DESC:Field of the invention
The present invention mainly relates to system and method of authenticating users of devices and computer systems and more particularly to a unique authentication method and system using time delays.
Background of the invention
Authentication is well known in the art which is a process or action of verifying the identity of a user before allowing access to the secured resource, and authorization is the process of validating that the authenticated user has been granted permission to access the requested resources.
Further, the authentication is very important because it enables users, administrations to keep their networks secure by permitting only authenticated users (or processes) to access its protected resources, which may include computer systems, servers, devices, networks, databases, websites and other network-based applications or services. Generally, in the secured network the users are usually identified with a user ID with valid credentials.
During authentication, the credentials which is provided by the user are compared to those on file in a database of authorized users' information either on the local operating system or through an authentication server. If the credentials match, and the user is authorized to use the resource
Nowadays, there are multiple authentication methods available to authenticate the user. Some are related to what we know i.e. Passwords, pin, patterns, questions are few of such authentication factors. Some are related to what we have i.e. Token, smart card are few of such authentication factors. Some describes what you are i.e. fingerprint or other biometric method. The biometric methods are broadly classified into soft hard biometric and soft biometric ones. The fingerprint, palm print, iris is few of such hard-biometric authentication factors and typing dynamic, swiping dynamics and mouse movements are few of such soft biometric authentication factors. Some are related to what we do i.e. Application usage patterns, device usage patterns are few of such authentication factors. These factors are playing a great role in authenticating the user.
The password-based authentication is very popular and used by many mailing applications, banking applications, etc., the pin-based authentication is another kind of popular method. It is widely used in ATM machines. Further, pattern is another popular authentication method which is widely used to unlock mobile phones and finger prints, facial recognition-based authentication is also used to unlock mobile phones.
Security Questions based authentication is also used in many applications. For example, security questions will be used to reset the passwords. Biometric authentication is used to utilize government services. Furthermore, the device-based authentication like smartcards are used in many organizations to authenticate their employees. OTP (One Time Password) authentication method is another popular one and it is mainly used for online payments. Soft biometrics like key stroke patterns, swipe patterns and mouse usage patterns are also been use for authentication.
For example, KR20170139483A discloses “Smart Card Comprising Fingerprint Detecting Device” proposes an authentication method using smart card which comprises a finger print detecting device.
Further in document, US20160080384 describes “Methods and Apparatus for DNA-based Authentication System” proposed methods for DNA based authentication. In this prior art, a security system receives a biological sample from a key. The biological sample includes a set of deoxyribonucleic acid (DNA) oligos that represent a code assigned to the key. The set of DNAs oligos is sequenced to obtain a set of read sequences. The set of read sequences is then filtered to identify a set of filtered sequences. The set of filtered sequences is matched to sets of expected sequences, where the sets of expected sequences are assigned to respective keys issued for the security system. Access to a resource is then granted or denied based on whether the set of filtered sequences matches with any set from the sets of expected sequences.
Another document, US 20160026781 discloses “Ear Biometric Capture, Authentication and Identification Method and system”. This prior art discloses an ear-biometrics-based authentication and identification system that includes an ear-image-capture subsystem that generates an image of a user's ear, a template-generation subsystem that extracts features from the generated image to generate a template that is stored in an electronic memory, and a template-comparison subsystem that compares the generated template to previously generated and stored templates in order to identifier the user.
Further document, US20140373132 discloses “Gesture-Based Authentication without Retained Credentialing Gestures”. This prior art describes techniques and apparatuses enabling gesture-based authentication without retained credentialing gestures.
Further document, US 9888377 discloses “Using Personal Computing Device Analytics as a Knowledge Based Authentication Source”. This prior art proposes a method to generate knowledge-based authentication questions by analysing the mobile usage data.
Therefore, there is a need in the art with improved authentication method and systems to solve the above-mentioned limitations.
Summary of the Invention
An aspect of the present invention is to address at least the above-mentioned problems and/or disadvantages and to provide at least the advantages described below.
