WO2018000041A1

WO2018000041A1 - A system for secure access to a domain database and a method thereof

Info

Publication number: WO2018000041A1
Application number: PCT/AU2017/050671
Authority: WO
Inventors: Simon Thomas GIBBARD
Original assignee: Gibbard Simon Thomas
Priority date: 2016-06-30
Filing date: 2017-06-29
Publication date: 2018-01-04

Abstract

A system for providing a secure access to a domain database connected to a domain server, wherein the domain server is connected to a network The system comprises: client devices connected to the network, the client devices each having a display, a processor, a memory and an input device, the memory being connected to the processor. The system further comprises a password server connected to the network. The password server is further connected to a database. The memory of each client device is configured to store computer program code. The computer program code when executed by the processor, enables the processor of each device to: provide an interface variant comprising a plurality of discrete elements at the display; receive a selection, of a pattern of discrete elements from the plurality of discrete elements, made by a user using the input device, to generate pattern data; obtain a set of parameters corresponding to the domain server; transmit the pattern data and the set of parameters to the password server; and receive a password from the password server.

Description

A SY ST E M F O R SE C U R E A C C E SS T O A D OMAIN DATA BASE A ND A M E T H O D T H E R E O F

F ield of the Invention

[001 ] The present invention relates to secure authentication systems and in particular to a system and a method for secure access to a domain database.

[002] The invention has been developed primarily for use in/With secure authentication systems and will be described hereinafter with reference to this application. However, it will be appreciated that the invention is not limited to this particular field of use.

Background of the Invention

[003] There are a plurality of domains available on the World Wide Web which offer a multitude of services. S ome of the services offered by the plurality of domains include social networking, banking services, e-commerce and news etc. However, each one of the plurality of domains store a lot of personal information belonging to the user. The personal information may include addresses, social security number and bank account details etc. Any loss of the personal information of the user may lead to identity theft; financial loss, asset loss and reputational damage etc. for the user. Therefore, each one of the plurality of domains requires a user to generate a unique identifier (or a username) along with a unique password during a registration process.

[004] However, one major challenge with multiple registrations with the multitude of domains is management of passwords. It is rather difficult for the user to memorize all the passwords at once. As a result, the user may be inclined to use a single password for all of the plurality of domains. As convenient as it may be, having a single password for all of the plurality of domains creates a major security risk. Even if one of the plurality of domains is hacked and the password belonging to the user is stolen, the password can be used to access all of the services to which the user is registered.

[005] There have been a number of solutions offered to the above mentioned problem, some of which have been discussed below: [006] US 7171 679B2 provides a system, a method and a program for generating a plurality of passwords corresponding to a plurality of respective domains from a single global password. The global password is combined with a name of the domain being accessed and a hash key.

[007] ^"Password C ipher_, is a web based application that allows creation of a password which is unique to a domain, by combining three pieces of data with a master password. T he three pieces of data include a name of the domain, a keyword and a length of the master password.

[008] ^"E nigmaze_ provides a password generating book having a predetermined number of predefined grids. The password can be marked using an invisible ink and recalled by highlighting the ink using an ultraviolet light source. Alternately, a card is provided to generate a secure password from a name of a domain.

[009] IastPass _ provides a secure database for management of a plurality of passwords corresponding to a plurality of respective domains. The plurality of passwords can be stored in the database, while the database can be accessed using a single secure password.

[010] While the aforementioned solutions strive to provide methods and systems for secure access to a domain database, they suffer from a plurality of discrepancies. T he plurality of discrepancies include, but are not limited to, being dependent on a master or a global password. The extent of the protection available thus depends upon the strength of the master password. And the strength of the master password depends on the skill of the user to create a secure password. Further, limitations in human cognitive processing means that humans are especially poor at generating and recalling the types of passwords that are required for humans to be safe online.

[01 1 ] Moreover, while the master password may be relatively secure in case of a normal hacking attack, but still may be obtained using more advanced attacks. F urther, there may be other ways in which the master password may be lost, such as keystroke logging. F urther, having all the passwords in a book may not be ideal, as the book may be misplaced or may fall into wrong hands. Moreover, the above mentioned solutions support only E nglish language keyboards.

[012] Therefore there remains, in the art; a need for improved systems and methods for secure access to a domain which are relatively more immune to hacker attacks, less dependent on the skill of the user and support a plurality of languages.

[013] Any discussion of the background art throughout the specification should in no way be considered as an admission that such background art is prior art, nor that such background art is widely known or forms part of the common general knowledge in the field in Australia or any other country.

S ummary of the Invention

[014] The invention seeks to provide a system and a method which will overcome or substantially ameliorate at least some of the deficiencies of the prior art, or to at least provide an alternative.

[015] According to a first aspect of the invention, there is provided a system for providing a secure access to a domain database operably connected to a domain server, wherein the domain server is operably connected to a network. The system comprises a first client device operably connected to the network, the first client device having a first display, a first processor, a first memory and a first input device, the first memory being operably connected to the first processor, a password server operably connected to the network, the password server further operably connected to a database. F urther the first memory is configured to store a first computer program code, the first computer program code when executed by the first processor, enables the first processor to provide an interface variant comprising a plurality of discrete elements at the first display, receive a selection, of a pattern of discrete elements from the plurality of discrete elements, made by a user using the first input device, to generate pattern data, obtain a first set of parameters corresponding to the domain server and transmit the pattern data and the first set of parameters to the password server and receive a password from the password server. Further, the password server is configured to receive the pattern data, comprising data corresponding to the pattern of discrete elements, and the first set of parameters, assign a second set of parameters, at least one parameter of the second set of parameters corresponding to the domain server, store the first set of parameters and the second set of parameters in the database, generate the password as a function of the pattern data, the first set of parameters and the second set of parameters and transmit the password to the first client device.

[016] Hence a password is securely generated using a pattern of discrete elements, without entering the characters of a password using a keyboard.

[017] In one embodiment of the invention, the system further comprises a second client device operably connected to the network, the second client device having a second display, a second processor, a second memory and a second input device, the second memory being operably connected to the second processor. F urther, the second memory is configured to store a second computer program code, the second computer program code when executed by the second processor, enables the second processor to provide the interface variant comprising the plurality of discrete elements at the second display, receive the selection, of the pattern of discrete elements from the plurality of discrete elements, made by the user using the second input device to generate the pattern data and transmit the pattern data to the password server. The pattern of discrete elements can be selected using a second authentication device, thus providing a double layer of protection.

[018] In one embodiment of the invention, the interface variant is in a form of a rectangular grid and the plurality of discrete elements are provided by the cells of the rectangular grid.

[019] In one embodiment of the invention, wherein the interface variant is selected by the user from a plurality of interface variants stored in the database.

[020] In one embodiment of the invention, each instance of selection of a discrete element from the pattern of discrete elements, returns a different numeral. [021 ] In one embodiment of the invention, after each instance of selection of a discrete element from the pattern of discrete elements, the discrete element is displayed in a different colour. The use of colours allows the pattern of discrete elements to be memorized with relative ease.

[022] In one embodiment of the invention, the selection of the pattern of discrete elements is received in a sequence and the pattern data comprises sequence data corresponding to the sequence of selection of the pattern of discrete elements. Hence if the pattern of discrete elements is selected in a different sequence, a different password will be generated. This adds an additional layer of security to the password.

[023] In one embodiment of the invention, the number of discrete elements in the pattern of discrete elements is greater than a threshold value.

[024] In one embodiment of the invention, the pattern data and the first set of parameters are transmitted to the password server in response to receiving a verification code generated by the domain server. R eceiving of verification code allows multi-factor authentication.

[025] In one embodiment of the invention, the first set of parameters comprise a domain name, a user identifier, an interface variant number and a language key.

[026] In one embodiment of the invention, the password server is further configured to add a first salt value to the domain name and a second salt value to the user identifier. Adding of salt values allow the domain name and the user identifier to be securely stored or used in the database.

[027] In one embodiment of the invention, the second set of parameters comprise an algorithm version and a password version.

[028] In one embodiment of the invention, the password server is further configured to increment the password version to a next value in an event of the user being required to generate a new password. [029] In one embodiment of the invention, the password server is further configured to verify the password with a password policy of the domain server.

[030] In one embodiment of the invention, the password server is further configured to verify the password for presence of a plurality of exclusions.

[031 ] In one embodiment of the invention, the plurality of exclusions comprise keyboard sequences, numeric sequences, phone numbers, a user identifier, repeated characters and excluded special characters.

[032] In one embodiment of the invention, the password comprises at least one alphabetical character in lower case, at least one alphabetical character in uppercase, at least one numeric character and at least one special character.

