Dynamic security system and method, such as for use in a telecommunications system
First Claim
1. In a telecommunications system coupled to a user'"'"'s telecommunications device, a security apparatus comprising:
- a database storing at least one user profile, wherein the profile indicates one of a plurality of security modes selectable by the user; and
a computer coupled to communicate with the database, and coupled to the telecommunications system to receive telecommunications data transmissions, wherein the computer is configured to;
receive mode selection user input, wherein the mode selection user input includes selecting one of the plurality of security modes, wherein the selected security mode is not a personal identification number (PIN) change,store the selected security mode in the at least one user profile, wherein the user profile corresponds to the user,in response to a telecommunications call from the user, retrieve the at least one user profile,receive authorization user input, andprovide user authorization by comparing the received authorization user input to a security code based on the retrieved user profile, wherein the security code is an automatically and dynamically generated user security code based on the selected security mode,wherein the plurality of security modes includes a current time sequence recognition mode wherein the user security code is based on predetermined numerical sequence based on an hour of day, day of week, day of month and month of year, and wherein the mode selection user input includes a user selected arrangement of the hour of day, day of week, day of month and month of year.
16 Assignments
0 Petitions
Accused Products
Abstract
Rather than employing simple static personal identification numbers (PINs) that are susceptible to hacking, the disclosed security system provides multiple levels of security that may be selected by a user, based on his or her particular level of sensitivity at any given time or with respect to any given data. One level employs an algorithm that changes values, where the algorithm is known by the user. For example, the algorithm may be a series of digits based on the following: hour of day, day of week, quarter of the year, a.m. or p.m., day of the month, and month of the year. If the user knows the order of such, the user can readily generate the appropriate numeric code corresponding to the current time, and since the time continually changes, the code necessarily changes likewise. Another level sends a random part to a user, such as over their pager or phone, which they append to some user-defined, fixed portion of their PIN, or used in addition to their PIN. Another level or method requires the user to interact with a series of predetermined questions that each require a numeric response. The order of the questions would be scrambled each day, or periodically, to help change the user'"'"'s response to improve security and employ questions that typically only the user would know. Another level of security employs voice fingerprinting or voice pattern recognition. Yet another level employs a N by M matrix of random numbers, from which a user selects numbers from predetermined positions to generate a current security code. Various levels of security may be performed on the server, and are based on user'"'"'s selections, thus eliminating the need for special hardware.
70 Citations
11 Claims
-
1. In a telecommunications system coupled to a user'"'"'s telecommunications device, a security apparatus comprising:
-
a database storing at least one user profile, wherein the profile indicates one of a plurality of security modes selectable by the user; and a computer coupled to communicate with the database, and coupled to the telecommunications system to receive telecommunications data transmissions, wherein the computer is configured to; receive mode selection user input, wherein the mode selection user input includes selecting one of the plurality of security modes, wherein the selected security mode is not a personal identification number (PIN) change, store the selected security mode in the at least one user profile, wherein the user profile corresponds to the user, in response to a telecommunications call from the user, retrieve the at least one user profile, receive authorization user input, and provide user authorization by comparing the received authorization user input to a security code based on the retrieved user profile, wherein the security code is an automatically and dynamically generated user security code based on the selected security mode, wherein the plurality of security modes includes a current time sequence recognition mode wherein the user security code is based on predetermined numerical sequence based on an hour of day, day of week, day of month and month of year, and wherein the mode selection user input includes a user selected arrangement of the hour of day, day of week, day of month and month of year.
-
-
2. A method of providing security for a system, comprising:
-
receiving user input; retrieving a user profile, wherein the profile indicates one security mode; and providing authorization by comparing the received user input to a security code based on the retrieved user profile, wherein the security code is an automatically and dynamically generated user security code, wherein the system is a telecommunications system, and wherein the method includes; receiving input from the user for assigning a selected security mode selected from a plurality of security modes to at least one event, wherein the event is a predetermined time, a data type received by the telecommunications system or a source of an incoming data signal to the telecommunications system; and
wherein the predetermined time is a time of day or day of week, wherein the data type is a voice telephone call, videophone call, electronic mail transmission or a facsimile transmission, and wherein the source is an internal/external transmission or a transmission from a predetermined source.
-
-
3. A method of providing security for a system, comprising:
-
receiving user input; retrieving a user profile, wherein the profile indicates one security mode; and providing authorization by comparing the received user input to a security code based on the retrieved user profile, wherein the security code is an automatically and dynamically generated user security code, wherein the security mode includes a current time sequence recognition mode wherein the user security code is based on predetermined numerical sequence based on a hour of day, day of week, day of month and month of year, and wherein the hour of day, day of week, day of month and month of year are arranged in a predetermined fashion known by the system and the user.
