Method and apparatus for verifying security of authentication information extracted from a user

US 20050114678A1
Filed: 03/31/2004
Published: 05/26/2005
Est. Priority Date: 11/26/2003
Status: Abandoned Application

First Claim

Patent Images

1. A method for evaluating a password proposed by a user, comprising:

receiving said proposed password from said user; and

ensuring that a correlation between said user and said proposed password does not violate one or more predefined correlation rules.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus are provided for evaluating the security of authentication information that is extracted from a user. The disclosed authentication information security analysis techniques determine whether extracted authentication information can be obtained by an attacker. The extracted authentication information might be, for example, personal identification numbers (PINs), passwords and query based passwords (questions and answers). A disclosed authentication information security analysis process employs information extraction techniques to verify that the authentication information provided by a user is not easily obtained through an online search. The authentication information security analysis process measures the security of authentication information, such as query based passwords, provided by a user. Information extraction techniques are employed to find and report relations between the proposed password and certain user information that might make the proposed password vulnerable to attack.

67 Citations

View as Search Results

27 Claims

1. A method for evaluating a password proposed by a user, comprising:
- receiving said proposed password from said user; and
  
  ensuring that a correlation between said user and said proposed password does not violate one or more predefined correlation rules.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, wherein said one or more predefined correlation rules evaluate whether that said proposed password can be qualitatively correlated with said user.
  - 3. The method of claim 1, wherein said one or more predefined correlation rules evaluate whether said proposed password can be quantitatively correlated with said user.
  - 4. The method of claim 1, wherein said proposed password is comprised of a proposed answer and a proposed hint and wherein said one or more predefined correlation rules evaluate whether said proposed answer can be correlated with said proposed hint in a particular relation.
  - 5. The method of claim 4, wherein said particular relation is selected from the group consisting essentially of:
    - self, family member, co-author, teammate, colleague, neighbor, community member or household member.
  - 6. The method of claim 1, wherein said proposed password is comprised of a proposed answer and a proposed hint and wherein said one or more predefined correlation rules evaluate whether said proposed answer can be obtained from said proposed hint.
  - 7. The method of claim 1, wherein said proposed password is an identifying number.
  - 8. The method of claim 7, wherein said one or more predefined correlation rules evaluate whether said identifying number identifies a person in a particular relationship to said user.
  - 9. The method of claim 7, wherein said one or more predefined correlation rules evaluate whether said identifying number is a top N most commonly used identifying number.
  - 10. The method of claim 7, wherein said one or more predefined correlation rules evaluate whether said identifying number identifies a top N commercial entity.
  - 11. The method of claim 7, wherein said one or more predefined correlation rules evaluate whether said identifying number identifies said user.
  - 12. The method of claim 7, wherein said identifying number is a portion of a telephone number.
  - 13. The method of claim 7, wherein said identifying number is a portion of an address.
  - 14. The method of claim 7, wherein said identifying number is a portion of social security number.
  - 15. The method of claim 1, wherein said proposed password is a word.
  - 16. The method of claim 15, wherein said one or more predefined correlation rules evaluate whether a correlation between said word and said user exceeds a predefined threshold.
  - 17. The method of claim 1, wherein said correlation is determined by performing a meta-search.
  - 18. The method of claim 1, wherein said step of ensuring a correlation further comprises the step of performing a meta-search.
  - 19. The method of claim 1, wherein said step of ensuring a correlation further comprises the step of performing a local proximity evaluation.
  - 20. The method of claim 1, wherein said step of ensuring a correlation further comprises the step of performing a number classification.

21. An apparatus for evaluating a password proposed by a user, comprising:
- a memory; and
  
  at least one processor, coupled to the memory, operative to;
  
  receive said proposed password from said user; and
  
  evaluate whether a correlation between said user and said proposed password violates one or more predefined correlation rules.
- View Dependent Claims (22, 23, 24, 25, 26)
- - 22. The apparatus of claim 21, wherein said one or more predefined correlation rules evaluate whether said proposed password can be correlated with said user.
  - 23. The apparatus of claim 21, wherein said proposed password is comprised of a proposed answer and a proposed hint and wherein said one or more predefined correlation rules evaluate whether said proposed answer can be correlated with said proposed hint in a particular relation.
  - 24. The apparatus of claim 21, wherein said proposed password is comprised of a proposed answer and a proposed hint and wherein said one or more predefined correlation rules evaluate whether said proposed answer can be obtained from said proposed hint.
  - 25. The apparatus of claim 21, wherein said proposed password is an identifying number.
  - 26. The apparatus of claim 25, wherein said one or more predefined correlation rules evaluate whether said identifying number identifies a person in a particular relationship to said user.

27. An article of manufacture for evaluating a password proposed by a user, comprising a machine readable medium containing one or more programs which when executed implement the steps of:
- receive said proposed password from said user; and
  
  evaluate whether a correlation between said user and said proposed password violates one or more predefined correlation rules.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avaya Incorporated
Original Assignee
Avaya Incorporated
Inventors
Sudo, Kiyoshi, Bagga, Amit, O'Gorman, Lawrence, Bentley, Jon

Application Number

US10/815,191
Publication Number

US 20050114678A1
Time in Patent Office

Days
Field of Search
US Class Current

713/183
CPC Class Codes

G06F 21/46 by designing passwords or c...

G07C 9/33 by means of a password

Method and apparatus for verifying security of authentication information extracted from a user

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

67 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for verifying security of authentication information extracted from a user

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links