[0001] The present disclosure relates, in general, to an authentication system, and more specifically, relates to a system and method to generate graphical password to authenticate user session.

BACKGROUND
[0002] Nowadays the biggest problem is security threat as passwords get leaked and people suffer huge losses Computing device may contain sensitive data that a user does not want disseminated to the public. Similarly, a service, such as an e-mail account, banking service, social network, or remote work computer access, may contain important data, which need to be secured. Thus, the computing device may use password protection system to restrict access to only authorized users, login interface may query the user for password having a series of characters, such as letters, numbers, and the like and an authentication service may deny access to the user if the characters does not match with the users.
[0003] Password that is complex enough to provide a proper level of protection may be too difficult for a user to remember. Most users may often use easily determined passwords to login any services. However, users that use a properly complex password may often forget the password, leading to a very frustrating user experience.
[0004] Therefore, there is a need for a means that can generate a graphical representation of password by solving aforementioned problems.

OBJECTS OF THE PRESENT DISCLOSURE
[0005] An object of the present disclosure relates, in general, to an authentication system, and more specifically, relates to a system and method to generate graphical password to authenticate user session.
[0006] Another object of the present disclosure is to provides a system that can perform image authentication to improve the security.
[0007] Another object of the present disclosure is to provides a system that can generate graphical password schemes to provide a way of making more human-friendly passwords.
[0008] Another object of the present disclosure is to provides a system that can prevent attacks from malicious users.
[0009] Another object of the present disclosure is to provides a system that can prevent unauthorized access to the user computing device.
[0010] Yet another object of the present disclosure is to provide a system with image-based authentication technique can offers benefits over personal identification number (PINs) and textual passwords, especially for the visually inclined users.

SUMMARY
[0011] The present disclosure relates, in general, to an authentication system, and more specifically, relates to a system and method to generate graphical password to authenticate user session.
[0012] In an aspect, the present disclosure provides a system for authentication of user session, the system including, an information input unit adapted to receive one or more images from user to authenticate user session, a processor operatively coupled with a memory, said memory storing instructions executable by the processor to receive, from the information input unit, the one or more images, analyse, the received one or more images to extract a set of values from the one or more images, and determine, the extracted set of values based on matching of the extracted set of values with a reference set of values, wherein, based on the matching of the extracted set of values of the one or more images from the reference set of values, the processor is configured to authenticate access to the user session.
[0013] In an embodiment, the processor can be configured to, on determination of deviation of the extracted set of values from the reference set of values, recommend corresponding alteration to counter the deviation.
[0014] In another embodiment, the processor can be operatively coupled to a display device to display the output data to the user.
[0015] In another embodiment, the one or more images can be selected from a group consisting of personalized images, browsed images and stored images.
[0016] In another embodiment, the personalized images can be a combination of image created by the user.
[0017] In another embodiment, the personalized images can be used as password to authenticate user session.
[0018] In another embodiment, the information input unit may include interactive stylus, touch screen and any combination thereof.
[0019] In another embodiment, a communication interface can be operatively coupled to the processor, the communication interface adapted to receive the one or more images to communicate with other networks.
[0020] In an aspect, the present disclosure provides a method for image authentication of user session, the method including obtaining, from an information input unit, one or more images from user to authenticate user session, receiving, at a computing device, from the information input unit, the one or more images, analysing, at the computing device, the received one or more images to extract a set of values from the one or more images, and determining, at the computing device, the extracted set of values based on matching of the extracted set of values with a reference set of values, wherein, based on the matching of the extracted set of values of the one or more images from the reference set of values, the computing device is configured to authenticate access to the user session.
[0021] Various objects, features, aspects, and advantages of the inventive subject matter will become more apparent from the following detailed description of preferred embodiments, along with the accompanying drawing figures in which like numerals represent like components.

BRIEF DESCRIPTION OF THE DRAWINGS
[0022] The following drawings form part of the present specification and are included to further illustrate aspects of the present disclosure. The disclosure may be better understood by reference to the drawings in combination with the detailed description of the specific embodiments presented herein.
[0023] FIG. 1 illustrates an exemplary representation of a system for authentication of user session, in accordance with an embodiment of the present disclosure.
[0024] FIG.2 illustrates exemplary flow diagram of a method for authentication of user session, in accordance with an embodiment of the present disclosure.
[0025] FIG. 3 illustrates an exemplary computer system in which or with which embodiments of the present invention can be utilized in accordance with embodiments of the present disclosure.

