Method and apparatus for verifying security of authentication information extracted from a user
First Claim
1. A method for evaluating a password proposed by a user, comprising:
- receiving said proposed password from said user; and
ensuring that a correlation between said user and said proposed password does not violate one or more predefined correlation rules.
8 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus are provided for evaluating the security of authentication information that is extracted from a user. The disclosed authentication information security analysis techniques determine whether extracted authentication information can be obtained by an attacker. The extracted authentication information might be, for example, personal identification numbers (PINs), passwords and query based passwords (questions and answers). A disclosed authentication information security analysis process employs information extraction techniques to verify that the authentication information provided by a user is not easily obtained through an online search. The authentication information security analysis process measures the security of authentication information, such as query based passwords, provided by a user. Information extraction techniques are employed to find and report relations between the proposed password and certain user information that might make the proposed password vulnerable to attack.
-
Citations
27 Claims
-
1. A method for evaluating a password proposed by a user, comprising:
-
receiving said proposed password from said user; and
ensuring that a correlation between said user and said proposed password does not violate one or more predefined correlation rules. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. An apparatus for evaluating a password proposed by a user, comprising:
-
a memory; and
at least one processor, coupled to the memory, operative to;
receive said proposed password from said user; and
evaluate whether a correlation between said user and said proposed password violates one or more predefined correlation rules. - View Dependent Claims (22, 23, 24, 25, 26)
-
-
27. An article of manufacture for evaluating a password proposed by a user, comprising a machine readable medium containing one or more programs which when executed implement the steps of:
-
receive said proposed password from said user; and
evaluate whether a correlation between said user and said proposed password violates one or more predefined correlation rules.
-
Specification