GB2504747A - Matrix Pattern Authentication (MPA) using a divided authentication code - Google Patents

Matrix Pattern Authentication (MPA) using a divided authentication code Download PDF

Info

Publication number
GB2504747A
GB2504747A GB1214202.2A GB201214202A GB2504747A GB 2504747 A GB2504747 A GB 2504747A GB 201214202 A GB201214202 A GB 201214202A GB 2504747 A GB2504747 A GB 2504747A
Authority
GB
United Kingdom
Prior art keywords
authentication
biometric data
user
challenge
code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB1214202.2A
Other versions
GB201214202D0 (en
GB2504747B (en
Inventor
Steven Jonathan Brittan
Radouane Oudrhiri
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to GB201214202A priority Critical patent/GB2504747B/en
Publication of GB201214202D0 publication Critical patent/GB201214202D0/en
Priority to US14/420,363 priority patent/US20150295717A1/en
Priority to PCT/GB2013/052123 priority patent/WO2014023969A1/en
Priority to EP13762202.3A priority patent/EP2883183B1/en
Publication of GB2504747A publication Critical patent/GB2504747A/en
Application granted granted Critical
Publication of GB2504747B publication Critical patent/GB2504747B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan

Abstract

The invention relates to a method of authentication of a user (U), comprises the steps of: displaying a matrix pattern associated with at least one challenge arrangement comprising duplicated signs ; obtaining a challenge code (OTC) on a device (3), the challenge code being based on the matrix pattern (e.g. a memorable identification pattern (MIP)); dividing the challenge code (OTC) into at least two portions, each portion corresponding to an authentication segment of an authentication code of the user (U), respectively; wherein at least a first part of the authentication segments and at least a first corresponding part of the at least two portions are stored on the device (3); validating the first part of the portions only if it matches the corresponding first part of the authentication segments; and the device (3) from which the challenge code (OTC) is obtained has been previously registered to an authentication system. Biometric data may also be used in the authentication process.

