AUTHENTICATING USERS WITH MEMORABLE PERSONAL QUESTIONS
First Claim
1. A method for verifying user identity, the method comprising:
- generating a list which includes a plurality of items;
formulating a substantially large set of security questions to ask a user regarding the user'"'"'s experience and/or preference related to the plurality of items, wherein the number of security questions in the set is significantly larger than a subset of security questions presented to the user to reduce the likelihood of the same questions being asked repeatedly;
during an account creation process, presenting to the user the subset of security questions and receiving and storing a response from the user to the subset of questions, wherein at least one question in the subset is selected based on user information that is automatically extracted from devices associated with the user without explicitly requiring the user to input user information manually;
subsequently receiving a request to reset the user'"'"'s password;
presenting the subset of security questions to the requester;
receiving a response from the requester to the subset of questions; and
determining whether the requester is the user by comparing the requester'"'"'s response with the stored user response.
2 Assignments
0 Petitions
Accused Products
Abstract
One embodiment provides a system that verifies a user'"'"'s identity. The system generates a list including a plurality of items and formulates a substantially large set of security questions base on the plurality of items. The number of questions in the set is significantly larger than a subset of security questions presented to the user to reduce the likelihood of the same questions being asked repeatedly. During account creation, the system presents to the user the subset of questions, and receives and stores a response from the user. At least one question in the subset is selected based on user information that is automatically extracted from devices associated with the user. Subsequently, the system receives a request to reset the user'"'"'s password and presents the subset of questions to the requester. The system determines whether the requester is the user by comparing the requester'"'"'s response with the stored user response.
-
Citations
24 Claims
-
1. A method for verifying user identity, the method comprising:
-
generating a list which includes a plurality of items; formulating a substantially large set of security questions to ask a user regarding the user'"'"'s experience and/or preference related to the plurality of items, wherein the number of security questions in the set is significantly larger than a subset of security questions presented to the user to reduce the likelihood of the same questions being asked repeatedly; during an account creation process, presenting to the user the subset of security questions and receiving and storing a response from the user to the subset of questions, wherein at least one question in the subset is selected based on user information that is automatically extracted from devices associated with the user without explicitly requiring the user to input user information manually; subsequently receiving a request to reset the user'"'"'s password; presenting the subset of security questions to the requester; receiving a response from the requester to the subset of questions; and determining whether the requester is the user by comparing the requester'"'"'s response with the stored user response. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-readable storage medium storing instructions which when executed by a computer cause the computer to perform a method for verifying user identity, the method comprising:
-
generating a list which includes a plurality of items; formulating a substantially large set of security questions to ask a user regarding the user'"'"'s experience and/or preference related to the plurality of items, wherein the number of security questions in the set is significantly larger than a subset of security questions presented to the user to reduce the likelihood of the same questions being asked repeatedly; during an account creation process, presenting to the user the subset of security questions and receiving and storing a response from the user to the subset of security questions, wherein at least one question in the subset is selected based on user information that is automatically extracted from devices associated with the user without explicitly requiring the user to input user information manually; subsequently receiving a request to reset the user'"'"'s password; presenting the subset of security questions to the requester; receiving a response from the requester to the subset of questions; and determining whether the requester is the user by comparing the requester'"'"'s response with the stored user response. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer system for verifying user identity, comprising:
-
a processor; a memory; a list-generating mechanism configured to generate a list which includes a plurality of items; a security-question formulating mechanism configured to formulate a substantially large set of security questions to ask the user regarding the user'"'"'s experience and/or preference related to the plurality of items, wherein the number of security questions in the set is significantly larger than a subset of security questions presented to the user to reduce the likelihood of the same questions being asked repeatedly; a first presenting mechanism configured to, during an account creation process, present to the user the subset of security questions, wherein at least one question in the subset is selected based on user information that is automatically extracted from devices associated with the user without explicitly requiring the user to input user information manually; a receiving and storing mechanism configured to receive and store a response from the user to the subset of questions; a first receiving mechanism configured to subsequently receive a request to reset the user'"'"'s password; a second presenting mechanism configured to present the subset of security questions to the requester; a second receiving mechanism configured to receive a response from the requester to the subset of questions; and a determining mechanism configure to determine whether the requester is the user by comparing the requester'"'"'s response with the stored user response. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification