic that every on-line environment provides an option on their login page that allows users to submit a request to have their password sent via email provided that they are able to answer some previously agreed upon personal question which essentially just bypasses the whole password process altogether and leaves the entire security of the account hinged on a multiple choice question regarding someone's favorite movie or type of pet.
Even when all the correct password security policies are implemented and the safest possible practices are literally followed to the letter, passwords are still inherently insecure and can easily be intercepted by key logging programs that capture the password as they are being typed, through “man in the middle” and “phishing” attacks that trick users into revealing their passwords using fake login pages or even by simple over the shoulder observation or video monitoring. Beside the vulnerability of being captured while being entered by the user, the passwords (or a hashed representation) must be stored somewhere and are often transmitted across the network so, even though this information is usually encrypted, it can easily falls prey to hackers who use sniffing programs to capture the information during transmission or access the databases where it is stored and then use brute force techniques such as “dictionary attacks” to discover the secret information. Finally, all password systems require that the user reveal their secret information to the system, even when it is just used to generate a key, so anyone who administers the system or has access to its inner workings can potentially gain access to a users sensitive information or protected assets and, considering that many people use the same password to access all of their accounts, once one is compromised so are all the others.
In recent years, there have been numerous attempts to replace the antiquated password authentication system with more visual oriented alternatives that rely on the recognition of images or, the selection of visual elements within an image, rather than on the recollection of words and numbers as the means for administering an effective authentication challenge. While these visual based authentication systems are unquestionably easier to use, have been proven to be just a secure as traditional passwords, and are not rendered ineffectual by the forgetfulness of ordinary users when it comes to remembering their secret information, security concerns and other implementation considerations have hampered any visual based authentications systems from gaining widespread adoption. One weakness of previous forms of the art is that unlike the unlimited combination of characters that remain privy to the user until entered in the form of a password, only a finite combination of images can be used in an image based system and these images must be stored and referenced in some way by the system and then openly presented to the user for selection. This has left previous graphic based authentication system vulnerable to attacks designed to discover the user's secret information by observing their on-screen selections, analyzing how the images or screen positions are addressed by the application or capturing the information associated with the user's selection of images as it is transmitted or stored by the system.
Although the use of passwords and PIN numbers currently remains the pervasive solution for protecting access to computing devices, on-line environments and physical assets, the system being proposed provides a convenient and effective alternative by utilizing an image-based authentication challenge that relies on a user's recognition of a series of images rather than on their short-lived recollection of some complicated series of characters or numbers. Studies have shown that people have an innate ability to retain a lasting contextual memory of the images they visualize as is clearly demonstrated by the average computer user who, even after a substantial period of disuse, is able to sift through a screen full of images and click precisely on the icons and symbols that are required to complete their everyday computing chores. Further studies have made a strong case that graphic based authentication systems are not only easier to use from the user's perspective but can be administered much more efficiently and are considered by many experts to be an equally effective, if not a stronger form of authentication, than traditional password and PIN based systems, especially given that they cannot be determined through brute-force dictionary attacks.
There have been attempts by prior forms of the art to design graphical based authentication systems that require users to select images, or click on some portion of an image in a possibly predefined manner to authenticate their right of access, but none have garnered any widespread acceptance for various reasons, not the least of which has been concerns regarding their inherent vulnerability. Although it is easier for a user to recall an image, particularly when given a selection of possible choices as opposed to having to remember a password entirely from memory, there are an unlimited number of unique password variations to draw upon and they are only exposed at the time the characters are entered by the user to gain access, whereas an image based system must rely on a finite selection of image choices that have to be stored, addressed and then displayed in plain sight where the potential for exposure and discovery at some point in the process is much more likely. This inherent weakness has rendered previous graphic based authentication systems vulnerable to attacks designed to discover the user's secret information by observing their on-screen selections, analyzing how the images or screen positions are addressed by the application or capturing compromising information regarding the image selections as it is processed, transmitted or stored by the system.
