WO2022079657A1

WO2022079657A1 - A method and system for authenticating a user

Info

Publication number: WO2022079657A1
Application number: PCT/IB2021/059458
Authority: WO
Inventors: Mark-Anthony Rowland
Original assignee: Vea Technologies Ltd; Vea Technologies Llc
Priority date: 2020-10-15
Filing date: 2021-10-14
Publication date: 2022-04-21
Also published as: ZA202304355B

Abstract

There is provided a computer-implemented method for authenticating a user on a digital platform, the method executed at a server computer and comprising: receiving an authentication request from a client device of the user; retrieving a saved descriptor previously submitted by the user in response to the user having been prompted to select a descriptor; sending a list of descriptors to the client device that includes: the saved descriptor or a derivative thereof and a plurality of decoy descriptors to be presented to the user in a random order; receiving a combination input from the client device consisting of a preconfigured password and at least one additional input element that identifies a descriptor selected by the user from the list of descriptors; and authenticating the user if the combination input matches an expected response, otherwise failing the authentication attempt.

Description

A METHOD AND SYSTEM FOR AUTHENTICATING A USER

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims priority from United States provisional patent application number 63/092,337 filed on 15 October 2020, which is incorporated by reference herein.

FIELD OF THE INVENTION

This invention relates to methods and systems for authenticating user credentials and, more particularly, user identity on a digital platform.

BACKGROUND TO THE INVENTION

Digital platforms that provide for the creation of a user account or profile invariably utilize some form of authentication security in order to protect the user’s account from nefarious parties.

Generally, such platforms make use of a username or other unique identifier associated with the relevant user to identify the correct account or profile, and one or more authentication factors that the user uses to prove to the system that they are who they purport to be. These three factors are generally something you know (for example a secret password or personal identification number (PIN)); something you have (for example a hardware security dongle); or something you are (for example a biometric fingerprint reading or face recognition).

Authentication is more secure when multiple of these factors are required for a login attempt. However, the process also becomes more burdensome to the user as the number of authentication factors increases. This may detract from the user experience of interacting with a particular platform, or may cause the user to opt out of the multi-factor authentication, thereby jeopardizing the security of their account or profile for the sake of an easier and more convenient authentication process. In most multi-factor authentication methods, there is also a time gap between the steps of each authentication factor which may present a window of opportunity for a malicious third party to intercept or solicit information from the unsuspecting user.

For example, some multi-factor authentication make use of a “one-time PIN” or OTP. When a user attempts to authenticate themselves on a secure digital platform, the platform sends a message (typically a Short Message Service or “SMS” message) containing a random string of characters to an enrolled device of the user. These random characters then have to be entered as part of the authentication procedure. This may provide proof that the person performing the authentication is in possession of the enrolled device. Besides providing a second factor of authentication (that is, something you have), the randomness of the OTP also makes it more difficult for a malicious third party to intercept the data and replay it in future attacks, or so the argument goes.

However, there is still a time gap between when a user enters a first authentication factor (for example a static password), and when the user eventually enters the OTP once received, which may present the window of opportunity for the malicious third party to attack.

OTP’s may furthermore present an inconvenience to the user in that the message containing the OTP is often in a parallel application on the same device, or on a different device to the one on which the authentication is being performed. This may require the user to switch to the parallel application (or device) in order to retrieve the OTP, and then return to the application (and device) on which authentication is being performed. Depending on the length of the OTP, the user may forget the OTP while returning to the authentication interface, leading to user frustration and a diminished user experience.

The Applicant considers there to be room for improvement.

The preceding discussion of the background to the invention is intended only to facilitate an understanding of the present invention. It should be appreciated that the discussion is not an acknowledgment or admission that any of the material referred to was part of the common general knowledge in the art as at the priority date of the application.

SUMMARY OF THE INVENTION

In accordance with an aspect of the invention there is provided a computer-implemented method for authenticating a user on a digital platform, the method executed at a server computer and comprising: receiving an authentication request from a client device of the user; retrieving a saved descriptor previously submitted by the user in response to the user having been prompted to select a descriptor; sending a list of descriptors to the client device that includes: the saved descriptor or a derivative thereof, and a plurality of decoy descriptors to be presented to the user in a random order; receiving a combination input from the client device consisting of a preconfigured password and at least one additional input element that identifies a descriptor selected by the user from the list of descriptors; and authenticating the user if the combination input matches an expected response, otherwise failing the authentication attempt.

Further features of the method provide, wherein a derivative of the saved descriptor is sent to the client device in the list of descriptors, the derivative may have been inferred through machine learning methods.

In some embodiments, any of the descriptors may be a text-based descriptive word or phrase, and the combination input may be a combination or mixture of the characters of the saved descriptor and the preconfigured password. In other embodiments, any of the descriptors may be presented graphically, such as with icons or images. The graphical representation may have an experiential or emotive tone that a user may associate with a life event, experience, or a personal preference.

In some embodiments, each descriptor included in the list to be presented to the user may have one or more textual characters associated therewith as labels or identifiers of the respective descriptors, and the additional input element or elements of the combination input may be the textual character or characters associated with the saved descriptor or derivative thereof. The character may be a numeric character indicating the position of each descriptor in the list of descriptors (i.e. T, ‘2’, ‘3’, etc.).

The character may be a numeric character indicating the position of each descriptor in the list of descriptors.