[033] According to a second aspect of the invention, there is provided a computer implemented method for providing a secure access to a domain database operably connected to a domain server, wherein the domain server is operably connected to a network, the method comprising the steps of providing an interface variant comprising a plurality of discrete elements to a user, receiving a selection of a pattern of discrete elements from the plurality of discrete elements, made by the user, generating pattern data based on the selection, transmitting the pattern data to a password server, obtaining a first set of parameters corresponding to the domain server at a first client device, transmitting the first set of parameters to the password server from the first client device and receiving a password at the first client device from the password server. Further, the password server is configured to receive the pattern data, comprising data corresponding to the pattern of discrete elements, and the first set of parameters, assign a second set of parameters, at least one parameter of the second set of parameters corresponding to the domain server, store the first set of parameters and the second set of parameters in a database, generate the password as a function of the pattern data, the first set of parameters and the second set of parameters and transmit the password to the first client device.

[034] Hence a password is securely generated using a pattern of discrete elements, without entering characters of the password using a keyboard. [035] In one embodiment of the invention, the interface variant is provided at, at least one of a first display of the first client device and a second display of a second client device. The pattern of discrete elements can be selected using a second authentication device, thus providing a double layer of protection.

[036] In one embodiment of the invention, the interface variant is in a form of a rectangular grid and the plurality of discrete elements are provided by the cells of the rectangular grid.

[037] In one embodiment of the invention, the method further comprises the step of selecting the interface variant, by the user, from a plurality of interface variants stored in the database.

[038] In one embodiment of the invention, each instance of selection of a discrete element from the pattern of discrete elements, returns a different numeral.

[039] In one embodiment of the invention, after each instance of selection of a discrete element from the pattern of discrete elements, the discrete element is displayed in a different colour. The use of colours allows the pattern of discrete elements to be memorized with relative ease.

[040] In one embodiment of the invention, the selection of the pattern of discrete elements is received in a sequence and the pattern data comprises sequence data corresponding to the sequence of selection of the pattern of discrete elements. Hence, if the pattern of discrete elements is selected in a different sequence, a different password will be generated. This adds an additional layer of security to the password.

[041 ] In one embodiment of the invention, a number of discrete elements in the pattern of discrete elements is greater than a threshold value.

[042] In one embodiment of the invention, the pattern data and the first set of parameters are transmitted to the password server in response to receiving a verification code generated by the domain server. R eceiving of verification code allows multi-factor authentication.

[043] In one embodiment of the invention, the first set of parameters comprise a domain name, a user identifier, an interface variant number and a language key.

[044] In one embodiment of the invention, the password server adds a first salt value to the domain name and a second salt value to the user identifier. Adding of salt values allow the domain name and the user identifier to be securely stored or used in the database.

[045] In one embodiment of the invention, the second set of parameters comprise an algorithm version and a password version.

[046] In one embodiment of the invention, the password server further increments the password version to a next value in an event of the user being required to generate a new password.

[047] In one embodiment of the invention, the password server further verifies the password with a password policy of the domain server.

[048] In one embodiment of the invention, the password server further verifies the password for presence of a plurality of exclusions.

[049] In one embodiment of the invention, the plurality of exclusions comprise keyboard sequences, numeric sequences, phone numbers, a user identifier, repeated characters and excluded special characters.

[050] In one embodiment of the invention, the password comprises at least one alphabetical character in lower case, at least one alphabetical character in uppercase, at least one numeric character and at least one special character.

[051 ] According to a third aspect of the invention, there is provided a password server operably connected to a database, for generating a password for facilitating secure access to a domain database operably connected to a domain server. The password server is configured to receive pattern data, comprising data corresponding to a pattern of discrete elements, and a first set of parameters corresponding to the domain server, assign a second set of parameters, at least one parameter of the second set of parameters corresponding to the domain server, store the first set of parameters and the second set of parameters in the database, generate a password as a function of the pattern data, the first set of parameters and the second set of parameters and transmit the password to a first client device.

[052] Hence a password is securely generated using a pattern of discrete elements, without entering characters of password using a keyboard.

[053] In one embodiment of the invention, the password server is configured to receive the pattern data from at least one of the first client device and a second client device. The pattern of discrete elements can be selected using a second authentication device, thus providing a double layer of protection.

[054] In one embodiment of the invention, the first set of parameters comprise a domain name, a user identifier, an interface variant number and a language key.

[055] In one embodiment of the invention, configured to add a first salt value to the domain name and a second salt value to the user identifier. Adding of salt values allow the domain name and the user identifier to be securely stored or used in the database.

[056] In one embodiment of the invention, the second set of parameters comprise an algorithm version and a password version.

[057] In one embodiment of the invention, the password server is further configured to increment the password version to a next value in an event of the user being required to generate a new password.

[058] In one embodiment of the invention, the password server is further configured to verify the password with a password policy of the domain server. [059] In one embodiment of the invention, the password server is further configured to verify the password for presence of a plurality of exclusions.

[060] In one embodiment of the invention, the plurality of exclusions comprise keyboard sequences, numeric sequences, phone numbers, a user identifier, repeated characters and excluded special characters.

[061 ] In one embodiment of the invention, the password comprises at least one alphabetical character in lower case, at least one alphabetical character in uppercase, at least one numeric character and at least one special character.

[062] Other aspects of the invention are also disclosed.

B rief Description of the Drawings

[063] Notwithstanding any other forms which may fall within the scope of the present invention, preferred embodiments of the invention will now be described, by way of example only, with reference to the accompanying drawings in which:

[064] F ig. 1 shows a network of computing devices on which the various embodiments described herein may be implemented;

[065] F ig. 2 shows a computing device on which the various embodiments described herein may be implemented;

[066] F ig. 3 is a system for secure access to a domain database in accordance with a preferred embodiment of the present invention;

[067] F ig. 4 is the system for secure access to a domain database in accordance with another preferred embodiment of the present invention;

[068] F ig. 5 is the system for secure access to a domain database in accordance with yet another preferred embodiment of the present invention;

[069] F ig. 6 shows a method for secure access to a domain database in accordance with a preferred embodiment of the present invention; [070] F ig. 7 shows a method for secure access to a domain database in accordance with an exemplary embodiment of the present invention;

[071 ] F ig. 8 shows an example of the method illustrated in figure 7 implemented for a domain database using E nglish as a language for textual content; and

[072] F ig. 9 shows an example of the method illustrated in figure 7 implemented for a domain database using C hinese as a language for textual content

Description of E mbodiments

[073] It should be noted in the following description that like or the same reference numerals in different embodiments denote the same or similar features.

[074] System 100 of computing devices

[075] F ig. 1 shows a system 100 of computing devices adapted for implementation of various embodiments of the present invention.

[076] As will be described in further detail below, the system 100 illustrates the network of computing devices on which the various embodiments described herein may be implemented.

[077] As such, the system 100 comprises a plurality of client devices 102 (for e.g.

102a, 102b and 102c) connected to a domain server 1 10 through a network 104. The plurality of client devices 102 include, but are not limited to, a mobile handheld device, a personal computer, a laptop and a tablet etc. In a preferred embodiment, the plurality of client devices 102 are provided with a plurality of browser applications, such as, but not limited to, Mozilla F irefoxT M or Microsoft Internet E xplorerT M browser applications. The browser applications request hypertext web pages from the domain server 1 10 and render the hypertext web pages on a display device. In another preferred embodiment, the plurality of client devices 102 are provided with a standalone application to connect with the domain server 1 10.

[078] The domain server 1 10 is operably connected to a domain database 1 12.

The domain server 1 10 is configured to be located with a domain name or a Uniform R esource Locator (U R L). In a preferred embodiment, the network 104 is internet and the domain server 110 is a web server having a web server application for receiving requests such a Hypertext T ransfer P rotocol (HTT P) and F ile T ransfer P rotocol (FT P) requests, and serving hypertext web pages or files in response. The web server application is one of, but not limited to, Apache T M or Microsoft T M IIS HTT P server.

[079] The domain server 1 10 is also provided with a hypertext preprocessor for processing one or more web page templates and data from the domain database 1 12 to generate hypertext web pages. T he hypertext preprocessor may, for example, be the P H P: Hypertext P reprocessor (P HP) or Microsoft AspT M hypertext preprocessor. The domain server 1 10 is also provided with web page templates, such as one or more P HP or AS P files. F urther, the hypertext web pages are generated in a predetermined language. The predetermined language may be one of but not limited to, E nglish, French, Mandarin, and R ussian etc.

[080] Upon receiving a request from the web server application, the hypertext preprocessor is operable to retrieve a web page template, from the web page templates, execute any dynamic content therein, including updating or loading information from the domain database 1 12, to compose a hypertext web page. The composed hypertext web page may comprise client side code, such as J avascript, for Document Object Model (DO M) manipulating, asynchronous HTT P requests and the like.

[081 ] The domain database 1 12 is configured to store the data corresponding to a plurality of users. A user from the plurality of users is granted access to the domain database 1 12 after the user has been successfully enrolled with the domain server 1 10. T he enrolment of the user comprises generation of a user identifier and a password. E ach one of the user identifier and the password is unique to the user. After the enrolment, the user is authenticated for every subsequent session using the user identifier and the password to grant access to the domain database 1 12.

[082] In one embodiment of the invention, the domain server 1 10 has a password policy. For example, the password policy specified by the domain server 1 10 necessitates a minimum number of characters in the password, a maximum number of characters in the password, use of one or more upper case letters, use of one or more numerals, use of one or more special characters and a duration of validity for the password.

[083] In one embodiment of the invention, the domain server 1 10 follows a multi- factor authentication. When the user attempts to access the domain database 1 12 using a first client device (for e.g. 102c) from the plurality of client devices 102, the domain server 1 10 generates a verification code and sends the verification code to the first client device 102c or a second client device (for e.g. 102a) from the plurality of client devices 102, registered at the domain database 1 12. The user is required to provide the verification code to the domain server 1 10 for obtaining the access to the domain database 1 12.

[084] F urther, a password server 106 is also operably connected to the network 104. Also, the password server 106 is operably connected to a database 108. The database 108 is configured to process queries generated in a plurality of query languages, including, but not limited to, S QL, .Q L and Datalog etc. F urther, the database 108 is configured to store a plurality of algorithms for generation of a password. E ach one of the plurality of algorithms has a respective algorithm version. Also, the database 108 is further configured to store the password policy of the domain server 1 10. In one embodiment of the invention, the password policy is stored in the database 108 during the configuration of the database 108 for the domain server 1 10.

C omputing device

[085] F ig. 2 shows a computing device 200. In a preferred embodiment, the computing device 200 takes the form of the domain server 1 10 and the password server 106 as described above. In this manner, the computing device 200 is adapted to comprise functionality for communication with the network 104, storage capability (such as the domain database 1 12 or the database 108) for storing the data corresponding to the plurality of users.

[086] However, it should be noted that each one of the plurality of client devices 102, as shown in figure 1 , may also be depicted as the computing device 200. In this manner, the computing device may comprise differing technical integers, such as the display device 2020, one or more human interface devices 260 and the like. In other words, the technical integers of the computing device 200 is shown in figure 2 are exemplary only and variations, adaptations and the like may be made thereto within the purposive scope of the embodiments described herein and having regard for the particular application of the computing device 200.

[087] In particular the steps of the method for secure access to the domain database 1 12, as described in further detail below, may be implemented as computer program code instructions executable by the computing device 200. The computer program code instructions may be divided into one or more computer program code instruction libraries, such as dynamic link libraries (DLL), wherein each of the libraries performs a one or more steps of the method. Additionally, a subset of the one or more of the libraries may perform graphical user interface tasks relating to the steps of the method.

[088] The device 200 comprises semiconductor memory 210 comprising volatile memory such as random access memory (RAM) or read only memory (R O M). The memory 200 may comprise either RAM or R O M or a combination of RAM and R OM.

[089] The device 200 comprises a computer program code storage medium reader 230 for reading the computer program code instructions from computer program code storage media 220. T he storage media 220 may be optical media such as C D-R O M disks, magnetic media such as floppy disks and tape cassettes or flash media such as US B memory sticks.

[090] The device further comprises I/O interface 240 for communicating with one or more peripheral devices. The I/O interface 240 may offer both serial and parallel interface connectivity. F or example, the I/O interface 240 may comprise a S mall C omputer System Interface (S CS I), Universal S erial Bus (US B) or similar I/O interface for interfacing with the storage medium reader 230. The I/O interface 240 may also communicate with the one or more human interface devices (HID) 260 such as keyboards, pointing devices, joysticks and the like. The I/O interface 240 may also comprise a computer to computer interface, such as a R ecommended S tandard 232 (RS -232) interface, for interfacing the device 200 with one or more personal computer (PC ) devices 290. T he I/O interface 240 may also comprise an audio interface for communicate audio signals to one or more audio devices 2050, such as a speaker or a buzzer.

[091 ] The device 200 also comprises a network interface 270 for communicating with one or more computer networks 280. The network 280 may be a wired network, such as a wired E thernetT M network or a wireless network, such as a BluetoothT M network or IE E E 802.1 1 network. The network 280 may be a local area network (LAN), such as a home or office computer network, or a wide area network (WAN), such as the Internet or private WAN.

[092] The device 200 comprises an arithmetic logic unit or processor 2000 for performing the computer program code instructions. T he processor 2000 may be a reduced instruction set computer (RIS C) or complex instruction set computer (CIS C) processor or the like. The device 200 further comprises a storage device 2030, such as a magnetic disk hard drive or a solid state disk drive.

[093] C omputer program code instructions may be loaded into the storage device 2030 from the storage media 220 using the storage medium reader 230 or from the network 280 using network interface 270. During the bootstrap phase, an operating system and one or more software applications are loaded from the storage device 2030 into the memory 210. During the fetch-decode-execute cycle, the processor 2000 fetches computer program code instructions from memory 210, decodes the instructions into machine code, executes the instructions and stores one or more intermediate results in memory 200. [094] In this manner, the instructions stored in the memory 210, when retrieved and executed by the processor 2000, may configure the computing device 200 as a special-purpose machine that may perform the functions described herein.

[095] The device 200 also comprises a video interface 2010 for conveying video signals to a display device 2020, such as a liquid crystal display (LC D), cathode- ray tube (C RT) or similar display device.

[096] The device 200 also comprises a communication bus subsystem 250 for interconnecting the various devices described above. The bus subsystem 250 may offer parallel connectivity such as Industry S tandard Architecture (ISA), conventional P eripheral C omponent Interconnect (PCI) and the like or serial connectivity such as PCI Express (PCIe), S erial Advanced Technology Attachment (S erial ATA) and the like.

E mbodiments of the S ystem

[097] F igure 3 illustrates the system for secure access to the domain database 1 12 in accordance with a preferred embodiment 300 of the present invention. In accordance with the embodiment 300, the user tries to access the domain database 1 12 from the first client device 102c from the plurality of client devices 102. The first client device 102c in connected to the password server 106. The first client device 102c has a first display 310, a first processor 320, a first memory 330 and a first input device 340. Further, the first memory 330 is configured to store a first computer program code.

[098] In one embodiment the first computer program code is comprised within a computer program element. T he computer program element is one of, but not limited to, a software, a mobile or a desktop based application, an Application P rogram Interface (API) or a browser plug-in. F urther, in one embodiment, the computer program element is provided to the first client device 102c through the network 104.

[099] Alternately, in another embodiment, the first computer program code is provided to the first client device 102c by a means of a computer readable storage medium. The computer readable storage medium is one of but not limited to, a C D-R O M, a floppy disk, a magnetic tape based storage medium and a US B flash drive etc.

[0100] When the user selects a ^"DIS P LAY INT E R FAC E VARIANT _, option from the first display 310, the first computer program code, when executed by the first processor 320, enables the first processor 320 to provide an interface variant comprising a plurality of discrete elements at the first display 310. In one embodiment of the invention, the interface variant is in a form of a rectangular grid and the plurality of discrete elements are provided by the cells of the rectangular grid. Alternately, the interface variant is in a form of a circular grid, wherein the plurality of discrete elements are in forms of random polygons.

[0101 ] In one embodiment of the invention, during an event of the user being required to generate a new password, such as during the enrollment of the user, or after expiration of a current password, the first computer program code enables the first processor 320 to fetch the interface variant selected by the user from a plurality of interface variants stored in the first memory 330. Alternately, the interface variant is uploaded by the user in the first memory 330. In another embodiment, the database 108 is configured to store a plurality of interface variants and the interface variant is selected by the user from the plurality of interface variants stored in the database 108. The first processor 320 provides the interface variant at the first display 310.

