发明名称 |
Secure authentication systems and methods |
摘要 |
Systems and methods are provided for authentication by combining a Reverse Turing Test (RTT) with password-based user authentication protocols to provide improved resistance to brute force attacks. In accordance with one embodiment of the invention, a method is provided for user authentication, the method including receiving a username/password pair associated with a user; requesting one or more responses to a first Reverse Turing Test (RTT); and granting access to the user if a valid response to the first RTT is received and the username/password pair is valid. |
申请公布号 |
US9306938(B2) |
申请公布日期 |
2016.04.05 |
申请号 |
US201414189152 |
申请日期 |
2014.02.25 |
申请人 |
Intertrust Technologies Corporation |
发明人 |
Pinkas Binyamin;Sander Tomas |
分类号 |
H04L9/32;G06F7/04;G06K9/00;H04L29/06;G06F21/34;G06F21/62 |
主分类号 |
H04L9/32 |
代理机构 |
Finnegan, Henderson, Farabow, Garrett & Dunner, LLP |
代理人 |
Finnegan, Henderson, Farabow, Garrett & Dunner, LLP |
主权项 |
1. A method for user authentication performed by a system comprising a processor and a non-transitory computer-readable storage medium storing instructions that, when executed by the processor, cause the system to perform the method, the method comprising:
receiving a login request from a user attempting to access a resource; determining whether the user possesses a cookie indicating that the user has been previously authenticated; if the user possesses the cookie: receiving a username/password pair associated with the user, determining whether the username/password pair is valid, and selectively granting the user access to the resource if the username/password pair is valid; andif the user does not possess the cookie:
receiving a username/password pair associated with the user, determining whether the username/password pair is valid, and requesting one or more responses to a first Reverse Turing Test (RTT) regardless of whether the username/password pair is valid. |
地址 |
Sunnyvale CA US |