Description

Two or Three Factor authentication method and apparatus The present invention relates to two or three factor authentication method and apparatus and to parts thereof, particularly but not exclusively in Matrix Pattern Authentication or equivalents or derivatives thereof. Certain aspects of the invention described may be applied to any form of secret information other than Matrix Pattern Authentication, where safeguarding the secret information is important; including passwords, passcodes, and personal information, including biometric information.
The invention has particular although not exclusive relevance to personal authentication as an alternative to passwords and Personal Identification Numbers for computerized systems, embedded systems (e.g. for authentication/unlocking to computers and mobile devices), online identification or credit card payment, or any other authentication/unlocking process to any other device or process.
Authentication is a process by which a user validates that they are legitimate, and may access, e.g. a secure service or transaction, protected by an authentication scheme. Matrix Pattern Authentication (MPA) is a generic term describing a form of known authentication which is an alternative to passwords and Personal Identification Numbers (PIN).
Figures 1A and lB show matrices 100 used in a MPA, and comprising elements 101.
In the case of Figure 1A, the matrix 100 is a square pattern of 25 elements 101, and in the case of Figure lB the matrix 100 is a line (i.e. a linear matrix) of 12 elements 101. Figures 2A and 2B show that each matrix 100 is a basic template which a human user employs in order to select a memorable identification pattern (MIP) shown as arrowed and colored. It should be understood that other sizes of matrices and other form factors are possible, depending on the level of security required, and how easy it needs to be for a human user to recall their MIP.
In the context of MPA, the term entropy refers to the degree of variability that a given MPA design will afford humans in their selection of their MIP. Thus a grid, say 25 elements in a 5x5 matrix as in Figure 1A, may be used. If a user was to select a MIP of five elements from the matrix, one could theoretically calculate that there would be 25A5 = 9,765,625 unique possible combinations for any individual MIP.
Figures 3A and 3B show that, in an authentication operation, a challenge matrix 200 is generated by an authentication system and presented to the user. The challenge matrix 200 is populated with a randomized set of signs, such as numbers, letters, or other logos. In the case of Figure 3A, the matrix 200 is a square pattern of 25 elements 201, with numbers 1, 2, 3, 4 and 5, and in the case of Figure 3B, the matrix is a linear matrix of 12 elements 201, with letters A, B, C, D, E and F. The user then enters, in a dedicated space of an interface, separate from the matrix 200, the signs corresponding to their secret MIP and which appear in the matrix elements 201, in the correct order in which the signs appear in their MIP. In the case of Figure 3A, the user would enter the code "1, 2, 3, 4, 5", and in the case of Figure 3B, the user would enter the code "BFCE".
The MIP is only known to the user, and it is critical that the pattern is never divulged.
For effective security, it is essential that the signs presented in a challenge matrix for an authentication operation are in some way randomized at each authentication operation. Thus the code entered by the user has the desirable property that the code changes on each authentication operation -this is denoted by the term one-time code (OTC). Further, it is an essential feature of all matrix pattern authentication approaches that each sign in a matrix is repeated more than once, and preferably many times. This is to ensure that when a user enters their OTC, their secret MIP is not divulged. In the case of Figure 3A, with 25 elements, it each sign is repeated five times, each number entered by the user corresponds to five possible different positions in the matrix. Consequently, the code "1, 2, 3, 4, 5" corresponds to 3125 possible different patterns. In the case of Figure 3B, with the 12 element matrix, each letter corresponds to two possible positions in the matrix. Consequently, a tour element code could represent 16 possible patterns. It is clear that the 25 element matrix, with a five element code and five unique signs is much more secure than the 12 element case.
Furthermore, any authentication system based upon a MIP keeps the pattern secret, in order to prevent hackers from gaining valuable information. Security of MPA technology is essential for their use, e.g. in any online system, especially in the case of financial transactions, access to personal data, etc. Consequently a method of storing sensitive information, particularly the user's MIP, must be employed.
The MIP is therefore usually encoded, in general by hashing. There are many public domain encoding algorithms available. The most appropriate algorithms employ a technique known as "one-way cryptographic hashing". This means that the sensitive information, in this case the MIP, once passed through a one-way hashing function, cannot be reversed. The sensitive information is encoded, and it is highly unlikely that anyone can retrieve the sensitive information. This means that even if a database with the encoded information is stolen, it would still be difficult to retrieve the sensitive information. Standard hashing algorithms (e.g. from the family SHA-2, such as SHA-256) and inclusion of at least one long salt should be applied to maximize the effectiveness of any encoding approach by hashing, and represents standard known best practice.
Typically, in MPA technology, each element 101 in the matrix 100 is given a unique symbol, in order to represent the position of the element 101 within the matrix 100.
Figure 4 shows a numeric indexing approach which is often utilized. For example, in the case of the 25 element matrix 100 of Figure 1A, the elements might be numbered. In the example of Figure 2A, the MIP would be represented by the code "e6, e22, e13, e4, elO".
Figure 5 shows schematically that, in a known processing of the MIP, when a user U selects in 51 their MIP, once they have confirmed the selection, the code representing their pattern is usually encoded using a one-way hashing function, in Sli, prior to being stored in S13 on a secure database 11, e.g. as a record.
Preferably, the system will retain any non-coded record of the MIP in a volatile memory which will be immediately discarded after processing such as encoding.
This has the desirable property that the only place where a not encoded record of the MIP is stored is in the user's mind.
The known MPA technology has however drawbacks or deficiencies.
Both the entropy of a five element MIP provided by a 5x5 matrix 100, as in Figure 1A (i.e. 9,765,625 possible MIPs), and the possible different patterns provided by a challenge matrix 200, as in Figure 3A (3125 possible different challenge patterns), may appear to be a lot.
However, the known MPA technology does not provide, in fact, enough entropy in order to allow people to select sufficiently different MIPs from one another. In large scale, i.e. with many users, insufficient entropy becomes a major problem, resulting in many instances of users selecting similar or identical patterns. This effect makes known MPA technology vulnerable to intelligent guessing by a hacker. This in fact is a known vulnerability of PIN based systems, and also password systems, which maybe easily guessed by applying certain, obvious combinations, such as dates.
Also the examples of Figures 2A and 2B are substantially less secure than a conventional four-digit PIN technology, because the probability of guessing a correct MIP from an OTC is higher than guessing a conventional four-digit PIN, i.e. higher than 1110000 (with 10000=1 0). They are therefore not desirable.
However, simply augmenting the length of the MIP is not a solution because a significant issue arises, as explained below.
Consider an example, with a six element MIP and a 36 element matrix 200 with six unique signs (i.e. 1, 2, 3, 4, 5 and 6), each repeated six times. An OTC entered by the user only ambiguously describes the MIP, as each digit of the OTC entered by the user represents six possible element positions on a challenge matrix 200.
Therefore, in fact, any single six digit OTC describes 6A6 = 46,656 possible MIPs.
Only one of these is correct, but an authentication engine has no a priori knowledge as to which of these is the right one, because of the one-way hashing. An authentication engine needs therefore to generate all of the potentially-valid MIP combinations represented by the entered OTC and, in a similar manner as is explained in reference to Figure 5, each of these potentially-valid MIP combinations needs to be passed through the same encoding using the cryptographic one-way hashing function (as in Si i), as the original MIP, prior to comparison with the encoded representation of the user's MIF stored in the database 11. Such repeated generations by encoding and comparisons need to continue until a match is found. It is only at this point that a positive authentication could be confirmed. The number of iterations required is random, albeit with a flat distribution. As a minimum, one iteration is required, as a maximum 46,656 iterations are required, in our example.
Therefore on average 23,328 such iterations, comprising generation and comparison, will be required for a positive authentication. is
An even more undesirable property of simply only augmenting the length of the MIF is that, in the case of an incorrect OTC being entered by the user, the authentication system always has to perform the maximum number of iterations, in order to ensure that all possible valid combinations are examined, before eventually actually rejecting the authentication request.
Whilst this processing overhead might be acceptable in any one individual authentication event, it is completely unacceptable in any multi-user implementation of a MPA system, of significant scale, as is typical. It is estimated that using the strong encoding algorithms that are necessary to defend against hackers (e.g. SHA- 2), each individual encoding on an OTC takes between O.ims and ims on state of the art computer servers. Using 0.2ms as a representative processing speed, and continuing with our example, an average authentication request would take between to iO seconds to approve, in the case of a valid one-time code being entered. In the case of an incorrect OTC being entered, the time taken to produce a rejection of an authentication request will always be approximately 10 seconds (i.e. 46,656 x 0.2ms). In addition some secure system require to hash the MIP and/or password multiple times, which will further increase the processing time.
A further, significant problem is that this long processing time makes an authentication server acutely vulnerable to attack by bombardment of multiple authentication requests leading to a denial of service, which is a technique which is widely known to hackers.
Table 1 demonstrates how the number of iterations required for authentication increases geometrically with the number of elements (or length) of the MIP. In Table 1, a square form factor exemplary matrix 100 is used, for convenience. However, the same geometric increase in processing would be required for any form of MPA implementation or arrangement.
Number Length Number of Number of Average / Max of of MIP unique possible MIP for authentication time for a elements signs in each OTC time of 0.2ms for each in MIP challenge iteration matrix matrix (s) (rejection timerMax authentication time) 36 (6x6) 6 6 6A6 = 46,656 5/10 36 (6x6) 7 6 7A6=117,649 12/24 49 (7x7) 7 7 7A7 = 823,543 82/1 65 64 (8x8) 8 8 8'8r16,777,216 16,68/3,355
Table 1
Table 1 shows that MPA technology using six element MIP is practically unrealizable, although MPA technology with 5x5 matrices does not provide sufficient entropy, and MPA technology using five element MIP does not provide enough security compared to a 4-digit PIN.
Aspects of the invention address or at least ameliorate at least one of the above issues.
According to one aspect, the invention provides a method of authentication of a user, comprising the steps of: displaying a pattern associated with at least one challenge arrangement comprising duplicated signs; obtaining a challenge code on a device, the challenge code being based on the pattern; dividing the challenge code into at least two portions, each portion corresponding to an authentication segment of an authentication code of the user, respectively; wherein at least a first part of the authentication segments and at least a first corresponding part of the at least two portions are stored on the device; validating the first part of the portions only if it matches the corresponding first part of the authentication segments; and the device from which the challenge code is obtained has been previously registered to an authentication system.
