Method and apparatus for authenticating a user using three party question protocol

US 20050039056A1
Filed: 07/24/2003
Published: 02/17/2005
Est. Priority Date: 07/24/2003
Status: Abandoned Application

First Claim

Patent Images

1. A method for authenticating a user, comprising:

obtaining an asserted identity of said user;

obtaining a random subset of questions that said user has previously answered with a customer verification server; and

presenting one or more questions to said user from said random subset of questions until a predefined security threshold is satisfied.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A three party authenticating protocol is disclosed. During an enrollment phase, a user contacts a call center and is directed to a user verification server. The user verification server instructs the user to select and answer a number of questions that will be used for verification. The selected questions along with identifying indices for each question are stored at the user'"'"'s location and at the user verification server. The user verification server sends the question indices to the call center, which in turn sends these indices to the user to obtain answer indices for each question. During a verification phase, the user contacts the call center and an authentication module asks the user to provide an asserted identity. The authentication module provides a random selection of question indices from those selected by the user. The user provides answer indices for each question to the authentication module. If the number of correctly matching answers exceeds a threshold, then the user is verified. Otherwise, the user fails verification. After verification, the user is transferred from the authentication module of the call center to a human agent for further processing.

Citations

39 Claims

1. A method for authenticating a user, comprising:
- obtaining an asserted identity of said user;
  
  obtaining a random subset of questions that said user has previously answered with a customer verification server; and
  
  presenting one or more questions to said user from said random subset of questions until a predefined security threshold is satisfied.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. The method of claim 1, wherein said user is directed to said customer verification server during an enrollment phase.
  - 3. The method of claim 1, wherein said user verification server instructs said user to select and answer a number of questions that will be used for verification.
  - 4. The method of claim 3, further comprising the step of storing said selected questions at said user'"'"'s location.
  - 5. The method of claim 3, further comprising the step of storing said selected questions at said customer verification server.
  - 6. The method of claim 3, wherein said obtaining step further comprises the step of receiving an indication of said selected questions from said customer verification server.
  - 7. The method of claim 6, wherein said obtaining step further comprises the step of obtaining answers from said user for said selected questions.
  - 8. The method of claim 1, wherein said presenting step is performed by an authentication module.
  - 9. The method of claim 8, wherein said authentication module obtains answers to said presented questions from said user.
  - 10. The method of claim 1, wherein said predefined security threshold is based on a sum of security weights of correctly answered questions.
  - 11. The method of claim 1, wherein one or more of said questions are directed to an opinion of said user.
  - 12. The method of claim 1, wherein one or more of said questions are directed to a trivial fact.
  - 13. The method of claim 1, wherein one or more of said questions are directed to an indirect fact.
  - 14. The method of claim 1, further comprising the step of presenting said user with a larger pool of potential questions for selection of one or more questions to answer.
  - 15. The method of claim 14, further comprising the step of ensuring that said questions selected by said user meet predefined criteria for topic distribution.
  - 16. The method of claim 1, further comprising the step of ensuring that answers to user selected questions cannot be qualitatively correlated with said user.
  - 17. The method of claim 1, further comprising the step of ensuring that answers to user selected questions cannot be quantitatively correlated with said user.
  - 18. The method of claim 1, wherein said questions from said random subset of questions are presented to said user in a random order.
  - 19. The method of claim 1, wherein said questions are presented to said user in the form of an index identifying each question.
  - 20. The method of claim 1, wherein said user responds to said questions by returning an index identifying each answer.
  - 21. The method of claim 20, wherein said index identifying each answer can be aggregated to form a password.
  - 22. The method of claim 20, wherein a portion of each answer can be aggregated to form a password.
  - 23. The method of claim 1, further comprising the step of storing an indication of said subset of questions on a device or wallet card or piece of paper associated with said user.

24. An apparatus for authenticating a user, comprising:
- a memory; and
  
  at least one processor, coupled to the memory, operative to;
  
  obtain an asserted identity of said user;
  
  obtain a random subset of questions that said user has previously answered with a customer verification server; and
  
  present one or more questions to said user from said random subset of questions until a predefined security threshold is satisfied.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 25. The apparatus of claim 24, wherein said user is directed to said customer verification server during an enrollment phase.
  - 26. The apparatus of claim 24, wherein said customer verification server instructs said user to select and answer a number of questions that will be used for verification.
  - 27. The apparatus of claim 26, wherein said processor is further configured to store said selected questions at said user'"'"'s location.
  - 28. The apparatus of claim 26, wherein said processor is further configured to store said selected questions at said customer verification server.
  - 29. The apparatus of claim 26, wherein said obtaining step further comprises the step of receiving an indication of said selected questions from said customer verification server.
  - 30. The apparatus of claim 24, wherein said presenting step is performed by an authentication module.
  - 31. The apparatus of claim 24, wherein said processor is further configured to ensure that questions selected by said user meet predefined criteria for topic distribution.
  - 32. The apparatus of claim 24, wherein said processor is further configured to ensure that answers to user selected questions cannot be qualitatively correlated with said user.
  - 33. The apparatus of claim 24, wherein said processor is further configured to ensure that answers to user selected questions cannot be quantitatively correlated with said user.
  - 34. The apparatus of claim 24, wherein said questions from said random subset of questions are presented to said user in a random order.
  - 35. The apparatus of claim 24, wherein said questions are presented to said user in the form of an index identifying each question.
  - 36. The apparatus of claim 24, wherein answers to said questions are received from said user in the form of an index identifying each answer.
  - 37. The apparatus of claim 36, wherein said index identifying each answer can be aggregated to form a password.
  - 38. The apparatus of claim 36, wherein a portion of each answer can be aggregated to form a password.

39. An article of manufacture for authenticating a user, comprising a machine readable medium containing one or more programs which when executed implement the steps of:
- obtaining an asserted identity of said user;
  
  obtaining a random subset of questions that said user has previously answered with a customer verification server; and
  
  presenting one or more questions to said user from said random subset of questions until a predefined security threshold is satisfied.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avaya Incorporated
Original Assignee
Avaya Incorporated
Inventors
Bagga, Amit, O'Gorman, Lawrence, Bentley, Jon

Application Number

US10/626,482
Publication Number

US 20050039056A1
Time in Patent Office

Days
Field of Search
US Class Current

726/19
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2103   Challenge-response

G06F 2221/2115   Third party

H04M 3/382   using authorisation codes o...

H04M 3/51   Centralised call answering ...

Method and apparatus for authenticating a user using three party question protocol

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for authenticating a user using three party question protocol

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links