System and method for providing answers in a personal entropy system

US 20030105959A1
Filed: 12/03/2001
Published: 06/05/2003
Est. Priority Date: 12/03/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method enabling a user of a computing system to generate a secret value from answers to questions previously created by the user, said method comprising the steps of:

displaying the questions previously created by the user;

prompting the user to select a first portion of the displayed questions and provide a first set of answers to the selected first portion of questions;

attempting to generate said secret value from a portion of the first set of answers and possibly other information;

if said secret value cannot be generated from at least a portion of the first set of answers and possibly other information, prompting the user to select a second portion of the displayed questions and provide a second set of answers to the selected second portion of questions; and

attempting to generate said secret value from a portion of said first and second sets of answers and possibly other information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Computer user authentication and cryptographic key protection through the use of personal entropy (PE) is implemented using a PE answering algorithm which enables a user of a computing system to generate secret values from answers to questions previously created by the user. The questions are displayed to the user on a user interface (UI), and the user is prompted to select a subset of the questions to answer. When the user provides answers for the selected subset, an attempt is made to generate the secret value from a portion of the subset and possibly other information. If the secret value cannot be generated from at least a portion of the selected subset, the user is prompted to select a second subset of the displayed questions and provide answers to the selected second set of questions. When the user provides answers to the second selected subset of questions, an attempt is made to generate the secret value from a portion of the first and second sets of answers and possibly other information. The hardware implementation of PE answering algorithm has three components; the PE-controller server computer, the PE-user client controller and the PE-authentication server computer. These components are interconnected via a network. Attached to the PE-controller server is a repository of downloadable client applets which are downloaded to the PE-user client controller and used for both creating the secret value from answers supplied by the user when creating the questions in the create PE process and, later, in the recover PE process, generating the secret value from answers provided by the user to subsets of the previously created questions. The PE-authentication server computer maintains a central database where PE information created by PE users can be stored and subsequently accessed by the PE-controller server computer. The PE-authentication server computer also performs a user authentication service.

72 Citations

View as Search Results

29 Claims

1. A method enabling a user of a computing system to generate a secret value from answers to questions previously created by the user, said method comprising the steps of:
- displaying the questions previously created by the user;
  
  prompting the user to select a first portion of the displayed questions and provide a first set of answers to the selected first portion of questions;
  
  attempting to generate said secret value from a portion of the first set of answers and possibly other information;
  
  if said secret value cannot be generated from at least a portion of the first set of answers and possibly other information, prompting the user to select a second portion of the displayed questions and provide a second set of answers to the selected second portion of questions; and
  
  attempting to generate said secret value from a portion of said first and second sets of answers and possibly other information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein there are n questions previously created by the user, and the user is prompted to select as said first portion at least m questions to answer but, at the user'"'"'s option, can select k questions to answer, where 0<
    - m≦
      
      k≦
      
      n and the set of k questions consists of a first subset of m questions and an optional subset of k₁questions (k₁=k−
      
      m).
  - 3. The method of claim 2, wherein there are n questions previously created by the user, and the user is prompted to select as said second portion a third set k₂of the n−
    - m−
      
      k₁additional unanswered questions, where 0<
      
      k₂≦
      
      n−
      
      m−
      
      k₁and k₂is a variable value determined by the PE user.
  - 4. The method of claim 3, wherein the PE user is allowed to repeat the step of selecting as said second portion a third set k₂of the unanswered questions until one of the following conditions is met:
    - (1) the PE user is successfully authenticated, (2) the PE user chooses to discontinue, or (3) the PE user fails to be authenticated after answering all n questions.
  - 5. The method of claim 3, wherein the at least one of the values k₁and k₂is a constant.
  - 6. The method of claim 3, wherein n=9, m=5, and k₁=O.
  - 7. The method of claim 6, wherein k₂is a variable value of 1, 2, 3, or 4 selected by the PE user.
  - 8. The method of claim 1, wherein there are n questions previously created by the user, and the user is prompted to select as said first portion m questions to answer, where 0<
    - m<
      
      n, and the user is prompted to select as said second portion 1to n−
      
      m as said second portion.
  - 9. The method of claim 1, wherein there are n questions previously created by the user, and the user is prompted to select as said first portion at least m questions to answer but, at the user'"'"'s option, can select k questions to answer, where 0<
    - m<
      
      k<
      
      n and the set of k questions consists of a first subset of m questions and an optional subset of k₁questions (k₁=k−
      
      m), and wherein the PE user is authenticated of m questions and answers in a predetermined way from among the questions and answers specified by the PE user.
  - 10. The method of claim 9, wherein the PE user is allowed to repeat the step of selecting as said second portion a third set k₂of the unanswered questions until one of the following conditions is met:
    - (1) the PE user is successfully authenticated, (2) the PE user chooses to discontinue, or (3) the PE user fails to be authenticated after answering all n questions.
  - 11. The method of claim 10, wherein the PE user is allowed to repeat the step of selecting as said second portion a third set k₂of the unanswered questions until one of the following conditions is met:
    - (1) the PE user is successfully authenticated, (2) the PE user chooses to discontinue, or (3) the PE user fails to be authenticated after answering all n questions.
  - 12. The method of claim 11, wherein the at least one of the values k₁and k₂is a constant.
  - 13. The method of claim 11, wherein n=9, m=5, and k₁=0.
  - 14. The method of claim 13, wherein k₂is a variable value of 1, 2, 3, or 4 selected by the PE user.
  - 15. The method of claim 1, wherein if the PE user fails to be authenticated in successive invocations the step of attempting to generate said secret value, the PE user is required to correctly answer a number of questions greater than M.
  - 16. The method of claim 15, wherein if the PE user fails to be authenticated in two or three successive invocations of the step of attempting to generate said secret value, the PE user is required to correctly answer m+1 questions.
  - 17. The method of claim 16, wherein if the PE user fails to be authenticated in four or more successive invocations of the step of attempting to generate said secret value, the PE user is required to correctly answer m+2 questions.
  - 18. The method of claim 1, further comprising the steps of:
    - authenticating the user upon generating the secret value; and
      
      displaying incorrect answers to the user who has been successfully authenticated.

19. A method enabling a user of a computing system to generate a secret value from answers to questions previously created by the user, said method comprising the steps of:
- displaying the questions previously created by the user;
  
  prompting the user to select a first portion of the displayed questions and provide a first set of answers to the selected first portion of questions;
  
  attempting to generate said secret value from a portion of the first set of answers and possibly other information;
  
  prompting the user to select a second portion of the displayed questions and provide a second set of answers to the selected second portion of questions;
  
  attempting to generate said secret value from a portion of said first and second sets of answers and possibly other information;
  
  prompting the user to select a third portion of the displayed questions and provide a third set of answers to the selected third portion of questions, if said secret value cannot be generated from at least a portion of the first and second sets of answers and possibly other information; and
  
  attempting to generate said secret value from a portion of said first, second, and third sets of answers and possibly other information, if said secret value cannot be generated from at least a portion of the first set of answers and possibly other information.

20. A method enabling a user of a computing system to generate a secret value from answers to questions previously created by the user, said method comprising the steps of:
- displaying the questions previously created by the user;
  
  prompting the user to select at least a portion of the displayed questions and provide answers to the selected portion of questions;
  
  attempting to generate said secret value from a first sub-portion of the provided answers and possibly other information; and
  
  if said secret value cannot be generated from said first sub-portion of the provided answers and possibly other information, attempting to generate said secret value from a second sub-portion of the provided answers.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The method of claim 20, wherein the second sub-portion of the provided answers has a greater number of answers than the first sub-portion of the provided answers.
  - 22. The method of claim 20, wherein the second sub-portion of the provided answers contains some of the answers of the first sub-portion.
  - 23. The method of claim 20, wherein the second sub-portion of the provided answers contains all of the answers of the first sub-portion.
  - 24. The method of claim 20, wherein the second sub-portion of the provided answers contains none of the answers of the first sub-portion.

25. A method enabling a user of a computing system to generate a secret value from answers to questions previously created by the user, said method comprising the steps of:
- displaying the questions previously created by the user;
  
  prompting the user to select a first portion of the displayed questions and provide a first set of answers to the selected first portion of questions;
  
  prompting the user to select a second portion of the displayed questions and provide a second set of answers to the selected second portion of questions;
  
  attempting to generate said secret value from a portion of the first set of answers and possibly other information; and
  
  if said secret value cannot be generated from at least a portion of the first set of answers and possibly other information, attempting to generate said secret value from a portion of the first and second sets of answers and possibly other information.
- View Dependent Claims (26)
- - 26. The method of claim 25, wherein if said secret value cannot be generated from at least a portion of the first and second sets of answers and possibly other information, further comprising the step of prompting the user to select a third portion of the displayed questions and provide a third set of answers to the selected third portion of questions.

27. A computing system enabling a user to generate a secret value from-answers to questions previously created by the user, said computing system comprising:
- a user client computer, a controller computer and an authentication server computer;
  
  a network connecting said user computer, said controller computer and said authentication server computer;
  
  said controller computer downloading a client applet to said user client computer to begin an authentication session;
  
  said user client computer executing the client applet to display the questions previously created by the user and prompt the user to select a first portion of the displayed questions and provide a first set of answers to the selected first portion of questions;
  
  said authentication server computer attempting to generate said secret value from a portion of the first set of answers and possibly other information;
  
  said user client computer responding to said authentication server computer and prompting the user to select a second portion of the displayed questions and provide a second set of answers to the selected second portion of the questions if said secret value cannot be generated from at least a portion of the first set of answers and possibly other information; and
  
  said authentication server computer attempting to generate said secret value from a portion of said first and second sets of answers and possibly other information.
- View Dependent Claims (28, 29)
- - 28. The computing system of claim 27, further comprising a repository of downloadable client applets attached to the controller computer, the client applets being downloadable to the user client computer and used for both creating the secret value from answers supplied by the user when originally creating the questions and, later, generating the secret value from answers provided by the user to subsets of the previously created questions.
  - 29. The computing system of claim 27, further comprising a central database maintained by the authentication server computer, said central database containing information created by users which can be subsequently accessed by the controller server computer on behalf of the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Blue Cross Blue Shield of Michigan
Original Assignee
Blue Cross Blue Shield of Michigan
Inventors
Kamerman, Matthew A., Matyas, Stephen M. Jr.

Application Number

US09/998,319
Publication Number

US 20030105959A1
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06F 21/31 User authentication

G06F 21/6245 Protecting personal data, e...

System and method for providing answers in a personal entropy system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

72 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing answers in a personal entropy system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

72 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links