The authentication system may comprise a database remote from the device, and at least a second part of the authentication segments may be stored on the database, and/or a record of the challenge arrangement may be stored in the device and in the database.
The method may further comprise reading a biometric data of a user, on the device; comparing the biometric data with a reference biometric data; and validating the first part of the portions only if the read biometric data matches the reference biometric data. The reference biometric data may be stored on the device.
The biometric data may be a voice and/or a shape of the face and/or an image of the iris and/or a fingerprint of the user.
The pattern associated with at least one challenge arrangement comprising duplicated signs may be displayed on the device.
According to another aspect, the invention provides an apparatus comprising means adapted for: displaying a pattern associated with at least one challenge arrangement comprising duplicated signs; obtaining a challenge code on a device, the challenge code being based on the pattern; dividing the challenge code into at least two portions, each portion corresponding to an authentication segment of an authentication code of the user, respectively; wherein at least a first part of the authentication segments and at least a first corresponding part of the at least two portions are stored on the device; validating the first part of the portions only if it matches the corresponding first part of the authentication segments; and the device from which the challenge code is obtained has been previously registered to an authentication system.
Aspects of the invention extend to computer program products such as computer readable storage media having instructions stored thereon which are operable to program a programmable processor to carry out a method as described in the aspects and possibilities set out above or recited in the claims and/or to program a suitably adapted computer to provide the system recited in any of the claims.
The invention has advantages over the prior art.
The invention dramatically reduces the processing requirements for authentication, whilst still achieving acceptable security.
Therefore the invention is entirely scalable to large dimension matrices or arrangements with any form factor, particularly although not exclusively where the number of elements in the array is greater than 30, and is also entirely scalable to long MIPs.
The invention enables the use of large square matrices which possess significantly greater entropy compared to known 5x5 matrices. For example, a 36 element (6 x 6) array has 2.1 billion potential combinations with a choice of six elements to make up a MIP.
The invention also enables the use of MIP having a length of at least 6 elements, and therefore ensures that the probability of randomly guessing a MIP from an OTC at authentication is lower than the probability of randomly guess a classic four digit PIN (10,000:1). For example, with a choice of six signs each repeated six times in a challenge matrix, the probability of guessing the MIP in the random is 1/46,656 (46,656 = 6A6).
Consequently the invention provides a MPA technology which has superior and sufficient entropy compared to the prior art, and also has superior and sufficient resistance to guessing an MIP compared to the prior art.
In some aspects of the invention, a higher security than the prior art is achieved, based on the separation of the segments of the MIP in different independent records and on their chained relationship, e.g. a current segment cannot be validated if the previous segment is not validated.
In some aspects, a first part of the encoded segments is stored on the device of the user, and a second part is stored on a remote database of the system, enhancing security.
Additionally or alternatively, the identification of the device on which the challenge code is entered can also be taken into account, providing a two-factor system. -10-
Further, a biometric data, such as the voice of the user, can also be taken into account in the authentication operation, providing a three-factor system.
The invention has advantages in both online security context and offline security context.
In the context of online security, the invention has the advantage of a short processing time, which constitutes acceptable security because the system of the invention is not vulnerable to attacks from hackers by bombardment of multiple authentication requests, and therefore does not lead to a denial of service.
In the context of offline security, the invention has the advantage of a long hashing processing time, which means that even if a hacker steals the database storing the tables of records of the segments, the database would still be hard and long to process. If the segments are preferably chained, the hacker would further need to cross each table with itself to find a potential next segment. Preferably at least some of the records are anonymised in such a way that it is not possible to directly relate the record with any particular user identification and the hashing time is multiplied by the number of records in each table.
In some aspects, the segments overlap, and a database storing the tables of records of the segments have more segments than necessary, or even dummy records. In the context of offline security, the invention has therefore the advantages of making the database bigger and therefore longer to process for a hacker.
In some aspects, the segments have different lengths and have redundancy between each other. In the context of offline security, the invention has therefore the advantages of making the database harder to process for a hacker, because it is hard to know both the length of the segments and the correspondence between the patterns of segments and/or the users. In some aspects, the first segment of a chain is longer than the other chained segments. The first segment takes therefore more time to decode, which is advantageous in the context of offline security, and not -11-detrimental in the context of online security, because the invention has then the advantage that the following shorter segments have a shorter processing time, because they comprise at least a part of a previous decoded segment which can be used for validation of the current segment.
Embodiments of the invention will now be described, by way of example, with reference to the accompanying drawings in which: Figures 1A and 1B, already discussed, schematically illustrate MFA matrices; Figures 2A and 2B, already discussed, schematically illustrate MIP in the MPA matrices of Figures lAand 1B, respectively; Figures 3A and 3B, already discussed, schematically illustrate challenge matrices corresponding to the MPA matrices of Figures 1A and 1B, respectively; Figure 4, already discussed, schematically illustrates an exemplary indexing of the MPA matrix of Figure 1A; Figure 5, already discussed, schematically illustrates an exemplary encoding of a MIF; Figure 6 schematically illustrates an authentication system, comprising a processing module and an authentication engine; Figure 7 is a diagram illustrating an exemplary method performed by the authentication system of Figure 6; Figure 8 schematically illustrates an exemplary dividing of a MIP performed by the authentication system of Figure 6; Figure 9 schematically illustrates exemplary steps of the dividing of Figure 8; Figure 10 schematically illustrates a possible generation of codes performed by the authentication system of Figure 6; Figure 11 schematically illustrates exemplary steps of the generation of Figure 10; Figure 12 schematically illustrates an exemplary storing performed by the authentication system of Figure 6; Figure 13 schematically illustrates exemplary steps of the storing of Figure 12; -12 -Figures 14 and 15 schematically illustrate an exemplary authentication method performed by the authentication system of Figure 6; and Figure 16 schematically illustrates exemplary steps of the method of Figures 14 and 15; Figure 17 schematically illustrates a two-factor authentication system, comprising a processing module and an authentication engine; Figure 18 is a diagram illustrating an exemplary method performed by the authentication system of Figure 17; Figure 19 schematically illustrates an three-factor authentication system, comprising a processing module and an authentication engine, and Figure 20 is a diagram illustrating an exemplary method performed by the authentication system of Figure 19.
In all of the Figures, similar parts are referred to by like numerical references.
An aspect of the invention will now be described with reference to Figures 4 to 9.
The invention provides a method of processing an authentication code of a user U, performed by a system comprising at least a processing module 10, a database 11 and an authentication engine 2.
As will be apparent to the skilled in the art, in the following specification the processing module 10 and the authentication engine 2 should not be understood as limited natural entities, but rather refer to physical devices comprising at least a processor and a memory, the memory being comprised in one or more servers which can be located in a single location or can be remote from each other to form a nebulous network (such as server farms). Similarly, the database 11 may be comprised in one or more servers which can be located in a single location or can be remote from each other to form a nebulous network.
As explained in further detail below, a device 3 (such as a laptop, a personal computer, a Personal Digital Assistant, a phone, a smartphone, or a dedicated token, etc.) comprises at least a processor and a memory. The device 3 is linked to -13 -the system, and may preferably use wireless technology to communicate with the system. In that case, the system comprises cellular base stations (using mobile technology) and/or other Wireless Access Points (using other wireless communications) such as WiFi Bluetooth or near-field technology (also called sometimes "Near Field Communication" or "NFC"). The device 3 may also use wired access point (such as a wired modem) to communicate with the system. The communication between the device 3 and the system preferably complies with Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols known by the skilled person in the art.
As will be apparent to the skilled person in the art, in the following specification the device 3 also should not be understood as a limited natural entity, but may rather refer to physical devices comprising at least a processor and a memory, and the processor and the memory may be comprised in one or more apparatuses and/or servers which can be located in a single location or can be remote from each other to form a nebulous network (such as server farms). The device 3 may therefore comprise for instance a laptop, a personal computer, a Personal Digital Assistant, a phone, a smartphone, etc. for selecting the authentication code and transmitting it to the system during a registration operation, and may comprise also a separate dedicated token comprising a display for displaying a challenge arrangement to a user during an authentication operation. Additionally or alternatively, a single device 3 may perform the selecting and transmitting of the authentication code during the registration operation, and also the displaying of the challenge arrangement to a user during an authentication operation.
The device 3 enables the user U to enter and transmit, during an authentication operation e.g. via any Human User interface mechanism, such as part of a logon process for a device 3 being a smartphone or an Internet browser, at least a one time code (OTC) associated with a challenge array to the system. Preferably the device 3 enables the user U to enter also user identification. In some embodiments the device 3 is configured to belong to the user U such that entering of user identification may not be needed.
-14 -It should be appreciated that Figure 6 shows functional block diagrams, and that in practice the individual blocks shown in Figure 6 may exist as discrete elements or their functionality may be distributed in different combinations or not individually discernable. In that respect, some of the functionality of the processing module 10 and/or the authentication engine 2 and/or to the device 3 may be distributed in different combinations or may be at least partially merged.
The authentication code has a length L of at least six elements e, and users U are encouraged to have codes greater than six if possible. The code may be allocated to the user by an administrator ot the system. However the module 10 is preferably configured to enable the user U to select their authentication code. Optionally, the code is modified at user-configurable or administrator-configurable times, as variable code lengths are a strong security feature, adding significantly to entropy.