[0102] In any case, the interface variant is assigned an interface variant number and stored in the database 108 in association with the interface variant number, by the password server 106. The interface variant number then is assigned to the domain server 110 and stored in the first memory 330 in association with an attribute corresponding to the domain server 1 10, by the first processor 320. The attribute is one of, but not limited to, a web address of the domain server 1 10, an Internet P rotocol (IP) address of the domain server 1 10, or the domain name. During the authentication of the user, the interface variant corresponding to the interface variant number assigned to the domain server 1 10 is provided at the first display 310 by the first processor 320. [0103] F urther, the first computer program code enables the first processor 320 to receive a selection, of a pattern of discrete elements from the plurality of discrete elements, made by the user using the first input device 340 to generate pattern data. In one embodiment of the invention, the selection of the pattern of discrete elements is received in a sequence and the pattern data comprises sequence data corresponding to the sequence of selection of the pattern of discrete elements. F urther, the number of discrete elements in the pattern of discrete elements is greater than a threshold value. The first computer program code further enables the first processor 320 to transmit the pattern data to the password server 106.

[0104] F urther, in one embodiment, each discrete element from the plurality of discrete elements is associated with a respective array of numerals. During a first selection of a discrete element from the pattern of discrete elements, the interface variant returns a first numeral from the array of numerals. During a subsequent selection of the discrete element, the interface variant returns a subsequent numeral from the array of numerals, and so on and so forth. Thus each instance of selection of the discrete element, returns a different numeral.

[0105] Also in one embodiment each discrete element from the plurality of discrete elements is associated with a respective array of colours. During a first selection of a discrete element from the pattern of discrete elements, the discrete element is displayed in a first colour from the array of colours. During a subsequent selection of the discrete element the discrete element is displayed in a subsequent colour from the array of colours, and so on and so forth. Thus after each instance of selection of the discrete element, the discrete element is displayed in a different colour. The use of colours allows the pattern of discrete elements to be memorized with a relative ease.

[0106] The first computer program code further enables the first processor 320 to obtain a first set of parameters corresponding to the domain server 1 10. In one embodiment of the invention, the first set of parameters comprise the domain name, the user identifier, the interface variant number and a language key. F urther, the the language key defines the predetermined language. For example, if the predetermined language is S wedish, then the language key is set to be S wedish.

[0107] The first computer program code further enables the first processor 320 to transmit the first set of parameters to the password server 106. In one embodiment of the invention, the pattern data and the first set of parameters are transmitted to the password server 106 in response to receiving the verification code generated by the domain server 1 10. T he first computer program code also enables the first processor 320 to receive a password from the password server 106 for secure access to the domain database 1 12.

[0108] F igure 4 illustrates the system for secure access to the domain database 1 12 in another embodiment 400 of the present invention. T he second client device 102a having a second display 410, a second processor 420, a second memory 430 and a second input device 440 is also connected to the password server 106. F urther, the second memory 430 is configured to store a second computer program code. In accordance with the embodiment, the user is further presented with a ^"S E LE CT S E C O ND DEVIC E _ option at the first display 310.

[0109] In one embodiment the second computer program code is comprised within a computer program element. T he computer program element is one of, but not limited to, a software, a mobile or a desktop based application, or an Application P rogram Interface (API). Further, the computer program element is provided to the second client device 102a through the network 104

[01 10] Alternately, in another embodiment the second computer program code is provided to the second client device 102a by a means of a computer readable storage medium. The computer readable storage medium is one of but not limited to, a C D-R O M, a floppy disk, a magnetic tape based storage medium and a US B flash drive etc.

[01 1 1 ] When the user selects the ^"S E LE CT S E C O ND DEVIC E _ option the second computer program code, when executed by the second processor 420, enables the second processor 420 to provide the interface variant comprising the plurality of discrete elements at the second display 410. In one embodiment of the invention, during an event of the user being required to generate a new password, such as during the enrollment of the user or after expiration of a current password, the second computer program code enables the second processor 420 fetch the interface variant selected by the user from the plurality of interface variants stored in the second memory 430. Alternately, the interface variant is uploaded by the user in the second memory 430. In another embodiment, the second processor 420 fetches the interface variant selected by the user, from the plurality of interface variants stored in the database 108 and provides the interface variant at the second display 410.

[01 12] In any case, the interface variant is assigned an interface variant number and stored in the database 108 in association with the interface variant number, by the password server 106. The interface variant number then is assigned to the domain server 1 10 and stored in the second memory 430 in association with the attribute corresponding to the domain server 110, by the second processor 420. During the authentication of the user, the interface variant corresponding to the interface variant number assigned to the domain server 1 10 is provided at the second display 410 by the second processor 420.

[01 13] In one embodiment of the invention, the second processor 420 is enabled to provide the interface variant at the second display 410 on receiving a notification from the password server 106. F urther, the user is then prompted to select the pattern of discrete elements.

[01 14] F igure 5 illustrates the system for secure access to the domain database 1 12 in yet another embodiment 500 of the present invention. In accordance with the embodiment 500, the user is further presented with a VE RIFY WITH S E C O ND DEVIC E _ option at the first display 310. Here, in this case, the pattern of discrete elements has already been selected by the user at the first client device 102c, and the user is prompted to verify the pattern of discrete elements with the second client device 102a. F urther, the interface variant has already been assigned the interface variant number and stored in database 108 in association with the interface variant number, by the password server 106. Also, the interface variant number has already been assigned to the domain server 1 10 by the first processor 320. When the user selects the V E RIFY WIT H S E C OND DEVIC E _. option, the interface variant corresponding to the interface variant number assigned to the domain server 1 10 is provided at the second display 410, by the second processor 420.

[01 1 5] F urther, the second computer program code enables the second processor 420 to receive the selection, of the pattern of discrete elements from the plurality of discrete elements, made by the user using the second input device 440, to generate the pattern data. T he second computer program code further enables the second processor 420 to transmit the pattern data to the password server 106.

[01 1 6] The password server 106 is configured to receive the pattern data, comprising data corresponding to the pattern of discrete elements, and the first set of parameters corresponding to the domain server 1 10. In one embodiment of the invention, the password server 106 is configured to receive the pattern data from at least one of the first client device 102c and the second client device 102a. In one embodiment of the invention, the password server 106 is configured to add a first salt value to the domain name and a second salt value to the user identifier. In one embodiment the first salt value and the second salt value are added during generation of the password. Alternately, the first salt value and the second salt value are added before storing the domain name and the user identifier in the database 108, respectively.

[01 17] The password server 106 is further configured to assign a second set of parameters, at least one parameter of the second set of parameters corresponding to the domain server 1 10. In one embodiment of the invention, the second set of parameters comprise a password version and an algorithm version. The password version is assigned a predetermined value by the password server 106. For example the password version is assigned a default predetermined value of zero. F urther, the password server 106 is configured to increment the password version to a next value in an event of the user being required to generate a new password. For example, during enrolment of the user with the domain server 1 10, the password version is incremented to a value of one by the password server 106. In another example, the user is required to generate the password every three months, as per the password policy. Hence, the password version is incremented to a next value every three months. Further, the algorithm version corresponds to an algorithm assigned to the domain server 1 10, by the password server 106, from the plurality of algorithms stored in the database 108. In one embodiment, the algorithm is defined by the user. For example, the user may define the algorithm in a form of a mathematical formula.

[01 18] The password server 106 is further configured to store the first set of parameters and the second set of parameters in the database 108. F urther, the password server 106 is configured to generate a password as a function of the pattern data, the first set of parameters and the second set of parameters. In one embodiment, the password server 106 is configured to generate a resultant string by combining the pattern data, the first set of parameters and the second set of parameters. In one embodiment, the resultant string is generated through straight concatenation of the pattern data, the first set of parameters and the second set of parameters. In another embodiment the resultant string is generated through combining substrings of the pattern data, the first set of parameters and the second set of parameters.

[01 19] F urther, the password server 106 is configured to apply a hashing function to the resultant string to generate a second resultant string. In one embodiment, the hashing function is bcrypt T he password server 106 is then configured to hash the second resultant string a plurality of times to generate the password. In one embodiment of the invention, the password server 106 is then configured to verify the password with the password policy of the domain server 1 10, stored in the database 108. F urther, the password server 106 is configured to verify the password for presence of a plurality of exclusions. In one embodiment, the plurality of exclusions comprise, but are not limited to, keyboard sequences (such as qwertyj, numeric sequences (e.g. 12345), phone numbers, the user identifier, repeated characters (e.g. 1 1 1 1 or bbbb) and excluded special characters (e.g. {} :;). In one embodiment of the invention, the password comprises at least one alphabetical character in lower case, at least one alphabetical character in uppercase, at least one numeric character and at least one special character. E mbodiments of the Method

[0120] F igure 6 illustrates a computer implemented method 600 for secure access to a domain database 1 12 in one embodiment of the invention. The method begins at step 610 by providing an interface variant comprising a plurality of discrete elements to a user. In one embodiment of the invention, the interface variant is in a form of a rectangular grid and the plurality of discrete elements are provided by the cells of the rectangular grid. Alternately, the interface variant is in a form of a circular grid, wherein the plurality of discrete elements are in forms of random polygons.

