Authentication Using Transient Event Data

US 20110191838A1
Filed: 02/02/2010
Published: 08/04/2011
Est. Priority Date: 02/02/2010
Status: Active Grant

First Claim

Patent Images

1. A computer readable medium storing a computer program for execution by a processing unit, the computer program for authenticating a user, the computer program comprising sets of instructions for:

receiving a notification that a remote user is unable to provide correct authentication information for accessing a set of application servers;

generating authentication questions for the remote user using transient event data regarding previous interactions of the remote user with the application servers, the authentication questions for presentation to the remote user; and

validating the remote user based on answers to the authentication questions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments provide a method for authenticating a user to access computing resources that uses transient event data regarding previous interactions of the user with the computing resources. The method receives a notification that a user is unable to provide a correct user identifier and password. The method generates authentication questions for the remote user using the transient event data. The authentication questions are presented to the user. The method authenticates the user based on answers to the password recovery questions. The user may be a remote user and the computing resources are a set of application servers to which the user has forgotten a password. The computing resources may be a portable device that the user wishes to access remotely in order to delete data from the portable device.

Citations

27 Claims

1. A computer readable medium storing a computer program for execution by a processing unit, the computer program for authenticating a user, the computer program comprising sets of instructions for:
- receiving a notification that a remote user is unable to provide correct authentication information for accessing a set of application servers;
  
  generating authentication questions for the remote user using transient event data regarding previous interactions of the remote user with the application servers, the authentication questions for presentation to the remote user; and
  
  validating the remote user based on answers to the authentication questions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The computer readable medium of claim 1, wherein the set of instructions for validating the remote user comprises sets of instructions for:
    - receiving answers from the remote user to the authentication questions;
      
      determining whether the received answers are correct; and
      
      determining that enough of the answers are correct for the user to be validated.
  - 3. The computer readable medium of claim 2, wherein the user is validated only when all of the answers are correct.
  - 4. The computer readable medium of claim 2, wherein the user is validated when more than a particular percentage of the answers are correct.
  - 5. The computer readable medium of claim 1, wherein the computer program further comprises a set of instructions for refusing validation to the remote user based on answers to the authentication questions.
  - 6. The computer readable medium of claim 5, wherein the set of instructions for refusing validation comprises sets of instructions for:
    - receiving answers from the remote user to the authentication questions;
      
      determining whether the received answers are correct; and
      
      determining that not enough of the answers are correct for the user to be validated.
  - 7. The computer readable medium of claim 1, wherein the set of application servers comprises a plurality of application servers.
  - 8. The computer readable medium of claim 1, wherein the correct authentication information comprises a user identifier and password.
  - 9. The computer readable medium of claim 1, wherein the correct authentication information comprises a valid digital certificate.
  - 10. The computer readable medium of claim 1, wherein the set of application servers comprises an e-mail server.
  - 11. The computer readable medium of claim 10, wherein the transient event data comprises recipients of recent e-mails from the remote user and one of the authentication questions requires the user to type a name a recipient.
  - 12. The computer readable medium of claim 1, wherein the set of application servers comprises a chat server.
  - 13. The computer readable medium of claim 12, wherein the transient event data comprises contacts with whom the remote user has recently chatted and one of the authentication questions requires the user to select a particular contact from a list of contacts.
  - 14. The computer readable medium of claim 1, wherein the computer program further comprises a set of instructions for retrieving the transient data from a set of databases for storing the transient event data.
  - 15. The computer readable medium of claim 1, wherein the set of databases comprises a separate database for each of the application servers.

16. A computer readable medium storing a computer program which when executed by a processing unit contacts a portable device, the computer program comprising sets of instructions for:
- receiving a notification that a user of the portable device wants to remove personal data from the portable device;
  
  connecting remotely to the portable device;
  
  retrieving transient event data regarding previous interactions of the user with the portable device;
  
  generating authentication questions for the user based on the retrieved transient event data, the authentication questions for presentation to the user; and
  
  when the user answers enough of the authentication questions correctly, initiating a procedure on the portable device to remove personal data from the device.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The computer readable medium of claim 16, wherein the transient event data is retrieved from the portable device.
  - 18. The computer readable medium of claim 16, wherein the computer readable medium is a computer readable medium of a second device different from the portable device, wherein the transient event data is retrieved from a storage on the second device.
  - 19. The computer readable medium of claim 18, wherein the second device is a server, wherein the user connects to the server remotely through a third device.
  - 20. The computer readable medium of claim 16, wherein the portable device is a smartphone.
  - 21. The computer readable medium of claim 16, wherein the device comprises firmware and the removed personal data does not include the firmware.
  - 22. The computer readable medium of claim 16, wherein the removed personal data comprises the transient event data.
  - 23. The computer readable medium of claim 16, wherein the computer program further comprises a set of instructions for identifying a physical location of the portable device.

24. A method comprising:
- defining a first module for (i) locating and connecting to a portable device through a network, (ii) retrieving transient event data from the portable device that relates to a user'"'"'s interactions with the portable device, and (iii) upon authentication of the user, initiating a process on the portable device to remove user data from the portable device; and
  
  defining a second module for (i) generating authentication questions using the transient event data and (ii) authenticating the user based on responses to the generated authentication questions.
- View Dependent Claims (25, 26, 27)
- - 25. The method of claim 24, wherein the process on the portable device deletes the transient event data.
  - 26. The method of claim 24, wherein the second module is further for generating a graphical user interface for presenting the questions to the user.
  - 27. The method of claim 26 further comprising a set of communication modules for (i) communicating with the portable device through a first network and (ii) communicating with a second device, at which the user is located, through a second network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Yanagihara, Kazu

Granted Patent

US 8,973,154 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06F 15/16   Combinations of two or more...

G06F 21/00   Security arrangements for p...

G06F 21/31   User authentication

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2103   Challenge-response

G06F 2221/2143   Clearing memory, e.g. to pr...

H04L 63/308   retaining data, e.g. retain...

H04L 9/321   involving a third party or ...

Authentication Using Transient Event Data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication Using Transient Event Data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links