The code is associated with a memorable identification pattern (MIP), based on an authentication arrangement, preferably but not exclusively used in a Matrix Pattern Authentication (MFA) and, with that respect and as shown in reference to Figure 4, the elements of the code form a set of the elements ot at least one authentication array or arrangement 100 comprising S symbols s, preferably unique symbols.
In some aspects of the invention, once the authentication code is confirmed by the user U, e.g. on the device 3, the processing module 10 divides, in SlO, the authentication code into at least two authentication segments, such as ci, c2 or c3, forming each a subset of the elements, not necessarily disjoint, of the authentication code.
The processing module 10 is further configured to encode in Sli each of the authentication segments using a one-way hashing function, using an industry standard, strong algorithm, with appropriate salting, as known by those skilled in the art, e.g. the known one-way hashing functions from the family SHA-2, such as SHA-256.
-15 -The module 10 then stores in S13 the encoded authentication segments, e.g. referred to as ci ux and c2ux in the database 11, not as a single entity, but rather as at least two smaller segments.
As explained in further detail below, the segments are preferably chained: validation of a first, previous, segment, by matching it with its corresponding part of the OTC, is needed in order to access a reference (or address or pointer) to a second, following, segment, etc. To that effect, preferably an encoding salt stored with a current segment is not actually used to hash the current segment, but to hash the following segment in the chain.
However the fact that the authentication code is divided in at least two segments provides the advantages that corresponding segments (or portions) of a challenge code can be processed by an authentication engine 2 in an acceptable period of time, whilst still achieving acceptable online and offline security, as explained below.
In some aspects of the invention, described with reference to Figures 5, 6 and 14 to 16, the device 3 transmits in S30 the OTC entered by the user during an authentication operation to the engine 2. The OTC comprises a set of elements of the at least one challenge arrangement 200 presented to the user U and comprising signs 201 which are duplicated in the challenge arrangement 200 (i.e. each sign is repeated more than one time, preferably a large number of times). As explained below, in S30 a record of the challenge arrangement 200 presented to the user U is stored, preferably in the database ii.
The authentication engine 2 is configured to divide in S3i the OTC into at least two portions forming each a subset of the elements of the OTC, and each corresponding to an authentication segments, e.g. ci, c2 or c3, respectively.
The authentication engine 2 is adapted to generate, e.g. in S33 and S38, candidate identification patterns corresponding to at least one portion of the OTC, e.g. by -16-associating the signs of the portions with corresponding unique symbols (si, s2, s3, s4.. .s36) of the authentication arrangement 100. To that effect, it is understood that the associating in S33 and 538 uses the record of the challenge arrangement 200 stored in S30. The record of the challenge arrangement 200 provides indeed all the positions of the signs in the challenge arrangement 200, for their association with an element of a corresponding authentication arrangement.
In S34 and S39, the authentication engine 2 encodes the candidate identification patterns using the same one-way hashing function as the one used for encoding the authentication segments in Si 1.
In S34, 535, S39 and S40, the authentication engine 2 validates a candidate identification patterns only if it matches a corresponding encoded authentication segment of the authentication code, as explained in further detail below.
As can be seen from figure 14, the authentication engine 2 is further configured to validate in S41 the OTC (challenge code) only if each portion of the OTC corresponding to an authentication segments is validated.
As already explained below, the invention applies to any authentication arrangement of size S used in any MPA system, not only those of a square form factor.
However for the sake of the conciseness and clarity, the invention will now be explained in reference to Figure 8, in which the array has a square form factor and: L=6 S=36.
In Figure 8, the MIP authentication code is say s9, s16, s23, s28, s30, s35, and can be divided in SlO into not necessarily disjoint segments, i.e. into either two segments ci and c2, with ci being s9, s16, s23, s28, s30; and with c2 being s16, s23, s28, s30, s35 (i.e. N5); or three segments ci,c2 and c3, -17-with ci being s9, s16, s23, s28; c2 being s16, s23, s28, s30; and with c3 being s23, s28, s30, 535 (i.e. N=4); or four segments ci,c2, c3 and c4, with ci being s9, s16, s23; c2 being s16, s23, s28; c3 being s23, s28, s30; and with c4 being s28, 530, s35 (i.e. N=3); or five segments ci,c2, c3, c4 and c5, with ci being s9, s16; c2 being si6, s23; c3 being s23, s28; c4 being s28, s30; and with c5 being s30, s35 (i.e. N=2); or six segments ci,c2, c3, c4, c5 and c6, with ci being s9; c2 being si6; c3 being s23; c4 being s28; c5 being s30; and with c6 being s35 (i.e. N=i).
Table 2 shows how many iterations (also referred to as hash searches) are required for an authentication engine 2 to match a portion of an OTC to a corresponding iS authentication segment of the MIP.
6 2.176.782,336 46.656 lOs S 60,465,176.776 1.Ss 4 1479.616 1.296 0.25s 3 45.655 216 40rns 2 1,296 36 Srns 6 LSm;
Table 2
Table 2 also shows an estimate of processing time required to match a portion of an OTC with a corresponding encoded segment of MIP, with a time of O.2ms for each iteration. -18-
Therefore according to some aspects of the invention, the module 10 is configured to divide the authentication code into segments of N elements, with N«=5.
Shorter authentication segments (Nc6) and their corresponding portions of the OTC have the very desirable property that they can be processed much more quickly by the authentication engine 2, in order to validate the one time code (6 iterations for segments of N=1, instead of 46656, as explained above, for N=6). It is understood that several processing steps are now required, depending on the length of the MIP and the number of segments. The invention has however the advantage that the increase in processing time required is now linear (each time for an extra processing step adds to the previous times), rather than geometric as a function of L and/or S. A further benefit of the invention is that the time taken to reject an incorrect one-time code is dramatically reduced, and is now 1,296 iterations, instead of 46,656 iterations in the unsegmented scheme.
Therefore, according to some aspects of the invention, if each authentication arrangement 100 comprises S unique symbols (si, s2, s3, s4...s36), with S»=30, and N is a predetermined number of elements in each authentication segment, N is such that: <46656.
According to some further aspects, N is such that: (KY with t a time, in seconds, of processing an encoding operation by a processor, using a one-way hashing function, from a family such as SHA-2, such as SHA-256. As explained above, t is typically equal to 0.0002 second (0.2ms).
Segmentation of the MIP provides therefore online security, however it introduces a different problem.
-19 -In the case of a segment, the number of unique symbols is reduced, and hence if a hacker is in possession of the symbols used to represent the MIP at the time of encoding, it becomes easier to deduce the MIP by trying every possible combination of symbols. With a segment length of 6 (N=6), there are 2.1 billion combinations from any given set of symbols. At the other extreme with the MIP broken into six individual symbols, each just one symbol long (N=1), there are only 36 possible combinations.
This is adjudged to be far too vulnerable to attack. This vulnerability is known to afflict PIN numbers, as they are represented by only 10,000 unique possible combinations, for the same set of 10 unique symbols used four times.
Furthermore the security of an MPA system should be significantly better than that of a PIN number base system.
Therefore according to some aspects of the invention, the module 10 is configured to divide the authentication code into segments of N elements, with 4 «= N. In some further aspects, with S»=30, N is such that: s' >>io.
The invention provides therefore offline security, because the hashing processing time is sufficiently long.
Table 2 shows that the difference on processing speed is marginal between N equal 4 or 5, especially on powerful authentication engine 2.
The segments may differ in length, or all segments may be of equal length.
If the segments have different lengths, it is more difficult for a hacker to process the database 11, because the hacker needs further to know both the length of the segments and the correspondence between the patterns of segments and/or the users. -20-
In that case and if the segments are further chained, preferably the first segment is longer than the other segments (for example N=6 for ci, and N=4 for c2, N4 or 3 for c3, etc.), because it is longer and harder for a hacker to process and validate the first segment which is necessary for validation of the other segments.
In some aspects of Si 0 as shown in Figure 9, the module 10 is configured to divide, in SiOi, the authentication code into p authentication segments, with (El) rL.
iO wherein -is the ceiling of L/N, i.e. the smallest integer greater than or equal to [IN.
Accordingly, in S3i as shown in Figure i4, the module iO is configured to divide the OTC into p portions according to (El). i5
(El) means that for e.g. L=7 and N=4, 7/4=1.75, and then p may be equal to 2 (as in Table 3 below) if preferably the segments overlap at least partially as explained below; and that e.g. for [=8 and N=4, 8/4=2, and then p may be equal to 2 (as in Table 3) if the segment are disjoint, or p may be equal to 3 if preferably the segments overlap at least partially; and that e.g. for L=ii and N=4, 11/4=2.75; and then p may be equal to 3 (as in Table 3) if preferably the segments overlap at least partially.
Preferably indeed the segments overlap at least partially and have an extent of redundancy between each other. Therefore the database i 1 storing the tables of records of the segments have more segments than necessary, and is bigger and harder for a hacker to process. It is also more difficult for a hacker to process the database 11, because the hacker needs further to know both the length of the segments and the number of segments.
In that case and if the segments are further chained, each current segment has a short processing time during validation, because it comprises at least a part of a previous decoded segment which can be used for validation of the current segment.
Preferably the database might comprise dummy records, so that the database is bigger than necessary for storing the encoded segments.
If the ratio UN is not a natural number, the module 10 preferably further augments, in S102, at least one segment having fewer elements than N, by duplicating some elements from other segments, so that each segment comprises N elements. The exact symbols duplicated in the segments are not critical.
Tables 3 and 3a below show non limiting examples of the number of segments for MIP lengths of 6 to 12 elements long, but maybe further extended. Table 3 shows that for N=4, a MIP represented by the code el, e2, e3, e4....e12 may be segmented as follows: 6 el.e2,3,4 3,c-4,e6 n/, 7 e1.,e23.' e4e5,e6,e7:ja S ei,eI,ei,e4 &i.E6.e7,eS /a 9 rf1.2.c;'It;:1 el,e2...3,t4 e,e?,e8 c? t&),e1O 11 elc2,c3,c4. c,ct,e*'c c3.c9.CC.c1 12 e1,e2,3.c4 c5.cLc7ca e9.eU.e11ci2
Table 3
Table 3 shows re-use of part of the previously derived code (there is preferably at least partial overlapping of the segments, i.e. a "sliding scale"). The overlapping creates only a weak interdependence between the MIPs segments.
-22 -Table 3a, below, shows a non-limiting example of overlapping elements in a segment, in order to always break a MIP into three segments, for any length of MIP, up to 12 elements. This has the advantage over the example in table 3 above, in that the use of a third segment will make it harder for a hacker to associate the three, apparently uncorrelated segments together.
6 et e2,3?t4 2,e34 eS e3 t4 eS e6 7 ci e2 3e4 C3AC' 5eb e4e5e 7 øt e2,e3,e4 e2,e3e5 e e5 e5 e7eB 9 eiM23e4 e33e4g7 eS e6e7,eB e9 it) i t eS<e4 S c5eb e7 7 fte ii ei,e2444 46 7 e8 dO eli 12 t 1. ei,eJ S e,eb e e8 S elo, e ll,e 1.2
Table 3a
Table 3b below shows the maximum number of hashing iterations required to find each segment of a user's MIP, for different MIP lengths and N=4. Processing time is based on 0.2ms per hashing operation, and is compared with the processing time required to process a single unsplit MIP, with six unique symbols in the OTC.