[0121 ] In one embodiment of the invention, the interface variant is provided at the first display 310 of the first client device 102c, by the first processor 310. In one embodiment of the invention, during an event the user being required to generate a new password, such as during the enrollment of the user or after expiration of a current password, the first processor 320 fetches the interface variant selected by the user from a plurality of interface variants stored in the first memory 330. Alternately, the interface variant is uploaded by the user in the first memory 330. In another embodiment, the database 108 is configured to store a plurality of interface variants. The interface variant is selected by the user from the plurality of interface variants stored in the database 108, and the first processor 320 provides the interface variant at the first display 310.

[0122] In any case, the interface variant is assigned an interface variant number and stored in the database 108 in association with the interface variant number, by the password server 106. The interface variant number then is assigned to the domain server 1 10 and stored in the first memory 330 in association with the attribute corresponding to the domain server 1 10, by the first processor 320. During the authentication of the user, the interface variant corresponding to the interface variant number assigned to the domain server 1 10 is provided at the first display 310 by the first processor 320.

[0123] In one embodiment of the invention, the interface variant is provided at the second display 410 of the second client device 102a, by the second processor 420. In one embodiment of the invention, during an event of the user being required to generate a new password, such as during the enrollment of the user or after expiration of a current password, the second processor 420 fetches the interface variant selected by the user from the plurality of interface variants stored in the second memory 430. Alternately, the interface variant is uploaded by the user in the second memory 430. In another embodiment, the second processor 420 fetches the interface variant selected by the user from the plurality of interface variants stored in the database 108. The second processor 420 provides the interface variant at the second display 410.

[0124] In any case, the interface variant is assigned the interface variant number and stored in the database 108 in association with the interface variant number, by the password server 106. The interface variant number then is assigned to the domain server 1 10 and stored in the second memory 430 in association with the attribute corresponding to the domain server 1 10 by the second processor 420. During the authentication of the user, the interface variant corresponding to the interface variant number assigned to the domain server 1 10 is provided at the second display 410, by the second processor 420.

[0125] In one embodiment of the invention, the second processor 420 provides the interface variant at the second display 410 on receiving a notification from the password server 106. F urther, the user is then prompted to select the pattern of discrete elements.

[0126] In yet another embodiment, the pattern of discrete elements has already been selected by the user at the first client device 102c, and the user is prompted to verify the pattern of discrete elements with the second client device 102a. F urther, the interface variant has already been assigned the interface variant number and stored in database 108 in association with the interface variant number by the password server 106. Also, the interface variant number has already been assigned to the domain server 1 10 by the first processor 320. Hence, the interface variant corresponding to the interface variant number assigned to the domain server 1 10 is provided at the second display 410, by the second processor 420.

[0127] At step 620, a selection, of a pattern of discrete elements from the plurality of discrete elements, made by the user, is received. In one embodiment, the selection is made by the user, using the first input device 340 comprised within the first client device 102c. The selection is then received by the first processor 320. In another embodiment, the selection, of the pattern of discrete elements is made by the user, using the second input device 440 comprised within the second client device 102a. The selection is then received by the second processor 420.

[0128] At step 630, pattern data is generated based on the selection. F urther, in one embodiment, each discrete element from the plurality of discrete elements is associated with a respective array of numerals. During a first selection of a discrete element from the pattern of discrete elements, the interface variant returns a first numeral from the array of numerals. During a subsequent selection of the discrete element, the interface variant returns a subsequent numeral from the array of numerals, and so on and so forth. Thus each instance of selection of the discrete element, returns a different numeral.

[0129] Also in one embodiment, each discrete element from the plurality of discrete elements is associated with a respective array of colours. During a first selection of a discrete element from the pattern of discrete elements, the discrete element is displayed in a first colour from the array of colours. During a subsequent selection of the discrete element the discrete element is displayed in a subsequent colour from the array of colours, and so on and so forth. Thus after each instance of selection of the discrete element, the discrete element is displayed in a different colour. The use of colours allows the pattern of discrete elements to be memorized with a relative ease.

[0130] In one embodiment the selection of the pattern of discrete elements is received in a sequence and the pattern data comprises sequence data corresponding to the sequence of selection of the pattern of discrete elements. F urther, in one embodiment, the number of discrete elements in the pattern of discrete elements is greater than a threshold value.

[0131 ] At step 640, the pattern data is transmitted to the password server 106. In one embodiment, the pattern data is transmitted to the password server 106 by the first processor 320. In another embodiment the pattern data is transmitted to the password server 106 by the second processor 420. In yet another embodiment, the pattern data is transmitted to the password server 106 by both the first processor 320 and the second processor 420, thus enabling multi-factor authentication.

[0132] At step 650, a first set of parameters corresponding to the domain server 1 10 are obtained by the first processor 320, at the first client device 102c. In one embodiment of the invention, the first set of parameters comprise the domain name, the user identifier, the interface variant number and a language key. F urther, the the language key defines the predetermined language. For example, if the predetermined language is S wedish, then the language key is set to be S wedish.

[0133] At step 660, the first set of parameters are transmitted by the first processor 320, to the password server 106, from the first client device 102c. In one embodiment of the invention, the pattern data and the first set of parameters are transmitted to the password server 106 in response to receiving the verification code generated by the domain server 1 10.

[0134] The password server 106 receives the pattern data, comprising the data corresponding to the pattern of discrete elements, and the first set of parameters. In one embodiment of the invention, the password server 106 receives the pattern data from at least one of the first client device 102c and the second client device 102a. In one embodiment of the invention, the password server 106 adds a first salt value to the domain name and a second salt value to the user identifier. In one embodiment the first salt value and the second salt value are added during generation of the password. Alternately, the first salt value and the second salt value are added before storing the domain name and the user identifier in the database 108, respectively.

[0135] During the event of the user being required to generate a new password, the password server 106 assigns a second set of parameters, at least one parameter of the second set of parameters corresponding to the domain server 1 10. In one embodiment of the invention, the second set of parameters comprise a password version and an algorithm version. The password version is assigned a predetermined value by the password server 106. For example the password version is assigned a default predetermined value of zero. During enrolment of the user with the domain server 1 10, the password version is incremented to a value of one by the password server 106. The password version is then incremented to a next value in an event of the user being required to generate a new password. F or example, as per the password policy, a new password is supposed to be generated every three months. Hence the password version is incremented to a next value after completion of every three months.

[0136] F urther, the algorithm version corresponds to an algorithm assigned to the domain server 1 10, by the password server 106, from the plurality of algorithms stored in the database 108. In one embodiment the algorithm is defined by the user. For example, the user may define the algorithm in a form of a mathematical formula.

[0137] The password server 106 further stores the first set of parameters and the second set of parameters in the database 108. Further, the password server 106 generates a password as a function of the pattern data, the first set of parameters and the second set of parameters. During the event of authentication of the user, the password server 106 retrieves the second set of parameters assigned to the domain server 1 10, from the database 108, and generates the password as the function of the pattern data, the first set of parameters and the second set of parameters, in accordance with the algorithm. The generation of the password in accordance with various embodiments has been elaborated in the following paragraphs.

[0138] In one embodiment, the password server 106 generates a resultant string by combining the pattern data, the first set of parameters and the second set of parameters. In one embodiment, the resultant string is generated through straight concatenation of the pattern data, the first set of parameters and the second set of parameters. In another embodiment the resultant string is generated through combining substrings of the pattern data, the first set of parameters and the second set of parameters. The generation if the resultant string is carried out in accordance with the algorithm. [0139] F urther, the password server 106 applies a hashing function to the resultant string to generate a second resultant string. In one embodiment, the hashing function is bcrypt The password server 106 hashes the second resultant string a plurality of times to generate the password. The number of times the second resultant string is hashed is again in accordance with the algorithm. In one embodiment of the invention, the password server 106 then verifies the password with the password policy of the domain server 1 10, stored in the database 108. F urther, the password server 106 verifies the password for presence of a plurality of exclusions. In one embodiment, the plurality of exclusions include keyboard sequences (such as qwertyj, numeric sequences (e.g. 12345), phone numbers, the user identifier, repeated characters (e.g. 1 1 1 1 or bbbb) and excluded special characters (e.g. {} :;). In one embodiment of the invention, the password comprises at least one alphabetical character in lower case, at least one alphabetical character in uppercase, at least one numeric character and at least one special character.

