Multi-factor Authentication using Real-World Object Composition and Analysis
Publication Date: 2014-Sep-09
The IP.com Prior Art Database
This disclosure proposes a new method that uses object composition in the real-world for multi-factor authentication, with several advantages over existing solutions. The disclosed invention uses the placement of physical objects in the real world to create arbitrary user defined keys. Users place physical objects in some relation to each other, take a picture, and use that as a key.
Page 01 of 5
Multi-factor Authentication using Real-World Object Composition and Analysis Authentication attacks against users continue to be a frequent source of security breach, as well as server-side data leaks of authentication credentials . A variety of methods are being used to augment authentication especially to enforce privacy boundaries. For example, a simple text password may already be augmented with fingerprint recognition, facial or retinal recognition, patterns drawn on a screen and digital encryption keys on a device used as IDs. New ways to express a key are constantly being defined to enhance security with additional factors, not solely because existing factors have problems, but a large repertoire of factors provides the best security.
Personal information is another factor commonly used, especially as a secondary factor when resetting other keys. For instance, a common question is "what street did you grow up on?" or "what is your mother's maiden name?", the answer to which may serve as a factor in establishing identity. However, personal information is often discoverable on the internet. These security questions have thus gotten harder and more personal. For instance, "what is the middle name of your best friend from middle school?" These questions are sometimes difficult to answer even by the person who should know them. And they are only incrementally more secure. Answers may still be discovered by an attacker with time to research information about their target. In addition, personal information-based password reset constitutes single-factor authentication, as it draws upon a password (something the user knows) and personal information (something the user knows).
Most of the current authentication factors rely on:
a) Remembering something which is hard to remember since it should be random to provide the best security - like a password or pattern on a screen
b) Answering personal questions. Personal question may be easily forgotten even by the person who should know them and are subject to discovery fairly easily.
c) A variety of biometrics. These factors often rely on specific device enhancements, are not easily shared (for instance, when trying to share the key for a user's front door with a worker who has to visit user's house), and are not possible to reset if breached.
d) physical authenticators, such as USB dongles
Digital encryption shares in many of these same problems. Encryption keys often require even more complexity than the average password, making it difficult to remember an encryption key, therefore, encryption keys tends to be stored somewhere, making them vulnerable to an attack if the recording medium is compromised. Memory-based authentication tokens often have the same limitation, where something easy for the user to remember is easy for an attacker to discover. Use of multiple authentication factors also usually increases the cost of the solution.
The disclosed invention proposes a new method that us...