Accordingly, in one aspect of the present invention relates to a unique method for user authentication, the method comprising: registering a password as a registered password by a user and storing the registered password as a reference password in to a server, wherein the password comprises credentials and a quantified idle time slots incorporate in the credentials 210, receiving the password from the user, the password is entered with credentials and certain quantified idle time slots incorporate in the credentials 220, comparing whether the entered credentials matches with the stored credentials and whether the certain idle time slot incorporate in the credentials as provided by the user matches a stored idle time slot which is incorporate in the credentials during registration 230 and granting access only if the entered credentials matches the stored credentials and the idle time slots incorporate in the credentials by the user matches the stored idle time slot incorporate in the credentials 240.

Another aspect of the present invention relates to a system for user authentication, the system comprising a computing device, wherein the computing device is to receive password from a user, the password comprises credentials and a quantified Idle Time Slots incorporate in the credentials, wherein the credentials and certain quantified Idle Time Slots incorporate in the credentials of the password is stored in an authentication server, the authentication server, wherein the authentication server checks the entered credentials with quantified idle time slots incorporate in the credentials and the stored credentials with idle time slots incorporate in the credentials, wherein the computing device and the authentication server is coupled and configured to perform: registering a password as a registered password by a user and storing the registered password as a reference password in to a server, wherein the password comprises credentials and a quantified idle time slots incorporate in the credentials, receiving the password from the user, the password is entered with credentials and certain quantified idle time slots incorporate in the credentials, comparing whether the entered credentials matches with the stored credentials and whether the certain idle time slot incorporate in the credentials as provided by the user matches a stored idle time slot which is incorporate in the credentials during registration and granting access only if the entered credentials matches the stored credentials and the idle time slots incorporate in the credentials by the user matches the stored idle time slot incorporate in the credentials.
Other aspects, advantages, and salient features of the invention will become apparent to those skilled in the art from the following detailed description, which, taken in conjunction with the annexed drawings, discloses exemplary embodiments of the invention.
Brief description of the drawings
The above and other aspects, features, and advantages of certain exemplary embodiments of the present invention will be more apparent from the following description taken in conjunction with the accompanying drawings in which:
Figure 1 illustrates an “Idle Time Slot” based Authentication Method according to one embodiment of the present invention.
Figure 2 shows a unique method for user authentication according to one embodiment of the present invention.
Figure 3 illustrates a registration screenshot according to one embodiment of the present invention.
Figure 4 illustrates the screenshot of “Idle Time Slot” based Authentication Method where the authentication is failed due to time delays mismatch (even though password matched) according to one embodiment of the present invention.
Figure 5 illustrates the screenshot of “Idle Time Slot” based Authentication Method where authentication is successful because passwords matched, and time delays are also matched according to one embodiment of the present invention.
Persons skilled in the art will appreciate that elements in the figures are illustrated for simplicity and clarity and may have not been drawn to scale. For example, the dimensions of some of the elements in the figure may be exaggerated relative to other elements to help to improve understanding of various exemplary embodiments of the present disclosure. Throughout the drawings, it should be noted that like reference numbers are used to depict the same or similar elements, features, and structures.
Detailed description of the invention
The following description with reference to the accompanying drawings is provided to assist in a comprehensive understanding of exemplary embodiments of the invention as defined by the claims and their equivalents. It includes various specific details to assist in that understanding but these are to be regarded as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. In addition, descriptions of well-known functions and constructions are omitted for clarity and conciseness.
The terms and words used in the following description and claims are not limited to the bibliographical meanings, but, are merely used by the inventor to enable a clear and consistent understanding of the invention. Accordingly, it should be apparent to those skilled in the art that the following description of exemplary embodiments of the present invention are provided for illustration purpose only and not for the purpose of limiting the invention as defined by the appended claims and their equivalents.
It is to be understood that the singular forms “a,” “an,” and “the” include plural referents unless the context clearly dictates otherwise. Thus, for example, reference to “a component surface” includes reference to one or more of such surfaces.
