Browse Prior Art Database

Semantic password for enhanced security / authentication to systems.

IP.com Disclosure Number: IPCOM000242008D
Publication Date: 2015-Jun-14
Document File: 4 page(s) / 154K

Publishing Venue

The IP.com Prior Art Database

Abstract

A system and method for enhanced security / authentication utilizing a semantic password is disclosed.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 29% of the total text.

Page 01 of 4

Semantic password for enhanced security / authentication to systems.

Disclosed is a system and method for enhanced security / authentication utilizing a semantic password.

When a user logs into a phone or utilizing a system to access, the user is potentially exposing their access information, such as, pin, password, gesture, etc to anyone who may have intentions to steal this information. This may be via looking at the device as data is input, thru remote surveillance, a virus, an input device tracker/monitor, and etc. Exposure scenarios include a user utilizing an Automated bank Teller Machine (ATM), using a mobile phone at a crowded place, or even using a computer at home the user's home. While trying to access the remote system, device or cloud application, the user may not be completely aware of who is looking (if it is crowded), who is attempting to

steal the information. Stealing information could potentially take many forms, for example, a card reader installed on top of ATM, a video camera, a screen reader, and a keyboard logger. Even at home, malicious software (malware) may be installed on the user's system, that can capture inputs and send the gathered information to someone

with ill intent. In any case - there are many ways a user's password can be exposed to anyone with intention to steal. Because it is static, the access to the system can be easily compromised. To ensure a secure log-on, some banks have provided their users a device (or application) such that, in addition to the static password the user has pre-selected, this device randomly generates a string of characters (a token) that is appended to their password, which keeps the password somewhat random. This is a type of mutli-factor authentication. This is a good approach, but there are definitely issues with loosing / misplacing this device by the user.

This article discloses an approach that avoids usage of a "static" password and improves on existing mutli-factor authentication, by leveraging the user's own personal information to randomize potential answers for a user to select,. This makes the authentication process more dynamic to an on-looker or anyone trying to steal this information. That is, even if someone is looking at authentication information and captured exactly what has been provided, onlooker will not be able to use the same information to authenticate to the system next time. This methodology provides a more secure way to gain access to systems, or personal devices.

The following are high level steps that may be implemented by an embodiment of the disclosed system and method:

When a user accesses a locked system requiring authentication, the user may first


1.

need to provide a piece of information that identifies the user to this system, akin to a username or account profile. This may not be necessary if this is a device that the user owns, such as laptop, or phone. In general, the system needs to be aware that a specific user is accessing...