Authentication method

摘要

A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a requester purporting to be an authorized user of a secured resource a request for access by an unauthorized user (such as, for example, a retail store, a service station, an on-line service provider or merchandiser, a healthcare provider, a medical insurer, an information consumer or the like) to the secured resource; a means for generating and communicating to the purported authorized user a challenge string adapted to provide a basis for authenticating the identity of the requester; a means for receiving a response string corresponding to the challenge string; and a means for evaluating the response string to authenticate the identity of the requester.

主权项

1. A method for authenticating the identity of a requester seeking access by a service client to a secured resource, said method comprising the steps of:
receiving with at least one computer a request for access to a secured resource from a requester purporting to be an authorized user of said secured resource; generating a challenge string with said at least one computer, said challenge string being at least a partially random string having a plurality of symbols, wherein at least one of the symbols of the challenge string is a specially-designated symbol indicating the absence from said random string of a single randomly-selected symbol; communicating said challenge string to said authorized user; receiving a response string corresponding to said challenge string; evaluating said response string to authenticate the identity of said requester; wherein said at least one computer comprises at least one processor coupled to at least one processor-readable medium, said at least one processor-readable medium containing a request handler component and an authenticator component.