By the term “substantially” it is meant that the recited characteristic, parameter, or value need not be achieved exactly, but that deviations or variations, including for example, tolerances, measurement error, measurement accuracy limitations and other factors known to those of skill in the art, may occur in amounts that do not preclude the effect the characteristic is intended to provide.
Figs. 1 through 5, discussed below, and the various embodiments used to describe the principles of the present disclosure in this patent document are by way of illustration only and should not be construed in any way that would limit the scope of the disclosure. Those skilled in the art will understand that the principles of the present disclosure may be implemented in any suitably arranged communications system. The terms used to describe various embodiments are exemplary. It should be understood that these are provided to merely aid the understanding of the description, and that their use and definitions, in no way limit the scope of the invention. Terms first, second, and the like are used to differentiate between objects having the same terminology and are in no way intended to represent a chronological order, unless where explicitly stated otherwise. A set is defined as a non-empty set including at least one element.
The present invention proposes a novel authentication factor with the concept of time delays during the authentication process. In the present invention, a unique authentication mechanism is proposed by introducing “Time Waiting” during authentications.
A unique authentication mechanism is proposed by introducing time delays during authentication. Such time delay may be referred as “Idle Time Slot”. During registration, the user can use one or more “Idle Time Slot”. For example, the user is registering a password which is “abcd”, and one can configure “Idle Time Slot” of 5 seconds after “a”. It means for successful authentication, the user has to type “a”, then wait exactly 5 seconds, then type “bcd”. If one configures in such a way, the authentication system also expects the password to be enter with configured delays. Even if the intruder gets access to the password “abcd”, the intruder may type it without following the time delay which is set for “Idle Time Slot”. So, the intruder will fail in authentication. Authentic user can type “a”, then waits for 5 seconds, then types “bcd” and succeeds in the authentication.
In another example, for a password, if the user configures the “idle time slot” between 1st and 2nd character of the password with 5-10 seconds, and if his password is “abcd”, then user will type “a”, then waits for 5-10 seconds (at least 5 seconds and at most 10 seconds), then types “b” and types “cd”. Authentication system expects time gap of 5-10 seconds between typing first character of the password (‘a’ in this example) and typing second character of the password (‘b’ in this example). For successful authentication, user has to submit correct password (“abcd” in this example) and user has to wait for configured amount of time while typing that password. Even if the user types the correct password (“abcd” in this example), if he fails to wait 5-10 seconds (at least 5 seconds and at most 10 seconds) between typing ‘a’ and ‘b’) then authentication will fail. Unauthenticated user (if he gets access to password) will try to type “abcd” without following waiting times and fails in the authentication.
In further example, the user may also configure/register multiple idle time slots for a password. For the password “abcd”, user can configure 3 idle time slots. Each idle time slot to denote waiting time between typing 2 consecutive characters of the password (‘a and b’, ‘b and c’ and ‘c and d’ in this example). This multiple “Idle Time Slot” may be applied in various authentication mechanisms like password, pattern, pin, biometric, etc. It is also applicable between different authentication factors in a multi factored authentication. Further, it may also applicable between different levels in a multi-level authentication.
Second aspect of the present invention states that the Idle Time Slot based authentication method is not limited to passwords. It is also applicable to other authentication mechanisms like pin, pattern, etc. Idle Time Slots can be registered along with the credentials as a single entity. For example, password can be “a<5s>bcd”. Here <5s> represents the Idle Time Slot of 5 seconds between ‘a’ and ‘b’. Here ‘<’ and ‘>’ are the special symbols to represent the Idle Time Slot. However, it is one representation. There may be multiple other representations possible to represent credentials and Idle Time Slots together.
Third aspect of the present invention provides a representation and implementation method for Idle Time Slot based authentication. One representation of Idle Time Slot is {Position, Idle Time Duration}. For example, for the password “abcd”, Idle Time Slot {2,5 Seconds} represents insertion of idle time of 5 seconds in the second position. First Position in “a”, 2nd position is after “a”. Position “1” represents a scenario where first wait for idle time duration then type full password. Configuring the Idle Time Slot {5, 5 seconds} for password “abcd” represents scenario of typing “abcd” as usual and then wait exactly 5 seconds before hitting enter. Here the time duration is mentioned in seconds. It can also be any other time unit like minutes, milliseconds etc.
