Browse Prior Art Database

System, Method and Apparatus for Composing Partial Authentication Attempts Disclosure Number: IPCOM000238057D
Publication Date: 2014-Jul-30
Document File: 3 page(s) / 78K

Publishing Venue

The Prior Art Database


The core idea of this invention, which is also the point of novelty, is the idea of residual checking. That is, given an existing series of failed authentication attempts, the idea is to compute a residual authentication challenge to present to the user. This is orthogonal and complementary to both biometrics and multi-factor authentication, but not in overlap with neither.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 55% of the total text.

Page 01 of 3

System, ,

Method and Apparatus for Composing Partial Authentication Attempts

Method and Apparatus for Composing Partial Authentication Attempts

The main idea is that different mechanisms can be dynamically combined, with the novelty that it is not required for each authentication mechanism in a given combination to completely succeed. Partial success is also accepted as long as the combination of partially succeeding authentication operations gives sufficient confidence in the identity of the user. The system assigns a weight to each authentication operation. 100% is assigned to an authentication operation that succeeds completely (say, a password that has been correctly entered, or a fingerprint that is recognized with 100% security). If a password of 10 characters is entered and one of the 10 characters is wrong (but that character is adjacent to the right one on the keyboard), it is very likely that the user simply misspelled his or her own password by one character out of 10, so a weight of 90% can be assigned. The system then looks for the remaining 10% in another mechanism (for example, fingerprint recognition). This invention falls into the area of usable security, which is essential when it comes to mobile devices and is an area in which IBM is investing significantly.

Background. In today's era of mobile and cloud computing, resources can be executed, and computations can be performed, from virtually any location and at virtually any time. As a notable example, the emerging Bring Your Own Device (BYOD) trend is enabling enterprise workers to access organizational content and applications from their private mobile devices. This can be done from home, while in the train, at the workplace cafeteria, etc.

    Naturally, the mobile device - becoming a gateway into sensitive computations and resources - is also becoming a major security concern. Where previously the worth of a mobile device was the cost of the hardware, today loss of a mobile device or illegal access into a mobile device may lead to much more dramatic consequences.

    For these reasons, authentication is taken to the next level. As a representative example, an iPhone device does not require any authentication by default. A user setting up their personal email account on the device is encouraged to configure a 4-digit password. If the user further installs software on the device, then this functionality already requires an 8-letter passcode involving also lower- and upper-case letters.

    Clearly, the need to input complex passcode combinations into hand-held mobile devices like smartphones is a serious source of usability drop. The phone typically locks itself after about a minute of not being used, and so the user has to


Page 02 of 3

constantly punch in nontrivial passwords using a tiny virtual


    In response, companies like Apple have created fingerprint authentication capabilities. This obviates the need to use a keyboard, but unfortunately, the fingerprint...