Further features provide for the position of the at least one additional input element of the combination input to be at a fixed position relative to the preconfigured password; alternatively for the position of the at least one additional input element to be at a randomized character position within or relative to the preconfigured password.

In other embodiments, the combination input may comprise the selection of a graphical descriptor, followed or preceded by the input of the preconfigured password. The graphical descriptor and the input of the preconfigured password may be transmitted together.

Further features provide for authenticating the user if the combination input matches an expected response, the authenticating may include comparing a password component of the combination input to a saved password or saved password derivative such as a cryptographic hash of the preconfigured password; and confirming whether the additional input element or elements in the combination input signifies the user’s selection of the saved descriptor.

Further features provide for the saved descriptor to have been previously submitted by the user when creating a user profile or account, or updating the user’s credentials.

In accordance with a further aspect of the invention there is provided a computer-implemented method for authenticating a user on a digital platform, the method executed at a client device and comprising: requesting a remote server to authenticate the user; receiving, in response to the user having been prompted to select a descriptor, a list of descriptors including one saved descriptor previously submitted by the user, or a derivative thereof, and a plurality of decoy descriptors; presenting the user with the list of descriptors in a random order; prompting the user to input a combination of a preconfigured password and at least one additional input element that identifies a descriptor selected by the user from the list of descriptors; and sending the combination input to a server, wherein the server authenticates the user if the combination input matches a response expected by the server, otherwise failing the authentication attempt.

Further features provide, wherein a derivative of the saved descriptor is sent to the client device in the list of descriptors, the derivative may have been inferred through machine learning methods.

In some embodiments, each descriptor included in the list to be presented to the user may have one or more textual characters associated therewith as labels or identifiers of the respective descriptors, and the additional input element or elements of the combination input may be the textual character or characters associated with the saved descriptor. The character may be a numeric character indicating the position of each descriptor in the list of descriptors (i.e. T, ‘2’, ‘3’, etc.).

In accordance with a further aspect of the invention there is provided a system for authenticating a user, the system including a memory for storing computer-readable program code and a processor for executing the computer-readable program code, the system including a server comprising: a database component for retrieving a saved descriptor previously submitted by the user in response to an authentication request being received from a client device of the user; a transmitter for sending a list of descriptors to the client device that includes: the saved descriptor or a derivative thereof, and a plurality of decoy descriptors to be presented to the user in a random order; a receiver for receiving the authentication request from a client device of the user, and for receiving a combination input from the client device consisting of a preconfigured password and at least one additional input element that identifies a descriptor selected by the user from the list of descriptors; and an authentication component for authenticating the user if the combination input matches an expected response, otherwise failing the authentication attempt.

In accordance with a further aspect of the invention there is provided a system for authenticating a user, the system including a memory for storing computer-readable program code and a processor for executing the computer-readable program code, the system including a client device comprising: a receiver for receiving a list of descriptors including: one saved descriptor previously submitted by the user, or a derivative thereof, and a plurality of decoy descriptors in response to sending an authentication request to a server; a user interface component for presenting the user with the list of descriptors in a random order, and for receiving a combination input from the user comprising a preconfigured password and at least one additional input element that identifies the saved descriptor or derivative thereof in the list of descriptors; and a transmitter for sending an authentication request to the server, and for sending the combination input to the server, wherein the server is configured to authenticate the user if the combination input matches a response expected by the server, otherwise failing the authentication attempt.

In accordance with a further aspect of the invention there is provided a computer program product for authenticating a user comprising a computer-readable medium having stored computer- readable program code for performing the steps of: receiving an authentication request from a client device of the user; retrieving a saved descriptor previously submitted by the user in response to the user having been prompted to select a descriptor; sending a list of descriptors to the client device that includes: the saved descriptor or a derivative thereof, and a plurality of decoy descriptors to be presented to the user in a random order; receiving a combination input from the client device consisting of a preconfigured password and at least one additional input element that identifies a descriptor selected by the user from the list of descriptors; and authenticating the user if the combination input matches an expected response, otherwise failing the authentication attempt.

In accordance with a further aspect of the invention there is provided a computer program product authenticating a user comprising a computer-readable medium having stored computer-readable program code for performing the steps of: requesting a remote server to authenticate the user; receiving, in response to the user having been prompted to select a descriptor, a list of descriptors including: one saved descriptor previously submitted by the user, or a derivative thereof, and a plurality of decoy descriptors; presenting the user with the list of descriptors in a random order; prompting the user to input a combination of a preconfigured password and at least one additional input element that identifies the saved descriptor in the list of descriptors; and sending the combination input to a server, wherein the server authenticates the user if the combination input matches a response expected by the server, otherwise failing the authentication attempt.

Further features provide for the computer-readable medium to be a non-transitory computer- readable medium and for the computer-readable program code to be executable by a processing circuit.

