METHOD AND APPARATUS FOR AUTHENTICATING USER IDENTITY WHEN RESETTING PASSWORDS

US 20080134317A1
Filed: 12/01/2006
Published: 06/05/2008
Est. Priority Date: 12/01/2006
Status: Active Grant

First Claim

Patent Images

1. An automated computer implemented process for authenticating a user'"'"'s identity before resetting a password, the computer implemented process comprising:

receiving a user identification;

accessing a record located in a data source containing information related to the user'"'"'s recent computer activity;

generating an authentication question and a corresponding answer based on the record;

asking the user the authentication question;

receiving a reply to the authentication question;

comparing the reply to the corresponding answer; and

responsive to the reply matching the corresponding answer, providing a new password to the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The “identity authentication program” (IAP) creates a custom set of authentication questions in response to a user request to have a user password reset. The IAP accesses a record located in a data source containing information related to the user'"'"'s recent computer activity and generates an authentication question and a corresponding answer based on the record. In order to reset a user password, the user must correctly answer a designated number of questions from the custom set of authentication questions. In a preferred embodiment, the IAP bases authentication questions on recent e-mail messages sent by the user. Because the questions are generated at the time of the user'"'"'s request, the answers are unique and can not be memorized. Because the questions are based on recent activities of the user, the questions are hard to guess by an unauthorized person.

Citations

21 Claims

1. An automated computer implemented process for authenticating a user'"'"'s identity before resetting a password, the computer implemented process comprising:
- receiving a user identification;
  
  accessing a record located in a data source containing information related to the user'"'"'s recent computer activity;
  
  generating an authentication question and a corresponding answer based on the record;
  
  asking the user the authentication question;
  
  receiving a reply to the authentication question;
  
  comparing the reply to the corresponding answer; and
  
  responsive to the reply matching the corresponding answer, providing a new password to the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer implemented process of claim 1 wherein the data source is an e-mail repository and the record is an e-mail message.
  - 3. The computer implemented process of claim 2 wherein the authentication question asks for a set of non-trivial key words included in the e-mail message.
  - 4. The computer implemented process of claim 3 wherein the user must reply with a sub-set of the set of non-trivial key words within a predefined number of attempts.
  - 5. The computer implemented process of claim 1 wherein the interactions with the user are made via voice telephony.
  - 6. The computer implemented process of claim 1 wherein the interactions with the user are made via a World Wide Web graphical interface.
  - 7. The computer implemented process of claim 1 wherein the new password is the user'"'"'s forgotten password.

8. An apparatus for authenticating a user'"'"'s identity before resetting a password, the apparatus comprising:
- a processor;
  
  a memory connected to the processor;
  
  a remotely accessible user interface running in the memory;
  
  an identity authentication program in the memory operable to receive a user identification, access a record located in a data source containing information related to the user'"'"'s recent computer activity, generate an authentication question and corresponding answer based on the record, ask the user the authentication question, receive a reply to the authentication question, compare the reply to the corresponding answer, and responsive to the reply matching the corresponding answer, provide a new password to the user.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The apparatus of claim 8 wherein the data source is an e-mail repository and the record is an e-mail message.
  - 10. The apparatus of claim 9 wherein the authentication question asks for a set of non-trivial key words included in the e-mail message.
  - 11. The apparatus of claim 10 wherein the user must reply with a sub-set of the set of non-trivial key words within a predefined number of attempts.
  - 12. The apparatus of claim 8 wherein the user interface is a computerized telephone switch adapted to use voice recognition software and speech synthesis software.
  - 13. The apparatus of claim 8 wherein the user interface is a World Wide Web graphical interface.
  - 14. The apparatus of claim 8 wherein the user interface combine voice, text and graphics adapted for use with wireless communication devices such as cellular phones and PDAs.
  - 15. The apparatus of claim 8 wherein the identity authentication programs provides the user'"'"'s forgotten password.

16. A computer readable memory containing a plurality of instructions to cause a computer to authenticate a user'"'"'s identity before resetting a password, the plurality of instructions comprising:
- a first instruction to receive a user identification;
  
  a second instruction to access a record located in a data source containing information related to the user'"'"'s recent computer activity;
  
  a third instruction to generate an authentication question and corresponding answer based on the accessed record;
  
  a fourth instruction to ask a user the authentication question;
  
  a fifth instruction to receive a reply to the authentication question;
  
  a sixth instruction to compare the reply to the corresponding answer; and
  
  responsive to the reply matching the corresponding answer, a seventh instruction to provide a new password to the user.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The computer readable memory of claim 16 wherein the data source is an e-mail repository and the record is an e-mail message.
  - 18. The computer readable memory of claim 17 wherein the authentication question asks for a set of non-trivial key words included in the e-mail message.
  - 19. The computer readable memory of claim 18 wherein the user must reply with a sub-set of the set of non-trivial key words within a predefined number of attempts.
  - 20. The computer readable memory of claim 16 wherein the interactions with the user are made via voice telephony.
  - 21. The computer readable memory of claim 16 wherein the interactions with the user are made via a World Wide Web graphical interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Boss, Gregory J., Finn, Peter G., Waters, Timothy M., Hamilton, Rick A.

Granted Patent

US 7,874,011 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/18
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2103   Challenge-response

H04L 63/083   using passwords cryptograph...

METHOD AND APPARATUS FOR AUTHENTICATING USER IDENTITY WHEN RESETTING PASSWORDS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR AUTHENTICATING USER IDENTITY WHEN RESETTING PASSWORDS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links