Configuring the Idle Time Slot {6, 5 seconds} for password “abcd” is invalid because password in length of 4. It will become valid if one already defines Idle Time slot with position 5. Similarly, for a password with length ‘m’, one can always configure Idle Time Slots with positions ‘n’ where m is an integer from 1 to m+1. For values of ‘n’ which are greater than ‘m+1’ will be valid only if Idle Time Slots are configured with positions from m+1 to n-1. For example, for password “abcd” (length =4), Idle time slot with position 7 is valid only if one already configures idle time slots with 5 and 6. Otherwise it will be invalid. If Idle time slot with position 5 is 2 seconds, Idle time slot with position 6 is 3 seconds and Idle time slot with position 7 is 4 seconds, the user will type “abcd” usually then waits exactly 9 seconds (2+3+4) before hitting enter.
Fourth aspect of the invention provides another representation for implementation method for Idle Time Slot based authentication. It is hard for the user to exactly execute the time delay. For example, if one configures Idle Time Slot with 5 seconds, it is tough to exactly wait 5 seconds. So, another representation of “Idle Time Slot” is a {Position, }. Where Min_Time and Max_Time are real numbers such that Min_Time<= Max_Time. For example, {2, <5,10>} for password “abcd” says to type “a”, then wait 5 to 10 seconds and type “bcd”.
Fifth aspect of the invention provides a method to use Idle Time Slot based authentication in a multi factored authentication mechanism. It means usage of “Idle Time Slot” while entering a single password or single pin number etc. It can also be applied between multiple authentication factors in a multifactor authentication mechanism. For example, if the authentication mechanism is 2 factored authentications, it may contain a password followed by fingerprint. One can configure Idle Time Slot between them. It means wait for configured amount of time after entering the password and before giving finger print. Thus, one can have Idle Time Slots in multifactor authentication.
Sixth aspect of the invention provides a method to use Idle Time Slot based authentication in a multi-level authentication mechanism. The Idle Time Slots can also be used in multi-level authentication. If authentication mechanism contains multiple levels, one can configure Idle Time Slots between levels of the authentication. For example, if configure Idle Time Slot between “Level 1” and “Level 2” then user will wait configured amount of time after completing “Level 1” and before starting “Level 2”.
Further, the proposed present invention is not limited to passwords. They may be applied to various other kinds of authentication mechanisms. For example, in Pin based authentication, introduce specific time delay while typing PIN. In Pattern based authentication, introduce specific time delay while drawing pattern. In OTP based authentication, introduce specific time delays while typing the OTP. In biometric authentication, introduce specific time delay between 2 finger prints.
The proposed invention can be used
a. To Login into a desktop
Ex: Login into a windows / linux/ ubuntu PC with password /pin with specific time delays
b. Unlock a computing device or gadget
Ex: Unlocking a mobile by entering pin with specific time delays.
Ex: Unlocking a mobile by drawing its pattern with specific delays
c. In remote authentication where the authentication details may be entered at client or browser and they may be transferred to server. At server authentication may happen.
Ex: Login into Online SBI by typing the password with specific delays. Similarly, “Captcha” can also be typed with specific delays.
d. To submit OTPs (One Time Passwords) by typing the OTP with specific time delays
The proposed “Idle time slot” concept is not limited to passwords. It can also be applied to user IDs / Usernames.
Implementation Feasibility for the present invention method:
In generic authentication, a software module captures the user provided password /pin, etc., and compares with the actual ones and if they are matching then the authentication will be success otherwise, authentication will fail. Some will hash the user provided credentials and compares them with the hash values of actual credentials. If they match, authentication will be success. Otherwise, authentication will fail.
In order to use the present invention, the system not only needs the credentials but also needs their timestamps details. For example, if the user submitted password is “abcd”, then the authentication module should also capture the timestamps for each character in the submitted password. It can be accomplished in various ways. One method could be while reading the character from an input device, read the time also. The time can be absolute time or relative time.
