US 12,450,319 B2
System and method for user authentication using a spinning authentication matrix
Ravi Joshi, Pennington, NJ (US); Anna Kristen Pingel Berry, Indian Land, SC (US); Olga Caroline Kocharyan, Matthews, NC (US); Luqman Abdul Hakeem Sharief, Libertyville, IL (US); Shweta Ambulkar, Plainsboro, NJ (US); Angela F. Ianni, Lincoln, RI (US); Michael William Whitaker, Fort Worth, TX (US); and Benjamin Daniel Hardman, Harrisburg, NC (US)
Assigned to Bank of America Corporation, Charlotte, NC (US)
Filed by Bank of America Corporation, Charlotte, NC (US)
Filed on Oct. 10, 2023, as Appl. No. 18/484,400.
Prior Publication US 2025/0117463 A1, Apr. 10, 2025
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/31 (2013.01); G06F 21/54 (2013.01)
CPC G06F 21/31 (2013.01) [G06F 21/54 (2013.01); G06F 2221/031 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system comprising:
a memory configured to store a first user profile for a first user, wherein the first user profile comprises:
a first static password associated with the first user;
one or more lot-one authentication strings associated with the first user, wherein each lot-one authentication string of the first user comprises a multi-digit alphanumeric string;
one or more lot-two authentication strings associated with each lot-one authentication string of the first user, wherein each lot-two authentication string of the first user comprises a multi-digit alphanumeric string;
a first block selection sequence associated with the first user, wherein the first block selection sequence is a sequence according to which the first user is supposed to select one or more authentication blocks and one or more spurious blocks from one or more authentication matrices, and wherein the one or more authentication blocks are selected based on a lot-two authentication string of the first user; and
hashes of dynamic passwords, wherein each dynamic password comprises a combination of the first static password, a respective lot-one authentication string of the first user, and one or more authentication blocks selected based on a respective lot-two authentication string associated with the respective lot-one authentication string of the first user; and
a processor communicatively coupled to the memory and configured to:
receive a hash of the first static password and a hash of a first lot-one authentication string from a first user device of the first user;
perform an initial validation of the first user based at least in part upon the hash of the first static password and the hash of the first lot-one authentication string; and
in response to determining that the first user is validated:
generate a first authentication matrix, wherein the first authentication matrix comprises a first plurality of blocks arranged in a first plurality of rows and a first plurality of columns, the first plurality of rows comprising a first plurality of row labels and the first plurality of columns comprising a first plurality of column labels;
perform a first block selection process to select a first plurality of spurious blocks and a first plurality of authentication blocks, wherein performing the first block selection process comprises:
selecting a first spurious block from the first authentication matrix;
selecting a second spurious block from the first authentication matrix;
selecting a first authentication block from the first authentication matrix based on a first digit and a second digit of a first lot-two authentication string associated with the first lot-one authentication string, wherein the first authentication block is a block of the first authentication matrix with a row label equal to the first digit of the first lot-two authentication string and a column label equal to the second digit of the first lot-two authentication string;
selecting a third spurious block from the first authentication matrix;
selecting a fourth spurious block from the first authentication matrix;
selecting a second authentication block from the first authentication matrix based on the second digit and a third digit of the first lot-two authentication string, wherein the second authentication block is a block of the first authentication matrix with a row label equal to the second digit of the first lot-two authentication string and a column label equal to the third digit of the first lot-two authentication string;
determining if the first lot-two authentication string was used by the first user in a previous authentication session; and
in response to determining that the first lot-two authentication string was used by the first user in the previous authentication session:
 generating a second authentication matrix, wherein the second authentication matrix comprises a second plurality of blocks arranged in a second plurality of rows and a second plurality of columns, the second plurality of rows comprising a second plurality of row labels and the second plurality of columns comprising a second plurality of column labels;
 replacing the first authentication matrix with the second authentication matrix;
 selecting a first spurious block from the second authentication matrix;
 selecting a second spurious block from the second authentication matrix;
 selecting a first authentication block from the second authentication matrix based on a third digit and a fourth digit of a second lot-two authentication string associated with the first lot-one authentication string, wherein the first authentication block of the second authentication matrix is a block of the second authentication matrix with a row label equal to the third digit of the second lot-two authentication string and a column label equal to the fourth digit of the second lot-two authentication string; and
 selecting a second authentication block from the second authentication matrix based on a first digit and the fourth digit of the second lot-two authentication string, wherein the second authentication block of the second authentication matrix is a block of the second authentication matrix with a row label equal to the fourth digit of the second lot-two authentication string and a column label equal to the first digit of the second lot-two authentication string;
determine if the first plurality of spurious blocks and the first plurality of authentication blocks are selected according to the first block selection sequence associated with the first user; and
in response to determining that the first plurality of spurious blocks and the first plurality of authentication blocks are selected according to the first block selection sequence associated with the first user:
generate a first dynamic password by combining the first static password, the first lot-one authentication string and the first plurality of authentication blocks;
generate a hash of the first dynamic password; and
in response to determining that the hash of the first dynamic password matches a hash of a dynamic password that is stored in the first user profile of the first user, authenticate the first user.