USING SOCIAL INFORMATION FOR AUTHENTICATING A USER SESSION

US 20100229223A1
Filed: 03/06/2009
Published: 09/09/2010
Est. Priority Date: 03/06/2009
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for authenticating a request for access to a computing resource, the method comprising:

receiving a request from a requester for access to a computing resource, wherein the request identifies a member;

obtaining information related to the member'"'"'s connections on a social network and forming a challenge question, wherein an answer to the challenge question is based at least in part on the obtained information related to the member'"'"'s connections on the social network;

sending the challenge question to the requester; and

responsive to receiving a correct answer to the challenge question, allowing the requested access.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A social CAPTCHA is presented to authenticate a member of the social network. The social CAPTCHA includes one or more challenge questions based on information available in the social network, such as the user'"'"'s activities and/or connections in the social network. The social information selected for the social CAPTCHA may be determined based on affinity scores associated with the member'"'"'s connections, so that the challenge question relates to information that the user is more likely to be familiar with. A degree of difficulty of challenge questions may be determined and used for selecting the CAPTCHA based on a degree of suspicion.

287 Citations

39 Claims

1. A computer implemented method for authenticating a request for access to a computing resource, the method comprising:
- receiving a request from a requester for access to a computing resource, wherein the request identifies a member;
  
  obtaining information related to the member'"'"'s connections on a social network and forming a challenge question, wherein an answer to the challenge question is based at least in part on the obtained information related to the member'"'"'s connections on the social network;
  
  sending the challenge question to the requester; and
  
  responsive to receiving a correct answer to the challenge question, allowing the requested access.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the request is received by a social networking website.
  - 3. The method of claim 1, wherein obtaining information related to the member'"'"'s connections on a social network requires communicating with a social networking website using application programming interface provided by the social networking website.
  - 4. The method of claim 1, further comprising:
    - determining whether the request is received from a suspicious source; and
      
      determining the difficulty of the challenge question sent to the requester based on whether the source is suspicious.
  - 5. The method of claim 1, further comprising:
    - sending to the requester a plurality of answers for the challenge question comprising at least a correct answer and one or more incorrect answers.
  - 6. The method of claim 5, further comprising:
    - determining whether the request is received from a suspicious source; and
      
      determining the number of answers in the plurality of answers for the challenge question based on whether the source is suspicious or not.
  - 7. The method of claim 1, wherein the challenge question requires an identification of a name of one of the member'"'"'s connections in the social network given an image of the connection.
  - 8. The method of claim 1, wherein the challenge question requires an identification of an image of one of the member'"'"'s connections in the social network given a name of the connection.
  - 9. The method of claim 1, wherein the challenge question requires an identification of one of the member'"'"'s connections in the social network given an image showing the connection and the member.
  - 10. The method of claim 1, wherein the challenge question requires an identification of one of the member'"'"'s connections with whom the member has recently interacted in the social network.
  - 11. The method of claim 1, wherein the challenge question requires an identification of information associated with of one of the member'"'"'s connections in the social network and the connection is selected based on a determination of an affinity between the connection and the member.
  - 12. The method of claim 11, wherein the affinity between the connection and the member is based on one or more interactions between the connection and the member in the social network.
  - 13. The method of claim 1, wherein the request is a request to login to the member'"'"'s account.
  - 14. The method of claim 1, wherein the request is a request to broadcast a message.
  - 15. The method of claim 1, wherein the request is a request to conduct an online purchase on behalf of the member.
  - 16. The method of claim 1, further comprising:
    - responsive to receiving an incorrect answer to the challenge question, denying the requested access.

