Authenticating user identity when resetting passwords

US 7,874,011 B2
Filed: 12/01/2006
Issued: 01/18/2011
Est. Priority Date: 12/01/2006
Status: Expired due to Fees

First Claim

Patent Images

1. An automated computer implemented process for authenticating a user'"'"'s identity before resetting a password, the computer implemented process comprising:

connecting a password reset program to an e-mail repository of a user, a network event log of the user located on a server, and a local event log saved on a workstation computer of the user;

selecting a data source from at least one of the e-mail repository, the network event log located on the server, or the local event log saved on the workstation computer;

receiving an identification of the user;

responsive to receiving the identification of the user, accessing a record located in the data source containing an information related to a recent computer activity of the user recorded in the data source;

generating an authentication question and a corresponding answer based on the record;

asking the user the authentication question;

comparing the reply to the corresponding answer; and

responsive to the reply matching the corresponding answer, providing a new password to the user;

wherein the data source is the e-mail repository and the record is an email message;

wherein the network event log contains an information regarding at least one of how many times the user logged on to the network, how many times the user logged off the network, how many times a certain file was accessed on the network, a recent chat session, a recent instant messaging session, a recently accessed web site, or a computer application accessed by the user;

wherein the local network log contains a record regarding at least one of how many times the user restarted the computer, how many times the user experienced a computer crash, how many times the user removed a CD, how many times the user removed a DVD, how many times the user connected a personal display assistant, how many times the user connected an MP3 player to the computer, or how many times the user connected the computer to a wireless network within a fixed period of time; and

wherein a prompt provides a recipient, a date, and a time of the email message, and the authentication question asks for at least one of a set of non-trivial key words included in the email message, a name of a blind-copied recipient of the email message, whether the email message received a response, whether the email message was filed, whether the email message was deleted, whether the email message has any attachments or whether the email message has any reply messages.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The “identity authentication program” (IAP) creates a custom set of authentication questions in response to a user request to have a user password reset. The IAP accesses a record located in a data source containing information related to the user'"'"'s recent computer activity and generates an authentication question and a corresponding answer based on the record. In order to reset a user password, the user must correctly answer a designated number of questions from the custom set of authentication questions. In a preferred embodiment, the IAP bases authentication questions on recent e-mail messages sent by the user. Because the questions are generated at the time of the user'"'"'s request, the answers are unique and can not be memorized. Because the questions are based on recent activities of the user, the questions are hard to guess by an unauthorized person.

Citations

15 Claims

1. An automated computer implemented process for authenticating a user'"'"'s identity before resetting a password, the computer implemented process comprising:
- connecting a password reset program to an e-mail repository of a user, a network event log of the user located on a server, and a local event log saved on a workstation computer of the user;
  
  selecting a data source from at least one of the e-mail repository, the network event log located on the server, or the local event log saved on the workstation computer;
  
  receiving an identification of the user;
  
  responsive to receiving the identification of the user, accessing a record located in the data source containing an information related to a recent computer activity of the user recorded in the data source;
  
  generating an authentication question and a corresponding answer based on the record;
  
  asking the user the authentication question;
  
  comparing the reply to the corresponding answer; and
  
  responsive to the reply matching the corresponding answer, providing a new password to the user;
  
  wherein the data source is the e-mail repository and the record is an email message;
  
  wherein the network event log contains an information regarding at least one of how many times the user logged on to the network, how many times the user logged off the network, how many times a certain file was accessed on the network, a recent chat session, a recent instant messaging session, a recently accessed web site, or a computer application accessed by the user;
  
  wherein the local network log contains a record regarding at least one of how many times the user restarted the computer, how many times the user experienced a computer crash, how many times the user removed a CD, how many times the user removed a DVD, how many times the user connected a personal display assistant, how many times the user connected an MP3 player to the computer, or how many times the user connected the computer to a wireless network within a fixed period of time; and
  
  wherein a prompt provides a recipient, a date, and a time of the email message, and the authentication question asks for at least one of a set of non-trivial key words included in the email message, a name of a blind-copied recipient of the email message, whether the email message received a response, whether the email message was filed, whether the email message was deleted, whether the email message has any attachments or whether the email message has any reply messages.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer implemented process of claim 1 wherein the user must reply with a sub-set of the set of non-trivial key words within a predefined number of attempts.
  - 3. The computer implemented process of claim 1 wherein the interactions with the user are made via voice telephony.
  - 4. The computer implemented process of claim 1 wherein the interactions with the user are made via a World Wide Web graphical interface.
  - 5. The computer implemented process of claim 1 wherein the new password is the user'"'"'s forgotten password.

