Abstract: A security system and method for authenticating a user's access to a target system is disclosed. The security system receives an authentication request from the user and generates a security matrix which comprises a mapping between each symbol within a symbol set and a code value randomly selected from a distinct code set. The number of elements in the symbol set and in the code set are selected to provide a predetermined level of security against capture of a user-defined keyword by an unauthorised observer. The security system sends the security matrix to the user and awaits a one-time code in response. The user forms the one-time code based on the user keyword and the security matrix. The security system validates the one-time code against the security matrix and the keyword to determine an authentication result, permitting or denying the user access to the target system.

Abstract: A security system and method for authenticating a user's access to a system is disclosed. The security system receives an authentication request from the user and responds by generating a security matrix based on a previously stored user keyword and user preference data, the security matrix being different for each authentication request. The security system sends the security matrix to the user and awaits a one-time code in response to the security matrix. The user forms the one-time code based on the user keyword, the user preferences, and the security matrix. The security system validates the one-time code against the security matrix, the keyword, and the user preferences, and responds by sending an authentication result to the user that either permits or denies access to the system. Additionally, the security system sends a success or fail message to the system to be accessed.