17. A computer implemented method for generating a challenge question based on information related to a member, the method comprising:
- receiving a request from a requester for generating a challenge question based on information related to a member;
  
  obtaining information related to the member'"'"'s connections on a social network and forming a challenge question, wherein an answer to the challenge question is based at least in part on the obtained information related to the member'"'"'s connections on the social network; and
  
  sending the challenge question to the requester.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 18. The method of claim 17, wherein the request is received by a social networking website.
  - 19. The method of claim 17, further comprising:
    - receiving a suspiciousness score value from the requester; and
      
      determining the difficulty of the challenge question based on the suspiciousness score value.
  - 20. The method of claim 17, further comprising:
    - sending to the requester a plurality of answers for the challenge question comprising at least a correct answer and one or more incorrect answers.
  - 21. The method of claim 20, further comprising:
    - receiving a suspiciousness score value from the requester; and
      
      determining the number of answers in the plurality of answers based on the suspiciousness score value.
  - 22. The method of claim 17, wherein the challenge question requires an identification of a name of one of the member'"'"'s connections in the social network given an image of the connection.
  - 23. The method of claim 17, wherein the challenge question requires an identification of an image of one of the member'"'"'s connections in the social network given a name of the connection.
  - 24. The method of claim 17, wherein the challenge question requires an identification of one of the member'"'"'s connections in the social network given an image showing the connection and the member.
  - 25. The method of claim 17, wherein the challenge question requires an identification of one of the member'"'"'s connections with whom the member has recently interacted in the social network.
  - 26. The method of claim 17, wherein the challenge question requires an identification of information associated with one of the member'"'"'s connections in the social network, wherein the connection is selected based on a determination of an affinity between the connection and the member.
  - 27. The method of claim 26, wherein the affinity between the connection and the member is based on one or more interactions between the connection and the member in the social network.

28. A computer implemented method for authenticating a request for access to a computing resource, the method comprising:
- receiving a request from a requester for access to a computing resource, wherein the request identifies a member;
  
  sending a request for a challenge question, wherein an answer to the challenge question is based at least in part on the obtained information related to the member'"'"'s connections on the social networkreceiving the challenge question and sending the challenge question to the requestor; and
  
  responsive to receiving a correct answer to the challenge question, allowing the requested access.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 29. The method of claim 28, further comprising:
    - determining whether the request is received from a suspicious source; and
      
      determining the difficulty of questions sent to the requester based on whether the source is suspicious.
  - 30. The method of claim 28, further comprising:
    - receiving a plurality of answers for the challenge question comprising at least a correct answer and one or more incorrect answers and sending the plurality of answers to the requestor.
  - 31. The method of claim 28, wherein the challenge question requires an identification of a name of one of the member'"'"'s connections in the social network given an image of the connection.
  - 32. The method of claim 28, wherein the challenge question requires an identification of an image of one of the member'"'"'s connections in the social network given a name of the connection.
  - 33. The method of claim 28, wherein the challenge question requires an identification of one of the member'"'"'s connections in the social network given an image showing the connection and the member.
  - 34. The method of claim 28, wherein the challenge question requires an identification of one of the member'"'"'s connections with whom the member has recently interacted in the social network.
  - 35. The method of claim 28, wherein the request is a request to login to the member'"'"'s account.
  - 36. The method of claim 28, wherein the request is a request to broadcast a message.
  - 37. The method of claim 28, wherein the request is a request to conduct an online purchase on behalf of the member.
  - 38. The method of claim 28, further comprising:
    - responsive to receiving an incorrect answer to the challenge question, denying the requested access.

39. A computer program product having a computer-readable storage medium storing computer-executable code for authenticating a request for access to a computing resource, the code comprising:
- a web server module configured to;
  
  receive a request from a requester for access to a computing resource, wherein the request identifies a member;
  
  a CAPTCHA manager module configured to;
  
  obtain information related to the member'"'"'s connections on a social network and forming a challenge question, wherein an answer to the challenge question is based at least in part on the obtained information related to the member'"'"'s connections on the social network; and
  
  the web server module further configured to;
  
  send the challenge question to the requester; and
  
  responsive to receiving a correct answer to the challenge question, allow the requested access.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Original Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Inventors
Perry, Todd, Popov, Lev, Shepard, Luke Jonathan, Chen, William

Granted Patent

US 8,910,251 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

G06F 21/31   User authentication

H04L 63/083   using passwords cryptograph...

H04L 67/02   based on web technology, e....

USING SOCIAL INFORMATION FOR AUTHENTICATING A USER SESSION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

287 Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

USING SOCIAL INFORMATION FOR AUTHENTICATING A USER SESSION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

287 Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links