Embodiments of the invention will now be described, by way of example only, with reference to the accompanying drawings. BRIEF DESCRIPTION OF THE DRAWINGS

In the drawings:

Figure 1 is a schematic representation of a system for authenticating a user;

Figure 2 is a swim-lane flow diagram of a method in accordance with the invention;

Figure 3 is an exemplary user interface display on a client device during enrolment of a user for capturing a PIN of the user;

Figure 4 is an exemplary user interface display on the client device during enrolment of the user presenting the user with various descriptor categories;

Figure 5 is an exemplary user interface display on the client device during enrolment of the user presenting the user with various descriptors for a chosen descriptor category;

Figure 6 is an exemplary user interface display on the client device during authentication of the user prompting the user for a combination input;

Figure 7 is an alternative to the user interface display of Figure 6 in which an input element associated with a selected descriptor is interposed between the characters of the user’s PIN;

Figure 8 is an alternative exemplary user interface during enrolment of the user in which the descriptors are shown as graphical representations, instead of textual descriptors;

Figure 9 shows an exemplary user interface for providing a combination input with the list of descriptors presented graphically, and in which an input element identifying the selected descriptor is provided by selecting the relevant graphic;

Figure 10 shows an alternative to the user interface of Figure 9 in in which the input element identifying the selected descriptor is provided by dragging the relevant graphic into a designated area; Figure 11 is an exemplary user interface display on the client device during enrolment on which an alternative descriptor category is selected;

Figure 12 is an exemplary user interface display on the client device during enrolment of the user presenting the user descriptors comprising colors;

Figure 13 shows an exemplary user interface for providing a combination input with the list of descriptors presented as colors;

Figure 14 is a block diagram showing functional components of a server;

Figure 15 is a block diagram showing functional components of a client device; and

Figure 16 illustrates an example of a computing device in which various aspects of the disclosure may be implemented.

DETAILED DESCRIPTION WITH REFERENCE TO THE DRAWINGS

Embodiments of a method and a system for authenticating a user on a digital platform are described below. The term “digital platform” may refer to any digitally accessible information system on which a profile or account of a particular user is created, regardless of the type of device or user interface used by the user to access it.

For example, it may refer to a web page that provides a graphical user interface to a user, and that is accessible through a web browser on a computing device. A further example may be a mobile application (or “app”) that is executed on a mobile device of a user (such as a smart phone) on which a graphical user interface is implemented through which the user accesses the digital platform.

The method includes receiving an authentication request from the user. The digital platform may identify the particular user from whom the authentication request is received, and their profile or account, by means of a unique username that was used by the particular user during an enrolment procedure. This example may find application where a platform is accessed through a website using a browser. In the case of an app running on the device owned by the user, the identity of the user (and their profile or account) may be derived and linked to a unique identifier of the mobile device itself, for example using the International Mobile Equipment Identity (IM El) number of the mobile device. After enrolment, during normal use of the digital platform, the user may be required to authenticate themselves from time to time, with a “login” procedure, typically when accessing the digital platform after a period of inactivity, or after the user interface (whether provided by web page or app) was closed and subsequently accessed again.

After having identified the relevant user, a descriptor is retrieved. The descriptor may have been previously submitted by the user. This descriptor may have been previously submitted to the digital platform when the user first enrolled to create their account or profile on the digital platform, or when subsequently updating their authentication details. The submission of this descriptor may have been in response to the user having been prompted to select a descriptor that is memorable to the user. The user may be prompted to first select a category of descriptors from a list of categories, and then selecting a descriptor from a list of descriptors.

For example, the categories of descriptors may include a memorable, personal experience of the user, such as their last holiday; or various favorites of the user such as favorite color, preferred genre of music, etc. A user, once having selected a category of descriptors, may be prompted to select a descriptor that is most applicable to their personal experiences or preferences. For example, if the user selects the “favorite color” descriptor category, the user may be presented with a list of possible colors. The user may then select their own personal favorite color. The descriptors need not be textual, but may be presented as color swatches to the user, or may be images or icons indicative or representative of the relevant descriptors.

In some embodiments, the descriptor or list of descriptors presented to the user for selection may be in a different format than the descriptor or list of descriptors presented to the user for registration during enrolment. For example, if the user selects a set of textual characters, such as "relaxing," as a descriptor during enrolment, the user may be presented with graphical representations which the user would likely correlate with relaxing, such as a beach scene, and images the user would likely correlate with not relaxing, such as a crime scene, during authentication. The correlation considered correct (also termed "the expected response") between the descriptor saved during enrolment (for example, "relaxing") and the descriptor chosen during authentication (for example, the beach scene) may be inferred through statistical analysis and/or machine learning methods. The machine learning methods may include developing a classification model.

In some embodiments, the correct correlation may be determined by a model trained on data inputted or derived from a plurality of individuals. In other embodiments, the model may be trained on a subset of data inputted or derived from a plurality of individuals as determined by features which the user has in common with the individuals whose data was used to train the model (such as a shared demographic, location, interests, associations, personal networks and/or the like, for example).

In yet another embodiment, the correct correlation may be determined by a model trained on data inputted or derived solely from the user. The correlation may be directly inputted by the user (for example if the user selects relaxing and beach scene) during enrolment. The correlation may be derived from direct input by the user (for example, the correlation may be indicated by a model trained by a user's selection to various choices in a quiz). The correlation may be derived from other data sources to which the user has given consent for the server to access, for example a gallery or social media account.

It should therefore be appreciated that the correlation considered correct, or the expected response may vary among users, even if the users were presented with the same descriptors.