Absolute and relative times are explained with the below example for the submitted password “abcd”
Absolute time: {< 10:10:10><10:10:18><10:10:19><10:10:20><10:10:21>}
It indicates,
First character (‘a’) is typed at 10 hours, 10 minutes and 10 seconds.
Second character (‘b’) is typed at 10 hours, 10 minutes and 18 seconds.
Third character (‘c’) is typed at 10 hours, 10 minutes and 19 seconds.
Fourth character (‘d’) is typed at 10 hours, 10 minutes and 20 seconds.
Last character (ENTER) is clicked at 10 hours, 10 minutes and 21 seconds
Relative Time: {<0><8><1><1><1>}
It indicates,
First character (‘a’) is typed
Second character (‘b’) is typed after a time delay of 8 seconds after typing ‘a’
Third character (‘c’) is typed after a time delay of 1 second after typing ‘b’
Fourth character (‘d’) is typed after a time delay of 1 second after typing ‘c’
Last character (ENTER) is clicked after a time delay of 1 second after typing ‘d’.
These are some feasible methods to capture the time delays. One can apply other methods also. With above explained methods, the length of the password can be guessed. To handle it, padding is suggested. It is also suggested to encrypt and send them instead of sending them directly.
As explained above, the timestamps along with the credentials can be captured. Let us call the software component which captures them as the client. Above said implementation can be implemented in the client.
Another software component matches the captured details against actual ones and decides whether the authentication is success or fail. Let us call that component as server component.
In traditional authentication systems, the server checks the user submitted credentials with the actual credentials. In order to use present invention method, the server component could be implemented in the following way.
During registration, the server stores the registered time delays (which are set by the user) apart from the actual credentials.
During authentication checking time, the server checks 2 things:
a. The submitted credentials should match with the actual credentials (Or the hashes of submitted credentials should match with the hashes of actual credentials)
b. The time delays that are introduced by the user while providing the credentials should match with the registered time delays.
For successful authentication, both should match at the server. (Traditional Methods will match only the credentials but not the time delays.)
As explained above, the server may be implemented. In few cases, client and server reside in the same system. For example, Login to a personal laptop, unlocking a mobile phone or tablet, authentication in a desktop-based application, etc. In these cases, capturing of credentials along with their timestamps (client functionality) may be done in the same system and authentication check (server functionality) may be done in the same system. In some cases, client and server resides in different systems. For example, login into Gmail, Login into Online SBI, etc. In such cases, capturing of credentials may happen in the system with which the user is interacting. The captured details may be sent to remote server and the authentication may happen at the remote server and the result of authentication will be communicated to the user.
In the case of remote servers, the captured credential along with their timestamps may be sent to server. It can be accomplished in various ways. One way could be sending the credentials as it can be sent in existing systems. Further, send the timestamps data separately (may be as a network packet). Another way could to club the credentials and timestamps data together and send it to the server as a single data (may be as a single network packet).
Figure 1 illustrates an “Idle Time Slot” based Authentication Method according to one embodiment of the present invention.
The figure shows a “Time Slot” based Authentication Method. “100” represents a registration of password and Idle Time Slot. “101” is the registered password and “102” is the registered “Idle Time Slot”. “200” represents authentication failure scenario even if the password is correct. Authentication failed, because Idle Time Waiting is not performed “201”. “300” represents successful authentication with correct password and correct Idle Time Waiting as described in 301.
Figure 2 shows a unique method for user authentication according to one embodiment of the present invention.
The figure shows the unique method for user authentication, the method comprises few steps: registering a password as a registered password by a user and storing the registered password as a reference password in to a server, wherein the password comprises credentials and a quantified idle time slots incorporate in the credentials 210, receiving the password from the user, the password is entered with credentials and certain quantified idle time slots incorporate in the credentials 220, comparing whether the entered credentials matches with the stored credentials and whether the certain idle time slot incorporate in the credentials as provided by the user matches a stored idle time slot which is incorporate in the credentials during registration 230 and granting access only if the entered credentials matches the stored credentials and the idle time slots incorporate in the credentials by the user matches the stored idle time slot incorporate in the credentials 240.
