User authentication without prior user enrollment

US 20060036868A1
Filed: 08/12/2004
Published: 02/16/2006
Est. Priority Date: 08/12/2004
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a user, comprising;

obtaining authorized access to a data source;

identifying a plurality of fields in the data source, wherein each field stores a value known to the user;

for each identified field, generating at least one question whose correct answer is the value stored in the field;

wherein none of the questions is password related;

for each generated question associating the generated question with the identified field and with the data source;

in response to receiving a request from the user to access a protected resource, presenting to the user at least one generated questions; and

granting access to the protected resource if the user correctly answers each of the at least one generated questions presented, whereby a user'"'"'s identity is authenticated without requiring the user to provide a password or biometric data, and without requiring the user to enroll prior to access.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Authenticating a user includes providing a plurality of questions based on user related information stored in at least one data source, wherein none of the plurality of questions is password related. At least one of the plurality of questions is presented to the user in response to receiving a request from the user to access one or more protected resources. Access is granted to the authorized set of protected resources if the user correctly answers each of the at least one questions presented. According to the present invention, the user'"'"'s identity is authenticated without requiring the user to provide a password or biometric data, and without requiring the user to enroll prior to access.

Citations

34 Claims

1. A method for authenticating a user, comprising;
- obtaining authorized access to a data source;
  
  identifying a plurality of fields in the data source, wherein each field stores a value known to the user;
  
  for each identified field, generating at least one question whose correct answer is the value stored in the field;
  
  wherein none of the questions is password related;
  
  for each generated question associating the generated question with the identified field and with the data source;
  
  in response to receiving a request from the user to access a protected resource, presenting to the user at least one generated questions; and
  
  granting access to the protected resource if the user correctly answers each of the at least one generated questions presented, whereby a user'"'"'s identity is authenticated without requiring the user to provide a password or biometric data, and without requiring the user to enroll prior to access.
- View Dependent Claims (2, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein presenting at least one generated question includes:
    - transmitting to the user a first generated question;
      
      receiving an answer to the generated question from the user;
      
      analyzing the user'"'"'s answer;
      
      transmitting to the user a next generated question only if the user'"'"'s answer is correct; and
      
      repeating the analyzing and transmitting steps until each of the at least one generated questions presented has been answered correctly.
  - 5. The method of claim 2, wherein receiving a request further includes:
    - receiving from the user an indication of the user'"'"'s identity, wherein the indication is not a password or biometric data.
  - 6. The method of claim 5, wherein analyzing the user'"'"'s answer includes:
    - identifying the data source and field associated with the generated question;
      
      using the indication of the user'"'"'s identity to retrieve from the data source the correct answer and comparing the user'"'"'s answer with the retrieved correct answer, wherein if the answers substantially match, the user'"'"'s answer is correct.
  - 7. The method of claim 6, wherein analyzing the user'"'"'s answer further includes:
    - encrypting the user'"'"'s answer and the retrieved correct answer prior to comparing the answers; and
      
      discarding the encrypted answers after comparing the answers.
  - 8. The method of claim 1 wherein presenting at least one generated questions includes randomly selecting a generated question.
  - 9. The method of claim 1 further including:
    - denying access to the protected resource if the user incorrectly answers any of the at least one questions presented; and
      
      transmitting an alert message indicating that an attempt to access the protected resource by the user was unsuccessful.
  - 10. The method of claim 1 further comprising granting access to all protected resources for which the user is authorized after the user correctly answers each of the at least one questions presented.

3. (canceled)

4. (canceled)

11. An identity management system for authenticating a user comprising:
- at least one data source for storing user related information, wherein the at least one data source is either a private database a public database with restricted access; and
  
  a server coupled to the at least one data source, wherein the server includes;
  
  a processor for executing an identity management service (“
  
  IMS”
  
  ) application, wherein the IMS application includes;
  
  means for obtaining authorized access to the at least one data source, means for identifying a plurality of fields in the at least one data source wherein each field stores a value known to the user;
  
  means for generating, for each identified field, at least one question whose correct answer is the value stored in the field; and
  
  means for associating the least one generated question for each identified field with the identified field and with the data source; and
  
  memory for storing the generated questions, wherein, in response to receiving a request from the user to access a protected resource, the server authenticates the user without requiring a password or biometric data, and without requiring the user to enroll by presenting to the user at least one of the generated questions and granting access to the protected resource if the user correctly answers the at least one generated questions presented.
- View Dependent Claims (12, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the server further includes:
    - a communication interface for transmitting to the user the at least one generated question and for receiving an answer to the at least one generated question from the user, wherein the server transmits to the user a first generated question, receives an answer to the generated question from the user, analyzes the user'"'"'s answer, and transmits to the user a next generated question only if the user'"'"'s answer is correct.
  - 15. The system of claim 12, wherein the request from the user includes an indication of the user'"'"'s identity, wherein the indication is not a password or biometric data.
  - 16. The system of claim 15, wherein the IMS application further includes:
    - a query module for identifying the data source and field associated with a generated question presented to the user, composing a query that includes the user'"'"'s identity and the field, submitting the query to the data source, and receiving from the data source a correct answer to the question presented; and
      
