Method and apparatus for extracting authentication information from a user
First Claim
1. A method for generating a password for a user during an enrollment phase, comprising:
- presenting said user with a plurality of topics;
receiving a user selection of at least one topic;
receiving one or more personal details from said user associated with said at least one selected topic as a proposed password;
performing an Internet search using a query containing one or more keywords derived from said personal details of said proposed password, wherein said Internet search searches contents of the Internet across a plurality of web sites using a search engine tool;
evaluating results of said search relative to one or more predefined thresholds applicable to said at least one selected topic;
rejecting said proposed password when said user is correlated with said proposed password if one or more of said predefined thresholds are exceeded by said results; and
recording said one or more personal details as a password for said user if said proposed password is not rejected.
25 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus are provided for extracting information from a user'"'"'s memory that will be easily recalled during future authentication yet is hard for an attacker to guess. The information might be a little-known fact of personal relevance to the user or the personal details surrounding a public event. The user is guided to appropriate topics and forms an indirect hint that is useful to the user yet not to an attacker. Information extraction techniques verify that the information is not easily attacked and to estimate how many bits of assurance the question and answer provide. The information extracted may be, e.g., Boolean (Yes/No), multiple choice, numeric, textual, or a combination of the foregoing. The enrollment process may schedule the sending of one or more reminder messages to the user containing the question (but not the answer) to reinforce the memory of the user.
51 Citations
23 Claims
-
1. A method for generating a password for a user during an enrollment phase, comprising:
-
presenting said user with a plurality of topics; receiving a user selection of at least one topic; receiving one or more personal details from said user associated with said at least one selected topic as a proposed password; performing an Internet search using a query containing one or more keywords derived from said personal details of said proposed password, wherein said Internet search searches contents of the Internet across a plurality of web sites using a search engine tool; evaluating results of said search relative to one or more predefined thresholds applicable to said at least one selected topic; rejecting said proposed password when said user is correlated with said proposed password if one or more of said predefined thresholds are exceeded by said results; and recording said one or more personal details as a password for said user if said proposed password is not rejected. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An apparatus for generating a password for a user during an enrollment phase, comprising:
-
a memory; and at least one processor, coupled to the memory, operative to; present said user with a plurality of topics; receive a user selection of at least one topic; receive one or more personal details from said user associated with said at least one selected topic as a proposed password; perform an Internet search using a query containing one or more keywords derived from said personal details of said proposed password, wherein said Internet search searches contents of the Internet across a plurality of web sites using a search engine tool; evaluate results of said search relative to one or more predefined thresholds applicable to said at least one selected topic; reject said proposed password when said user is correlated with said proposed password if one or more of said predefined thresholds are exceeded by said results; and recording said one or more personal details as a password for said user if said proposed password is not rejected. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. An article of manufacture for generating a password for a user during an enrollment phase, comprising a machine readable storage medium containing one or more programs which when executed implement the steps of:
-
presenting said user with a plurality of topics; receiving a user selection of at least one topic; receiving one or more personal details from said user associated with said at least one selected topic as a proposed password; performing an Internet search using a query containing one or more keywords derived from said personal details of said proposed password, wherein said Internet search searches contents of the Internet across a plurality of web sites using a search engine tool; evaluating results of said search relative to one or more predefined thresholds applicable to said at least one selected topic; rejecting said proposed password when said user is correlated with said proposed password if one or more of said predefined thresholds are exceeded by said results; and recording said one or more personal details as a password for said user if said proposed password is not rejected.
-
Specification