DETAILED DESCRIPTION
[0026] The following is a detailed description of embodiments of the disclosure depicted in the accompanying drawings. The embodiments are in such detail as to clearly communicate the disclosure. If the specification states a component or feature “may”, “can”, “could”, or “might” be included or have a characteristic, that particular component or feature is not required to be included or have the characteristic.
[0027] As used in the description herein and throughout the claims that follow, the meaning of “a,” “an,” and “the” includes plural reference unless the context clearly dictates otherwise. Also, as used in the description herein, the meaning of “in” includes “in” and “on” unless the context clearly dictates otherwise.
[0028] The present disclosure relates, in general, to an authentication system, and more specifically, relates to a system and method to generate graphical password to authenticate user session. The system can be based on image/graphic representation that can provide the user with a choice/option to use image/picture/graphics as a password to logon computing devices, websites, web applications and the like. The present disclosure can be described in enabling detail in the following examples, which may represent more than one embodiment of the present disclosure.
[0029] FIG. 1 illustrates an exemplary representation of a system for authentication of user session, in accordance with an embodiment of the present disclosure.
[0030] Referring to FIG.1, system 100 (also referred to as a user authentication system 100, herein) can be configured to generate graphical/image password for authentication of user session in a computing device. The user session may include websites, web applications and the like. The computing device is in this example may act as the user authentication system 100, and may include information input unit 102, a processor 104, a memory 106, a display device108 and a communication interface110.
[0031] In an embodiment, the computing device may include laptop, a desktop, a tablet computer, a handheld device, a server and a combination thereof. The information input unit 102 may include one or more mechanisms that can permit user to input one or more images to the computing device to authenticate user session, the information input device 102 may include a keyboard, a mouse, an interactive stylus, a touch screen and the like. The user can generate his/her own image, capture any image, or browse/select any image from the computing device.
[0032] In another embodiment, the image password authentication mechanism can enable user to generate his/her drawings/image with a finger or any suitable mechanism, and the image can be captured to be further ingrained in the memory of the user by allowing the user to supply personalized digital image from the user's own digital image library. While the display with an integrated touch screen may increase the ease of use by allowing the user to directly apply the drawings with the finger, the user may also apply more traditional input methods for authentication. The information input unit 102 can interact with the display device 108 allowing the user to select, upload the input data. The input data uploaded by the user can be the image to uniquely identify the user.
[0033] In another embodiment, the processor 104 can be operatively coupled with a memory 106, said memory 106storing instructions executable by the processor 104 to receive, from the information input unit 102, the one or more images, the processor 104 can analyse, the received one or more images to extract a set of values from the one or more images, the set of values may include the pixel values of the one or more images. The processor 104 can further determine, the extracted set of values based on matching of the extracted set of values with a reference set of values, the reference set of values may include the stored pixel values of the one or more images that the user created or selected earlier during the registration stage, wherein, based on the matching of the extracted set of values of the one or more images from the reference set of values, the processor 104 can be configured to authenticate access to the user session.
[0034] For example, the service administrator may make the user enter the password for authentication, the password image can be anything, the user can write the name 'Sachin Tendulkar' on a piece of paper and click it as an image and make it as his/her password for authentication. If the selected image matches the already stored image as password than other authentication methods can be further used.
[0035] In another embodiment, the processing engine 208 can receive information from the information input unit 102 and display the output data by display device 108. The processor 104 can examine and authenticate alteration or non-alteration of the one or more images using the image data stored in memory 106. For example, the processor 104 can compare image data, which may be obtained by hash value calculated based on the image data thereby performing authentication. If a match is found, the processor 104 can determine non-alteration of the image, but if a match is not found, the processor 104 can determine alteration of the image. The processor 104 can be configured to, on determination of deviation of the extracted set of values from the reference set of values, recommend corresponding alteration to counter the deviation.
[0036] For example, the image password may implement the authentication service while registering into a website or any application, the system 100 can provide the user with choice/ option to use image/ picture as the password to logon handheld devices, smartphones, websites, and other web applications. The user can be allowed to upload the image as his/her password and can re-confirm the password. The image may exist on the computing device, or user may click the image or browse the image from internet. If the selected image matches the already stored image as password than other authentication methods can be further used.
[0037] The user can initiate the registration/ signup process and enter the details such as name, email/ mobile number. Further, the user can create the password using the desired image/ picture from his/ her image gallery or internet, and confirm/ reconfirm the image/ picture as a password. The system 100 can complete the registration process, and the user has to upload the correct image/ picture to access handheld devices/ smartphones/ websites/ web applications and the like.
[0038] In another embodiment, the display device 108 may include one or more mechanisms that output information to the user, including a display screen, one or more speakers and the like. The display device 108 may have an integrated interactive touch screen, allowing users to select data representations on the display screen. The communication interface 110 may include any transceiver-like mechanism that can enable the processor 104 to receive the one or more images from the user for authentication to communicate with other devices or networks.