[0140] At step 670, the password is received at the first client device 102c from the password server 106. The password received from the password server 106 is used by the processor 320 for secure access to the domain database 1 12.

[0141 ] F igure 7 shows an example 700 of the method 600 for secure access to a domain database as described above. A plurality interface variants 710 (for e.g. 710a, 710b, 710c, 71 Od and 71 Oe) are disclosed. At least one of the first processor 320 and the second processor 420 fetch an interface variant from the plurality of interface variants 710. However, it may be understood, that the invention is not limited to the plurality of interface variants 710 illustrated in figure 7. F urther the figure 7 illustrates a plurality of data elements 720 obtained by at least one of the first processor 320 and the second processor 420. F urther, the figure 7 illustrates a plurality of inputs 730 for generation of a password. The plurality of inputs 630 comprise an exemplary first set of parameters 730a, an exemplary second set of parameters 730b. Also, the password server 106 utilizes the plurality of inputs 730 to generate a password 740.

[0142] F igure 8 shows an implementation 800 of the exemplary method 600 illustrated in figure 7 to a domain database using E nglish as the language for textual content. It can be seen from the figure 8 that a password 810 generated by the password server 106 comprises E nglish alphabetical characters.

[0143] F igure 9 shows an implementation 900 of the exemplary method 600 illustrated in figure 7 to a domain database using C hinese as the language for textual content. It can be seen from the figure 8 that a password 910 generated by the password server 106 comprises C hinese alphabetical characters.

[0144] The system and the method for secure access to a domain database described above offer a plurality of advantages in comparison to existing solutions. F irst, the system and the method do not involve storing of the password at either of the plurality of client devices 102 or the password server 106, hence eliminating the risk of password being stolen during hacking attacks. F urther, the strength of the password generated is independent of the skill of the user. S ame interface variant and the pattern of discrete elements can be used to generate different passwords for different domain databases/ servers by the use of different algorithms. F urther, entering a password through a pattern of discrete elements makes it immune to security threats such as keystroke logging. Also, the system and the method are applicable to domain databases having content in a multitude of languages.

[0145] Also, the invention improves personal security by removing human limitations from the password setting and retrieval process, instead replacing it with something that humans are much more comfortable with, i.e., pattern recognition. The inability of humans to remember long random sequences of characters (strong passwords) is replaced with a single pattern. This is the essence of the invention. In the state of the art, responsibility for coming up with passwords is on the individual user. This invention takes ownership of the password process, leaving the user to simply identify themselves with a secret pattern belonging to the user, something which the user is much better equipped cognitively to do.

Interpretation

[0146] Unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms used herein should be interpreted as having a meaning that is consistent with their meaning in the context of this specification and the relevant art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein. F or the purposes of the present invention, additional terms are defined below. F urthermore, all definitions, as defined and used herein, should be understood to control over dictionary definitions, definitions in documents incorporated by reference, and/or ordinary meanings of the defined terms unless there is doubt as to the meaning of a particular term, in which case the common dictionary definition and/or common usage of the term will prevail.

[0147] The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the singular articles a _, an_ and ^"the _ are intended to include the plural forms as well, unless the context clearly indicates otherwise and thus are used herein to refer to one or to more than one (i.e. to at least onej of the grammatical object of the article. By way of example, the phrase an element_, refers to one element or more than one element.

[0148] Throughout this specification, unless the context requires otherwise, the words comprise _, comprises_, and comprising_, will be understood to imply the inclusion of a stated step or element or group of steps or elements but not the exclusion of any other step or element or group of steps or elements.

[0149] The term Yeal-time_, for example ^"displaying real-time data, _, refers to the display of the data without intentional delay, given the processing limitations of the system and the time required to accurately measure the data.

[0150] As used herein, the term exemplary_, is used in the sense of providing examples, as opposed to indicating quality. That is, an exemplary embodiment_, is an embodiment provided as an example, as opposed to necessarily being an embodiment of exemplary quality for example serving as a desirable model or representing the best of its kind. [0151 ] The phrase and/or, _ as used herein in the specification and in the claims, should be understood to mean either or both_ of the elements so conjoined, i.e., elements that are conjunctively present in some cases and disjunctively present in other cases. Multiple elements listed with and/or_ should be construed in the same fashion, i.e., one or more_ of the elements so conjoined. Other elements may optionally be present other than the elements specifically identified by the and/or_ clause, whether related or unrelated to those elements specifically identified. Thus, as a non-limiting example, a reference to ^"A and/or B _, when used in conjunction with open-ended language such as comprising_, can refer, in one embodiment, to A only (optionally including elements other than B); in another embodiment, to B only (optionally including elements other than A); in yet another embodiment, to both A and B (optionally including other elements); etc.

[0152] As used herein in the specification and in the claims, or_ should be understood to have the same meaning as and/or_ as defined above. For example, when separating items in a list or_ or and/or_ shall be interpreted as being inclusive, i.e., the inclusion of at least one, but also including more than one, of a number or list of elements, and, optionally, additional unlisted items. Only terms clearly indicated to the contrary, such as only one of_ or exactly one of, _ or, when used in the claims, consisting of_ will refer to the inclusion of exactly one element of a number or list of elements. In general, the term or_ as used herein shall only be interpreted as indicating exclusive alternatives (i.e. one or the other but not bothj when preceded by terms of exclusivity, such as either, _, one of, _ only one of, _ or exactly one of. _ ^"C onsisting essentially of, _ when used in the claims, shall have its ordinary meaning as used in the field of patent law.

[0153] As used herein in the specification and in the claims, the phrase at least one, _ in reference to a list of one or more elements, should be understood to mean at least one element selected from any one or more of the elements in the list of elements, but not necessarily including at least one of each and every element specifically listed within the list of elements and not excluding any combinations of elements in the list of elements. This definition also allows that elements may optionally be present other than the elements specifically identified within the list of elements to which the phrase at least one _ refers, whether related or unrelated to those elements specifically identified. T hus, as a non- limiting example, at least one of A and B _ (or, equivalently, at least one of A or B, _ or, equivalently at least one of A and/or B J can refer, in one embodiment to at least one, optionally including more than one, A, with no B present (and optionally including elements other than B); in another embodiment, to at least one, optionally including more than one, B, with no A present (and optionally including elements other than A); in yet another embodiment, to at least one, optionally including more than one, A, and at least one, optionally including more than one, B (and optionally including other elements); etc.

Bus

[0154] In the context of this document, the term ^"bus _ and its derivatives, while being described in a preferred embodiment as being a communication bus subsystem for interconnecting various devices including by way of parallel connectivity such as Industry S tandard Architecture (ISA), conventional P eripheral C omponent Interconnect (PCI) and the like or serial connectivity such as PC I E xpress (PCIe), S erial Advanced Technology Attachment (S erial ATA) and the like, should be construed broadly herein as any system for communicating data.

In accordance with:

[0155] As described herein, :in accordance with^" may also mean :as a function of^" and is not necessarily limited to the integers specified in relation thereto.

C omposite items

[0156] As described herein, :a computer implemented method^" should not necessarily be inferred as being performed by a single computing device such that the steps of the method may be performed by more than one cooperating computing devices.

[0157] S imilarly objects as used herein such as :web server^ :server^ xlient computing device ^" computer readable medium^" and the like should not necessarily be construed as being a single object and may be implemented as a two or more objects in cooperation, such as, for example, a web server being construed as two or more web servers in a server farm cooperating to achieve a desired goal or a computer readable medium being distributed in a composite manner, such as program code being provided on a compact disk activatable by a license key downloadable from a computer network.

Database:

[0158] In the context of this document, the term ^"database_, and its derivatives may be used to describe a single database, a set of databases, a system of databases or the like. The system of databases may comprise a set of databases wherein the set of databases may be stored on a single implementation or span across multiple implementations. The term ^"database_, is also not limited to refer to a certain database format rather may refer to any database format For example, database formats may include MyS Q L, MyS Q Li , X ML or the like.

Wireless:

[0159] The invention may be embodied using devices conforming to other network standards and for other applications, including, for example other W LAN standards and other wireless standards. Applications that can be accommodated include IE E E 802.1 1 wireless LANs and links, and wireless E thernet.