      a compare module coupled to the query module for comparing the user'"'"'s answer to the generated question presented to the correct answer, wherein the user'"'"'s answer is correct if it substantially matches the correct answer.
  - 17. The system of claim 16, wherein the user'"'"'s answer and the correct answer are encrypted prior to the comparison and discarded after the comparison.
  - 18. The system of claim 11, wherein the IMS application randomly selects the at least one generated question to present.
  - 19. The system of claim 11, wherein the IMS application denies access to the protected resource if the user incorrectly answers any of the at least one questions presented and transmits an alert message indicating that an attempt to access the protected resource by the user was unsuccessful.
  - 20. The system of claim 11, wherein the IMS application also grants access to all protected resources for which the user is authorized after the user correctly answers each of the at least one questions presented.

13. (canceled)

14. (canceled)

21. A computer readable medium containing programming instructions for authenticating a user comprising instructions for:
- obtaining authorized access to a data source;
  
  identifying a plurality of fields in the data source, wherein each field stores a value known to the user;
  
  for each identified field, generating at least one question whose correct answer is the value stored in the field;
  
  for each generated question, associating the generated question with the identified field and with the data source;
  
  in response to receiving a request from the user to access a protected resource, presenting to the user at least one generated questions; and
  
  granting access to the protected resource if the user correctly answers each of the at least one generated questions presented, whereby a user'"'"'s identity is authenticated without requiring the user to provide a password or biometric data, and without requiring the user to enroll prior to access.
- View Dependent Claims (22, 25, 26, 27, 28, 29, 30)
- - 22. The computer readable medium of claim 21, wherein presenting at least one generated question includes:
    - transmitting to the user a first generated question;
      
      receiving an answer to the generated question from the user;
      
      analyzing the user'"'"'s answer;
      
      transmitting to the user a next generated question only if the user'"'"'s answer is correct; and
      
      repeating the analyzing and transmitting instructions until each of the at least one generated questions presented has been answered correctly.
  - 25. The computer readable medium of claim 22 wherein receiving a request includes:
    - receiving from the user an indication of the user'"'"'s identity, wherein the indication is not a password or biometric data.
  - 26. The computer readable medium of claim 25, wherein analyzing the user'"'"'s answer includes:
    - identifying the data source and field associated with the generated question presented;
      
      using the indication of the user'"'"'s identity to retrieve from the data source the correct answer; and
      
      comparing the user'"'"'s answer with the retrieved correct answer, wherein if the answers substantially match, the user'"'"'s answer is correct.
  - 27. The computer readable medium of claim 26, wherein analyzing the user'"'"'s answer further includes:
    - encrypting the user'"'"'s answer and the retrieved correct answer prior to comparing the answers; and
      
      discarding the encrypted answers after comparing the answers.
  - 28. The computer readable medium of claim 21 wherein presenting at least one generated questions includes randomly selecting a generated question.
  - 29. The computer readable medium of claim 21 further including:
    - denying access to the protected resource if the user incorrectly answers any of the at least one questions presented; and
      
      transmitting an alert message indicating that an attempt to access the protected resource by the user was unsuccessful.
  - 30. The computer readable medium of claim 21 further comprising granting access to all protected resources for which the user is authorized after the user correctly answers each of the at least one questions presented.

23. (canceled)

24. (canceled)

31. An authentication server for authenticating a user comprising:
- a processor for executing an identity management service (IMS) application, wherein the IMS application obtains authorized access to an external data source, identifies a plurality of fields in the external data source, wherein each field stores a value known to the user generates, for each identified field, at least one challenge question whose correct answer is the value stored in the field, and associates each challenge question with the identified field and with the external data source;
  
  memory for storing the challenge questions; and
  
  a communication interface for receiving a request from the user to access a protected resource, for transmitting at least one challenge questions to the user; and
  
  for receiving from the user an answer to the at least one challenge questions;
  
  wherein the IMS application determines whether the user'"'"'s answer is correct, and authenticates the user if the user correctly answers the at least one challenge questions.
- View Dependent Claims (32, 33, 34)
- - 32. The server of claim 31, wherein the IMS application includes a query module for retrieving from the external data source associated with the challenge question presented the correct answer and a compare module for comparing the user'"'"'s answer to the correct answer.
  - 33. The server of claim 31, wherein the server transmits an alert message to a system administrator if the user incorrectly answers the at least one challenge questions.
  - 34. The server of claim 31, wherein the server is controlled by an application service provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avatier Corporation
Original Assignee
Avatier Corporation
Inventors
Cicchitto, Nelson A.

Granted Patent

US 7,467,401 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G06F 21/305   by remotely controlling dev...

G06F 21/40   by quorum, i.e. whereby two...

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2103   Challenge-response

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

H04L 63/08   for authentication of entit...

User authentication without prior user enrollment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

User authentication without prior user enrollment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links