During the login procedure, the user is presented with a list of descriptors that includes the retrieved descriptor, or a derivative thereof, as well as a plurality of decoy descriptors, presented in a random order. The user is then prompted to input a combination of a preconfigured password and at least one additional input element that identifies the saved descriptor in the list of descriptors. The password may be a conventional password consisting of a combination of alphanumeric, punctuation, and symbols or special characters. In some implementations, the password may consist exclusively of numeric characters, in which case it will be referred to herein as a personal identification number or “PIN”.

The input combination of the preconfigured password and additional input element may take a variety of different forms. In some implementations, the list of descriptors may be labelled with a textual input character, for example a numeric character. The input element that is input in combination with the preconfigured password may then be the relevant textual character. The textual character or characters may be prepended or appended to the preconfigured password, or the additional input characters may be interposed at designated positions or intervals within the preconfigured password, possibly indicated graphically to the user.

In other implementations, the list of descriptors may be in the forms of images or icons presented on input elements such as buttons, or draggable objects that may be dragged into a designated area to signify its input as an input element.

If the combination input matches an expected response, the user is authenticated, otherwise the authentication attempt will fail. The expected response may be different for each user, even if presented with the same choice of descriptors. In some embodiments, the model which determines the expected response may differ among users. Figure 1 is a schematic diagram which illustrates an exemplary system (100) for authenticating a user. The system (100) includes a client device (102) owned by a user (104). In this embodiment, the client device is a smart phone. The client device (102) is connected to a server (106) via a network, which in this embodiment is the Internet (107). The server (106) is in data communication with a database (108), in which credentials and other authentication information of the user (104) is stored.

The user (104) may use the client device (102) to access a digital platform that is hosted on the server (106). The digital platform may, however, have been hosted on any number of remotely accessible servers. The digital platform requires the user to initially create an account or profile, and to provide authentication details as part of the enrolment process. The digital platform also requires the user (104) to subsequently authenticate themself when accessing the digital platform.

In the present embodiment, a dedicated smart phone application (or “app”) is installed on the client device (102) that provides user access to the digital platform. The digital platform may therefore use unique identifiers of the client device (102), accessible to it by virtue of the execution of the app on the client device, to identify the user (104) and thereby access the authentication credentials of the correct user from the database (108). However, a conventional username, email address, and the like may also be used to identify the user.

In order to authenticate the user (104), the methods in accordance with this invention is executed on the client device (102) and server (106), with data being exchanged between them in the process. An exemplary authentication method (200) is illustrated in the swim-lane flow diagram of Figure 2, in which respective swim-lanes delineate steps, operations or procedures performed by the client device (102) and server (106) respectively, as indicated by the headings in the diagram. The method (200) will also be described with reference to Figures 3 to 13, which illustrate prompts and inputs shown and performed on a user interface presented by the client device (102).

As an initial sequence of steps, the user (104) is required to create a profile or account on the digital platform and may do so using the client device (102). The client device (102) may present the user with the option of enrolling on the platform, or the option of logging onto the platform if they already have a profile on the platform. The user (104) may select the option of enrolling on the platform, after which the client device (102) starts the sequence of steps to enroll (202) the user (104) on the platform. The client device (102) may prompt the user for a unique identifier or handle, by means of which the user profile may be linked to the user (104) on the digital platform. The client device (102) may also prompt the user (104) for miscellaneous personal information, contact information, permissions, preferences and/or the like. The client device then prompts the user for a password and, in this embodiment, the password is a personal identification number or

PIN.

Figure 3 shows an exemplary user interface (300) that may be presented to the user (104) on the client device (102). As seen in Figure 3, the client device may provide the user (104) with a numeric keyboard (302) and character spaces (304) showing the number of numeric characters required. In Figure 3, two of the characters of the user’s PIN have already been entered, indicated by the dots in the first two spaces. When all the PIN characters are inputted by the user (104), the user may select the “Next” button at which time the client device (102) registers (204) the user PIN for subsequent transmission to the server (106). The client device (102) then proceeds to a next user interface display, which presents the user with various categories of descriptors and requiring the user (104) to select a descriptor category. In the exemplary user interface (400) shown in Figure 4, the user (104) has selected the descriptor category “Describe your last holiday”, as indicated by the thick outline of the relevant button.

The user (104) may select the “Next” button to proceed to a user interface on which a plurality of possible descriptors is presented. An example of such a user interface (500) is shown in Figure 5. The user (104) is then required to select a descriptor that accurately describes their own personal experience relevant to the selected descriptor category. In this example, the user (104) has selected the descriptor “Relaxing”, meaning that their personal experience of their last holiday (the descriptor category) was that it was a relaxing holiday (the descriptor). The client device (102) registers (206) the selected descriptor, and the registered (204) PIN and registered descriptor (206) are transmitted to the server along with other relevant information of the user (102) required to create a profile for them on the platform.

Once received, the server (106) creates (208) a user profile for the user (104) on the platform and stores the user information and authentication data in the database (108).

When the user subsequently wishes to access the digital platform, the digital platform requires the user (104) to be authenticated, for example each time they access the digital platform or after a period of inactivity.

This authentication may be performed as part of a login procedure (210) performed by the user (104) on the client device (102), with the client device being in communication with the server (106) during this login procedure. The client device (102) requests (212) or initiates an authorization request in response to the user initiating the login procedure (by, for example, opening the app on the client device (102)). The authorization request (212) includes a user identifier, which in the present embodiment, is a username entered during enrolment. The request is then transmitted to, and received by, the server (106). The server (106) uses this user identifier to retrieve (214) the profile of the user (104) from the database (108). The retrieved (214) information of the user profile includes the descriptor previously registered (206) by the user during the enrolment procedure.