The granting access only if the entered credential matches the stored credentials and the idle time slots incorporate in certain positions in the credentials by the user matches the stored idle time slot incorporate in corresponding positions in the credentials.
The password has one or more quantified Idle Time Slots incorporate in the credentials. Further, one or more quantified Idle Time Slots are incorporate in any particular positions of the credentials. During registration, the user provides credentials and certain quantified time delays (Idle Time Slots) as a single entity, where “a<5s>bcd”, here abcb represents credentials and 5s represents ideal time slot, and “a<5s>bcd” represents Idle Time Slot of 5 seconds between ‘a’ and ‘bcd’.
In another embodiment, during registration, the user provides credentials and certain quantified time delays (Idle Time Slots) in any position as a separate entity, where one entity represents “abcd” as a credentials and the other entity represents {Position, Idle Time Duration}, the position represents at which position the Idle time slot should come and the idle time duration represents the amount of time delay for the Idle Time Slot in between credentials.
In further embodiment, during registration, the user provides credentials and certain time delays (Idle Time Slots) in any position as a separate entity, where one entity represents “abcd” as a credentials and the other entity represents {Position, }, where the “position” represents at which position the Idle time slot should come and the Min_Time and Max_Time represents that the idle time slot duration is between Min_Time and Max_Time in between credentials.
The authentication server stores the credentials and specific quantified time delays (Idle Time Slots) with position which is provided during registration by the user. The authentication server further captures the timestamps for each credential in the submitted password, where the time can be absolute time or relative time. During authentication, the authentication server matches the entered credentials with idle time slots incorporate in certain positions in the credentials and the stored credentials with idle time slots incorporate in corresponding positions in the credentials, if matches the authentication will be successful.
The authentication method and system are not limited to passwords. It also applicable to other authentication mechanisms like pin, pattern, etc. Further, it may applicable user ID/usernames. The authentication method and system can be used in Local Authentication as well as Remote Authentication. The authentication method and system can also be used in OTP based authentication. Further, the authentication method and system can also be used in multi-factored authentication by plugging specific time delays between different factors of multi-factored authentication. The authentication method and system can also be used in multi-level authentication by plugging specific time delays between different levels of multi-level authentication.
In another embodiment, the present invention relates to a system for user authentication, the system comprising: a computing device, wherein the computing device is to receive password from a user, the password comprises credentials and a quantified Idle Time Slots incorporate in the credentials, wherein the credentials and certain quantified Idle Time Slots incorporate in the credentials of the password is stored in an authentication server, the authentication server, wherein the authentication server checks the entered credentials with quantified idle time slots incorporate in the credentials and the stored credentials with idle time slots incorporate in the credentials, wherein the computing device and the authentication server is coupled and configured to perform: registering a password as a registered password by a user and storing the registered password as a reference password in to a server, wherein the password comprises credentials and a quantified idle time slots incorporate in the credentials, receiving the password from the user, the password is entered with credentials and certain quantified idle time slots incorporate in the credentials, comparing whether the entered credentials matches with the stored credentials and whether the certain idle time slot incorporate in the credentials as provided by the user matches a stored idle time slot which is incorporate in the credentials during registration and granting access only if the entered credentials matches the stored credentials and the idle time slots incorporate in the credentials by the user matches the stored idle time slot incorporate in the credentials.
Figure 3 illustrates a registration screenshot according to one embodiment of the present invention. The figure shows a screenshot of registration page. A sample registration may look as shown in figure 3. User enters the username as “krishna”. One enters the chosen password (say “abcdef”). Then reenters the same password for the confirmation. Then provides the “IdleTimeSlots”. In the above diagram, user has chosen 2 idle time slots (“1,5,10” and “3,2,7”) separated by “@” symbol. In one kind of implementation, each idle time slot is represented as a triple .
