AUTHENTICATING USERS WITH MEMORABLE PERSONAL QUESTIONS

US 20100122341A1
Filed: 11/13/2008
Published: 05/13/2010
Est. Priority Date: 11/13/2008
Status: Active Grant

First Claim

Patent Images

1. A method for verifying user identity, the method comprising:

generating a list which includes a plurality of items;

formulating a substantially large set of security questions to ask a user regarding the user'"'"'s experience and/or preference related to the plurality of items, wherein the number of security questions in the set is significantly larger than a subset of security questions presented to the user to reduce the likelihood of the same questions being asked repeatedly;

during an account creation process, presenting to the user the subset of security questions and receiving and storing a response from the user to the subset of questions, wherein at least one question in the subset is selected based on user information that is automatically extracted from devices associated with the user without explicitly requiring the user to input user information manually;

subsequently receiving a request to reset the user'"'"'s password;

presenting the subset of security questions to the requester;

receiving a response from the requester to the subset of questions; and

determining whether the requester is the user by comparing the requester'"'"'s response with the stored user response.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment provides a system that verifies a user'"'"'s identity. The system generates a list including a plurality of items and formulates a substantially large set of security questions base on the plurality of items. The number of questions in the set is significantly larger than a subset of security questions presented to the user to reduce the likelihood of the same questions being asked repeatedly. During account creation, the system presents to the user the subset of questions, and receives and stores a response from the user. At least one question in the subset is selected based on user information that is automatically extracted from devices associated with the user. Subsequently, the system receives a request to reset the user'"'"'s password and presents the subset of questions to the requester. The system determines whether the requester is the user by comparing the requester'"'"'s response with the stored user response.

Citations

24 Claims

1. A method for verifying user identity, the method comprising:
- generating a list which includes a plurality of items;
  
  formulating a substantially large set of security questions to ask a user regarding the user'"'"'s experience and/or preference related to the plurality of items, wherein the number of security questions in the set is significantly larger than a subset of security questions presented to the user to reduce the likelihood of the same questions being asked repeatedly;
  
  during an account creation process, presenting to the user the subset of security questions and receiving and storing a response from the user to the subset of questions, wherein at least one question in the subset is selected based on user information that is automatically extracted from devices associated with the user without explicitly requiring the user to input user information manually;
  
  subsequently receiving a request to reset the user'"'"'s password;
  
  presenting the subset of security questions to the requester;
  
  receiving a response from the requester to the subset of questions; and
  
  determining whether the requester is the user by comparing the requester'"'"'s response with the stored user response.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the list includes a plurality of activities, and wherein the set of security questions include questions on whether the user has engaged in one or more of the plurality of activities.
  - 3. The method of claim 2, wherein the plurality of activities include sport and outdoor activities.
  - 4. The method of claim 1, wherein the list includes a plurality of places, and wherein the set of security questions include questions on whether the user has visited one or more of the plurality of places.
  - 5. The method of claim 1, wherein the list includes a plurality of abstract classes, and wherein the set of securities questions include questions to ask the user to name canonical representatives of the one or more of the abstract classes.
  - 6. The method of claim 1, wherein the list includes a plurality of categories, wherein each category includes at least two items, and wherein the set of security questions include questions to ask the user to order the items based on the user'"'"'s preference.
  - 7. The method of claim 6, wherein the plurality of categories includes one or more of:
    - food;
      
      sport;
      
      music; and
      
      outdoor activities.
  - 8. The method of claim 1, further comprising allowing the user to select the subset of security questions.

9. A computer-readable storage medium storing instructions which when executed by a computer cause the computer to perform a method for verifying user identity, the method comprising:
- generating a list which includes a plurality of items;
  
  formulating a substantially large set of security questions to ask a user regarding the user'"'"'s experience and/or preference related to the plurality of items, wherein the number of security questions in the set is significantly larger than a subset of security questions presented to the user to reduce the likelihood of the same questions being asked repeatedly;
  
  during an account creation process, presenting to the user the subset of security questions and receiving and storing a response from the user to the subset of security questions, wherein at least one question in the subset is selected based on user information that is automatically extracted from devices associated with the user without explicitly requiring the user to input user information manually;
  
