User authentication without prior user enrollment
First Claim
1. A method for authenticating a user, comprising;
- obtaining authorized access to a plurality of data sources;
identifying a plurality of fields in the plurality of data sources, wherein each field stores a value known to the user;
for each identified field, generating at least one question whose correct answer is the value stored in the field;
wherein none of the questions is password related;
for each generated question, associating the generated question with the identified field and with the plurality of data sources;
in response to receiving a request from the user to access at least one of a plurality of protected resources,presenting to the user at least one generated question, by;
transmitting to the user a first generated question;
in response to receiving an answer to the first generated question from the user;
identifying the data source and the field associated with the first generated question;
using an indication of the user'"'"'s identity to query and retrieve from the data source the correct answer;
comparing the user'"'"'s answer with the retrieved correct answer; and
discarding the retrieved correct answer after the compare;
transmitting to the user a next generated question only if the user'"'"'s answer is correct; and
repeating the comparing and transmitting steps until each of the at least one generated questions presented has been answered correctly, wherein a number of generated questions the user must answer correctly is determined based on a level of security required to access the at least one protected resource;
granting access to the at least one protected resource if the user correctly answers each of the at least one generated questions presented, whereby a user'"'"'s identity is authenticated without requiring the user to provide a password or biometric data, and without requiring the user to enroll prior to access;
denying access to the protected resource if the user incorrectly answers any of the at least one generated questions presented; and
transmitting an alert message indicating that an attempt to access the protected resource by the user was unsuccessful.
1 Assignment
0 Petitions
Accused Products
Abstract
Authenticating a user includes providing a plurality of questions based on user related information stored in at least one data source, wherein none of the plurality of questions is password related. At least one of the plurality of questions is presented to the user in response to receiving a request from the user to access one or more protected resources. Access is granted to the authorized set of protected resources if the user correctly answers each of the at least one questions presented. According to the present invention, the user'"'"'s identity is authenticated without requiring the user to provide a password or biometric data, and without requiring the user to enroll prior to access.
-
Citations
18 Claims
-
1. A method for authenticating a user, comprising;
-
obtaining authorized access to a plurality of data sources; identifying a plurality of fields in the plurality of data sources, wherein each field stores a value known to the user; for each identified field, generating at least one question whose correct answer is the value stored in the field;
wherein none of the questions is password related;for each generated question, associating the generated question with the identified field and with the plurality of data sources; in response to receiving a request from the user to access at least one of a plurality of protected resources, presenting to the user at least one generated question, by; transmitting to the user a first generated question; in response to receiving an answer to the first generated question from the user; identifying the data source and the field associated with the first generated question; using an indication of the user'"'"'s identity to query and retrieve from the data source the correct answer; comparing the user'"'"'s answer with the retrieved correct answer; and discarding the retrieved correct answer after the compare; transmitting to the user a next generated question only if the user'"'"'s answer is correct; and repeating the comparing and transmitting steps until each of the at least one generated questions presented has been answered correctly, wherein a number of generated questions the user must answer correctly is determined based on a level of security required to access the at least one protected resource; granting access to the at least one protected resource if the user correctly answers each of the at least one generated questions presented, whereby a user'"'"'s identity is authenticated without requiring the user to provide a password or biometric data, and without requiring the user to enroll prior to access; denying access to the protected resource if the user incorrectly answers any of the at least one generated questions presented; and transmitting an alert message indicating that an attempt to access the protected resource by the user was unsuccessful. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An identity management system for authenticating a user comprising:
-
