Dual Authentication using a Password Card
A method and apparatus for providing and processing two-factor authentication using a Password Card. There is a need to increase security during the authentication process. There are many existing two-factor authentication that exist providing improvement in security during the authentication process. Most of those existing solutions required to use a mobile phone, an external web site or external electronic devices such as card ids. The need to reduce the cost of using other devices and the effectiveness to be able to create and/or renew such systems are the main reason for this invention. This invention outlines the use of a simple password card that the user can download or print at any time using the internet.
This application is a division of application Ser. No. 15/207,960, filed 17 Jul. 2016.
FIELD OF THE INVENTIONThe present invention relates to systems and methods for two-factor authentication method in information systems.
BACKGROUND OF THE INVENTIONThere is a growing interest in the world of computerized systems to increase security related to authentication. A dual authentication system helps to provide enhance security. There are many dual authentication systems available today using devices and services such as mobile phones, SMS, card ids, etc . . . This invention provides a dual authentication system without the need for an extra electronic device such as a mobile phone or card ids and therefore helps reduce costs while increasing security. Using this invention, a user would save or print a password card which will then be available to confirm a series of character location during the authentication process.
This invention provides more security then other two-factor authentication requiring a PIN since the system inquiry is only the location of characters based on the printed or saved Password Card. If that information was captured by a hacker, it will not compromise the security of the system and the hacker won't be able to provide the answer to the system to complete the two-factor authentication.
This invention helps increase security since the password card can be renewed, or updated while minimizing cost and delays in order for the end user to start using such solution. If a user would use a SMS system for his two-factor authentication, an external service must be available through a mobile phone or a website accessing that SMS Pin information. In the case the user uses a card id, that card id must be issued by a provider and is in the form of an electronic device. A shipment of the device must occurred to the end user which is increasing delay and furthermore that device could be lost. This invention resolve those issues because the password card can be printed, renewed and/or updated, there is no delay or shipment necessary and no extra external devices is required. This invention can be use offline as well without the need of any electronic devices.
BRIEF SUMMARY OF THE INVENTIONIn summary, the Dual Authentication using a password card solution of the present invention provides to the user a more secure and effective way to process two-factor authentication. The system allows the user to save, update and download a password card which is used in the two-factor authentication. The system provides an inquiry of plurality of position of characters and the user must provide the corresponding characters using those position on the Password Card.
The accompanying drawings, which are incorporated herein and form part of the specification, illustrate various embodiments of the present invention and, together with the description, further serve to explain the principles of the invention and to enable a person skilled in the pertinent art to make and use the invention. In the drawings, like reference numbers indicate identical or functionally similar elements.
There are many computerized systems requiring two-factor authentication because of the demand for accessing more secure systems. There are solutions providing two-factor authentication available today but they required the user to use external third party devices or software. For example, in the case of SMS, a user will required to use a mobile phone or an external software to obtain the PIN to complete the process of the two-factor authentication. Another example, using a card id device provided by a bank, a user must turn it on and generate a PIN using that device in order to complete the two-factor authentication. That device is not easily replaceable and that they are substantial delays to receive it or to change it. That device can also be lost leaving the user without access.
This solution provide an effective way to obtain a password card that will be used during the two-factor authentication process and without much delay since it's available online on the internet. An example of a password card is shown in
There is a need for a solution that is effective, minimizing delay for renewal if the system is lost. In the case of this invention, the password card is what the user needs and that password card can be replaced, re-printed or downloaded at any time using internet and as shown in
There is a need for a solution that provides inquiries decreasing the possibilities to be hacked. For example, in the case of SMS, the PIN is sent to the user and could be intercepted by a hacker. In the case of this invention, the inquiry sent to the user is a plurality of position of characters and does not represent the answer to provide in order to complete the two-factor authentication process. This decrease the chance to be hacked and therefore improve security.
After the user enters successfully the login and password to access a system as shown in
Claims
1. A method for providing an apparatus to authenticate into a system securely with a two-factor authentication using a Password Card, the method comprising:
- 1.1. A computer processing system providing validation and generation
- 1.2. A user that desires and use two-factor authentication where a user can be a person or a separated system.
- 1.3. A password card comprising of a visual grid comprising; 1.3.1. plurality of columns and rows and where each cell of that grid contains one character or a plurality of characters
2. The method of claim 1, wherein the password card generated by the system is defined by a plurality of possible characters defined by the user.
3. The method of claim 2, wherein the password card size is defined by the user which is composed of a plurality of columns x and a plurality of rows y.
4. The method of claim 3, wherein the password card can be downloaded and/or printed.
5. The method of claim 3, wherein the system generates an inquiry composed of a plurality of coordinates representing locations of randomly selected characters on the password card.
6. The method of claim 5, wherein the user is presented by the inquiry generated by the system in order to provide to the system the corresponding characters located on the password card.
7. The method of claim 6, wherein the system validates the answer of the inquiry by the user to complete the two-factor authentication successfully or unsuccessfully.
8. The method of claim 3, wherein the user can modify the password card size and the possible characters to be used in the generation of the password card.
Type: Application
Filed: Aug 21, 2017
Publication Date: Jun 28, 2018
Inventor: Patrick Tardif (Elk Grove, CA)
Application Number: 15/681,795