Browse Prior Art Database

A method of increasing the security of an authentication method by accessing a log of previous events performed prior to a prompt for active authentication

IP.com Disclosure Number: IPCOM000236147D
Publication Date: 2014-Apr-09
Document File: 3 page(s) / 57K

Publishing Venue

The IP.com Prior Art Database

Abstract

When authenticating on a mobile device it is often easy for an onlooker to see the PIN or password you enter. This article describes a method that extends the authentication method to include events performed prior to the active authentication stage that the user must perform. These events would be standard actions that is common for a user to perform, and therefore does not look like part of the authentication method to an onlooker.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 39% of the total text.

Page 01 of 3

A method of increasing the security of an authentication method by accessing a log of previous events performed prior to a prompt for active authentication

The problem to be solved is that it is relatively easy for an onlooker to see a user enter their PIN or password as they type it in, thus posing a security risk. This is particularly true in the case of mobile devices, where it is easy to watch someone

type in their PIN or password on large visible keypads which onlookers can see. There are many other authentication methods that have been developed as alternatives to PIN and passwords, however a method is required to improve the security of any authentication method where the user is prompted to provide active authentication. The difficulty with increasing security, is that it often increases the difficulty of use for the user. For example, to increase the level of security for a password, the pre-set password must be longer or use a wider selection of letters, numbers and symbols, thus making it more difficult for the user to remember.

    The new solution proposed is a method that extends upon the current active authentication by adding a step before the authentication prompt. This additional step is a check for pre-determined events that are expected to occur and are set up by the user. The user would know what these required pre-determined steps would be and perform these actions before going to actively authenticate when prompted. Security is increased because the stages before the active prompt for authentication become part of the authentication itself, which to onlookers seems like just normal

use of a device. In practice, an onlooker could see the user enter a password or PIN and could assume they could reproduce this. However, with this method, the actual start point of the authentication process would be unknown to the onlooker, but known to the user. So the few events that occurred before active authentication

which would contribute towards the authentication model would look like standard

events the user would take.

How the idea works is that the application that requires authentication, for example a mobile banking application, would have access to a log of the device's history. This log would include the timestamps of each applications opening and closing events. This would not pose a security risk to other applications as it would not record any sensitive data, only the timestamps of application openings.

    The key part of this idea is the process of logging these events within the device in a way that allows certain applications to use this information, and then using this log of events within an authentication method.

    With this method, the application in question would have access to a certain number of events it can view. So with the example of a mobile banking application,

when the user opens the banking application and is prompted for their PIN, the application could access the last 10 events that occurred prior...