[0160] In the context of this document, the term ^"wireless _ and its derivatives may be used to describe circuits, devices, systems, methods, techniques, communications channels, etc., that may communicate data through the use of modulated electromagnetic radiation through a non-solid medium. The term does not imply that the associated devices do not contain any wires, although in some embodiments they might not. In the context of this document the term "wired_, and its derivatives may be used to describe circuits, devices, systems, methods, techniques, communications channels, etc., that may communicate data through the use of modulated electromagnetic radiation through a solid medium. The term does not imply that the associated devices are coupled by electrically conductive wires.

P rocesses:

[0161 ] Unless specifically stated otherwise, as apparent from the following discussions, it is appreciated that throughout the specification discussions utilizing terms such as ^"processing_., computing_., calculating_., ^"determining_., "analysing_, or the like, refer to the action and/or processes of a computer or computing system, or similar electronic computing device, that manipulate and/or transform data represented as physical, such as electronic, quantities into other data similarly represented as physical quantities.

P rocessor:

[0162] In a similar manner, the term ^"processor_, may refer to any device or portion of a device that processes electronic data, e.g., from registers and/or memory to transform that electronic data into other electronic data that, e.g., may be stored in registers and/or memory. A ^"computer_, or a ^"computing device_, or a "computing machine_, or a ^"computing platform_, may include one or more processors.

[0163] The methodologies described herein are, in one embodiment, performable by one or more processors that accept computer-readable (also called machine- readable) code containing a set of instructions that when executed by one or more of the processors carry out at least one of the methods described herein. Any processor capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken are included. T hus, one example is a typical processing system that includes one or more processors. The processing system further may include a memory subsystem including main RAM and/or a static RAM, and/or RO M.

C omputer-R eadable Medium:

[0164] F urthermore, a computer-readable carrier medium may form, or be included in a computer program product. A computer program product can be stored on a computer usable carrier medium, the computer program product comprising a computer readable program means for causing a processor to perform a method as described herein. Networked or Multiple P rocessors:

[0165] In alternative embodiments, the one or more processors operate as a standalone device or may be connected, e.g., networked to other processor(s), in a networked deployment, the one or more processors may operate in the capacity of a server or a client machine in server-client network environment or as a peer machine in a peer-to-peer or distributed network environment The one or more processors may form a web appliance, a network router, switch or bridge, or any machine capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that machine.

[0166] Note that while some diagram(s) only show(s) a single processor and a single memory that carries the computer-readable code, those in the art will understand that many of the components described above are included, but not explicitly shown or described in order not to obscure the inventive aspect. For example, while only a single machine is illustrated, the term ^"machine _, shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein.

Additional E mbodiments:

[0167] Thus, one embodiment of each of the methods described herein is in the form of a computer-readable carrier medium carrying a set of instructions, e.g., a computer program that are for execution on one or more processors. T hus, as will be appreciated by those skilled in the art, embodiments of the present invention may be embodied as a method, an apparatus such as a special purpose apparatus, an apparatus such as a data processing system, or a computer-readable carrier medium. The computer-readable carrier medium carries computer readable code including a set of instructions that when executed on one or more processors cause a processor or processors to implement a method. Accordingly, aspects of the present invention may take the form of a method, an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. F urthermore, the present invention may take the form of carrier medium (e.g., a computer program product on a computer-readable storage medium) carrying computer-readable program code embodied in the medium.

Carrier Medium:

[0168] The software may further be transmitted or received over a network via a network interface device. While the carrier medium is shown in an example embodiment to be a single medium, the term carrier medium_, should be taken to include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and servers) that store the one or more sets of instructions. T he term carrier medium_, shall also be taken to include any medium that is capable of storing, encoding or carrying a set of instructions for execution by one or more of the processors and that cause the one or more processors to perform any one or more of the methodologies of the present invention. A carrier medium may take many forms, including but not limited to, non-volatile media, volatile media, and transmission media.

Implementation:

[0169] It will be understood that the steps of method discussed are performed in one embodiment by an appropriate processor (or processors) of a processing (i.e., computer) system executing instructions (computer-readable code) stored in storage. It will also be understood that the invention is not limited to any particular implementation or programming technique and that the invention may be implemented using any appropriate techniques for implementing the functionality described herein. The invention is not limited to any particular programming language or operating system.

Means F or C arrying out a Method or F unction

[0170] F urthermore, some of the embodiments are described herein as a method or combination of elements of a method that can be implemented by a processor of a processor device, computer system, or by other means of carrying out the function. T hus, a processor with the necessary instructions for carrying out such a method or element of a method forms a means for carrying out the method or element of a method. F urthermore, an element described herein of an apparatus embodiment is an example of a means for carrying out the function performed by the element for the purpose of carrying out the invention.

C onnected

[0171 ] S imilarly, it is to be noticed that the term connected, when used in the claims, should not be interpreted as being limitative to direct connections only. Thus, the scope of the expression a device A connected to a device B should not be limited to devices or systems wherein an output of device A is directly connected to an input of device B. It means that there exists a path between an output of A and an input of B which may be a path including other devices or means. "Connected_, may mean that two or more elements are either in direct physical or electrical contact or that two or more elements are not in direct contact with each other but yet still co-operate or interact with each other.

E mbodiments:

[0172] R eference throughout this specification to one embodiment_, or an embodiment_, means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, appearances of the phrases ^"in one embodiment_, or ^"in an embodiment_, in various places throughout this specification are not necessarily all referring to the same embodiment, but may. F urthermore, the particular features, structures or characteristics may be combined in any suitable manner, as would be apparent to one of ordinary skill in the art from this disclosure, in one or more embodiments.

[0173] S imilarly it should be appreciated that in the above description of example embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect inventive aspects lie in less than all features of a single foregoing disclosed embodiment Thus, the claims following the Detailed Description of S pecific E mbodiments are hereby expressly incorporated into this Detailed Description of S pecific E mbodiments, with each claim standing on its own as a separate embodiment of this invention.

[0174] F urthermore, while some embodiments described herein include some but not other features included in other embodiments, combinations of features of different embodiments are meant to be within the scope of the invention, and form different embodiments, as would be understood by those in the art. For example, in the following claims, any of the claimed embodiments can be used in any combination.

S pecific Details

In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In other instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.

[0175] It will be appreciated that the methods and systems described/illustrated above at least substantially provide a solution for secure access to a domain database and makes it easy for a user to login to plurality of domains without remembering credentials for each one of the domain.

[0176] The embodiments described herein, and/or shown in the drawings, are presented by way of example only and are not limiting as to the scope of the invention. Unless otherwise specifically stated, individual aspects and components of the embodiments may be modified, or may have been substituted therefore known equivalents, or as yet unknown substitutes such as may be developed in the future or such as may be found to be acceptable substitutes in the future. The embodiments may also be modified for a variety of applications while remaining within the scope and spirit of the claimed invention, since the range of potential applications is great and since it is intended that the present invention be adaptable to many such variations. Terminology

[0177] In describing the preferred embodiment of the invention illustrated in the drawings, specific terminology will be resorted to for the sake of clarity. However, the invention is not intended to be limited to the specific terms so selected, and it is to be understood that each specific term includes all technical equivalents which operate in a similar manner to accomplish a similar technical purpose.

Different Instances of Objects

[0178] As used herein, unless otherwise specified the use of the ordinal adjectives "first_., ^"second_,, ^"third _, etc., to describe a common object, merely indicate that different instances of like objects are being referred to, and are not intended to imply that the objects so described must be in a given sequence, either temporally, spatially, in ranking, or in any other manner.

C omprising and Including

[0179] In the claims which follow and in the preceding description of the invention, except where the context requires otherwise due to express language or necessary implication, the word ^"comprise _, or variations such as ^"comprises _, or "comprising_, are used in an inclusive sense, i.e. to specify the presence of the stated features but not to preclude the presence or addition of further features in various embodiments of the invention.

[0180] Any one of the terms: including or which includes or that includes as used herein is also an open term that also means including at least the elements/features that follow the term, but not excluding others. T hus, including is synonymous with and means comprising.

S cope of Invention

[0181 ] Thus, while there has been described what are believed to be the preferred embodiments of the invention, those skilled in the art will recognize that other and further modifications may be made thereto without departing from the spirit of the invention, and it is intended to claim all such changes and modifications as fall within the scope of the invention. F unctionality may be added or deleted from the block diagrams and operations may be interchanged among functional blocks. Steps may be added or deleted to methods described within the scope of the present invention.

[0182] Although the invention has been described with reference to specific examples, it will be appreciated by those skilled in the art that the invention may be embodied in many other forms.

C hronological order

[0183] For the purpose of this specification, where method steps are described in sequence, the sequence does not necessarily mean that the steps are to be carried out in chronological order in that sequence, unless there is no other logical manner of interpreting the sequence.

