User authentication relying on recurring public events for shared secrets

US 10,298,558 B2
Filed: 11/04/2016
Issued: 05/21/2019
Est. Priority Date: 01/15/2015
Status: Active Grant

First Claim

Patent Images

1. A method for managing access to a resource by an access manager, the method comprising:

designating, at a first time and from a first user location, a variable attribute of a recurring public event as a shared secret between the access manager and a user, wherein the recurring public event is not associated with the resource, and wherein values of the variable attribute of the recurring public event vary based on both time and location;

receiving, at a second time occurring after the first time and from a second user location different from the first user location, a shared key from the user, the shared key based on a value of the variable attribute of the recurring public event at a most recent recurrence of the recurring public event relative to the second time at a nearest location of the recurring public event relative to the second user location;

evaluating the shared key; and

granting, in response to the evaluating, the user access to the resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An access manager manages access to a resource. At a first time, the access manager designates a variable attribute associated with a recurring public event as a shared secret between the access manager and a user. At a second time occurring after the first time, the access manager receives a shared key from the user. As received, the shared key is based on a value of the variable attribute associated with the recurring public event at a most recent recurrence of the recurring public event relative to the second time. The access manager evaluates the shared key. In response to the evaluation, the access manager grants or denies the user access to the resource.

23 Citations

13 Claims

1. A method for managing access to a resource by an access manager, the method comprising:
- designating, at a first time and from a first user location, a variable attribute of a recurring public event as a shared secret between the access manager and a user, wherein the recurring public event is not associated with the resource, and wherein values of the variable attribute of the recurring public event vary based on both time and location;
  
  receiving, at a second time occurring after the first time and from a second user location different from the first user location, a shared key from the user, the shared key based on a value of the variable attribute of the recurring public event at a most recent recurrence of the recurring public event relative to the second time at a nearest location of the recurring public event relative to the second user location;
  
  evaluating the shared key; and
  
  granting, in response to the evaluating, the user access to the resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the most recent recurrence of the recurring public event relative to the second time at the nearest location of the recurring public event relative to the second user location occurred after the first time and before the second time.
  - 3. The method of claim 1, wherein the recurring public event is independent of influence by the user and the access manager.
  - 4. The method of claim 1, wherein a particular value of the variable attribute of the recurring public event at a particular recurrence of the recurring public event at a particular location of the recurring public event is, prior to the particular recurrence, unknowable by the access manager and the user.
  - 5. The method of claim 1, wherein the evaluating the shared key comprises:
    - obtaining, from a third party information source, the value of the variable attribute of the recurring public event at the most recent recurrence of the recurring public event at the nearest location of the recurring public event relative to the second user location;
      
      generating, based on the value of the variable attribute of the recurring public event at the most recent recurrence of the recurring public event at the nearest location of the recurring public event relative to the second user location, a duplicate of the shared key; and
      
      comparing the shared key to the duplicate of the shared key.
  - 6. The method of claim 1 further comprising:
    - receiving, at a third time occurring after the second time and from a third user location different from the first user location and the second user location, a second shared key from the user, the second shared key based on a value of the variable attribute of the recurring public event at a most recent recurrence of the recurring public event relative to the third time at a nearest location of the recurring public event relative to the third user location, wherein the most recent recurrence of the recurring public event relative to the third time at the nearest location of the recurring public event relative to the third user location occurred after the most recent recurrence of the recurring public event relative to the second time at the nearest location of the recurring public event relative to the second user location, and wherein the second shared key is different from the first shared key;
      
      evaluating the second shared key; and
      
      granting, in response to the evaluating, the user re-access to the resource.
  - 7. The method of claim 1 further comprising:
    - re-receiving, at the second time and from a third user location different from the first user location and the second user location, the shared key, wherein a most recent recurrence of the recurring public event relative to the second time at a nearest location of the recurring public event relative to the third user location occurred at a different location from the most recent recurrence of the recurring public event relative to the second time at the nearest location of the recurring public event relative to the second user location;
      
      reevaluating the shared key; and
      
      denying, in response to the reevaluating, re-access to the resource.

8. A computer program product for managing access to a resource by an access manager, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computer to cause the computer to perform a method comprising:
- designating, at a first time and from a first user location, a variable attribute of a recurring public event as a shared secret between the access manager and a user, wherein the recurring public event is not associated with the resource, and wherein values of the variable attribute of the recurring public event vary based on both time and location;
  
  receiving, at a second time occurring after the first time and from a second user location different from the first user location, a shared key from the user, the shared key based on a value of the variable attribute of the recurring public event at a most recent recurrence of the recurring public event relative to the second time at a nearest location of the recurring public event relative to the second user location;
  
  evaluating the shared key; and
  
  granting, in response to the evaluating, the user access to the resource.
- View Dependent Claims (9, 10)
- - 9. The computer program product of claim 8, wherein the most recent recurrence of the recurring public event relative to the second time at the nearest location of the recurring public event relative to the second user location occurred after the first time and before the second time.
  - 10. The computer program product of claim 8, wherein a particular value of the variable attribute of the recurring public event at a particular recurrence of the recurring public event at a particular location of the recurring public event is, prior to the particular recurrence, unknowable by the access manager and the user.

11. A system for managing access to a resource by an access manager, the system comprising:
- a memory; and
  
  at least one processor circuit in communication with the memory, wherein the at least one processor circuit is configured to perform a method comprising;
  
  designating, at a first time and from a first user location, a variable attribute of a recurring public event as a shared secret between the access manager and a user, wherein the recurring public event is not associated with the resource, and wherein values of the variable attribute of the recurring public event vary based on both time and location;
  
  receiving, at a second time occurring after the first time and from a second user location different from the first user location, a shared key from the user, the shared key based on a value of the variable attribute of the recurring public event at a most recent recurrence of the recurring public event relative to the second time at a nearest location of the recurring public event relative to the second user location;
  
  evaluating the shared key; and
  
  granting, in response to the evaluating, the user access to the resource.
- View Dependent Claims (12, 13)
- - 12. The system of claim 11, wherein the most recent recurrence of the recurring public event relative to the second time at the nearest location of the recurring public event relative to the second user location occurred after the first time and before the second time.
  - 13. The system of claim 11, wherein a particular value of the variable attribute of the recurring public event at a particular recurrence of the recurring public event at a particular location of the recurring public event is, prior to the particular recurrence, unknowable by the access manager and the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Barkie, Eric J., Fletcher, Benjamin L., Wyskida, Andrew P.
Primary Examiner(s)
Powers, William S

Application Number

US15/343,294
Publication Number

US 20170054704A1
Time in Patent Office

928 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/065   for group communications cr...

H04L 63/067   using one-time keys cryptog...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

User authentication relying on recurring public events for shared secrets

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

User authentication relying on recurring public events for shared secrets

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links