Method and system for abstracted and randomized one-time use passwords for transactional authentication

Abstract

A security system and method for authenticating a user's access to a system is disclosed. The security system receives an authentication request from the user and responds by generating a security matrix based on a previously stored user keyword and user preference data, the security matrix being different for each authentication request. The security system sends the security matrix to the user and awaits a one-time code in response to the security matrix. The user forms the one-time code based on the user keyword, the user preferences, and the security matrix. The security system validates the one-time code against the security matrix, the keyword, and the user preferences, and responds by sending an authentication result to the user that either permits or denies access to the system. Additionally, the security system sends a success or fail message to the system to be accessed.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS[0001]This application claims priority to U.S. provisional patent application No. 61 / 418,276, filed on Nov. 30, 2010, and titled “METHOD AND SYSTEM FOR ABSTRACTED AND RANDOMIZED ONE-TIME USE PASSWORDS FOR TRANSACTIONAL AUTHENTICATION”, which application is incorporated by reference into the present application. Additionally, this application claims the benefit of U.S. utility application Ser. No. 13 / 281,330, filed on Oct. 24, 2011, and titled “METHOD AND SYSTEM FOR ABSTRACTED AND RANDOMIZED ONE-TIME USE PASSWORDS FOR TRANSACTIONAL AUTHENTICATION”, which application is incorporated by reference into the present application.FIELD OF THE INVENTION[0002]The present invention relates generally to authentication systems and methods and more particularly to authentication systems that are highly secure.DESCRIPTION OF THE RELATED ART[0003]Security relating to personal identity has become the fundamental cornerstone of all transactions in the modern ele...

AI Technical Summary

Benefits of technology

"The present invention is a method for validating a user's authenticity to access a secure system. The method involves receiving an authentication request from the user, generating a security matrix based on the user's ID and user preference data, sending the security matrix to the user, receiving a one-time code from the user, validating the one-time code using the security matrix, the user's keyword, and user preference data, and sending an authentication result to the user. The method ensures that the user's key word is never directly entered during the authentication process and keeps it improbable that the user's keyword can be identified. The strength of the security matrix can be altered by the user to make the determination simpler or more complex. The method can be applied to any system requiring user authentication with minimal changes to the secure system or the user experience. The method works against any transaction that requires a user to validate his identity."

Problems solved by technology

Hash functions and smart security methods between the client and the server make it difficult to reverse-engineer the individual's Password or PIN from a copy of the data.

However, using visual observation along with phishing techniques, most passwords or PINs can be compromised thereby allowing fraudulent transactions to be processed.

Images