Authenticating users with memorable personal questions

US 8,161,534 B2
Filed: 11/13/2008
Issued: 04/17/2012
Est. Priority Date: 11/13/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-executed method for verifying user identity, the method comprising:

extracting, by a computer, a user'"'"'s information from devices associated with the user, without explicitly requiring the user to input the information manually;

generating a security question corresponding to an activity the user has engaged in or a place visited by the user based on the extracted information;

presenting to the user the security question and receiving and storing a response from the user;

subsequently receiving a request to reset the user'"'"'s password;

presenting the security question to the requester;

receiving a response from the requester to the question;

comparing the requester'"'"'s response with the stored user response;

changing a stored negative response to an affirmative response, wherein the affirmative response is verified by updated extracted information indicating that the user has engaged in the activity or visited the place; and

precluding any change to a stored positive response irrespective of the updated extracted information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment provides a system that verifies a user'"'"'s identity. The system generates a list including a plurality of items and formulates a substantially large set of security questions base on the plurality of items. The number of questions in the set is significantly larger than a subset of security questions presented to the user to reduce the likelihood of the same questions being asked repeatedly. During account creation, the system presents to the user the subset of questions, and receives and stores a response from the user. At least one question in the subset is selected based on user information that is automatically extracted from devices associated with the user. Subsequently, the system receives a request to reset the user'"'"'s password and presents the subset of questions to the requester. The system determines whether the requester is the user by comparing the requester'"'"'s response with the stored user response.

Citations

18 Claims

1. A computer-executed method for verifying user identity, the method comprising:
- extracting, by a computer, a user'"'"'s information from devices associated with the user, without explicitly requiring the user to input the information manually;
  
  generating a security question corresponding to an activity the user has engaged in or a place visited by the user based on the extracted information;
  
  presenting to the user the security question and receiving and storing a response from the user;
  
  subsequently receiving a request to reset the user'"'"'s password;
  
  presenting the security question to the requester;
  
  receiving a response from the requester to the question;
  
  comparing the requester'"'"'s response with the stored user response;
  
  changing a stored negative response to an affirmative response, wherein the affirmative response is verified by updated extracted information indicating that the user has engaged in the activity or visited the place; and
  
  precluding any change to a stored positive response irrespective of the updated extracted information.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the activity includes sport and outdoor activity.
  - 3. The method of claim 1, further comprising generating a set of additional security questions, wherein the set of security questions includes asking the user to name canonical representatives of one or more of a plurality of abstract classes.
  - 4. The method of claim 3, wherein the set of security questions includes asking the user to order at least two items in a category based on the user'"'"'s preference.
  - 5. The method of claim 4, wherein the category is in a plurality of categories, and wherein the plurality of categories includes one or more of:
    - food;
      
      sport;
      
      music; and
      
      outdoor activities.
  - 6. The method of claim 3, further comprising allowing the user to select the subset of security questions.

7. A computer-readable non-transitory storage medium storing instructions which when executed by a computer cause the computer to perform a method for verifying user identity, the method comprising:
- extracting a user'"'"'s information from devices associated with the user, without explicitly requiring the user to input the information manually;
  
  generating a security question corresponding to an activity the user has engaged in or a place visited by the user based on the extracted information;
  
  presenting to the user the security question and receiving and storing a response from the user;
  
  subsequently receiving a request to reset the user'"'"'s password;
  
  presenting the security question to the requester;
  
  receiving a response from the requester to the question;
  
  comparing the requester'"'"'s response with the stored user response;
  
  changing a stored negative response to an affirmative response, wherein the affirmative response is verified by updated extracted information indicating that the user has engaged in the activity or visited the place; and
  
  precluding any change to a stored positive response irrespective of the updated extracted information.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer-readable storage medium of claim 7, wherein the activity includes sport and outdoor activity.
  - 9. The computer-readable storage medium of claim 7, wherein the method further comprising generating a set of additional security questions, wherein the set of security questions includes asking the user to name canonical representatives of one or more of a plurality of abstract classes.
  - 10. The computer-readable storage medium of claim 9, wherein the set of security questions includes asking the user to order at least two items in a category based on the user'"'"'s preference.
  - 11. The computer-readable storage medium of claim 10, wherein the category is in a plurality of categories, and wherein the plurality of categories includes one or more of:
    - food;
      
      sport;
      
      music; and
      
      outdoor activities.
  - 12. The computer-readable storage medium of claim 9, the method further comprising allowing the user to select the subset of security questions.

13. A computer system for verifying user identity, comprising:
- a processor;
  
  a memory;
  
  an information-extracting mechanism configured to extract a user'"'"'s information from devices associated with the user, without explicitly requiring the user to input the information manually;
  
  a first security-question generating mechanism configured to generate a security question corresponding to an activity the user has engaged in or a place visited by the user based on the extracted information;
  
  a first presenting mechanism configured to present to the user the security question;
  
  a receiving and storing mechanism configured to receive and store a response from the user to the security question;
  
  a first receiving mechanism configured to subsequently receive a request to reset the user'"'"'s password;
  
  a second presenting mechanism configured to present the security question to the requester;
  
  a second receiving mechanism configured to receive a response from the requester to the question;
  
  a comparing mechanism configured to compare the requester'"'"'s response with the stored user response;
  
  a response-changing mechanism configured to change a stored negative response to an affirmative response, wherein the affirmative response is verified by updated extracted information indicating that the user has engaged in the activity or visited the place; and
  
  a response-precluding mechanism configured to preclude any change to a stored positive response irrespective of the updated extracted information.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer system of claim 13, wherein the activity includes sport and outdoor activity.
  - 15. The computer system of claim 13, further comprising a second security-question generating mechanism configured to generate a set of additional security questions, wherein the set of security questions includes asking -the user to name canonical representatives of one or more -of a plurality of abstract classes.
  - 16. The computer system of claim 15, wherein the set of security questions includes asking the user to order at least two items in a category based on the user'"'"'s preference.
  - 17. The computer system of claim 16, wherein the category is in a plurality of categories, and wherein the plurality of categories includes one or more of:
    - food;
      
      sport;
      
      music; and
      
      outdoor activities.
  - 18. The computer system of claim 15, further comprising a selection mechanism configured to allow the user to select the subset of security questions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Palo Alto Research Center, Inc. (Xerox Holdings Corp.)
Inventors
Golle, Philippe J. P., Jakobsson, Bjorn Markus, Chow, Richard
Primary Examiner(s)
Zele, Krista
Assistant Examiner(s)
Vostal, Ondrej

Application Number

US12/270,154
Publication Number

US 20100122341A1
Time in Patent Office

1,251 Days
Field of Search

726/6
US Class Current

726/6
CPC Class Codes

G06F 21/31   User authentication

G06F 21/316   by observing the pattern of...

G06F 21/46   by designing passwords or c...

G06F 2221/2103   Challenge-response

G06F 2221/2131   Lost password, e.g. recover...

Authenticating users with memorable personal questions

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating users with memorable personal questions

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links