Authernative, the developer of innovative user authentication and identity management technologies, announced today that the Australian Patent Office has granted the company a patent for a user authentication method.
The newly issued patent number 2004323374 entitled, "Authentication System and Method Based Upon Random Partial Digitized Path Recognition" describes a "what user knows"-based authentication method which overcomes two major deficiencies of passwords: memorization difficulties and low security. To reduce memorization pressure and significantly improve ease of use, the patented technology utilizes a graphical secret pattern on a virtual reference grid, providing an easy way to choose, remember, and enter the user's credentials.
To enhance security, the authentication server never challenges the user to provide the full secret pattern, but instead requests a session-specific random subset of the secret pattern ("One Time Pattern"(TM) (OTP)). This significantly reduces the credential's entropy leakage and renders one-time authentication responses difficult to compromise, protecting users' entered credentials against phishing, key logging, brute force, Trojan horse and other spyware attacks. Moreover, the method's virtual reference grid and the scalable combinatorial capacity of the secret pattern provide high security against guessing attacks. The combination of these security and usability features enables stronger protection against known attacks, while delivering a simple and more engaging user experience.
The authentication method can be used as the single user authentication factor in any networked environment embracing computers, mobile devices, smart cards, or other terminals including, Point-of-Sale, ATM, VoIP or touch screen display. It offers the high security found in hardware-based authenticators while preserving the cost-effective electronic mass deployment and the ease of use typical of passwords. Alternatively, it can be used in combination with a legacy password or another authentication factor, creating a two-factor "strong" user authentication solution.
This patent, along with other recently granted patents (US Patent & TTrademark Office, patent number 7,073,067, titled, "Authentication System and Method Based Upon Random Partial Digitized Path Recognition"; US Patent & Trademark Office, patent number 7,188,314, titled, "System And Method For User Authentication Interface"; European Patent Office, patent number EP1434408, titled, "Authentication System And Method Based Upon Random Partial Pattern Recognition"; and US Patent & Trademark Office, patent number 7,299,356 titled, "Key Conversion Method For Communication Session Encryption And Authentication System") provide for a protected intellectual property and technology foundation for the company's AuthGuard(R) authentication product.
AuthGuard(R) includes patented front-end authentication algorithms, and on the back-end, it utilizes the patented encryption key management system combined with the mutual authentication protocol. As a result, AuthGuard(R) versatile authentication product provides for different methods and levels of authentication which allow balancing security and usability requirements.
AuthGuard(R) product provides one-factor, layered, or multi-factor authentication that is electronically mass deployable, has scalable security, high usability and a low total cost of ownership. Authentication methods include enhanced password, graphical password, one-time challenge one-time response, out-of-band, one-time-pin and secure in-band authentication, integrated with CrosSecure(R) Authernative(R) Cryptographic Module that has been FIPS 140-2 certified by the National Institute of Standards and Technology (USA).
Authernative's granted patent adds to the company's patent portfolio solidifying the company's ability to provide innovative, secure and cost-effective user authentication solutions. With identity theft, cyber crime, and data breaches escalating to an all time high, enterprises, government agencies, online service providers, and consumers can benefit from AuthGuard(R) authentication product to secure access to networks, extranets, portals, applications, data and devices.