a plurality of data sources for storing user related information, wherein at least one of the data sources is either a private database or a public database with restricted access; and a server coupled to the at least one data source, wherein the server includes; a processor for executing an identity management service (IMS) application, wherein the IMS application functions for; obtaining authorized access to the at least one data source; identifying a plurality of fields in the at least one data source, wherein each field stores a value known to the user; generating, for each identified field, at least one question whose correct answer is the value stored in the field; associating the least one generated question for each identified field with the identified field and with the data source; and a communication interface for transmitting to the user the at least one generated question in response to receiving a request from the user to access at least one of a plurality of protected resources, and for receiving an answer to the at least one generated question from the user, a query module for identifying the data source and the field associated with the at least one generated question transmitted to the user, composing a query that includes an identity of the user and the field, submitting the query to the data source, and receiving from the data source a correct answer to the question transmitted; and a compare module coupled to the query module for comparing the user'"'"'s answer to the correct answer, and for discarding the correct answer received from the data source after the compare, wherein the IMS application transmits to the user a next generated question only if the user'"'"'s answer is correct, and repeats the comparing and transmitting steps until each of the at least one generated questions transmitted has been answered correctly, wherein the IMS application authenticates the user without requiring a password or biometric data, and without requiring the user to enroll, and wherein the IMS application denies access to the protected resource if the user incorrectly answers any of the at least one generated questions presented and transmits an alert message indicating that an attempt to access the protected resource by the user was unsuccessful. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer readable medium containing programming instructions for authenticating a user comprising instructions for:
-
obtaining authorized access to a plurality of data sources; identifying a plurality of fields in the plurality of data sources, wherein each field stores a value known to the user; for each identified field, generating at least one question whose correct answer is the value stored in the field; for each generated question, associating the generated question with the identified field and with the plurality of data sources; in response to receiving a request from the user to access at least one of a plurality of protected resources, presenting to the user at least one generated question by transmitting to the user a first generated question; in response to receiving an answer to the first generated question from the user; identifying the data source and the field associated with the first generated question presented; using the indication of the user'"'"'s identity to retrieve from the data source the correct answer; comparing the user'"'"'s answer with the retrieved correct answer; and discarding the retrieved correct answer after the comparing; transmitting to the user a next generated question only if the user'"'"'s answer is correct; and repeating the comparing and transmitting steps until each of the at least one generated questions presented has been answered correctly, wherein a number of generated questions the user must answer correctly is determined based on a level of security required to access the at least one protected resource; and granting access to the at least one protected resource if the user correctly answers each of the at least one generated questions presented, whereby a user'"'"'s identity is authenticated without requiring the user to provide a password or biometric data, and without requiring the user to enroll prior to access; denying access to the protected resource if the user incorrectly answers any of the at least one generated questions presented; and transmitting an alert message indicating that an attempt to access the protected resource by the user was unsuccessful. - View Dependent Claims (12, 13, 14, 15)
-
-
16. An authentication server for authenticating a user comprising:
-
a processor for executing an identity management service (IMS) application, wherein the MS application obtains authorized access to at least one of a plurality of external data sources, identifies a plurality of fields in the at least one external data source, wherein each field stores a value known to the user, generates, for each identified field, at least one challenge question whose correct answer is the value stored in the field, and associates each challenge question with the identified field and with the at least one external data source; memory for storing the challenge questions; a communication interface for receiving a request from the user to access at least one protected resource, for transmitting at least one challenge question to the user; and
for receiving from the user an answer to the at least one challenge question;a query module for identifying the data source and the field associated with the at least one generated question presented to the user, composing a query that includes the user'"'"'s identity and the field, submitting the query to the data source, and receiving from the data source a correct answer to the question presented; and a compare module coupled to the query module for comparing the user'"'"'s answer to the correct answer, and for discarding the correct answer received from the data source after the comparing, wherein the IMS application transmits to the user a next challenge question only if the user'"'"'s answer is correct; and
repeats the comparing and transmitting steps until each of the at least one challenge questions presented has been answered correctly, wherein a number of challenge questions the user must answer correctly is determined based on a level of security required to access the at least one protected resource, wherein the IMS application determines whether the user'"'"'s answer is correct and authenticates the user if the user correctly answers the at least one challenge question; and
wherein the IMS application denies access to the protected resource if the user incorrectly answers any of the at least one generated questions presented, and transmits an alert message indicating that an attempt to access the protected resource by the user was unsuccessful. - View Dependent Claims (17, 18)
-
Specification