The server (106) then compiles and sends (216) a list of descriptors to the client device (102). This list includes a saved descriptor (or a derivative thereof) of the user that was retrieved (214), as well as decoy descriptors of the same descriptor category. The client device (102) then presents (218) the list of descriptors to the user (104) on a user interface in a randomized order. An example of such an interface (600) is shown in Figure 6, which presents a list (602) of descriptors, including a saved descriptor which in this embodiment was directly chosen by the user, in random order, labelled with a numeric character to indicate its order in the list.

The user interface (600) prompts the user (104) to firstly enter the number of the correct saved descriptor using the numeric keyboard. The user selects and thus identifies the correct saved descriptor by entering the number of the label associated with the correct descriptor, and the user interface (600) then indicates it has been selected by populating a first input character box (604) with a marker. The remainder of the input boxes (605) must then be populated with the user PIN, using the numeric keyboard. In this manner, the user (104) provides a combination input of a preconfigured password (i.e., their PIN) and at least one additional input element that identifies the correct descriptor in the list of descriptors, presently the numeric label displayed next to the relevant descriptor. In this example, the additional input element has therefore been prepended to the preconfigured password (or PIN).

The combination input is received (220) by the client device (102) and then transmitted to the server (106). The combination input, or part thereof, may be cryptographically secured before transmission (forming a derivative of the combination input or part thereof). For example, the password or PIN component of the combination input may be cryptographically hashed before transmitting (with the password or PIN derivative therefore being the cryptographic hash thereof). The entire transmission may also be cryptographically secured. In the example where part of the combination input is cryptographically secured, the hash may be appended to the part that has not been cryptographically secured, or vice versa, prior to transmission.

It should be appreciated that the combination input may be sent as a single input such that there is no time lag between the transmission of the descriptor and the password or PIN component.

The server (106) receives the combination input and compares (222) the combination input with an expected response. In this embodiment, the server (106) compares (224) the received cryptographic hash (the password or PIN component of the combination input) to a saved cryptographic hash of the user’s PIN. If the hashes are mismatched, the authentication fails. If the hashes match, the server continues the authentication by comparing (226) the descriptor (the descriptor component of the combination input) with a saved descriptor. The descriptor need not be a textual comparison, but the server may have assigned a unique identifier (for example a universally unique identifier (UUID)) to the relevant descriptor, and the comparison may be of the UUID representing the relevant descriptor.

If the comparison (222) of the received combination input with the expected response is successful, the user (104) is authenticated (228) and the result communicated to the client device (102). The client device (102) may then present (230) the authentication result to the user (104), with a successful authentication possibly merely being signified by allowing the user (104) access to the platform.

This authentication transmission is therefore not a two-part function that the user has to use in order to enter the authentication information (as would be the case with a password in combination with an OTP, for example). It may be a simpler methodology to interact with, however also more complex than entering a straight-forward static password or PIN. It comprises the user looking at what is presented on the screen (that is, the list of descriptors) and making a visual selection of the correct descriptor. At virtually the same time the user is manually entering the combination of the descriptor and their password or PIN in one process. The user therefore only interacts with the service to authenticate their identity one time, instead of having to do so in a two-stage process (as would be the case with an OTP).

In contrast, when this is done separately (for example by means of an OTP authentication strategy), it creates the opportunity for a malicious third party to either socially or physically hack the authentication procedure. This is due to the fact that, with a two-step process such as a password and OTP authentication method, a time period is created for the malicious third party to try and solicit information. This time period occurs between when a user would have to enter their password or PIN, and submit and response in a secondary challenge/response step.

The authentication method disclosed herein is such that, immediately to authentication, the user knows only what their password or PIN is, but has no knowledge of what they will be entering as the combination input. The user will only be able to determine the complete combination input (consisting of the input element associated with the correct descriptor and their password or PIN) at the exact moment when they are requested to enter the combination input. A malicious third party would have to have a mental understanding of what the user is doing before the user even enters that challenge/response combination input. The probability of a malicious third party being successful in this is very remote within the time it would take the user to input the combination input.

In the previous examples, the user was presented with, and the user subsequently selected, a textual representation of a descriptor. When the user was authenticated, the user entered a textual, numeric input representing the descriptor by prepending it to their PIN to provide the combination input. Various other embodiments are envisaged for the representation and input of descriptors to form the combination input.

Figure 7 shows an example user interface (700), similar to that of Figure 6, on which the user is prompted to provide a combination input. Each of the descriptors in the list of descriptors are again represented by textual, numeric character labels. However, in this embodiment, the user is not prompted to prepend the input element (i.e. the numeric character) with which the descriptor is identified to their PIN. Instead, a random position is indicated where the user must interpose the input element that identifies the descriptor in their PIN. This user interface (700) again provides five input boxes - one for the additional input element (the numeric character identifying the selected descriptor), and four for the user’s PIN. However, the input box for the additional input element is displayed in a manner which is visually different from that of the PIN. In this example, the random position in the combination input is at position 3, with the first two and the last two characters being that of the PIN. The user will therefore begin to enter the first two characters of their PIN, then enter the additional input element (numeric character of the descriptor) at position 3, and then input the remaining two characters of their PIN.

