Authenticating users with memorable personal questions
First Claim
1. A computer-executed method for verifying user identity, the method comprising:
- extracting, by a computer, a user'"'"'s information from devices associated with the user, without explicitly requiring the user to input the information manually;
generating a security question corresponding to an activity the user has engaged in or a place visited by the user based on the extracted information;
presenting to the user the security question and receiving and storing a response from the user;
subsequently receiving a request to reset the user'"'"'s password;
presenting the security question to the requester;
receiving a response from the requester to the question;
comparing the requester'"'"'s response with the stored user response;
changing a stored negative response to an affirmative response, wherein the affirmative response is verified by updated extracted information indicating that the user has engaged in the activity or visited the place; and
precluding any change to a stored positive response irrespective of the updated extracted information.
2 Assignments
0 Petitions
Accused Products
Abstract
One embodiment provides a system that verifies a user'"'"'s identity. The system generates a list including a plurality of items and formulates a substantially large set of security questions base on the plurality of items. The number of questions in the set is significantly larger than a subset of security questions presented to the user to reduce the likelihood of the same questions being asked repeatedly. During account creation, the system presents to the user the subset of questions, and receives and stores a response from the user. At least one question in the subset is selected based on user information that is automatically extracted from devices associated with the user. Subsequently, the system receives a request to reset the user'"'"'s password and presents the subset of questions to the requester. The system determines whether the requester is the user by comparing the requester'"'"'s response with the stored user response.
-
Citations
18 Claims
-
1. A computer-executed method for verifying user identity, the method comprising:
-
extracting, by a computer, a user'"'"'s information from devices associated with the user, without explicitly requiring the user to input the information manually; generating a security question corresponding to an activity the user has engaged in or a place visited by the user based on the extracted information; presenting to the user the security question and receiving and storing a response from the user; subsequently receiving a request to reset the user'"'"'s password; presenting the security question to the requester; receiving a response from the requester to the question; comparing the requester'"'"'s response with the stored user response; changing a stored negative response to an affirmative response, wherein the affirmative response is verified by updated extracted information indicating that the user has engaged in the activity or visited the place; and precluding any change to a stored positive response irrespective of the updated extracted information. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-readable non-transitory storage medium storing instructions which when executed by a computer cause the computer to perform a method for verifying user identity, the method comprising:
-
extracting a user'"'"'s information from devices associated with the user, without explicitly requiring the user to input the information manually; generating a security question corresponding to an activity the user has engaged in or a place visited by the user based on the extracted information; presenting to the user the security question and receiving and storing a response from the user; subsequently receiving a request to reset the user'"'"'s password; presenting the security question to the requester; receiving a response from the requester to the question; comparing the requester'"'"'s response with the stored user response; changing a stored negative response to an affirmative response, wherein the affirmative response is verified by updated extracted information indicating that the user has engaged in the activity or visited the place; and precluding any change to a stored positive response irrespective of the updated extracted information. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer system for verifying user identity, comprising:
-
a processor; a memory; an information-extracting mechanism configured to extract a user'"'"'s information from devices associated with the user, without explicitly requiring the user to input the information manually; a first security-question generating mechanism configured to generate a security question corresponding to an activity the user has engaged in or a place visited by the user based on the extracted information; a first presenting mechanism configured to present to the user the security question; a receiving and storing mechanism configured to receive and store a response from the user to the security question; a first receiving mechanism configured to subsequently receive a request to reset the user'"'"'s password; a second presenting mechanism configured to present the security question to the requester; a second receiving mechanism configured to receive a response from the requester to the question; a comparing mechanism configured to compare the requester'"'"'s response with the stored user response; a response-changing mechanism configured to change a stored negative response to an affirmative response, wherein the affirmative response is verified by updated extracted information indicating that the user has engaged in the activity or visited the place; and a response-precluding mechanism configured to preclude any change to a stored positive response irrespective of the updated extracted information. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification