Method and apparatus for authenticating a user using three party question protocol
First Claim
1. A method for authenticating a user, comprising:
- obtaining an asserted identity of said user;
obtaining a random subset of questions that said user has previously answered with a customer verification server; and
presenting one or more questions to said user from said random subset of questions until a predefined security threshold is satisfied.
8 Assignments
0 Petitions
Accused Products
Abstract
A three party authenticating protocol is disclosed. During an enrollment phase, a user contacts a call center and is directed to a user verification server. The user verification server instructs the user to select and answer a number of questions that will be used for verification. The selected questions along with identifying indices for each question are stored at the user'"'"'s location and at the user verification server. The user verification server sends the question indices to the call center, which in turn sends these indices to the user to obtain answer indices for each question. During a verification phase, the user contacts the call center and an authentication module asks the user to provide an asserted identity. The authentication module provides a random selection of question indices from those selected by the user. The user provides answer indices for each question to the authentication module. If the number of correctly matching answers exceeds a threshold, then the user is verified. Otherwise, the user fails verification. After verification, the user is transferred from the authentication module of the call center to a human agent for further processing.
-
Citations
39 Claims
-
1. A method for authenticating a user, comprising:
-
obtaining an asserted identity of said user;
obtaining a random subset of questions that said user has previously answered with a customer verification server; and
presenting one or more questions to said user from said random subset of questions until a predefined security threshold is satisfied. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. An apparatus for authenticating a user, comprising:
-
a memory; and
at least one processor, coupled to the memory, operative to;
obtain an asserted identity of said user;
obtain a random subset of questions that said user has previously answered with a customer verification server; and
present one or more questions to said user from said random subset of questions until a predefined security threshold is satisfied. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. An article of manufacture for authenticating a user, comprising a machine readable medium containing one or more programs which when executed implement the steps of:
-
obtaining an asserted identity of said user;
obtaining a random subset of questions that said user has previously answered with a customer verification server; and
presenting one or more questions to said user from said random subset of questions until a predefined security threshold is satisfied.
-
Specification