6. An apparatus for authenticating a user'"'"'s identity before resetting a password, the apparatus comprising:
- a processor;
  
  a memory connected to the processor;
  
  a remotely accessible user interface running in the memory;
  
  program instructions to connect a password reset program to an e-mail repository of a user, a network event log of the user located on a server, and a local event log saved on a workstation computer of the user, to select a data source from at least one of the e-mail repository, the network event log located on the server, or the local event log saved on the workstation computer, receive an identification of the user, responsive to receiving the identification of the user access a record located in the data source containing an information related to a recent computer activity of the user recorded in the data source, generate an authentication question and corresponding answer based on the record, ask the user the authentication question, receive a reply to the authentication question, compare the reply to the corresponding answer, and responsive to the reply matching the corresponding answer, provide a new password to the user;
  
  wherein the data source is the e-mail repository and the record is an email message,wherein the network event log contains an information regarding at least one of how many times the user logged on to the network, how many times the user logged off the network, how many times a certain file was accessed on the network, a recent chat session, a recent instant messaging session, a recently accessed web site, or a computer application accessed by the user;
  
  wherein the local network log contains a record regarding at least one of how many times the user restarted the computer, how many times the user experienced a computer crash, how many times the user removed a CD, how many times the user removed a DVD, how many times the user connected a personal display assistant, how many times the user connected an MP3 player to the computer, or how many times the user connected the computer to a wireless network within a fixed period of time; and
  
  wherein a prompt provides a recipient, a date, and a time of the email message and the authentication question asks for at least one of a set of non-trivial key words included in the email message, a name of a blind-copied recipient of the email message, whether the email message received a response, whether the email message was filed, whether the email message was deleted, whether the email message has any attachments or whether the email message has any reply messages;
  
  wherein the program instructions are stored on a non-transitory computer readable medium for running on the processor via the memory.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The apparatus of claim 6 wherein the user must reply with a sub-set of the set of non-trivial key words within a predefined number of attempts.
  - 8. The apparatus of claim 6 wherein the user interface is a computerized telephone switch adapted to use voice recognition software and speech synthesis software.
  - 9. The apparatus of claim 6 wherein the user interface is a World Wide Web graphical interface.
  - 10. The apparatus of claim 6 wherein the user interface combine voice, text and graphics adapted for use with wireless communication devices such as cellular phones and PDAs.
  - 11. The apparatus of claim 6 wherein the identity authentication programs provides the user'"'"'s forgotten password.

12. A computer program product for authenticating a user'"'"'s identity before resetting a password, comprising:
- a non-transitory computer readable storage medium;
  
  first program instructions for connecting a password reset program to an e-mail repository of a user, a network event log of the user located on a server, and a local event log saved on a workstation computer of the user;
  
  second program instructions for selecting a data source from at least one of the e-mail repository, the network event log located on the server, and the local event log saved on the workstation computer;
  
  third program instructions for receiving a user identification;
  
  fourth program instructions for accessing, responsive to receiving the identification of the user, a record located in the data source containing an information related to a recent computer activity of the user recorded in the data source;
  
  fifth program instructions for generating an authentication question and corresponding answer based on the accessed record;
  
  sixth program instructions for asking a user the authentication question;
  
  seventh program instructions for receiving a reply to the authentication question;
  
  eighth program instructions for comparing the reply to the corresponding answer; and
  
  ninth program instructions for providing, responsive to the reply matching the corresponding answer, a new password to the user;
  
  wherein the data source is an e-mail repository and the record is an e-mail message;
  
  wherein the network event log contains an information regarding at least one of how many times the user logged on to the network, how many times the user logged off the network, how many times a certain file was accessed on the network, a recent chat session, a recent instant messaging session, a recently accessed web site, and a computer application accessed by the user;
  
  wherein the local network log contains a record regarding at least one of how many times the user restarted the computer, how many times the user experienced a computer crash, how many times the user removed a CD, how many times the user removed a DVD, how many times the user connected a personal display assistant, how many times the user connected an MP3 player to the computer, and how many times the user connected the computer to a wireless network within a fixed period of time; and
  
  wherein a prompt provides a recipient, a data, and a time of the email message and the authentication question asks for at least one of a set of non-trivial key words included in the email message, a name of a blind-copied recipient of the email message, whether the email message received a response, whether the email message was filed, whether the email message was deleted, whether the email message has any attachments and whether the email message has any reply messages;
  
  wherein the first through the ninth program instructions are stored on the non-transitory computer readable storage medium.
- View Dependent Claims (13, 14, 15)
- - 13. The computer program product of claim 12 wherein the user must reply with a sub-set of the set of non-trivial key words within a predefined number of attempts.
  - 14. The computer program product of claim 12 wherein the interactions with the user are made via voice telephony.
  - 15. The computer program product of claim 12 wherein the interactions with the user are made via a World Wide Web graphical interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Boss, Gregory J., Waters, Timothy M., Finn, Peter G., Hamilton, Rick A. II
Primary Examiner(s)
Arani; Taghi T
Assistant Examiner(s)
Herzog; Madhuri

Application Number

US11/565,731
Publication Number

US 20080134317A1
Time in Patent Office

1,509 Days
Field of Search

726 2- 5, 726 26- 30, 726 16- 19, 713182-184, 709/223, 709/224, 709/246
US Class Current

726/28
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2103   Challenge-response

H04L 63/083   using passwords cryptograph...

Authenticating user identity when resetting passwords

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating user identity when resetting passwords

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links