Enhancing Password Protection

US 20130333010A1
Filed: 02/22/2013
Published: 12/12/2013
Est. Priority Date: 06/07/2012
Status: Active Grant

First Claim

Patent Images

1. A method, in a data processing system, for enhancing password protection, the method comprisingreceiving, by processor, a combination password from a user, wherein the combination password comprises dynamic text interspersed within a static user password;

determining, by the processor, whether the combination password is to be verified without the dynamic text;

responsive to identifying that the combination password is to be verified without the dynamic text, filtering, by the processor, the dynamic text from the combination password based on an identified dynamic suggestion issued to the user prior to the combination password being received thereby forming a filtered password;

authenticating, by the processor, the filtered password using information stored for the user; and

responsive to validating the filtered password, granting, by the processor, access by the user to a secured system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mechanism is provided for enhancing password protection. a combination password that comprises dynamic text interspersed within a static user password is received from a user. A determination is made as to whether the combination password is to be verified without the dynamic text. Responsive to identifying that the combination password is to be verified without the dynamic text, the dynamic text is filtered from the combination password based on an identified dynamic suggestion issued to the user prior to the combination password being received thereby forming a filtered password. The filtered password is then authenticated using information stored for the user. Responsive to validating the filtered password, access is granted by the user to a secured system.

24 Citations

View as Search Results

8 Claims

1. A method, in a data processing system, for enhancing password protection, the method comprisingreceiving, by processor, a combination password from a user, wherein the combination password comprises dynamic text interspersed within a static user password;
- determining, by the processor, whether the combination password is to be verified without the dynamic text;
  
  responsive to identifying that the combination password is to be verified without the dynamic text, filtering, by the processor, the dynamic text from the combination password based on an identified dynamic suggestion issued to the user prior to the combination password being received thereby forming a filtered password;
  
  authenticating, by the processor, the filtered password using information stored for the user; and
  
  responsive to validating the filtered password, granting, by the processor, access by the user to a secured system.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein filtering the dynamic text from the combination password based on an identified dynamic suggestion issued to the user prior to the combination password being received further forms filtered dynamic text and wherein the method further comprises:
    - comparing, by the processor, the filtered dynamic text against an identified dynamic suggestion issued to the user.
  - 3. The method of claim 1, further comprising:
    - responsive to identifying that the combination password is to be verified with the dynamic text, constructing, by the processor, a comparison password utilizing the stored password and the identified dynamic suggestion;
      
      comparing, by the processor, the comparison password to the combination password received from the user,determining, by the processor, whether the comparison password matches the combination password; and
      
      responsive to identifying a match of the comparison password to the combination password, granting, by the processor, access by the user to the secured system.
  - 4. The method of claim 1, further comprising:
    - receiving, by the processor, a user id of the user attempting to access the secured system;
      
      verifying, by the processor, that the user is a valid user id by comparing the user id to a data structure of valid user ids;
      
      responsive to the user being a valid user, identifying, by the processor, a current risk level of the secured system in a current time period;
      
      responsive to the current risk level being greater than a lowest risk level, identifying, by the processor, the dynamic suggestion from a data structure of dynamic suggestions to use for the current risk level; and
      
      sending, by the processor, the identified dynamic suggestion to the user in order for the user to generate the combination password.
  - 5. The method of claim 1, wherein the combination password is generated by the method comprising:
    - presenting, by the processor, the dynamic suggestion to the user, wherein the dynamic suggestion instructs the user to enter a first text value at a first identified location from a grid card either after or before a first identified character position of the static user password and wherein the dynamic suggestion further instructs the user to enter at least one subsequent text value at a subsequent identified location from the grid card either after or before at least one subsequent identified character position of the static user password.
  - 6. The method of claim 1, wherein the combination password is generated by the method comprising:
    - presenting, by the processor, a set of instructions associated with the dynamic suggestion to the user, wherein the set of instructions instructs the user to enter a first portion of the static user password followed by a first value identified in a first CAPTCHA pop-up presented to the user and wherein the set of instructions further instructs the user to enter a t least one subsequent portion of the static user password followed by at least one subsequent text value identified in a subsequent CAPTCHA pop-up presented to the user.
  - 7. The method of claim 1, wherein the combination password is generated by the method comprising:
    - presenting, by the processor, a set of instructions associated with the dynamic suggestion to the user, wherein the set of instructions instructs the user to enter a first portion of the static user password followed by a first text value at a first identified location identified in a first CAPTCHA pop-up presented to the user from a grid card and wherein the set of instructions further instructs the user to enter at lease one subsequent portion of the static user password followed by at least one subsequent text value at a subsequent identified location identified in an subsequent CAPTCHA pop-up presented to the user from the grid card.

8-21. -21. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Chougle, Abdullah Q., Chougule, Vishal V., Jain, Priyanka P.

Granted Patent

US 8,856,904 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06F 21/31 User authentication

G06F 21/46 by designing passwords or c...

Enhancing Password Protection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Enhancing Password Protection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links