6 1296 36 -1332 O.26s 92s 7 1296 216 -1512 0.3Qs 56s 8 1296 1296 -2592 th52s Gmins 9 1296 1296 6 2598 0.52s 33mins 1296 1296 36 2628 053s 33hrs 11 1296 1296 216 2808 0.56s 2Ohrs 12 1296 1296 1296 3888 OT8s S days
Table 3b
-23 -Another aspect of the invention will now be described with reference to Figures 5, 6 and 10.
As shown in Figure 10, the invention also provides a method of processing the authentication code of the user in which, in some aspects and, in order to further improve security, the symbols are not represented by a simple numeric sequence, but the processing module 10 assigns, in Si, a randomly generated code to each symbol of the at least one arrangement 100. So, in the case of an arrangement 100 being a 6 x 6 matrix, 36 random symbols si...s36 are generated. The invention provides therefore the advantage of keeping the pattern even more secret.
Preferably, the module 10 stores in S2 each randomly generated code si, s2, s3.. .s36 in the database 11, and as explained in further detail below, the codes si, s2, s3...s36 are recalled only when needed at authentication.
Preferably, as shown in Figure ii, the module 10 assigns in Si, for each segment, e.g. for ci and c2, and for each array, for example referred to as usrmatrix1 and usrmatrix, a different randomly generated code to each symbol of the arrangement, so that the segments comprise each respectively at least one element corresponding to different arrangements. Preferably the elements of each segment ci or c2 may be encoded using a different unique set of 36 symbols. Thus the symbols used in segment ci are preferably different from those in segment c2 and so on.
Preferably, the two symbols sets are stored in S2 each in a different record on the database ii.
However, in order to minimize the probability of the same code being generated to represent different symbols in the arrangement 100 (namely, a collision), the symbol length needs to be long. Preferably, the symbol code length is at least 256 bits long.
Each symbol is generated using a random number generator. In that case, the -24 -probability of a collision occurring between any two symbols is inferior to i/i and guarantees that each symbol table is therefore unique.
Another aspect of the invention will now be described with reference to Figures 5, 6, l2andl3.
The invention also provides a method of processing the authentication code of the user U in which, in some aspects, the processing module 10 stores in S2 at least one arrangement of unique symbols and stores in S13 the at least two segments, as different uncorrelated records in the database 11. The invention has therefore the advantages that key pieces of information needed to authenticate a one time code are separated and uncorrelated. Each piece of information required is referenced by a different reference address in the database 11, such that it would be virtually impossible for anyone to correlate all the different components needed to achieve authentication. The referencing address used for this information adds significant protection.
These key pieces of information (or data) may comprise at least one of the following: a user identification, and/or a user name (usr), and/or a private salt (psalt) used in the one-way hashing function (e.g. belonging to the family SHA-2, e.g. SHA-256), and/or each encoded authentication segment c1u or c2u, preferably chained, and/or cryptographic salts (salt1, salt2, salt3,, salt3, etc.) used in the one-way hashing function with a user name or identification in connection with the encoded segments, and/or each authentication arrangement usrmatrix1 or usrmatrix2, as different uncorrelated records in a database 11.
-25 -Preferably at least some of the records are anonymised (i.e. cannot be related back to the user identity) and are only referenced using a hashing function applied to the user name (usr).
Figure 13 shows that the data are stored e.g. in four separate tables: Data table 1: referenced by usr, with the data fields salt1and salt2 (used in the hashing function in Sil for encoding the first segment) and hashing(salt1, c1u) (also referred to as #(salt1, cluxP; Data table 2: referenced by #(usr, salt1 c1u), with the data fields salt3 and #(salt2, c2u); Data table 3: referenced by #(usr, psalt), with the data field usrmatrix1; Data table4: referenced by #(usr, salt2, c1u), with the data field usrmatrix2.
Another aspect of the invention will now be described with reference to Figures 5, 6 and 14to16.
In 530, the device 3 enables the user U to enter at least the OTC comprising L signs associated with the challenge arrangement 200, and preferably a user identification usr (alternatively the device 3 may be associated with the user U). The OTC is transmitted to the module 10 and the length L of the one time code is measured by the module 10.
In S31, the module divides the OTC into challenge p portions, preferably using (El).
In S32, the module 10 enables the authentication engine 2 to retrieve, as a function of the user identification usr, at least an initial authentication arrangement usrmatrix1, and an initial authentication segment ci u of the authentication code.
Preferably, in S32 a temporary hash function 320 is run, using usr and psalt, to perform #(usr, psalt) in order locate the data table 3 and usermatrix1. In S32 the module 10 sends to the engine 2 the reference address usr of the record data table -26- 1 and the reference address #(usr, psalt) of the record data table 3 in the database 11. The initial arrangement usrmatrix1 of symbols s11, s12, s13, s4. . .s36 is located in data table 3, and the encoded initial segment ci u< of the authentication code is located in data table 1 as #(salti,ciu). It is understood that the initial authentication segment c1u is an encoded subset of the unique symbols sil, s2, s13, s4...s36 of the initial authentication arrangement usrmatrix1.
In 533, the authentication engine 2 generates initial candidate identification patterns inferred from an initial portion of the OTC and at least the initial array usermatrix1, preferably all the possible initial candidate identification patterns.
In S34, the authentication engine 2 encodes each of the initial candidate identification patterns using the one-way hashing function used in Si 1, using preferably salti provided as a data in data table 1, and compares each of them with the encoded initial segment c1u of the authentication code, also encoded in Sii using salti. A comparison in 535 is performed until a match, if any, can be found. In the example, the authentication engine 2 runs up to 1296 iterations of all possible MIP positions inferred by the first four digits of the OTC, to see if a match can be found with encoded record for ci u.
If no match is found in 535, authentication is failed, and the method is terminated in 550. If a match is found in S35, then, the device 3 processes a subsequent portion in S36 which then becomes the current portion.
The steps of validating the portions of the challenge code (OTC) are preferably performed sequentially, as this sequential validation is performed with the chained segments by the engine 2, or less preferably may be performed in parallel if the segments are not chained.
For each current portion of the OTC, the module 10 enables in 537 the authentication engine 2 to retrieve, as a function of at least the corresponding previous authentication segment (ci u in our example): -27-at least one current authentication arrangement usrmatrix, and an uncorrelated current authentication segment c2u.
The sending in S37 is performed preferably also as a function of the user identification usr. Therefore preferably, in S37 the module 10 sends to the engine 2 the reference address #(usr, salt2 ci u) of the record data table 4 in order to locate usrmatrixQ, and the reference address #(usr, salt1, c1u) of data table 2 containing salt3 and #(salt2, c2u) in the database 11.
It is understood that the reference addresses to locate the records in data tables 2 and 4 are uncorrelated because of the use of different salts. The current usrmatrix of symbols s21, s22, s23, s24.. .s236 is located in data table 4, and the encoded current segment c2u of the authentication code is located in data table 1 as #(salt2 c2u). It is understood that the current authentication segment c2u is an encoded subset of the unique symbols 521, 522, s23, 524.5236 of the current authentication arrangement usrmatrix.
This means that in order to retrieve on the one hand the encoded record for c2u, and on the other hand the symbols matrix usrmatrix2 used to generate it, different unique and uncorrelated reference addresses are required (i.e. #(usr, salt2, c1u) and uncorrelated #(usr, salt1, ciu)).
The reference address for where the encoded version of c2u is located can therefore only be found if ciu has already been matched, and it is understood that without c2u, authentication cannot occur.
As already stated, the symbols matrix usrmatrix,0 used to generated c2u is located at a reference equal to #(usr, salt2, ciu,j. This means that there is no correlation -28-between the location of the encoded record of c2u (located at a reference equal to #(usr, salti, c1u)), and the symbols usrmatrix2 used to generate it.
The chained relationship of the segments is preferably reinforced by the fact that current salts, salti and salt2 in our example, used in Sli for encoding the current segment c2u and in S39 (as explained below) for encoding the current portion corresponding to segment c2u in data table 2 are stored with the previous authentication segment ci u in data table 1, as #(salti, ci u4. Also following salts, salt2 and salt3, used in Si i for encoding the following segment c3u and in S39 (as explained below) for encoding the following portion corresponding to segment c3u in data table 2 are stored with the current authentication segment c2u in data table 1, as #(salt2 c2u), etc. Therefore a previous segment needs to be previously validated so that a current segment can be processed and validated.
In S38, the authentication engine 2 generates current candidate identification patterns inferred from the current portion of the OTC and at least the corresponding symbols of the current array usermatrix, preferably all the possible initial candidate identification patterns.
In S39, the authentication engine 2 encodes the current candidate identification patterns using the one-way hashing function used in Sii, using preferably salt3 provided as a data in data table 3, and compares them with the encoded current segment c2u of the authentication code, also encoded in Sli using salt3, the comparison being performed until a match, if any, can be found. In the example, the authentication engine 2 runs up to 1296 iterations of all possible MIP positions inferred by the four digits of the current portion of the OTC, to see if a match can be found with encoded record for c2u in S40.
If no match is found in S40, authentication is failed, and the method is terminated in S50.
-29 -If a match is found in S40 and there are still portions to process (e.g. L=8 with N=4 with overlapping segments, or in the case of a MIP or OTC code length greater than 8 with N=4), then, the module 10 processes a subsequent portion in S36, as a third segment c3u is needed, together with an additional salt, salt4. In this case, after c2u has been matched, c2u is used in the same way as c1u above in order to generate the unique references that point to the encoded record of c3u, and the symbols matrix used to generate c3u. In principle this approach could continue to even longer MIPs.
If a match is found in S40 and there are no further portions to process, then, the authentication succeeds in S41.
Thus even if someone was to copy or steal the four data tables, it would be nearly impossible to associate the correct symbols with the correct segments, and in the right sequence in order to assemble all the information needed to achieve authentication.
Another aspect of the invention will now be described with reference to Figure 8.
The authentication code is divided into at least two segments, and the segments can be processed by an authentication engine 2 in an acceptable period of time, whilst still achieving acceptable at least offline security. Therefore the invention enables the use of MPA of square form factors and with MIP of a length L with L»=6.
In some aspects of the invention, each authentication arrangement 100 has a square form factor a, wherein a»=6 with a being a linear dimension of the matrix, each matrix having a size S equal to a2 elements 101.
The invention can be applied to an optimal family of matrices of length (or size) S, wherein a balance between the uniqueness of signs s (providing a high level of -30-entropy) and non-reversability of the OTC (given by the duplication of the signs s) is given by the solution of equation (E2): ([2) where n is the number of times each different type of signs are replicated in each challenge arrangement 200, and Sin is the number of different signs in each challenge arrangement 200 (also referred to as m below).
The solution of (E2) is: Therefore preferably each challenge arrangement 200 has a square form factor a, wherein ni = n = a and a»=6 with a being a linear dimension of the matrix, each matrix having a size S equal to a2 elements 201; m (=5/n) being the number of different signs in each challenge arrangement 200; and n being the number of times each different type of signs are replicated in each challenge arrangement 200.
The MPA according to the invention has better practical entropy compared to a one dimensional linear array or arrangement.
As stated above, the invention enables the use of an ideal configuration which has a square pattern and is therefore advantageous compared to a rectangular array which tends to suppress entropy.
Also as stated above, the invention enables the use of the ideal configuration where each symbol of the challenge matrix is repeated n=sqrt(S) times, where S is the number of elements (or the size) in the challenge matrix. Thus, it is desirable that a matrix has a number of elements that is a square number, i.e. 4, 9, 16, 25, 36, 49, 64, 81 etc. This is to ensure that signs in a matrix are repeated an integer number of times, with no bias in favour of any particular sign. Such a bias would compromise security effectiveness.
Preferably a" is an integer number between six and ten, for example nine unique signs in a 9x9 matrix, and so on.
Therefore a 36 element array with 6 unique different signs with each sign being repeated six times (i.e. a 6 x 6 x 6 x 6 configuration) with a six element MIP is the minimum configuration that has sufficient entropy, having the further advantage of having the property that the probability of guessing a correct OTC (i.e. 1/46,656) is much better than guessing a conventional four-digit PIN number.
In the developments above, the authentication operation only takes into account the OTC entered and transmitted by the user U to the system. It is therefore sometimes referred to as a one-factor system. Even if the authentication segments are stored in different and independent records, e.g. in data table 1 and data table 2, all the records are preferably stored in the database 11.
Another aspect of the invention will now be described with reference to Figure 17.
The authentication operation performed on the system of Figure 17 not only takes into account the OTC entered and transmitted by the user U to the system, but also device identification. It is therefore sometimes referred to as a two-factor system.
The invention has therefore the advantage that even if a hacker knows the MIP of the user U, the OTC will not be validated if the OTC is not entered on the device identified to the system.
-32 -Preferably, both a type of device and/or a selected device and a type of authentication operation andlor a selected authentication operation are user-configurable or operator-configurable. The user U may therefore e.g. choose one of his registered devices 3 for authentication regarding bank transactions and another one of his registered devices 3 for online payments. The operator may also e.g. ban a type of devices for highly secure transactions.
The registration of the device with the system comprises at least transmitting identification of the device 3 to the processing module 10.
Identification of the device 3 may comprise any unique identification, hereafter referred to as HID, such as a serial number of any part of the device and/or an International Mobile Equipment Identity (IMEI), etc. The transmitting of the identification may be performed via e.g. at least one of the following channels: a communication channel complying with known Secure Socket Layer (SSL) or Transport Layer Security (TLS) protocols; a mobile communication channel, such as Global System for Mobile Communications (GSM) or Universal Mobile Telecommunications System (UMTS), where identification is transmitted via a Short Message Service (SMS) or a Multimedia Messaging Service (MMS); a paper/written channel, where the user U provides to an operator of the system the identification of his device via mail or email, and where the operator of the system enters the identification of the device for storing in the database 11; or a voice channel, where the user U provides to an operator of the system the identification of his device orally, for instance via a telephone call, and where the operator of the system enters the identification of the device for storing in the database 11.
-33 -The processing module 10 then registers identification of the device 3 in the database ii, as an independent and secure record. The identification of the device is then used in the authentication process Preferably, the unique hardware ID HID is appended to the segments, ci, c2, c3 prior to encoding. This means that the unique hardware ID is never stored unencrypted in any of the data tables. During authentication, the unique hardware is input to S33, such that it may be incorporated in the matching process when S33 generates candidate values for ci, etc. i0 In some aspects of the invention, a part of the method may be performed locally on the device 3, as will now be described with reference to Figure i8.
In S60, the device 3 is registered with the system, as explained above. is
Once the device 3 is registered with the authentication system, the steps of processing the authentication code are the same as already described in reference to Figures 7 to i2, and are not repeated here for the sake of conciseness and clarity.
S13 is however modified into Si3i and S132. In Si31, the module iO stores at least a first part of the authentication segments on the registered device 3. For example, if the authentication code is divided in two segments, then one segment is stored in a memory 3i of the device 3, and if the authentication code is divided in three segments, then at least one segment is stored in the memory 3i of the device 3. In S132, the module iO stores at least a second part of the authentication segments on the remote database 11. For example, if the authentication code is divided in two segments, then one segment is stored in the database ii, and if the authentication code is divided in three segments and one segment is stored on the memory 3i, then two segments are stored in the database ii.
-34 -The steps of processing the OTC and authenticating the user U are the same as already described in reference to Figures 13 to 16, and are not repeated here for the sake of conciseness and clarity.
S30 is however modified into S300, where a record of the challenge arrangement presented to the user U is stored in the database 11 and in the memory 31 of the device 3. This enables also the device 3 to perform locally at least some of S33 and/or S38, in order to generate at least candidate identification patterns corresponding to at least one portion of the OTC, e.g. by associating the signs of the portions with corresponding unique symbols of the authentication arrangement 100, using the record of the challenge arrangement 200 stored in the memory 31 and providing all the positions of the signs in the challenge arrangement 200. It is understood that the authentication engine 2 also performs at least a part of S33 and/or S38, using the record of the challenge arrangement 200 stored in the database 11. It is also understood that a first pad of the portions, corresponding to the first part of the segments, is also stored at least temporarily on the device 3 during an authentication operation.
This enhances the two-factor feature of the system and method.
In some aspects, the system may be a three-factor system, as will now be described with reference to Figure 19.
The system and device 3 of Figure 19 are similar to the system and device of Figure 17, and are not fully described here for the sake of conciseness and clarity.
However, the device 3 preferably comprises a module 32, adapted for reading and recognizing a biometric data from the user U. The authentication operation of Figure 20 performed on the system of Figure 19 not only takes into account the OTC entered and transmitted by the user U to the system and the device identification of the device on which the OTC is entered, but also a -35 - biometric data from the user U. That is why it is therefore referred to as a three-factor system. The invention has therefore the advantage that even if a hacker knows the MIP of the user U and has the registered device on which the OTC must be entered, the OTC will not be validated if the biometric data is not entered on the device identified to the system.
The steps of processing the authentication code and the OTC are the same as already described in reference to Figure 18, and are not repeated here for the sake of conciseness and clarity.
In the method of Figure 20 however S300 is modified in S301 and S302. In S301 the device 3 reads a biometric data of the user U, using the module 32. In S301, the read biometric data is compared with a reference biometric data.
Validation of the first part of the portions of the OTC can only occur if the read biometric data matches the reference biometric data.
Preferably, the reference biometric data is not stored on the database 11, but stored locally on the device 3. Therefore the operator of the system does not store any unnecessary personal information regarding the user U, and no large databases containing many instances of biometric data need to be used.
The biometric data maybe a voice and/or a shape of the face and/or the image of the iris, and/or a fingerprint of the user U. Preferably, the challenge matrix 200 is displayed on the device 3.
Preferably, the user U reads aloud the OTC he wants to enter, and the module 32 of the registered device 3 recognizes both the signs (or digits) of the OTC (using known dictation recognition techniques) and the voice of the user U, for processing and validation. This system is therefore very advantageous, since -36- (I) it comprises all the advantages of security of the MIP in a MPA configuration (it is something that only the user knows), (ii) the authentication can be only performed on the registered device (it is something that only the user has) (iii) the authentication can be only performed by the user himself (it is someone only the user is).
This system is also very convenient because the voice and digit recognition are performed concomitantly on the device 3.
Alternatively, the user enters the OTC he wants to enter by touching a finger-print enabled keypad, such that the user's fingerprint is read as he types in the OTC. This system shares many of the advantages of the voice recognition system described above, in that the reading of the user's finger print, and recognition of the OTC are performed concomitantly on the device 3.
The system has numerous applications, and can be associated with any type of key code lock, the lock being either an electronic lock (for locking a transaction) or a mechanical lock (for locking a door or the opening of any device).
The present invention may be applied to any form of secret information, and the authentication code described above may be any secret information, such as passwords, passcodes, and personal information, including biometric information, where segmenting, chaining and storing the secret information on different locations preferably not relying on a single large database that can be compromised.
Modifications and Alternatives Detailed embodiments have been described above. As those skilled in the art will appreciate, a number of modifications and alternatives can be made to the above embodiments whilst still benefiting from the inventions embodied therein. -37-
In the embodiments described above, the processing module and the authentication engine are typically implemented as sottware run by the corresponding controller.
However, in some embodiments, the processing module and the authentication engine may be formed, where appropriate, by hardware, software, firmware or any combination thereof. A software implementation may however be preferred to facilitate the updating of the functionality of a processing module or an authentication engine.
Where software are provided, they may be provided, as appropriate, in compiled or un-compiled form and may be supplied to the processing module, the authentication engine or to the device, as the case may be, as a signal over a computer or telecommunications network, or on a computer storage medium such as for instance a disc, an optical disc or a CD ROM.
It should of course be appreciated that, although not explicitly shown in Figure 6, the processing module and the authentication engine will have all of the functionality necessary to enable them to operate as the processing module and the authentication engine, respectively, in the particular system in which they are designed to function.
Various other modifications will be apparent to those skilled in the art and will not be described in further detail here. -38-