The invention being proposed is designed to incorporate the ease of use benefits of a graphic based authentication system while attempting to overcome the security pitfalls and administrative overhead of previous forms of the art. Towards this endeavor, the system incorporates a number of design innovations that make it much more impervious to attacks designed to ascertain which images are being chosen by monitoring of a user's on-screen selections or through any reasonably foreseeable method of discovery based on the tangential information that is referenced, exchanged or stored by the system in the course of performing its authentication functions.
Following are some of the design advantages that this authentication system offers over prior forms of the art:
Provides a graphic based authentication system that can be accessed ubiquitously from a wide variety of different devices since the presentation and selection of images are not tied to the addressing of any set display coordinates and is easily operated through a single motion control without requiring the use of a cumbersome keyboard or pointing device.
Administers an authentication challenge and tracks the user's responses through positional and relational coordinates that are correlated with the images through a positional matrix that allows the system to present and track the selection of images without addressing or storing any directly identifying references to the actual images themselves thus addressing a vulnerability that could be exploited in previous forms of the art to determine which images are being selected to gain admittance to a given environment or resource.
Implements a one-time challenge mechanism that avoids the necessity of pass code generators, and the attendant infrastructure required to administer previous one-time password or PIN based authentications, by simply shuffling the order in which the images are presented and the manner in which they must be matched by the user from one authentication session to next which effectively eliminates the possibility of phishing or man-in-the middle schemes that have been so effective in circumventing the security of previous forms of the art.
Conceals the correlation between the image positions that are used by the system to perform its authentication functions and the images that are presented to the user by relying on the order in which the images are arranged and sequence with which they are extracted from the file structure where they are stored, rather than through any direct addressing that could be revealed by examining the processing of the application code, thus allowing the images to be securely stored on the device being used to administer the authentication challenge where they can be quickly accessed for presentation and selection by the user.
Shields a user's selection of images from detection during the authentication challenge by relying on the matching or correlation of one of the secret images with another rather than through the direct entry of an easily observable password or the identification of an image through a fixed selection point that could have heretofore been discovered through key logging programs, on-screen monitoring, or over the shoulder observation.
Eliminates the administrative overhead and inconvenience of having users change their secret information on a routine basis, as is currently required by most other forms of the art to reduce the risk of discovery when using the same password or selection of images over an extended period of time, since it is not just the selection of an image, but the combination in which the images must be matched that governs a users right of access, and this is altered for each authentication session through the shuffle formula and one-time challenge mechanism.
Affords users the convenient option of using the same selection of images for all the environments or assets they access without having to worry, as would be the case with other forms of the art, that the exposure of their password or selection of images at one site might compromise their access elsewhere since each implementation of the system uses its own unique assignment of image positions to perform its authentication functions without referencing, storing or even being aware of the actual images that are being chosen by a given user to gain admittance.
Increases the number of challenges that can be administered from the base set of images since the matching of images is used as the means of selection, thus allowing a much higher level of security to be implemented for verification purposes that would otherwise be possible with other forms of the art by simply altering the combination of images that are presented for selection by the user during any given authentication session.
Obscures a user's selection of images from exposure during the authentication challenge by simultaneously displaying all the available image choices for two or more sets of images and then relying on the concurrent matching of decoy images that are tangentially aligned to camouflage the selection of images that are actually being used to gain admittance.
Protects the user's selection of images from being captured as they are processed by the system or transmitted over the network for verification by using a positional offset between the alignment of the rows of images as matched by the user to calculate what images are being selected rather than relying on any direct reference to the actual images that could potentially compromise the security of the system as is the case with other forms of the art.
Safeguards any records of a user's selection of images that are used to verify their authority to access a given environment or asset by only processing and storing positional mappings that are correlated with image selections rather than through any directly revealing references of the images themselves that could have heretofore been determined by hacking the database where this information is stored.