Multiple choice challenge-response user authorization system and method
First Claim
Patent Images
1. A user authentication system, comprising:
- a dialogue manager, executed on a processor of the user authentication system, adapted to prompt a user with multiple pass-phrases and requests the user to select a proper subset from the prompted multiple pass-phrase during authentication;
wherein the prompted multiple pass-phrases are formed by selecting one or more pass-phrases from a set of pass-phrases satisfying a rule associated with the user and selecting one or more pass-phrases that do not satisfy the rule associated with user, wherein the rule associated with the user is determined prior to authentication and is not suggested to the user during authentication;
a selection recognizer, executed on the processor of the user authentication system, adapted to recognize user selection of a proper subset of the prompted multiple pass-phrases;
a user input adapted to capture a user biometric from the user selection;
a biometric matching module, executed on the processor of the user authentication system, adapted to perform a biometric match between the user biometric and at least one biometric model associated with a potential user identity, wherein said user identity analysis module is adapted to analyze the potential user identity based on the biometric match between the user biometric and the at least one biometric model; and
a user identity analysis module, executed on the processor of the user authentication system, adapted to analyze at least one potential user identity based on whether the pass-phrases in the proper subset of user selection each satisfy the rule associated with the user, wherein said dialogue manager is adapted to recursively prompt the user with new sets of multiple, selectable pass-phrases randomly assembled from a pass-phrase corpus over multiple dialogue turns, and said user identity analysis module is adapted to combine selection results and biometric match results from each dialogue turn to yield dialogue turn results and combine the dialogue turn results from each dialogue turn to form a cumulative result and authorize the user when the cumulative result exceeds a threshold.
3 Assignments
0 Petitions
Accused Products
Abstract
A user authentication system includes a dialogue manager adapted to prompt the user with multiple, selectable pass-phrases. A selection recognizer recognizes user selection of at least one of the multiple, selectable pass-phrases. A user identity analysis module analyzes one or more potential user identities based on adherence of user selection of the pass-phrase to predetermined pass-phrase selection criteria assigned one or more enrolled users.
35 Citations
39 Claims
-
1. A user authentication system, comprising:
-
a dialogue manager, executed on a processor of the user authentication system, adapted to prompt a user with multiple pass-phrases and requests the user to select a proper subset from the prompted multiple pass-phrase during authentication;
wherein the prompted multiple pass-phrases are formed by selecting one or more pass-phrases from a set of pass-phrases satisfying a rule associated with the user and selecting one or more pass-phrases that do not satisfy the rule associated with user, wherein the rule associated with the user is determined prior to authentication and is not suggested to the user during authentication;a selection recognizer, executed on the processor of the user authentication system, adapted to recognize user selection of a proper subset of the prompted multiple pass-phrases; a user input adapted to capture a user biometric from the user selection; a biometric matching module, executed on the processor of the user authentication system, adapted to perform a biometric match between the user biometric and at least one biometric model associated with a potential user identity, wherein said user identity analysis module is adapted to analyze the potential user identity based on the biometric match between the user biometric and the at least one biometric model; and a user identity analysis module, executed on the processor of the user authentication system, adapted to analyze at least one potential user identity based on whether the pass-phrases in the proper subset of user selection each satisfy the rule associated with the user, wherein said dialogue manager is adapted to recursively prompt the user with new sets of multiple, selectable pass-phrases randomly assembled from a pass-phrase corpus over multiple dialogue turns, and said user identity analysis module is adapted to combine selection results and biometric match results from each dialogue turn to yield dialogue turn results and combine the dialogue turn results from each dialogue turn to form a cumulative result and authorize the user when the cumulative result exceeds a threshold. - View Dependent Claims (2, 3, 37, 38, 39)
-
-
4. A user authentication system, comprising:
-
a dialogue manager, executed on a processor of the user authentication system, adapted to prompt a user with multiple pass-phrases and requests the user to select a proper subset from the prompted multiple pass-phrases during authentication, wherein the prompted multiple pass-phrases are formed by selecting one or more pass-phrases from a set of pass-phrases satisfying a rule associated with the user and selecting one or more pass-phrases that do not satisfy the rule associated with the user, where the rule associated with the user is determined prior to authentication and is not suggested to the user during authentication; a selection recognizer, executed on the processor of the user authentication system, receptive of at least one user selection input and adapted to recognize user selection of a proper subset of the prompted pass-phrases based on the user selection input; a user biometric matching module, executed on the processor of the user authentication system, receptive of a user biometric input and adapted to make a match based on biometrics of enrolled users; and a user identity analysis module, executed on the processor of the user authentication system, adapted to analyze at least one potential user identity based on the match between the pass-phrases in the proper subset and the rule associated with the user, wherein said dialogue manager is adapted to recursively prompt the user with new sets of multiple, selectable pass-phrases randomly assembled from a pass-phrase corpus over multiple dialogue turns, and said user identity analysis module is adapted to combine selection results and biometric match results from each dialogue turn to yield dialogue turn results and combine the dialogue turn results from each dialogue turn to form a cumulative result and authorize the user when the cumulative result exceeds a threshold. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of user verification for use with a secure access control system, comprising the steps of:
-