Claims (16)

  1. CLAIMS1. A method of authentication of a user (U), comprising the steps of: displaying a pattern associated with at least one challenge arrangement (200) comprising duplicated signs (201); obtaining (S30) a challenge code (OTC) on a device (3), the challenge code being based on the pattern; dividing (S31) the challenge code (OTC) into at least two portions, each portion corresponding to an authentication segment of an authentication code of the user (U), respectively; wherein at least a first part of the authentication segments and at least a first corresponding part of the at least two portions are stored (S131) on the device (3); validating the first part of the portions only if it matches the corresponding first part of the authentication segments; and the device (3) from which the challenge code (OTC) is obtained has been previously registered to an authentication system.
  2. 2. The method according to claim 1, wherein the authentication system comprises a database (11) remote from the device (3), and wherein at least a second part of the authentication segments is stored (S132) on the data base (11).
  3. 3. The method according to any one of claims 1 or 2, wherein the authentication system comprises a database (11) remote from the device (3), and wherein a record of the challenge arrangement (200) is stored (S300) in the device (3) and in the database (11).
    -39 -
  4. 4. The method according to any one of claims 1 to 3, wherein at least one of the following: a user identification, and/or a user name (usr), and/or at least one authentication arrangement (100; usrmatrix1; usrmatrix2) with which the authentication code is associated are stored (S13, S131, S132) as an independent record in the device or in a database (11) remote from the device (3).
  5. 5. The method according to any one of claims ito 4, further comprising (S30) reading a biometric data of a user (U), on the device (3); comparing the biometric data with a reference biometric data; and validating the first part of the portions only if the read biometric data matches the reference biometric data.
  6. 6. The method according to claim 5, wherein the reference biometric data is stored on the device (3).
  7. 7. The method according to any one of claims 5 or 6, wherein the biometric data is a voice and/or a shape of the face and/or the image of the iris and/or a fingerprint of the user (U).
  8. 8. The method according to any one of claims 1 to 7, wherein the pattern associated with at least one challenge arrangement (200) comprising duplicated signs (201) is displayed on the device (3).
  9. 9. An apparatus comprising means (3, 10, 2, 11) adapted for: displaying a pattern associated with at least one challenge arrangement (200) comprising duplicated signs (201); obtaining (S30) a challenge code (OTC) on a device (3), the challenge code being based on the pattern; -40 -dividing (531) the challenge code (OTC) into at least two portions, each portion corresponding to an authentication segment of an authentication code of the user (U), respectively; wherein at least a first part of the authentication segments and at least a first corresponding part of the at least two portions are stored (Si 31) on the device (3); validating the first part of the portions only if it matches the corresponding first part of the authentication segments; and the device (3) from which the challenge code (OTC) is obtained has been previously registered to an authentication system.
  10. 10. The apparatus according to claim 9, comprising a database (11) remote from the device (3), at least a second part of the authentication segments being stored (S132) on the database (11).
  11. ii. The apparatus according to any one of claims 9 or 10, comprising a database (11) remote from the device (3), a record of the challenge arrangement (200) being stored (S300) in the device (3) and in the database (11).
  12. 12. The apparatus according to any one of claims 9 to 11, further comprising (S30) means (32) for reading a biometric data of a user (U), on the device (3); comparing the biometric data with a reference biometric data; and validating the first part of the portions only if the read biometric data matches the reference biometric data.
  13. 13. The apparatus according to claim 12, wherein the reference biometric data is stored on the device (3). -41 -14. The apparatus according to any one of claims 12 or 13, wherein the biometric data is a voice and/or a shape of the face and/or the image ot the iris and/or a fingerprint of the user (U).15. The apparatus according to any one of claims 9 to 14, wherein the pattern associated with at least one challenge arrangement (200) comprising duplicated signs (201) is displayed on the device (3).16. A computer program, computer program product or computer readable medium comprising instructions for carrying out a method according to any of claims 1 to 8.Amendment to the claims have been filed as followsCLAIMS1. A method of authentication of a user (U), comprising the steps of: displaying on a display of a system a pattern associated with at least one challenge arrangement (200) comprising duplicated signs (201); obtaining (530) a challenge code (OTC) on a device (3), the challenge code comprising the signs corresponding to the pattern in the challenge arrangement (200); dividing (531) the challenge code (OTC) into at least two portions, each portion corresponding to an authentication segment of a preset authentication code of the user (U), respectively; wherein at least a first part of the authentication segments and at least CD a first corresponding part of the at least two portions are stored (5131) on the device (3); y-15 validating the first part of the portions only if it matches the corresponding first part of the authentication segments; (0 and 0 the device (3) from which the challenge code (OTC) is obtained has been previously registered to an authentication system.2. The method according to claim 1, wherein the authentication system comprises a database (11) remote from the device (3), and wherein at least a second part of the authentication segments is stored (S132) on the database (11).3. The method according to any one of claims 1 or 2, wherein the authentication system comprises a database (11) remote from the device (3), and wherein a record of the challenge arrangement (200) is stored (S300) in the device (3) and in the database (11).4. The method according to any one of claims 1 to 3, wherein at least one of the following: a user identification, and/or a user name (usr4, and/or at least one authentication arrangement (100; usrmatrixi; usrmatrix2) with which the authentication code is associated are stored (S13, S131, S132) as an independent record in the device or in a database (11) remote from the device (3), 5. The method according to any one of claims 1 to 4, further comprising (S30) reading a biometric data of a user (U), on the device (3); comparing the biometric data with a reference biometric data; and C') validating the first part of the portions only if the read biometric data matches the reference biometric data. -156. The method according to claim 5, wherein the reference biometric data is stored (0 on the device (3). o7. The method according to any one of claims 5 or 6, wherein the biometric data is a voice and/or a shape of the face and/or the image of the iris and/or a fingerprint of the user (U).8. The method according to any one of claims 1 to 7, wherein the pattern associated with at least one challenge arrangement (200) comprising duplicated signs (201) is displayed on the device (3).9. An apparatus comprising means comprising a display, a processing module (10), an authentication engine (2), and a database (11) configured to: display on the display a pattern associated with at least one challenge arrangement (200) comprising duplicated signs (201); obtain (S30) a challenge code (OTC) on a device (3), the challenge code comprising the signs corresponding to the pattern in the challenge arrangement (200); divide (S31) the challenge code (OTC) into at least two portions, each portion corresponding to an authentication segment of a preset authentication code of the user (U), respectively; wherein at least a first part of the authentication segments and at least a first corresponding part of the at least two portions are stored (S131) on the device (3); validate the first part of the portions only if it matches the corresponding first part of the authentication segments; and CV) the device (3) from which the challenge code (OTC) is obtained has been previously registered to an authentication system. i-1510. The apparatus according to claim 9, comprising a database (11) remote from the (0 device (3), at least a second part of the authentication segments being stored (S132) on the database (11).11. The apparatus according to any one of claims 9 or 10, comprising a database (11) remote from the device (3), a record of the challenge arrangement (200) being stored (S300) in the device (3) and in the database (11).12. The apparatus according to any one of claims 9 to 11, further comprising (S30) means (32) for reading a biometric data of a user (U), on the device (3); comparing the biometric data with a reference biometric data; and validating the first part of the portions only if the read biometric data matches the reference biometric data.13. The apparatus according to claim 12, wherein the reference biometric data is stored on the device (3).
  14. 14. The apparatus according to any one of claims 12 or 13, wherein the biometric data is a voice and/or a shape of the face and/or the image of the iris andlor a fingerprint of the user (U).
  15. 15. The apparatus according to any one of claims 9 to 14, wherein the pattern associated with at least one challenge arrangement (200) comprising duplicated signs (201) is displayed on the device (3).
  16. 16. A computer program, computer program product or computer readable medium comprising instructions for carrying out a method according to any of claims ito 8. C') r r (0
GB201214202A 2012-08-08 2012-08-08 Two or three factor authentication method and apparatus Expired - Fee Related GB2504747B (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
GB201214202A GB2504747B (en) 2012-08-08 2012-08-08 Two or three factor authentication method and apparatus
US14/420,363 US20150295717A1 (en) 2012-08-08 2013-08-08 Authentication method and system
PCT/GB2013/052123 WO2014023969A1 (en) 2012-08-08 2013-08-08 Authentication method and system
EP13762202.3A EP2883183B1 (en) 2012-08-08 2013-08-08 Authentication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB201214202A GB2504747B (en) 2012-08-08 2012-08-08 Two or three factor authentication method and apparatus