Position describes, after typing how many numbers of characters, time delay (idle time slot) has to be introduced. minTime describes the minimum time for the idle time slot. maxTime represents the maximum time for the idle time slot. For example, “1,5,10” represents after typing first character of the password, wait for 5-10 seconds and then type the second character of the password. If one types the 2nd character after a delay of 0-4 seconds, then one will fail. If one types the 2nd character after a delay of 10 seconds, then also authentication will fail. The user is supposed to delay 5-10 seconds time. Similarly, “3,2,7” represents after typing 3rd character of the password, wait for 2-7 seconds and then type the 4th character of the password. However, it is one kind of representation of time slot and one kind of implementation. The proposed authentication method can also be implemented in many other ways.
If password itself is not matched, then the authentication will fail as usual. For successful authentication, along with passwords the time delays (idle time slots) should also match.
Figure 4 illustrates the screenshot of “Idle Time Slot” based Authentication Method where the authentication is failed due to time delays mismatch (even though password matched) according to one embodiment of the present invention.
The figure describes the authentication failure scenario screenshot even if the passwords matched (user provided the same password “abcdef”). It is due to mismatch in time delays (idle time slots). That user has registered 2 idle time slots. For successful authentication all time delays (idle time slots) should match. In figure 4, user failed to implement the registered time delays. So, authentication is failed.
Figure 5 illustrates the screenshot of “Idle Time Slot” based Authentication Method where authentication is successful because passwords matched, and time delays are also matched according to one embodiment of the present invention.
The figure describes the screenshot of successful authentication scenario. User has provided the correct registered password (which is “abcdef”). Further, the user also successfully implemented the registered time delays (idle time slots) which are “1,5,10” and “3,2,7” (by waiting for 5-10 seconds between typing 1st and 2nd characters of the password and by waiting 2-7 seconds between typing 3rd and 4th character of the password).
The figure 2, 3, 4 and 5 represents one kind of implementation of the proposed idle time slot-based authentication method. There may be many other ways of implementations are possible using idle time slot-based authentication method.
Advantages of the present invention
The present invention provides “Idle Time Slot” concept acts as a new authentication factor. With the concept of Idle Time Slots, even if the intruder gets access to the credentials of the user, the intruder cannot succeed in the authentication because the intruder has no clues about the time delays.
In general, intruders try with different passwords to succeed in authentication mechanism. For example, users may use brute force method or dictionary attack etc. In general, they can try many passwords per second. But in the present invention along with passwords, time delays also has to be tried. As they have to implement time delays, they cannot execute more guesses. It becomes very hard for the intruders to crack the proposed method with such approaches.
With fewer efforts, the present invention concept may be plugged into existing authentication mechanisms. It means users can migrate to the present invention method just by plugging specific “Idle Time Slots” into their credentials (without changing the credentials).
Those skilled in this technology can make various alterations and modifications without departing from the scope and spirit of the invention. Therefore, the scope of the invention shall be defined and protected by the following claims and their equivalents.
FIGS. 1-5 are merely representational and are not drawn to scale. Certain portions thereof may be exaggerated, while others may be minimized. FIGS. 1-5 illustrate various embodiments of the invention that can be understood and appropriately carried out by those of ordinary skill in the art.
In the foregoing detailed description of embodiments of the invention, various features are grouped together in a single embodiment for the purpose of streamlining the disclosure. This method of disclosure is not to be interpreted as reflecting an intention that the claimed embodiments of the invention require more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive subject matter lies in less than all features of a single disclosed embodiment. Thus, the following claims are hereby incorporated into the detailed description of embodiments of the invention, with each claim standing on its own as a separate embodiment.
It is understood that the above description is intended to be illustrative, and not restrictive. It is intended to cover all alternatives, modifications and equivalents as may be included within the spirit and scope of the invention as defined in the appended claims. Many other embodiments will be apparent to those of skill in the art upon reviewing the above description. The scope of the invention should, therefore, be determined with reference to the appended claims, along with the full scope of equivalents to which such claims are entitled. In the appended claims, the terms “including” and “in which” are used as the plain-English equivalents of the respective terms “comprising” and “wherein,” respectively.

