Method and apparatus for extracting authentication information from a user
First Claim
1. A method for generating a password for a user, comprising:
- presenting said user with at least one topic;
receiving one or more personal details from said user associated with said at least one topic;
ensuring that a correlation between said user and said one or more personal details does not violate one or more predefined correlation rules; and
recording said one or more personal details as a password for said user.
25 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus are provided for extracting information from a user'"'"'s memory that will be easily recalled during future authentication yet is hard for an attacker to guess. The information might be a little-known fact of personal relevance to the user or the personal details surrounding a public event. The user is guided to appropriate topics and forms an indirect hint that is useful to the user yet not to an attacker. Information extraction techniques verify that the information is not easily attacked and to estimate how many bits of assurance the question and answer provide. The information extracted may be, e.g., Boolean (Yes/No), multiple choice, numeric, textual, or a combination of the foregoing. The enrollment process may schedule the sending of one or more reminder messages to the user containing the question (but not the answer) to reinforce the memory of the user.
-
Citations
25 Claims
-
1. A method for generating a password for a user, comprising:
-
presenting said user with at least one topic;
receiving one or more personal details from said user associated with said at least one topic;
ensuring that a correlation between said user and said one or more personal details does not violate one or more predefined correlation rules; and
recording said one or more personal details as a password for said user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. An apparatus for generating a password for a user, comprising:
-
a memory; and
at least one processor, coupled to the memory, operative to;
present said user with at least one topic;
receive one or more personal details from said user associated with said at least one topic;
ensure that a correlation between said user and said one or more personal details does not violate one or more predefined correlation rules; and
record said one or more personal details as a password for said user. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. An article of manufacture for generating a password for a user, comprising a machine readable medium containing one or more programs which when executed implement the steps of:
-
presenting said user with at least one topic;
receiving one or more personal details from said user associated with said at least one topic;
ensuring that a correlation between said user and said one or more personal details does not violate one or more predefined correlation rules; and
recording said one or more personal details as a password for said user.
-
Specification