Social authentication for account recovery

US 10,013,728 B2
Filed: 07/08/2014
Issued: 07/03/2018
Est. Priority Date: 05/14/2009
Status: Active Grant

First Claim

Patent Images

1. One or more computer-readable storage devices storing computer-executable instructions that, when executed, configure a computer to perform acts comprising:

receiving, from an account holder of an account with a remote service, identification of a plurality of entities as trustees for an account recovery process for recovering access to the account with the remote service;

subsequent to the initiation of the account recovery process, transmitting, by one or more devices associated with the remote service, a respective account recovery code to each of the plurality of entities identified as trustees for the account, the respective account recovery codes being distinct from one another;

receiving, by the one or more devices associated with the remote service, at least a predefined number of distinct account recovery codes from the account holder over a network;

verifying, by the one or more devices associated with the remote service, the account holder at least in part in response to the receiving of at least the predefined number of distinct account recovery codes of the account recovery codes from the account holder; and

providing account recovery information to the account holder based at least in part on the verifying the account holder.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A backup account recovery authentication of last resort using social authentication is described. The account holder requests trustees who have been previously identified to obtain an account recovery code. The account recovery system sends a communication to the trustee for information to verify the trustee as one of the previously identified trustees. The account recovery system then may transmit a link and code with instructions for the trustee to return the link. The account recovery system then transmits a situational query to the trustee to provide additional security. Finally, if all the communications have been completed for the required level of security, the account recovery code is transmitted to the trustee. The trustee sends the account recovery code to the account holder for access to an account.

Citations

20 Claims

1. One or more computer-readable storage devices storing computer-executable instructions that, when executed, configure a computer to perform acts comprising:
- receiving, from an account holder of an account with a remote service, identification of a plurality of entities as trustees for an account recovery process for recovering access to the account with the remote service;
  
  subsequent to the initiation of the account recovery process, transmitting, by one or more devices associated with the remote service, a respective account recovery code to each of the plurality of entities identified as trustees for the account, the respective account recovery codes being distinct from one another;
  
  receiving, by the one or more devices associated with the remote service, at least a predefined number of distinct account recovery codes from the account holder over a network;
  
  verifying, by the one or more devices associated with the remote service, the account holder at least in part in response to the receiving of at least the predefined number of distinct account recovery codes of the account recovery codes from the account holder; and
  
  providing account recovery information to the account holder based at least in part on the verifying the account holder.
- View Dependent Claims (2, 3)
- - 2. The one or more computer-readable storage devices of claim 1, further comprising, receiving a code to authenticate at least one of the trustees and checking the code against a database record created to track the at least one of the trustees.
  - 3. The one or more computer-readable storage devices of claim 1, wherein each of the account recovery codes is transmitted to a pre-identified contact destination, which includes at least one of the following:
    - telephone;
      
      e-mail;
      
      ortext message.

4. A method, comprising:
- under control of one or more processors of one or more devices associated with a service,receiving, from an account holder of an account with the service, a designation of a plurality of trustees as trustees for an account recovery process;
  
  receiving, by the one or more devices associated with the service, a request from at least one trustee of the plurality of trustees for an account recovery code, the account recovery code for use by the account holder in conjunction with one or more other account recovery codes sent to other trustees of the plurality of trustees during the account recovery process,sending, to the at least one trustee, by the one or more devices associated with the service, the account recovery code.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11)
- - 5. The method of claim 4, wherein the account further comprises initial access information for accessing the account and the account recovery process does not recover the initial access information.
  - 6. The method of claim 4, further comprising, prior to sending the account recovery code, transmitting a query to the at least one trustee, the query related to a manner in which the account holder requested the at least one trustee to obtain the respective account recovery code, and sending a warning message to the at least one trustee to enhance security based at least in part on an answer provided in response to the query.
  - 7. The method of claim 4, further comprising, prior to sending the account recovery code, transmitting, to the at least one trustee, a query;
    - andtransmitting, to the at least one trustee, a warning message based at least in part on an answer provided in response to the query, the warning message providing the at least one trustee with information to assist at least in part in determining whether or not to proceed with the acquisition of the account recovery code.
  - 8. The method of claim 4, further comprising receiving, from the account holder a request to abort the acquisition of the remaining account recovery codes if the account holder discovers an unauthorized attempt to obtain a first account recovery code before all of the account recovery codes have been received.
  - 9. The method of claim 6, further comprising receiving, from the at least one trustee, an electronic signature indicating that the trustee decides to proceed with the acquisition of the account recovery code after receiving the warning message, the electronic signature providing authorization to proceed.
  - 10. The method of claim 6, further comprising receiving, from the at least one trustee, a request to abort the acquisition of the account recovery code indicating that the at least one trustee decides not to proceed with the acquisition of the account recovery code after receiving the warning message.
  - 11. The method of claim 6, further comprising:
    - subsequent to sending the warning, determining a probability that the at least one trustee is operating on behalf of the account holder; and
      
      using a processor of the one or more devices associated with the service executing processor-executable instructions to determine whether to send the respective account recovery code to the trustee based at least in part on the determined probability.

12. A system, comprising:
- under control of one or more processors of one or more devices associated with a first entity configured with specific executable instructions,receiving, from an account holder of an account with the first entity, identification of a plurality of second entities as trustees for an account recovery process;
  
  receiving a request to initiate the account recovery process;
  
  subsequent to the initiation of the account recovery process, transmitting, by the one or more devices associated with the first entity, a respective account recovery code to at least two of the plurality of second entities identified as trustees for the account;
  
  receiving, from the account holder, at least a predefined number of distinct account recovery codes of the account recovery codes; and
  
  verifying, by the one or more devices associated with the first entity, the account holder at least in part in response to the receiving of at least the predefined number of distinct account recovery codes of the account recovery codes from the account holder.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The system of claim 12, wherein verifying the account holder based at least in part on receipt of at least the predefined number of the distinct account recovery codes from the account holder comprises receiving at least three of the distinct account recovery codes from the account holder, each of the at least three account recovery codes having been transmitted to a respective one of at least three separate trustees for the account.
  - 14. The system of claim 12, wherein receiving, from the account holder of the account, identification of the plurality of second entities as trustees for the account recovery process comprises receiving identification of at least three second entities as trustees for the account recovery process.
  - 15. The system of claim 12, further comprising transmitting a notification with the account recovery codes that the trustees are to deliver the account recovery codes to the account holder by using one or more specified communication mediums, at least one of the one or more specified communication mediums including at least a telephone call.
  - 16. The system of claim 12, further comprising transmitting a notification with the account recovery codes that the trustees are not to deliver the account recovery codes to the account holder by using one or more specified communication mediums, the one or more specified communication mediums including at least electronic mail.
  - 17. The system of claim 12, further comprising, during the account recovery process,receiving a request from each of at least two of the plurality of second entities identified as a trustee for the account for a respective account recovery code;
    - andfor each trustee requesting an account recovery code;
      
      transmitting a verification form to the trustee for authentication;
      
      receiving the verification form from the trustee after the verification form is completed by the trustee;
      
      identifying the trustee by comparing the verification form as completed by the trustee with information stored in a database;
      
      transmitting a code to authenticate the trustee to a pre-identified contact destination;
      
      receiving the code from the trustee to authenticate the trustee;
      
      transmitting a query to the trustee;
      
      receiving a response to the query from the trustee; and
      
      transmitting the respective account recovery code to the trustee for delivery to the account holder.
  - 18. The system of claim 17, wherein receiving a code to authenticate the at least one of the trustees further comprises checking the code against a database record created to track the at least one of the trustees.
  - 19. The system of claim 12, wherein the respective account recovery codes are generated by the one or more devices associated with the first entity.
  - 20. The system of claim 12, wherein the receiving, from the account holder over the network, at least the predefined number of distinct account recovery codes of the account recovery codes comprises:
    - providing a user interface by which to receive at least the predefined number of distinct account recovery codes; and
      
      receiving, over the network, the distinct account recovery codes received by the user interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Schechter, Stuart, Reeder, Robert Wilson
Primary Examiner(s)
Vostal, O. C.

Application Number

US14/326,377
Publication Number

US 20140324722A1
Time in Patent Office

1,456 Days
Field of Search

726 4
US Class Current
CPC Class Codes

G06F 16/00   Information retrieval; Data...

G06F 21/31   User authentication

G06F 21/41   where a single sign-on prov...

G06F 2221/2131   Lost password, e.g. recover...

G06Q 10/00   Administration; Management

G06Q 50/265   Personal security, identity...

H04L 15/06   with a restricted number of...

H04L 51/18   Commands or executable codes

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 9/321   involving a third party or ...

H04L 9/3226   using a predetermined code,...

H04L 9/40   Network security protocols

H04M 1/665   by checking the validity of...

H04M 1/673   the user being required to ...

H04M 1/675   the user being required to ...

H04M 1/727   Identification code transfe...

H04M 2215/0156   Secure and trusted billing,...

H04M 3/382   using authorisation codes o...

H04N 5/9208 : involving the use of subcodes

H04W 12/06 : Authentication

View All

Social authentication for account recovery

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Social authentication for account recovery

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links