US 9,813,411 B2
Method and system of providing a picture password proof of knowledge as a web service
Robert H. Thibadeau, Sr., Pittsburgh, PA (US); and Justin D. Donnell, Verona, PA (US)
Assigned to Antique Books, Inc., Pittsburgh, PA (US)
Appl. No. 14/782,257
Filed by ANTIQUE BOOKS, INC., Pittsburgh, PA (US)
PCT Filed Mar. 31, 2014, PCT No. PCT/US2014/032342
§ 371(c)(1), (2) Date Oct. 2, 2015,
PCT Pub. No. WO2014/165431, PCT Pub. Date Oct. 9, 2014.
Claims priority of provisional application 61/808,905, filed on Apr. 5, 2013.
Prior Publication US 2016/0050198 A1, Feb. 18, 2016
Int. Cl. G06F 7/04 (2006.01); H04L 29/06 (2006.01)
CPC H04L 63/083 (2013.01) [H04L 63/0281 (2013.01); H04L 63/0807 (2013.01); H04L 63/0815 (2013.01); H04L 63/0823 (2013.01)] 23 Claims
OG exemplary drawing
 
1. A picture password server providing a picture password proof of knowledge of an image, said picture password server comprising:
a processor operable to:
create a login token in response to a request for the login token including an identifier which identifies a user when communicating with a relying party server, the request originating from the relying party server;
send the login token to the relying party server;
receive a communication from a client browser, the communication comprising the login token;
in response to verifying that the login token is valid, receive a plurality of actions from the client browser regarding the picture password proof of knowledge of the image;
in response to authenticating the plurality of actions from the client browser regarding the picture password proof of knowledge of the image based on stored information for the identifier, generate and send a communication comprising an authentication token to the client browser;
receive, from the relying party server, a request for an identification token, the request including the authentication token; and
in response to verifying that the authentication token is valid, send a communication comprising the identification token to the relying party server to enable a login to the relying party server at the client browser.