Figure 8 illustrates an alternative representation of descriptors on a user interface (800). In this example, the user has again selected the “describe your last holiday” descriptor category during enrolment. However, when presented with a list of descriptors to select from, the descriptors are not presented in textual form, but are represented graphically using icons or images (802). To select the descriptor for enrolment, the user simply touches or clicks the relevant input element (or button) on which the desired descriptor is displayed. Each one of these graphic descriptors may again have a UUID associated therewith, with the client device (102) and server (108) exchanging the UUID representation of the descriptor during authentication, rather than the descriptor itself. In this enrolment example, the user (104) has selected the “kite surfing” descriptor, which is stored (208) with their profile in the database (108).

Figure 9 shows a corresponding authentication user interface (900) on which the graphic representation of descriptors is used. The list of graphic descriptors (902) are displayed in a randomized list. To identify the correct saved descriptor, the user simply selects or clicks the input element with the correct graphic representation (in this case indicated by a thick border). Each input element (or button) may have a value assigned to it (e.g. the UIIID) that is “input” as the descriptor additional input element, i.e. the input that identifies the descriptor and that forms the descriptor component of the combination input. The user then enters the four digits of their PIN to provide the password component of the combination input.

The client device (102) may then merge the descriptor component and the password component to form the combination input.

Figure 10 shows a variation of the user interface of Figure 9, in which (during authentication) the user does not select or click the graphic descriptor, but drags the input element on which the correct descriptor is displayed into a designated input box.

Figures 1 1 to 13 show enrolment user interfaces (1100, 1200) and an authentication user interface (1300) in which the descriptors are represented by color swatches. Different colors are represented in the black and white representations of Figures 1 1 to 13 by different patterns. The input of a descriptor in these interfaces is performed similarly as in Figures 4 to 6, with the descriptor represented by a numeric character.

Various components may be provided for implementing the method described above with reference to Figure 2. Figure 14 is a block diagram which illustrates exemplary components which may be provided by a server (106) in a system for authenticating a user, and Figure 15 is a block diagram which illustrates exemplary components which may be provided by a client device (102) in a system for authenticating a user.

As shown in Figure 14, the server (106) may include a processor (1402) for executing the functions of components described below, which may be provided by hardware or by software units executing on the server. The software units may be stored in a memory component (1404) and instructions may be provided to the processor (1402) to carry out the functionality of the described components. In some cases, for example in a cloud computing implementation, software units arranged to manage and/or process data on behalf of the server may be provided remotely.

The server (106) includes a database component (1406) enabling read and write operations to the database (108). In particular, the database component (1406) enables retrieving a saved descriptor previously submitted by the user (104) in response to an authentication request being received from a client device (102) of the user (104).

The server (106) includes a transmitter (1408) for sending data to a client device (102). In particular, the transmitter (1208) enables the server (106) to send a list of descriptors to the client device (102) that includes the saved descriptor and a plurality of decoy descriptors to be presented to the user in a random order.

The server (106) also includes a receiver (1410) for receiving the authentication request from the client device (102), and for receiving a combination input from the client device consisting of a password and at least one additional input element that identifies a descriptor selected by the user from the list of descriptors.

The server further includes an authentication component (1412) for comparing the received combination input with an expected response, and for authenticating the user if the combination input matches an expected response, otherwise failing the authentication attempt.

Referring now to Figure 15, the client device (102) may include a processor (1502) for executing the functions of components described below, which may be provided by hardware or by software units executing on the client device (102). The software units may be stored in a memory component (1504) and instructions may be provided to the processor (1502) to carry out the functionality of the described components. In some cases, for example in a cloud computing implementation, software units arranged to manage and/or process data on behalf of the client device (102) may be provided remotely. Some or all of the components may be provided by a software application downloadable onto and executable on the client device (102).

The client device (102) further includes a receiver (1506) for receiving data from the server (106) In particular, the receiver (1506) enables the client device (102) to receive a list of descriptors including one saved descriptor previously submitted by the user and a plurality of decoy descriptors in response to sending an authentication request to a server.

The client device (102) includes a user interface component (1508) for presenting the user with the list of descriptors in a random order, and for receiving a combination input from the user comprising a preconfigured password and at least one additional input element that identifies the saved descriptor in the list of descriptors. The client device (102) further includes a transmitter (1510) for sending data to the server (106). In particular, the transmitter (1510) enables the client device (102) to send an authentication request to the server, and to send the combination input to the server.

Figure 16 illustrates an example of a computing device (1600) in which various aspects of the disclosure may be implemented. The computing device (1600) may be embodied as any form of data processing device including a personal computing device (e.g. laptop or desktop computer), a server computer (which may be self-contained, physically distributed over a number of locations), a client computer, or a communication device, such as a mobile phone (e.g. cellular telephone), satellite phone, tablet computer, personal digital assistant or the like. Different embodiments of the computing device may dictate the inclusion or exclusion of various components or subsystems described below.