(a) receiving an identity claim of the user; (b) prompting, by a processor of the secure access control system, the user to select a subset of pass-phrases from multiple pass-phrases which are formed by selecting one or more pass-phrases from a set of pass-phrases satisfying a rule associated with the user and selecting one or more pass-phrases from a set of pass-phrases that do not satisfy the rule, where the rule associated with the user is determined prior to authentication and is not suggested to the user during authentication; (c) receiving from the user a selection of a sub-set of the prompted pass-phrases, where said selection being received as a biometrically verifiable production of the user; (d) evaluating, by the processor of the secure access control system, correctness of said selection from the user with respect to the rule associated with the user; (e) performing, by the processor of the secure access control system, biometric verification of said selection which is received as said biometrically verifiable production to yield biometric verification result; (f) recursively prompting, by the processor of the secure access control system, the user with new sets of multiple pass-phrases randomly assembled from a pass-phrase corpus over multiple dialogue turns; (g) combining, by the processor of the secure access control system, selection results and biometric verification results from each dialogue turn to yield dialogue turn results; (h) combining, by the processor of the secure access control system, the dialogue turn results over the multiple dialogue turns to form a cumulative result and authorizing the user when the cumulative result exceeds a threshold. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A method of user identification for use with a secure access control system, comprising the steps of:
-
(a) receiving an activation cue from the user; (b) prompting, by a processor of the secure access control system, the user to select a subset of pass-phrases from multiple pass-phrases which are formed by selecting one or more pass-phrases from a set of pass-phrases satisfying a rule associated with the user and selecting one or more pass-phrases from a set of pass-phrases that do not satisfy the rule, where the rule associated with the user is determined prior to authentication and is not suggested to the user during authentication; (c) receiving from the user a selection of a sub-set of the prompted pass-phrases, at least one of said activation cue or said selection being received as a biometrically identifiable production of the user; (d) performing, by the processor of the secure access control system, biometric identification of at least one of said activation cue or said selection which is received as said biometrically identifiable production to yield biometric identification result; (e) evaluating, by the processor of the secure access control system, correctness of said selection from the user with respect to the rule associated with the user; (f) recursively prompting, by the processor of the secure access control system, the user with new sets of multiple pass-phrases randomly assembled from a pass-phrase corpus over multiple dialogue turns; (g) combining, by the processor of the secure access control system, selection result and biometric identification results from each dialogue turn to yield dialogue turn results; (h) combining, by the processor of the secure access control system, the dialogue turn results over the multiple dialogue turns to form a cumulative result and authorizing the user when the cumulative result exceeds a threshold. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A user authentication method, comprising:
-
prompting, by a processor of a secure access control system, a user with multiple, selectable pass-phrases which are formed by selecting one or more pass-phrases from a set of pass-phrases satisfying a rule associated with the user and selecting one or more pass-phrases from a set of pass-phrases that do not satisfy the rule, where the rule associated with the user is determined prior to authentication and is not suggested to the user during authentication; receiving at least one user selection input and recognizing user selection of at least one of the pass-phrases based on the user selection input; making, by the processor of the secure access control system, a match based on biometrics of enrolled users and a user biometric input to yield biometric match result; analyzing, by the processor of the secure access control system, at least one potential user identity based on the match between the pass-phrases in the user selection and the rule associated with the user; recursively prompting, by the processor of the secure access control system, the user with new sets of multiple, selectable pass-phrases randomly assembled from a pass-phrase corpus over multiple dialogue turns; combining, by the processor of the secure access control system, the biometric match results with the selection results from each dialogue turn to yield dialogue turn results; combining, by the processor of the secure access control system, the dialogue turn results over the multiple dialogue turns to form a cumulative result and authorizing the user when the cumulative result exceeds a threshold. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33)
-
-
34. A user authentication method, comprising:
-
prompting, by a processor of a secure access control system, the user with multiple, selectable pass-phrases which are formed by selecting one or more pass-phrases from a set of pass-phrases satisfying a rule associated with the user and selecting one or more pass-phrases from a set of pass-phrases that do not satisfy the rule, where the rule associated with the user is determined prior to authentication and is not suggested to the user during authentication; recognizing, by the processor of the secure access control system, user selection of at least one of the multiple, selectable pass-phrases; analyzing, by the processor of the secure access control system, at least one potential user identity based on adherence of user selection of the pass-phrase to the rule associated with the user capturing a user biometric from the user selection; performing, by the processor of the secure access control system, a biometric match between the user biometric and at least one biometric model associated with the potential user identity; and analyzing, by the processor of the secure access control system, the potential user identity based on the biometric match between the user biometric and the at least one biometric model, recursively prompting the user with new sets of multiple, selectable pass-phrases randomly assembled from a pass-phrase corpus over multiple dialogue turns; combining, by the processor of the secure access control system, the biometric match result with selection results from each to yield dialogue turn results; combining, by the processor of the secure access control system, the dialogue turn results over the multiple dialogue turns to form a cumulative result and authorizing the user when the cumulative result exceeds a threshold. - View Dependent Claims (35, 36)
-
Specification