  subsequently receiving a request to reset the user'"'"'s password;
  
  presenting the subset of security questions to the requester;
  
  receiving a response from the requester to the subset of questions; and
  
  determining whether the requester is the user by comparing the requester'"'"'s response with the stored user response.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer-readable storage medium of claim 9, wherein the list includes a plurality of activities, and wherein the set of security questions include questions on whether the user has engaged in one or more of the plurality of activities.
  - 11. The computer-readable storage medium of claim 10, wherein the plurality of activities include sport and outdoor activities.
  - 12. The computer-readable storage medium of claim 9, wherein the list includes a plurality of places, and wherein the set of questions include questions on whether the user has visited the plurality of places.
  - 13. The computer-readable storage medium of claim 9, wherein the list includes a plurality of abstract classes, and wherein the set of questions include questions to ask the user to name canonical representatives of the one or more the abstract classes.
  - 14. The computer-readable storage medium of claim 9, wherein the list includes a plurality of categories, wherein each category includes at least two items, and wherein the set of security questions include questions to ask the user to order the items based on the user'"'"'s preference.
  - 15. The computer-readable storage medium of claim 14, wherein the plurality of categories include one or more of:
    - food;
      
      sport;
      
      music; and
      
      outdoor activities.
  - 16. The computer-readable storage medium of claim 9, the method further comprising allowing the user to select the subset of security questions.

17. A computer system for verifying user identity, comprising:
- a processor;
  
  a memory;
  
  a list-generating mechanism configured to generate a list which includes a plurality of items;
  
  a security-question formulating mechanism configured to formulate a substantially large set of security questions to ask the user regarding the user'"'"'s experience and/or preference related to the plurality of items, wherein the number of security questions in the set is significantly larger than a subset of security questions presented to the user to reduce the likelihood of the same questions being asked repeatedly;
  
  a first presenting mechanism configured to, during an account creation process, present to the user the subset of security questions, wherein at least one question in the subset is selected based on user information that is automatically extracted from devices associated with the user without explicitly requiring the user to input user information manually;
  
  a receiving and storing mechanism configured to receive and store a response from the user to the subset of questions;
  
  a first receiving mechanism configured to subsequently receive a request to reset the user'"'"'s password;
  
  a second presenting mechanism configured to present the subset of security questions to the requester;
  
  a second receiving mechanism configured to receive a response from the requester to the subset of questions; and
  
  a determining mechanism configure to determine whether the requester is the user by comparing the requester'"'"'s response with the stored user response.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The computer system of claim 17, wherein the list includes a plurality of activities, and wherein the set of security questions include questions on whether the user has engaged in one or more of the plurality of activities.
  - 19. The computer system of claim 18, wherein the plurality of activities include sport and outdoor activities.
  - 20. The computer system of claim 17, wherein the list includes a plurality of places, and wherein the set of security questions include questions on whether the user has visited one or more of the plurality of places.
  - 21. The computer system of claim 17, wherein the list includes a plurality of abstract classes, and wherein the set of security questions include questions to ask the user to name canonical representatives of one or more of the abstract classes.
  - 22. The computer system of claim 17, wherein the list includes a plurality of categories, wherein each category includes at least two items, and wherein the set of security questions include questions to ask the user to order the items based on the user'"'"'s preference.
  - 23. The computer system of claim 22, wherein the plurality of categories include one or more of:
    - food;
      
      sport;
      
      music; and
      
      outdoor activities.
  - 24. The computer system of claim 17, further comprising a selection mechanism configured to allow the user to select the subset of security questions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Palo Alto Research Center, Inc. (Xerox Holdings Corp.)
Inventors
Jakobsson, Bjorn Markus, Chow, Richard, Golle, Philippe J.P.

Granted Patent

US 8,161,534 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/21
CPC Class Codes

G06F 21/31   User authentication

G06F 21/316   by observing the pattern of...

G06F 21/46   by designing passwords or c...

G06F 2221/2103   Challenge-response

G06F 2221/2131   Lost password, e.g. recover...

AUTHENTICATING USERS WITH MEMORABLE PERSONAL QUESTIONS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHENTICATING USERS WITH MEMORABLE PERSONAL QUESTIONS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links