[0039] The communication interface 110 may include a network interface or a mobile transceiver interface. The communication interface 110 may be a wireless, wired, or optical interface. In one embodiment, the communication interface 110 may include a universal serial bus (USB) interface, a Bluetooth® interface, or other such interface that may be used to attach peripheral devices or pair other computing devices. The memory 106 can be operatively coupled to the processor 104, and can store various data processed by the processor 104. The communication interface 110 can inform the processor 104 of a user's designation, and the display device 108 can display data supplied by the processor 104.
[0040] In another embodiment, the storage device 112 may store a set of instructions detailing a process that when executed by one or more processors 104. The storage device 112 may also be a database or a database interface for storing one or more image password for the user. Thus, the system 100 can generate graphical password schemes to provide a way of making more human-friendly passwords, and to improve the security. The system 100 can prevent attacks from malicious users to prevent unauthorized access to the user computing device. The system 100 with image-based authentication technique can offers benefits over personal identification number. (PINs) and textual passwords, especially for the visually inclined users.
[0041] FIG.2 illustrates exemplary flow chart of the method for, in accordance with an embodiment of the present disclosure.
[0042] Referring to FIG. 2, the method 200 can be implemented using a computing device, which can include one or more processors. The method 200 for image authentication of user session, the method may include obtaining 202, from the information input unit, one or more images from user to authenticate user session associated with the user, receiving 204, at the computing device, from the information input unit, the one or more images, analysing 206, at the computing device, the received one or more images to extract a set of values from the one or more images, and determining, at the computing device, the extracted set of values based on matching of the extracted set of values with a reference set of values, wherein, based on the matching of the extracted set of values of the one or more images from the reference set of values, the computing device can configured to authenticate access to the user session.
[0043] The computing device may include processor 104 that can be in communication with each of a memory, and input/output units.The processor 104 may include a microprocessor or other devices capable of being programmed or configured to perform computations and instruction processing in accordance with the disclosure. Such other devices may include microcontrollers, digital signal processors (DSP), complex programmable logic device (CPLD), field programmable gate arrays (FPGA), application-specific assimilated circuits (ASIC), discrete gate logic, and/or other assimilated circuits, hardware or firmware in lieu of or in addition to a microprocessor.
[0044] The memory 106 can include programmable software instructions that are executed by the processor. The processor 104 may be embodied as a single processor or a number of processors. The processor and a memory may each be, for example located entirely within a single computer or other computing device. The memory 106, which enables storage of data and programs, may include random-access memory (RAM), read-only memory (ROM), flash memory and any other form of readable and writable storage medium.
[0045] FIG. 3 illustrates an exemplary computer system in which or with which embodiments of the present invention can be utilized in accordance with embodiments of the present disclosure.
[0046] As shown in FIG. 3, computer system 300 includes an external storage device 310, a bus 320, a main memory 330, a read only memory 340, a mass storage device 350, communication port 360, and a processor 370. A person skilled in the art will appreciate that computer system may include more than one processor and communication ports. Examples of processor 370 include, but are not limited to, an Intel® Itanium® or Itanium 2 processor(s), or AMD® Opteron® or Athlon MP® processor(s), Motorola® lines of processors, FortiSOC™ system on a chip processors or other future processors. Processor 370 may include various modules associated with embodiments of the present invention. Communication port 360 can be any of an RS-232 port for use with a modem-based dialup connection, a 10/100 Ethernet port, a Gigabit or 10 Gigabit port using copper or fibre, a serial port, a parallel port, or other existing or future ports. Communication port 360 may be chosen depending on a network, such a Local Area Network (LAN), Wide Area Network (WAN), or any network to which computer system connects.
[0047] Memory 330 can be Random Access Memory (RAM), or any other dynamic storage device commonly known in the art. Read only memory 340 can be any static storage device(s) e.g., but not limited to, a Programmable Read Only Memory (PROM) chips for storing static information e.g., start-up or BIOS instructions for processor 370. Mass storage 350 may be any current or future mass storage solution, which can be used to store information and/or instructions. Exemplary mass storage solutions include, but are not limited to, Parallel Advanced Technology Attachment (PATA) or Serial Advanced Technology Attachment (SATA) hard disk drives or solid-state drives (internal or external, e.g., having Universal Serial Bus (USB) and/or Firewire interfaces), e.g. those available from Seagate (e.g., the Seagate Barracuda 7200 family) or Hitachi (e.g., the Hitachi Deskstar 7K1000), one or more optical discs, Redundant Array of Independent Disks (RAID) storage, e.g. an array of disks (e.g., SATA arrays), available from various vendors including Dot Hill Systems Corp., LaCie, Nexsan Technologies, Inc. and Enhance Technology, Inc.
[0048] Bus 320 communicatively couples processor(s) 370 with the other memory, storage, and communication blocks. Bus 320 can be, e.g. a Peripheral Component Interconnect (PCI) / PCI Extended (PCI-X) bus, Small Computer System Interface (SCSI), USB or the like, for connecting expansion cards, drives and other subsystems as well as other buses, such a front side bus (FSB), which connects processor 370 to software system.
[0049] Optionally, operator and administrative interfaces, e.g. a display, keyboard, and a cursor control device, may also be coupled to bus 320 to support direct operator interaction with computer system. Other operator and administrative interfaces can be provided through network connections connected through communication port 360. External storage device 310 can be any kind of external hard-drives, floppy drives, IOMEGA® Zip Drives, Compact Disc - Read Only Memory (CD-ROM), Compact Disc - Re-Writable (CD-RW), Digital Video Disk - Read Only Memory (DVD-ROM). Components described above are meant only to exemplify various possibilities. In no way should the aforementioned exemplary computer system limit the scope of the present disclosure.
[0050] It will be apparent to those skilled in the art that the user authentication system 100 of the disclosure may be provided using some or all of the mentioned features and components without departing from the scope of the present disclosure. While various embodiments of the present disclosure have been illustrated and described herein, it will be clear that the disclosure is not limited to these embodiments only. Numerous modifications, changes, variations, substitutions, and equivalents will be apparent to those skilled in the art, without departing from the spirit and scope of the disclosure, as described in the claims.