Publications (3)

Publication Number Publication Date
GB201214202D0 GB201214202D0 (en) 2012-09-19
GB2504747A true GB2504747A (en) 2014-02-12
GB2504747B GB2504747B (en) 2014-07-09

Family

ID=46935131

Family Applications (1)

Application Number Title Priority Date Filing Date
GB201214202A Expired - Fee Related GB2504747B (en) 2012-08-08 2012-08-08 Two or three factor authentication method and apparatus

Country Status (1)

Country Link
GB (1) GB2504747B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11531739B1 (en) * 2020-06-30 2022-12-20 United Services Automobile Association (Usaa) Authenticating user identity based on data stored in different locations

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030028493A1 (en) * 2001-08-03 2003-02-06 Nec Corporation Personal information management system, personal information management method, and information processing server
US6959394B1 (en) * 2000-09-29 2005-10-25 Intel Corporation Splitting knowledge of a password
GB2488310A (en) * 2011-02-02 2012-08-29 Winfrasoft Corp A method and system for authenticating a computer user by using an array of elements

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6959394B1 (en) * 2000-09-29 2005-10-25 Intel Corporation Splitting knowledge of a password
US20030028493A1 (en) * 2001-08-03 2003-02-06 Nec Corporation Personal information management system, personal information management method, and information processing server
GB2488310A (en) * 2011-02-02 2012-08-29 Winfrasoft Corp A method and system for authenticating a computer user by using an array of elements

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11531739B1 (en) * 2020-06-30 2022-12-20 United Services Automobile Association (Usaa) Authenticating user identity based on data stored in different locations

Also Published As

Publication number Publication date
GB201214202D0 (en) 2012-09-19
GB2504747B (en) 2014-07-09

Similar Documents

Publication Publication Date Title
US20230231840A1 (en) Encryption and decryption techniques using shuffle function
GB2504746A (en) Matrix Pattern Authentication (MPA) using a divided authentication code
EP1149475B1 (en) A fuzzy commitment scheme
JP6514337B2 (en) Method and apparatus for securing mobile applications
US20170070495A1 (en) Method to secure file origination, access and updates
ES2809489T3 (en) Secure transmission of sensitive data
EP2883183B1 (en) Authentication method and system
KR20070024576A (en) Biometric template protection and feature handling
WO2014141263A1 (en) Asymmetric otp authentication system
EP3529728A1 (en) Device and methods for authenticating a user equipment
JP7302606B2 (en) system and server
US11601291B2 (en) Authentication method and device for matrix pattern authentication
Ziauddin et al. Robust iris verification for key management
GB2457491A (en) Identifying a remote network user having a password
GB2504747A (en) Matrix Pattern Authentication (MPA) using a divided authentication code
JP6031729B1 (en) RFID tag code generation device and method, authentication device and method, and program
Gupta et al. A complete end-to-end system for iris recognition to mitigate replay and template attack
Xu et al. A scheme for cancelable fingerprint fuzzy vault based on chaotic sequence
GB2504745A (en) Creation of pattern-based authentication codes and verifying challenges, using segmentation
Li et al. Fingerprint authentication based on fuzzy extractor in the mobile device
WO2016013924A1 (en) System and method of mutual authentication using barcode
Kulkarni et al. One-time biometric token based authentication
Yasuda et al. Biometric key‐binding using lattice masking
Belhadri et al. New biometric cryptosystem to protect sensitive data in Internet of objects
Rudd et al. Caliper: continuous authentication layered with integrated PKI encoding recognition

Legal Events

Date Code Title Description
732E Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977)

Free format text: REGISTERED BETWEEN 20140522 AND 20140528

PCNP Patent ceased through non-payment of renewal fee

Effective date: 20220808