The computing device (1600) may be suitable for storing and executing computer program code. The various participants and elements in the previously described system diagrams may use any suitable number of subsystems or components of the computing device (1600) to facilitate the functions described herein. The computing device (1600) may include subsystems or components interconnected via a communication infrastructure (1605) (for example, a communications bus, a network, etc.). The computing device (1600) may include one or more processors (1610) and at least one memory component in the form of computer-readable media. The one or more processors (1610) may include one or more of: CPUs, graphical processing units (GPUs), microprocessors, field programmable gate arrays (FPGAs), application specific integrated circuits (ASICs) and the like. In some configurations, a number of processors may be provided and may be arranged to carry out calculations simultaneously. In some implementations various subsystems or components of the computing device (1600) may be distributed over a number of physical locations (e.g. in a distributed, cluster or cloud-based computing configuration) and appropriate software units may be arranged to manage and/or process data on behalf of remote devices.

The memory components may include system memory (1615), which may include read only memory (ROM) and random access memory (RAM). A basic input/output system (BIOS) may be stored in ROM. System software may be stored in the system memory (1615) including operating system software. The memory components may also include secondary memory (1620). The secondary memory (1620) may include a fixed disk (1621 ), such as a hard disk drive, and, optionally, one or more storage interfaces (1622) for interfacing with storage components (1623), such as removable storage components (e.g. magnetic tape, optical disk, flash memory drive, external hard drive, removable memory chip, etc.), network attached storage components (e.g. NAS drives), remote storage components (e.g. cloud-based storage) or the like.

The computing device (1600) may include an external communications interface (1630) for operation of the computing device (1600) in a networked environment enabling transfer of data between multiple computing devices (1600) and/or the Internet. Data transferred via the external communications interface (1630) may be in the form of signals, which may be electronic, electromagnetic, optical, radio, or other types of signal. The external communications interface (1630) may enable communication of data between the computing device (1600) and other computing devices including servers and external storage facilities. Web services may be accessible by and/or from the computing device (1600) via the communications interface (1630).

The external communications interface (1630) may be configured for connection to wireless communication channels (e.g., a cellular telephone network, wireless local area network (e.g. using Wi-Fi™), satellite-phone network, Satellite Internet Network, etc.) and may include an associated wireless transfer element, such as an antenna and associated circuitry. The external communications interface (1630) may include a subscriber identity module (SIM) in the form of an integrated circuit that stores an international mobile subscriber identity and the related key used to identify and authenticate a subscriber using the computing device (1600). One or more subscriber identity modules may be removable from or embedded in the computing device (1600).

The computer-readable media in the form of the various memory components may provide storage of computer-executable instructions, data structures, program modules, software units and other data. A computer program product may be provided by a computer-readable medium having stored computer-readable program code executable by the central processor (1610). A computer program product may be provided by a non-transient or non-transitory computer- readable medium, or may be provided via a signal or other transient or transitory means via the communications interface (1630).

Interconnection via the communication infrastructure (1605) allows the one or more processors (1610) to communicate with each subsystem or component and to control the execution of instructions from the memory components, as well as the exchange of information between subsystems or components. Peripherals (such as printers, scanners, cameras, or the like) and input/output (I/O) devices (such as a mouse, touchpad, keyboard, microphone, touch-sensitive display, input buttons, speakers and the like) may couple to or be integrally formed with the computing device (1600) either directly or via an I/O controller (1635). One or more displays (1645) (which may be touch-sensitive displays) may be coupled to or integrally formed with the computing device (1600) via a display or video adapter (1640).

The foregoing description has been presented for the purpose of illustration; it is not intended to be exhaustive or to limit the invention to the precise forms disclosed. Persons skilled in the relevant art can appreciate that many modifications and variations are possible in light of the above disclosure.

Any of the steps, operations, components or processes described herein may be performed or implemented with one or more hardware or software units, alone or in combination with other devices. In one embodiment, a software unit is implemented with a computer program product comprising a non-transient or non-transitory computer-readable medium containing computer program code, which can be executed by a processor for performing any or all of the steps, operations, or processes described. Software units or functions described in this application may be implemented as computer program code using any suitable computer language such as, for example, Java™, C++, or Perl™ using, for example, conventional or object-oriented techniques. The computer program code may be stored as a series of instructions, or commands on a non- transitory computer-readable medium, such as a random access memory (RAM), a read-only memory (ROM), a magnetic medium such as a hard-drive, or an optical medium such as a CD- ROM. Any such computer-readable medium may also reside on or within a single computational apparatus, and may be present on or within different computational apparatuses within a system or network.

Flowchart illustrations and block diagrams of methods, systems, and computer program products according to embodiments are used herein. Each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, may provide functions which may be implemented by computer readable program instructions. In some alternative implementations, the functions identified by the blocks may take place in a different order to that shown in the flowchart illustrations.

Some portions of this description describe the embodiments of the invention in terms of algorithms and symbolic representations of operations on information. These algorithmic descriptions and representations, such as accompanying flow diagrams, are commonly used by those skilled in the data processing arts to convey the substance of their work effectively to others skilled in the art. These operations, while described functionally, computationally, or logically, are understood to be implemented by computer programs or equivalent electrical circuits, microcode, or the like. The described operations may be embodied in software, firmware, hardware, or any combinations thereof.

The language used in the specification has been principally selected for readability and instructional purposes, and it may not have been selected to delineate or circumscribe the inventive subject matter. It is therefore intended that the scope of the invention be limited not by this detailed description, but rather by any claims that issue on an application based hereon. Accordingly, the disclosure of the embodiments of the invention is intended to be illustrative, but not limiting, of the scope of the invention set forth in any accompanying claims. Finally, throughout the specification and any accompanying claims, unless the context requires otherwise, the word ‘comprise’ or variations such as ‘comprises’ or ‘comprising’ will be understood to imply the inclusion of a stated integer or group of integers but not the exclusion of any other integer or group of integers.