ADVANTAGES OF THE PRESENT DISCLOSURE
[0051] The present disclosure provides a system that can perform image authentication to improve the security.
[0052] The present disclosure provides a system that can generate graphical password schemes to provide a way of making more human-friendly passwords.
[0053] The present disclosure provides a system that can prevent attacks from malicious users.
[0054] The present disclosure provides a system that can prevent unauthorized access to the user computing device.
[0055] The present disclosure provides a system with image-based authentication technique can offers benefits over PINs and textual passwords, especially for the visually inclined users.

Claims:1. A system (100) for authentication of user session, the system comprising:
an information input unit (102) adapted to receive one or more images from user to authenticate user session;
a processor (104) operatively coupled with a memory (106), said memory storing instructions executable by the processor to:
receive, from the information input unit, the one or more images;
analyse, the received one or more images to extract a set of values from the one or more images; and
determine, the extracted set of values based on matching of the extracted set of values with a reference set of values,
wherein, based on the matching of the extracted set of values of the one or more images from the reference set of values, the processor (104) is configured to authenticate access to the user session.
2. The system as claimed in claim 1, wherein the processor (104) is configured to, on determination of deviation of the extracted set of values from the reference set of values, recommend corresponding alteration to counter the deviation.
3. The system as claimed in claim 1, wherein the processor (104) is operatively coupled to a display device to display the output data to the user.
4. The system as claimed in claim 1, wherein the one or more images is selected from a group consisting of personalized images, browsed images and stored images.
5. The system as claimed in claim 4, wherein the personalized images is a combination of image created by the user.
6. The system as claimed in claim 5, wherein the personalized images is used as password to authenticate user session.
7. The system as claimed in claim 1, wherein the information input unit (102) comprises interactive stylus, touch screen and any combination thereof.
8. The system as claimed in claim 1, wherein a communication interface (110) operatively coupled to the processor, the communication interface adapted to receive the one or more images to communicate with networks.
9. A method (200) for authentication of user session, the method comprising:
obtaining (202), from an information input unit, one or more images from user to authenticate user session;
receiving (204), at a computing device, from the information input unit, the one or more images;
analysing (206), at the computing device, the received one or more images to extract a set of values from the one or more images; and
determining (208), at the computing device, the extracted set of values based on matching of the extracted set of values with a reference set of values,
wherein, based on the matching of the extracted set of values of the one or more images from the reference set of values, the computing device is configured to authenticate (210) access to the user session.