Method and apparatus for extracting authentication information from a user

US 20050114679A1
Filed: 11/26/2003
Published: 05/26/2005
Est. Priority Date: 11/26/2003
Status: Active Grant

First Claim

Patent Images

1. A method for generating a password for a user, comprising:

presenting said user with at least one topic;

receiving one or more personal details from said user associated with said at least one topic;

ensuring that a correlation between said user and said one or more personal details does not violate one or more predefined correlation rules; and

recording said one or more personal details as a password for said user.

View all claims

25 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus are provided for extracting information from a user'"'"'s memory that will be easily recalled during future authentication yet is hard for an attacker to guess. The information might be a little-known fact of personal relevance to the user or the personal details surrounding a public event. The user is guided to appropriate topics and forms an indirect hint that is useful to the user yet not to an attacker. Information extraction techniques verify that the information is not easily attacked and to estimate how many bits of assurance the question and answer provide. The information extracted may be, e.g., Boolean (Yes/No), multiple choice, numeric, textual, or a combination of the foregoing. The enrollment process may schedule the sending of one or more reminder messages to the user containing the question (but not the answer) to reinforce the memory of the user.

Citations

25 Claims

1. A method for generating a password for a user, comprising:
- presenting said user with at least one topic;
  
  receiving one or more personal details from said user associated with said at least one topic;
  
  ensuring that a correlation between said user and said one or more personal details does not violate one or more predefined correlation rules; and
  
  recording said one or more personal details as a password for said user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising the step of receiving a reminder associated with each of said one or more personal details.
  - 3. The method of claim 1, further comprising the step of presenting said user with a plurality of topics and receiving a user selection of said at least one topic.
  - 4. The method of claim 1, wherein said correlation rules are based on said at least one topic.
  - 5. The method of claim 1, wherein said one or more predefined correlation rules ensure that answers to user selected questions cannot be qualitatively correlated with said user.
  - 6. The method of claim 1, wherein said one or more predefined correlation rules ensure that answers to user selected questions cannot be quantitatively correlated with said user.
  - 7. The method of claim 1, further comprising the step of sending said one or more personal details to said user as a reinforcement of said password.
  - 8. The method of claim 1, wherein said one or more personal details are related to a personal fact from a past of said user.
  - 9. The method of claim 1, wherein said one or more personal details are related to an experience of said user in connection with a public event.
  - 10. The method of claim 1, wherein said one or more personal details are related to an experience of said user in connection with a private event.
  - 11. The method of claim 1, wherein said one or more personal details can be tested during a verification phase using one or more of Boolean, multiple choice, numeric or textual queries.
  - 12. The method of claim 1, wherein said at least one topic is selected based on psychological insights.

13. An apparatus for generating a password for a user, comprising:
- a memory; and
  
  at least one processor, coupled to the memory, operative to;
  
  present said user with at least one topic;
  
  receive one or more personal details from said user associated with said at least one topic;
  
  ensure that a correlation between said user and said one or more personal details does not violate one or more predefined correlation rules; and
  
  record said one or more personal details as a password for said user.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The apparatus of claim 13, wherein said processor is further configured to receive a reminder associated with each of said one or more personal details.
  - 15. The apparatus of claim 13, wherein said processor is further configured to present said user with a plurality of topics and receive a user selection of said at least one topic.
  - 16. The apparatus of claim 13, wherein said correlation rules are based on said at least one topic.
  - 17. The apparatus of claim 13, wherein said one or more predefined correlation rules ensure that answers to user selected questions cannot be qualitatively correlated with said user.
  - 18. The apparatus of claim 13, wherein said one or more predefined correlation rules ensure that answers to user selected questions cannot be quantitatively correlated with said user.
  - 19. The apparatus of claim 13, wherein said processor is further configured to send said one or more personal details to said user as a reinforcement of said password.
  - 20. The apparatus of claim 13, wherein said one or more personal details are related to a personal fact from a past of said user.
  - 21. The apparatus of claim 13, wherein said one or more personal details are related to an experience of said user in connection with a public event.
  - 22. The apparatus of claim 13, wherein said one or more personal details are related to an experience of said user in connection with a private event.
  - 23. The apparatus of claim 13, wherein said one or more personal details can be tested during a verification phase using one or more of Boolean, multiple choice, numeric or textual queries.
  - 24. The apparatus of claim 13, wherein said at least one topic is selected based on psychological insights.

25. An article of manufacture for generating a password for a user, comprising a machine readable medium containing one or more programs which when executed implement the steps of:
- presenting said user with at least one topic;
  
  receiving one or more personal details from said user associated with said at least one topic;
  
  ensuring that a correlation between said user and said one or more personal details does not violate one or more predefined correlation rules; and
  
  recording said one or more personal details as a password for said user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avaya Incorporated
Original Assignee
Avaya Incorporated
Inventors
Bagga, Amit, O'Gorman, Lawrence, Bentley, Jon

Granted Patent

US 8,639,937 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/184
CPC Class Codes

G06F 21/46 by designing passwords or c...

G07C 9/33 by means of a password

Method and apparatus for extracting authentication information from a user

First Claim

25 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for extracting authentication information from a user

First Claim

25 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links