,CLAIMS:
1. A unique method for user authentication, the method comprising:
registering a password as a registered password by a user and storing the registered password as a reference password into a server, wherein the password comprises credentials and a quantified idle time slots incorporate in the credentials 210;
receiving the password from the user, the password is entered with credentials and certain quantified idle time slots incorporate in the credentials 220;
comparing whether the entered credentials matches with the stored credentials and whether the certain idle time slot incorporate in the credentials as provided by the user matches a stored idle time slot which is incorporate in the credentials during registration 230; and
granting access only if the entered credentials matches the stored credentials and the idle time slots incorporate in the credentials by the user matches the stored idle time slot incorporate in the credentials 240.

2. The method as claimed in claim 1, wherein the password has one or more quantified Idle Time Slots incorporate in the credentials.

3. The method as claimed in claim 1, wherein the one or more quantified Idle Time Slots are incorporate in any particular positions of the credentials.

4. The method as claimed in claim 3, wherein granting access only if the entered credential matches the stored credentials and the idle time slots incorporate in certain positions in the credentials by the user matches the stored idle time slot incorporate in corresponding positions in the credentials.

5. The method as claimed in claim 1, wherein during registration, the user provides credentials and certain quantified time delays (Idle Time Slots) as a single entity, where “a<5s>bcd”, here abcb represents credentials and 5s represents ideal time slot, and “a<5s>bcd” represents Idle Time Slot of 5 seconds between ‘a’ and ‘bcd’.

6. The method as claimed in claim 1, wherein during registration, the user provides credentials and certain quantified time delays (Idle Time Slots) in any position as a separate entity, where one entity represents “abcd” as a credentials and the other entity represents {Position, Idle Time Duration}, the position represents at which position the Idle time slot should come and the idle time duration represents the amount of time delay for the Idle Time Slot in between credentials.

7. The method as claimed in claim 1, wherein during registration, the user provides credentials and certain time delays (Idle Time Slots) in any position as a separate entity, where one entity represents “abcd” as a credentials and the other entity represents {Position, }, where the “position” represents at which position the Idle time slot should come and the Min_Time and Max_Time represents that the idle time slot duration is between Min_Time and Max_Time in between credentials.
8. The method as claimed in claim 1, wherein an authentication server stores the credentials and specific quantified time delays (Idle Time Slots) with position which is provided during registration by the user.

9. The method as claimed in claim 1, wherein during authentication, the authentication server matches the entered credentials with idle time slots incorporate in certain positions in the credentials and the stored credentials with idle time slots incorporate in corresponding positions in the credentials, if matches the authentication will be successful.

10. The method as claimed in claim 1, wherein the authentication server captures the timestamps for each credential in the submitted password, where the time can be absolute time or relative time.

11. A system for user authentication, the system comprising:
a computing device, wherein the computing device is to receive password from a user;
the password comprises credentials and a quantified Idle Time Slots incorporate in the credentials, wherein the credentials and certain quantified Idle Time Slots incorporate in the credentials of the password is stored in an authentication server;
the authentication server, wherein the authentication server checks the entered credentials with quantified idle time slots incorporate in the credentials and the stored credentials with idle time slots incorporate in the credentials;
wherein the computing device and the authentication server is coupled and configured to perform:
registering a password as a registered password by a user and storing the registered password as a reference password into a server, wherein the password comprises credentials and a quantified idle time slots incorporate in the credentials;
receiving the password from the user, the password is entered with credentials and certain quantified idle time slots incorporate in the credentials;
comparing whether the entered credentials matches with the stored credentials and whether the certain idle time slot incorporate in the credentials as provided by the user matches a stored idle time slot which is incorporate in the credentials during registration; and
granting access only if the entered credentials matches the stored credentials and the idle time slots incorporate in the credentials by the user matches the stored idle time slot incorporate in the credentials.