Authernative, a leading developer of innovative user authentication and identity management technologies, announced today that it recently has been granted three patents, two from the United States Patent Office and one from the Japanese Patent Office for its user authentication methods.
The newly issued patent number US 7,681,228 titled "Method of one time authentication response to a session-specific challenge indicating a random subset of a password or PIN character positions" and patent numbers US 7,644,433 and JP 4421892 titled "Authentication System and Method Based upon Random Partial Pattern Recognition" describe "what user knows" authentication methods which provide stronger security than traditional passwords.
The three patents add to Authernative's intellectual property portfolio for authentication methods based on the Random Partial Shared Secret Recognition algorithm, which include different types of knowledge-based shared secrets, such as standard passwords and PINs, enhanced passwords, and pattern-based one-time PINs.
In contrast with the standard static password recognition algorithm which requires the user to enter the entire password in one authentication session, the patented Random Partial Shared Secret Recognition algorithm requests only a random subset of the user's credentials each authentication session. As such, the user never discloses or gives away the entire PIN, password, or pattern-based shared secret during any login session. This technology significantly reduces the credential's entropy leakage and renders one-time authentication responses difficult to compromise. Moreover, the method's virtual keyboards, menus, and grids containing digital content such as letters, numbers, images or colors, enable high combinatorial capacity and an easy cognitive way to select, remember, and enter the user's credentials. The combination of these security and usability features provide stronger protection against known attacks including phishing, key logging, brute force, Trojan horse and other spyware attacks.
The patented technology is one of a number of authentication methods available in Authernative's AuthGuard(R) product. The AuthGuard(R) versatile authentication server offers a range of legacy and innovative authentication methods having scalable security, high usability, electronic deployment, low total cost of ownership, and self-service capabilities. AuthGuard(R) authentication options include enhanced password, pattern-based one-time PIN, one-time challenge one-time response, out-of-wallet questions, out-of-band, OTP, mobile soft client and mutual authentication. These authentication factors, used alone or in combination, allow for one-factor, layered, and multi-factor authentication security. All are provided through a single product suite implemented in a multi-tenant architecture, enabling secure access of different authentication groups. This allows the personalization of the level of security and the ease-of-use particular to users' needs or companies' policies aimed at complying with Government, Financial, and Healthcare security standards.
AuthGuard(R) securely authenticates users over distributed network environments for Web, VPN, Citrix, online collaboration and mobile access to mass consumer providers, enterprises, e-commerce, cloud computing, SaaS, or On-Demand services. The authentication methods can be used from any access device such as computers, mobile devices, smart cards, VoIP terminals, personal media players, Point-of-Sale, ATM, set-top box, or touch screen displays, providing a common user experience.
AuthGuard(R) includes patented front-end authentication algorithms, and on the back-end, it utilizes the patented encryption key management system combined with the mutual authentication protocol. The CrosSecure(R) Authernative(R) Cryptographic Module has been FIPS 140-2 certified by the National Institute of Standards and Technology (USA).
Authernative's granted patents add to the company's patent portfolio solidifying the company's ability to provide innovative, secure and cost-effective user authentication solutions. With identity theft, cyber crime, phishing, and data breaches escalating to an all time high, enterprises, government agencies, online service providers, and consumers can benefit from AuthGuard® authentication product to secure access to networks, extranets, portals, applications, data and mobile devices.