Industrial Applicability

[0184] It is apparent from the above, that the arrangements described are applicable to the industries dealing with web hosting, network security, banking, social networking and e-commerce etc.

Claims

C laims

1. A system for providing a secure access to a domain database operably connected to a domain server, wherein the domain server is operably connected to a network, the system comprising:

a first client device operably connected to the network, the first client device having a first display, a first processor, a first memory and a first input device, the first memory being operably connected to the first processor;

a password server operably connected to the network, the password server further operably connected to a database;

wherein the first memory is configured to store a first computer program code, the first computer program code when executed by the first processor, enables the first processor to:

provide an interface variant comprising a plurality of discrete elements at the first display;

receive a selection, of a pattern of discrete elements from the plurality of discrete elements, made by a user using the first input device, to generate pattern data;

obtain a first set of parameters corresponding to the domain server; transmit the pattern data and the first set of parameters to the password server; and

receive a password from the password server;

wherein the password server is configured to:

receive the pattern data, comprising data corresponding to the pattern of discrete elements, and the first set of parameters;

assign a second set of parameters, at least one parameter of the second set of parameters corresponding to the domain server; store the first set of parameters and the second set of parameters in the database;

generate the password as a function of the pattern data, the first set of parameters and the second set of parameters; and

transmit the password to the first client device.

2. A system as claimed in claim 1 , further comprising a second client device operably connected to the network, the second client device having a second display, a second processor, a second memory and a second input device, the second memory being operably connected to the second processor;

wherein the second memory is configured to store a second computer program code, the second computer program code when executed by the second processor, enables the second processor to:

provide the interface variant comprising the plurality of discrete elements at the second display;

receive the selection, of the pattern of discrete elements from the plurality of discrete elements, made by the user using the second input device to generate the pattern data; and

transmit the pattern data to the password server.

3. The system as claimed in claim 1 , wherein the interface variant is in a form of a rectangular grid and the plurality of discrete elements are provided by the cells of the rectangular grid.

4. The system as claimed in claim 1 , wherein the interface variant is selected by the user from a plurality of interface variants stored in the database.

5. The system as claimed in claim 1 , wherein each instance of selection of a discrete element from the pattern of discrete elements, returns a different numeral.

6. The system as claimed in claim 1 , wherein after each instance of selection of a discrete element from the pattern of discrete elements, the discrete element is displayed in a different colour.

7. The system as claimed in claim 1 , wherein the selection of the pattern of discrete elements is received in a sequence and the pattern data comprises sequence data corresponding to the sequence of selection of the pattern of discrete elements.

8. The system as claimed in claim 1 , wherein the number of discrete elements in the pattern of discrete elements is greater than a threshold value.

9. The system as claimed in claim 1 , wherein the pattern data and the first set of parameters are transmitted to the password server in response to receiving a verification code generated by the domain server.

10. T he system as claimed in claim 1 , wherein the first set of parameters comprise a domain name, a user identifier, an interface variant number and a language key.

1 1. T he system as claimed in claim 10, wherein the password server is further configured to add a first salt value to the domain name and a second salt value to the user identifier.

12. T he system as claimed in claim 1 , wherein the second set of parameters comprise an algorithm version and a password version.

13. T he system as claimed in claim 12, wherein the password server is further configured to increment the password version to a next value in an event of the user being required to generate a new password.

14. T he system as claimed in claim 1 , wherein the password server is further configured to verify the password with a password policy of the domain server.

15. T he system as claimed in claim 1 , wherein the password server is further configured to verify the password for presence of a plurality of exclusions.

16. T he system as claimed in claim 15, wherein the plurality of exclusions comprise keyboard sequences, numeric sequences, phone numbers, a user identifier, repeated characters and excluded special characters.

17. T he system as claimed in claim 1 , wherein the password comprises at least one alphabetical character in lower case, at least one alphabetical character in uppercase, at least one numeric character and at least one special character.

18. A computer implemented method for providing a secure access to a domain database operably connected to a domain server, wherein the domain server is operably connected to a network, the method comprising the steps of: providing an interface variant comprising a plurality of discrete elements to a user;

receiving a selection of a pattern of discrete elements from the plurality of discrete elements, made by the user;

generating pattern data based on the selection;

transmitting the pattern data to a password server;

obtaining a first set of parameters corresponding to the domain server at a first client device;

transmitting the first set of parameters to the password server from the first client device; and

receiving a password at the first client device from the password server; wherein the password server is configured to:

assign a second set of parameters, at least one parameter of the second set of parameters corresponding to the domain server; store the first set of parameters and the second set of parameters in a database;

transmit the password to the first client device.

19. T he computer implemented method as claimed in claim 18, wherein the interface variant is provided at, at least one of a first display of the first client device and a second display of a second client device.

20. T he computer implemented method as claimed in claim 18, wherein the interface variant is in a form of a rectangular grid and the plurality of discrete elements are provided by the cells of the rectangular grid.

21. T he computer implemented method as claimed in claim 18, further comprising the step of selecting the interface variant, by the user, from a plurality of interface variants stored in the database.

22. T he computer implemented method as claimed in claim 18, wherein each instance of selection of a discrete element from the pattern of discrete elements, returns a different numeral.

23. T he computer implemented method as claimed in claim 18, wherein after each instance of selection of a discrete element from the pattern of discrete elements, the discrete element is displayed in a different colour.

24. T he computer implemented method as claimed in claim 18, wherein the selection of the pattern of discrete elements is received in a sequence and the pattern data comprises sequence data corresponding to the sequence of selection of the pattern of discrete elements.

25. T he computer implemented method as claimed in claim 18, wherein a number of discrete elements in the pattern of discrete elements is greater than a threshold value.

26. T he computer implemented method as claimed in claim 18, wherein the pattern data and the first set of parameters are transmitted to the password server in response to receiving a verification code generated by the domain server.

27. T he computer implemented method as claimed in claim 18, wherein the first set of parameters comprise a domain name, a user identifier, an interface variant number and a language key.

28. T he computer implemented method as claimed in claim 27, wherein the password server adds a first salt value to the domain name and a second salt value to the user identifier.

29. T he computer implemented method as claimed in claim 18, wherein the second set of parameters comprise an algorithm version and a password version.

30. T he computer implemented method as claimed in claim 29, wherein the password server further increments the password version to a next value in an event of the user being required to generate a new password.

31. T he computer implemented method as claimed in claim 18, wherein the password server verifies the password with a password policy of the domain server.

32. T he computer implemented method as claimed in claim 18, wherein the password server further verifies the password for presence of a plurality of exclusions.

33. T he computer implemented method as claimed in claim 32, wherein the plurality of exclusions comprise keyboard sequences, numeric sequences, phone numbers, a user identifier, repeated characters and excluded special characters.

34. T he computer implemented method as claimed in claim 18, wherein the password comprises at least one alphabetical character in lower case, at least one alphabetical character in uppercase, at least one numeric character and at least one special character.

35. A password server operably connected to a database, for generating a password for facilitating secure access to a domain database operably connected to a domain server, wherein the password server is configured to:

receive pattern data, comprising data corresponding to a pattern of discrete elements, and a first set of parameters corresponding to the domain server;

assign a second set of parameters, at least one parameter of the second set of parameters corresponding to the domain server;

store the first set of parameters and the second set of parameters in the database;

generate a password as a function of the pattern data, the first set of parameters and the second set of parameters; and

transmit the password to a first client device.

36. T he password server as claimed in claim 35, wherein the password server is configured to receive the pattern data from at least one of the first client device and a second client device.

37. T he password server as claimed in claim 35, wherein the first set of parameters comprise a domain name, a user identifier, an interface variant number and a language key.

38. T he password server as claimed in claim 37, further configured to add a first salt value to the domain name and a second salt value to the user identifier.

39. T he password server as claimed in claim 35, wherein the second set of parameters comprise an algorithm version and a password version.

40. T he password server as claimed in claim 39, further configured to increment the password version to a next value in an event of the user being required to generate a new password.

41. T he password server as claimed in claim 35, further configured to verify the password with a password policy of the domain server.

42. T he password server as claimed in claim 35, further configured to verify the password for presence of a plurality of exclusions.

43. T he password server as claimed in claim 42, wherein the plurality of exclusions comprise keyboard sequences, numeric sequences, phone numbers, a user identifier, repeated characters and excluded special characters.

44. T he password server as claimed in claim 35, wherein the password comprises at least one alphabetical character in lower case, at least one alphabetical character in uppercase, at least one numeric character and at least one special character.