Claims

CLAIMS:

1. A computer-implemented method for authenticating a user on a digital platform, the method executed at a server computer and comprising: receiving an authentication request from a client device of the user; retrieving a saved descriptor previously submitted by the user in response to the user having been prompted to select a descriptor; sending a list of descriptors to the client device that includes: the saved descriptor or a derivative thereof, and a plurality of decoy descriptors to be presented to the user in a random order; receiving a combination input from the client device consisting of a preconfigured password and at least one additional input element that identifies a descriptor selected by the user from the list of descriptors; and authenticating the user if the combination input matches an expected response, otherwise failing the authentication attempt.

2. The computer-implemented method as claimed in claim 1 , wherein a derivative of the saved descriptor is sent to the client device in the list of descriptors, the derivative having been inferred through machine learning methods.

3. The computer-implemented method as claimed in claim 1 , wherein any of the descriptors is a text-based descriptive word or phrase, and the combination input is a combination or mixture of the characters of the saved descriptor and the preconfigured password.

4. The computer-implemented method as claimed in claim 1 , wherein any of the descriptors is presented graphically.

5. The computer-implemented method as claimed in claim 1 , wherein each descriptor included in the list to be presented to the user has one or more textual characters associated therewith as labels or identifiers of the respective descriptors, and the additional input element or elements of the combination input is the textual character or characters associated with the saved descriptor or derivative thereof.

6. The computer-implemented method as claimed in claim 5, wherein the character is a numeric character indicating the position of each descriptor in the list of descriptors.

7. The computer-implemented method as claimed in claim 1 , wherein the position of the at least one additional input element of the combination input is at a fixed position relative to the preconfigured password.

8. The computer-implemented method as claimed in claim 1 , wherein the position of the at least one additional input element is at a randomized character position within or relative to the preconfigured password.

9. The computer-implemented method as claimed in claim 1 , wherein the combination input comprises a selection of a graphical descriptor followed or preceded by the input of the preconfigured password, wherein the graphical descriptor and the input of the preconfigured password are transmitted together.

10. The computer-implemented method as claimed in claim 1 , including authenticating the user if the combination input matches an expected response, the authenticating including comparing a password component of the combination input to a saved password or saved password derivative such as a cryptographic hash of the preconfigured password; and confirming whether the additional input element or elements in the combination input signifies the user’s selection of the saved descriptor.

1 1. A computer-implemented method for authenticating a user on a digital platform, the method executed at a client device and comprising: requesting a remote server to authenticate the user; receiving, in response to the user having been prompted to select a descriptor, a list of descriptors including: one saved descriptor previously submitted by the user or a derivative thereof, and a plurality of decoy descriptors; presenting the user with the list of descriptors in a random order; prompting the user to input a combination of a preconfigured password and at least one additional input element that identifies a descriptor selected by the user from the list of descriptors; and sending the combination input to a server, wherein the server authenticates the user if the combination input matches a response expected by the server, otherwise failing the authentication attempt.

12. The computer-implemented method as claimed in claim 11 , wherein a derivative of the saved descriptor is sent to the client device in the list of descriptors, the derivative having been inferred through machine learning methods.

13. The computer-implemented method as claimed in claim 1 1 , wherein any of the descriptors is a text-based descriptive word or phrase, and the combination input is a combination or mixture of the characters of the saved descriptor and the preconfigured password.

14. The computer-implemented method as claimed in claim 1 1 , wherein any of the descriptors is presented graphically.

15. The computer-implemented method as claimed in claim 11 , wherein each descriptor included in the list to be presented to the user has one or more textual characters associated therewith as labels or identifiers of the respective descriptors, and the additional input element or elements of the combination input may be the textual character or characters associated with the saved descriptor.

16. The computer-implemented method as claimed in claim 15, wherein the character is a numeric character indicating the position of each descriptor in the list of descriptors.

17. The computer-implemented method as claimed in claim 11 , wherein the position of the at least one additional input element of the combination input is at a fixed position relative to the preconfigured password.

18. The computer-implemented method as claimed in claim 11 , wherein the position of the at least one additional input element is at a randomized character position within or relative to the preconfigured password.

19. The computer-implemented method as claimed in claim 1 1 , wherein the combination input comprises a selection of a graphical descriptor followed or preceded by the input of the preconfigured password, wherein the graphical descriptor and the input of the preconfigured password are transmitted together..

20. A system for authenticating a user, the system including a memory for storing computer- readable program code and a processor for executing the computer-readable program code, the system including a server comprising: a database component for retrieving a saved descriptor previously submitted by the user in response to an authentication request being received from a client device of the user; a transmitter for sending a list of descriptors to the client device that includes: the saved descriptor or a derivative thereof, and a plurality of decoy descriptors to be presented to the user in a random order; a receiver for receiving the authentication request from a client device of the user, and for receiving a combination input from the client device consisting of a preconfigured password and at least one additional input element that identifies a descriptor selected by the user from the list of descriptors; and an authentication component for authenticating the user if the combination input matches an expected response, otherwise failing the authentication attempt.