METHOD AND APPARATUS FOR AUTHENTICATING USER IDENTITY WHEN RESETTING PASSWORDS
First Claim
1. An automated computer implemented process for authenticating a user'"'"'s identity before resetting a password, the computer implemented process comprising:
- receiving a user identification;
accessing a record located in a data source containing information related to the user'"'"'s recent computer activity;
generating an authentication question and a corresponding answer based on the record;
asking the user the authentication question;
receiving a reply to the authentication question;
comparing the reply to the corresponding answer; and
responsive to the reply matching the corresponding answer, providing a new password to the user.
1 Assignment
0 Petitions
Accused Products
Abstract
The “identity authentication program” (IAP) creates a custom set of authentication questions in response to a user request to have a user password reset. The IAP accesses a record located in a data source containing information related to the user'"'"'s recent computer activity and generates an authentication question and a corresponding answer based on the record. In order to reset a user password, the user must correctly answer a designated number of questions from the custom set of authentication questions. In a preferred embodiment, the IAP bases authentication questions on recent e-mail messages sent by the user. Because the questions are generated at the time of the user'"'"'s request, the answers are unique and can not be memorized. Because the questions are based on recent activities of the user, the questions are hard to guess by an unauthorized person.
-
Citations
21 Claims
-
1. An automated computer implemented process for authenticating a user'"'"'s identity before resetting a password, the computer implemented process comprising:
-
receiving a user identification; accessing a record located in a data source containing information related to the user'"'"'s recent computer activity; generating an authentication question and a corresponding answer based on the record; asking the user the authentication question; receiving a reply to the authentication question; comparing the reply to the corresponding answer; and responsive to the reply matching the corresponding answer, providing a new password to the user. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus for authenticating a user'"'"'s identity before resetting a password, the apparatus comprising:
a processor; a memory connected to the processor; a remotely accessible user interface running in the memory; an identity authentication program in the memory operable to receive a user identification, access a record located in a data source containing information related to the user'"'"'s recent computer activity, generate an authentication question and corresponding answer based on the record, ask the user the authentication question, receive a reply to the authentication question, compare the reply to the corresponding answer, and responsive to the reply matching the corresponding answer, provide a new password to the user. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
16. A computer readable memory containing a plurality of instructions to cause a computer to authenticate a user'"'"'s identity before resetting a password, the plurality of instructions comprising:
-
a first instruction to receive a user identification; a second instruction to access a record located in a data source containing information related to the user'"'"'s recent computer activity; a third instruction to generate an authentication question and corresponding answer based on the accessed record; a fourth instruction to ask a user the authentication question; a fifth instruction to receive a reply to the authentication question; a sixth instruction to compare the reply to the corresponding answer; and responsive to the reply matching the corresponding answer, a seventh instruction to provide a new password to the user. - View Dependent Claims (17, 18, 19, 20, 21)
-
Specification