-
-
4. A method of providing security for a system, comprising:
-
receiving user input selecting one of a plurality of security modes, wherein the selected security mode is not a personal identification number (PIN) change; storing the selected security mode in a user profile, wherein the user profile corresponds to the user; and providing authorization by comparing a received user input to a dynamic security code based on the stored user profile and the user selected security mode wherein the system is a telecommunications system, and wherein the method includes; receiving input from the user for assigning a selected security mode selected from the plurality of security modes to at least one event, wherein the event is a predetermined time, a data type received by the telecommunications system or a source of an incoming data signal to the telecommunications system; and
wherein the predetermined time is a time of day or day of week, wherein the data type is a voice telephone call, videophone call, electronic mail transmission or a facsimile transmission, and wherein the source is an internal/external transmission or a transmission from a predetermined source.
-
-
5. A method of providing security for a system, comprising:
-
receiving user input selecting one of a plurality of security modes, wherein the selected security mode is not a personal identification number (PIN) change; storing the selected security mode in a user profile, wherein the user profile corresponds to the user; and providing authorization by comparing a received user input to a dynamic security code based on the stored user profile and the user selected security mode, wherein the plurality of security modes includes a current time sequence recognition mode wherein the dynamic security code is based on predetermined sequence based on a hour of day, day of week, day of month and month of year, and wherein the hour of day, day of week, day of month and month of year are arranged in a predetermined fashion by the method and known by the user.
-
-
6. An apparatus for restricting access to one or more resources, the apparatus comprising:
-
a computer logically coupled to the one or more resources, wherein the computer is configured to receive user input;
retrieve a user profile, wherein the profile indicates at least one security mode;
automatically and dynamically generate a user security code based on the indicated security mode and the retrieved user profile; andprovide authorization by comparing the received user input to the dynamically generated user security code, wherein the security mode includes a current time sequence recognition mode wherein the user security code is based on predetermined numerical sequence based on a hour of day, day of week, day of month and month of year, and wherein the hour of day, day of week, day of month and month of year are arranged in a predetermined fashion known by the computer and the user.
-
-
7. A computer-readable, signal bearing medium storing instructions for a computer for providing security for a system, the instructions comprising:
-
receiving user input; retrieving a user profile, wherein the profile indicates at least one security mode; and providing authorization by comparing the received user input to a security code based on the retrieved user profile, wherein the security code is an automatically and dynamically generated user security code, wherein the security mode includes a current time sequence recognition mode wherein the user security code is based on predetermined numerical sequence based on a hour of day, day of week, day of month and month of year, and wherein the hour of day, day of week, day of month and month of year are arranged in a predetermined fashion known by the system and the user.
-
-
8. A computer-readable, signal bearing medium storing instructions for a computer for providing security for a system, the instructions comprising:
-
receiving user input; retrieving a user profile, wherein the profile indicates at least one security mode; and providing authorization by comparing the received user input to a security code based on the retrieved user profile, wherein the security code is an automatically and dynamically generated user security code, wherein the instructions include; receiving user input selecting one of a plurality of scrambling modes; and providing an indication to the user of an initial code, where the indication is provided to the user over another system that differs from the system; and wherein receiving user input includes receiving a true security code corresponding to the indicated initial code modified by the user based on the selected mode.
-
-
9. A computer-readable and computer-generated data signal transmitted via a transmission medium, the generated data signal permitting a computer system to perform a method of providing security for a system, comprising:
-
receiving user input selecting one of a plurality of security modes, wherein the selected security mode is not a personal identification number (PIN) change; storing the selected security mode in a user profile, wherein the user profile corresponds to the user; and providing authorization by comparing a received user input to a dynamic security code based on the stored user profile and the user selected security mode, wherein the plurality of security modes includes a current time sequence recognition mode wherein the dynamic security code is based on predetermined sequence based on a hour of day, day of week, day of month and month of year, and wherein the hour of day, day of week, day of month and month of year are arranged in a predetermined fashion by the method and known by the user.
-
-
10. In a system, a user prompt signal for use in providing security for the system, comprising:
-
a first user prompt portion for instructing a user to select one of a plurality of security modes; a second user prompt portion for instructing a user to input a modification to a user profile, wherein the user profile corresponds to the user, wherein the modification applies to a user selected security mode, and wherein the selected security mode and modification are not a personal identification number (PIN) change; and a third user prompt portion for instructing a user to input a dynamic security code based on the modified user profile and the user selected security mode, wherein the first user prompt portion includes selecting one of a plurality of transmitted code scrambling modes corresponding to methods of generating a dynamic security code based on an initial code transmitted to the user.
-
-
11. A computer-readable medium containing a data structure for use in restricting access to resources, the data structure comprising:
-
at least first and second fields identifying respective first and second user-selectable security modes, wherein the first and second security modes do not both represent a personal identification number (PIN) change, and wherein the first and second security modes each restrict access to the resources; and at least a third field comprising parameters associated with a user-selected one of the first and second security modes, wherein the first security modes includes a current time sequence recognition mode wherein the dynamic security code is based on predetermined sequence based on a hour of day, day of week, day of month and month of year, and wherein the data structure includes fields indicating an order of hour of day, day of week, day of month and month of year variables.
-
Specification