Method and apparatus for extracting authentication information from a user

US 8,639,937 B2
Filed: 11/26/2003
Issued: 01/28/2014
Est. Priority Date: 11/26/2003
Status: Active Grant

First Claim

Patent Images

1. A method for generating a password for a user during an enrollment phase, comprising:

presenting said user with a plurality of topics;

receiving a user selection of at least one topic;

receiving one or more personal details from said user associated with said at least one selected topic as a proposed password;

performing an Internet search using a query containing one or more keywords derived from said personal details of said proposed password, wherein said Internet search searches contents of the Internet across a plurality of web sites using a search engine tool;

evaluating results of said search relative to one or more predefined thresholds applicable to said at least one selected topic;

rejecting said proposed password when said user is correlated with said proposed password if one or more of said predefined thresholds are exceeded by said results; and

recording said one or more personal details as a password for said user if said proposed password is not rejected.

View all claims

25 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus are provided for extracting information from a user'"'"'s memory that will be easily recalled during future authentication yet is hard for an attacker to guess. The information might be a little-known fact of personal relevance to the user or the personal details surrounding a public event. The user is guided to appropriate topics and forms an indirect hint that is useful to the user yet not to an attacker. Information extraction techniques verify that the information is not easily attacked and to estimate how many bits of assurance the question and answer provide. The information extracted may be, e.g., Boolean (Yes/No), multiple choice, numeric, textual, or a combination of the foregoing. The enrollment process may schedule the sending of one or more reminder messages to the user containing the question (but not the answer) to reinforce the memory of the user.

51 Citations

View as Search Results

23 Claims

1. A method for generating a password for a user during an enrollment phase, comprising:
- presenting said user with a plurality of topics;
  
  receiving a user selection of at least one topic;
  
  receiving one or more personal details from said user associated with said at least one selected topic as a proposed password;
  
  performing an Internet search using a query containing one or more keywords derived from said personal details of said proposed password, wherein said Internet search searches contents of the Internet across a plurality of web sites using a search engine tool;
  
  evaluating results of said search relative to one or more predefined thresholds applicable to said at least one selected topic;
  
  rejecting said proposed password when said user is correlated with said proposed password if one or more of said predefined thresholds are exceeded by said results; and
  
  recording said one or more personal details as a password for said user if said proposed password is not rejected.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising the step of receiving a reminder associated with each of said one or more personal details.
  - 3. The method of claim 1, wherein said rejecting step employs correlation rules that are based on said at least one topic.
  - 4. The method of claim 1, wherein said rejecting step employs one or more predefined correlation rules that ensure that answers to user selected questions cannot be qualitatively correlated with said user.
  - 5. The method of claim 1, wherein said rejecting step employs one or more predefined correlation rules that ensure that answers to user selected questions cannot be quantitatively correlated with said user.
  - 6. The method of claim 1, further comprising the step of sending said one or more personal details to said user as a reinforcement of said password.
  - 7. The method of claim 1, wherein said one or more personal details are related to a personal fact from a past of said user.
  - 8. The method of claim 1, wherein said one or more personal details are related to an experience of said user in connection with a public event.
  - 9. The method of claim 1, wherein said one or more personal details are related to an experience of said user in connection with a private event.
  - 10. The method of claim 1, wherein said one or more personal details can be tested during a verification phase using one or more of Boolean, multiple choice, numeric or textual queries.
  - 11. The method of claim 1, wherein said at least one topic is selected based on psychological insights.

12. An apparatus for generating a password for a user during an enrollment phase, comprising:
- a memory; and
  
  at least one processor, coupled to the memory, operative to;
  
  present said user with a plurality of topics;
  
  receive a user selection of at least one topic;
  
  receive one or more personal details from said user associated with said at least one selected topic as a proposed password;
  
  perform an Internet search using a query containing one or more keywords derived from said personal details of said proposed password, wherein said Internet search searches contents of the Internet across a plurality of web sites using a search engine tool;
  
  evaluate results of said search relative to one or more predefined thresholds applicable to said at least one selected topic;
  
  reject said proposed password when said user is correlated with said proposed password if one or more of said predefined thresholds are exceeded by said results; and
  
  recording said one or more personal details as a password for said user if said proposed password is not rejected.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The apparatus of claim 12, wherein said processor is further configured to receive a reminder associated with each of said one or more personal details.
  - 14. The apparatus of claim 12, wherein said rejecting step employs correlation rules that are based on said at least one topic.
  - 15. The apparatus of claim 12, wherein said rejecting step employs one or more predefined correlation rules that ensure that answers to user selected questions cannot be qualitatively correlated with said user.
  - 16. The apparatus of claim 12, wherein said rejecting step employs one or more predefined correlation rules that ensure that answers to user selected questions cannot be quantitatively correlated with said user.
  - 17. The apparatus of claim 12, wherein said processor is further configured to send said one or more personal details to said user as a reinforcement of said password.
  - 18. The apparatus of claim 12, wherein said one or more personal details are related to a personal fact from a past of said user.
  - 19. The apparatus of claim 12, wherein said one or more personal details are related to an experience of said user in connection with a public event.
  - 20. The apparatus of claim 12, wherein said one or more personal details are related to an experience of said user in connection with a private event.
  - 21. The apparatus of claim 12, wherein said one or more personal details can be tested during a verification phase using one or more of Boolean, multiple choice, numeric or textual queries.
  - 22. The apparatus of claim 12, wherein said at least one topic is selected based on psychological insights.

23. An article of manufacture for generating a password for a user during an enrollment phase, comprising a machine readable storage medium containing one or more programs which when executed implement the steps of:
- presenting said user with a plurality of topics;
  
  receiving a user selection of at least one topic;
  
  receiving one or more personal details from said user associated with said at least one selected topic as a proposed password;
  
  performing an Internet search using a query containing one or more keywords derived from said personal details of said proposed password, wherein said Internet search searches contents of the Internet across a plurality of web sites using a search engine tool;
  
  evaluating results of said search relative to one or more predefined thresholds applicable to said at least one selected topic;
  
  rejecting said proposed password when said user is correlated with said proposed password if one or more of said predefined thresholds are exceeded by said results; and
  
  recording said one or more personal details as a password for said user if said proposed password is not rejected.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avaya Incorporated
Original Assignee
Avaya Incorporated
Inventors
Bagga, Amit, Bentley, Jon, O'Gorman, Lawrence
Primary Examiner(s)
Patel, Nirav B

Application Number

US10/723,416
Publication Number

US 20050114679A1
Time in Patent Office

3,716 Days
Field of Search

726/2, 726 4- 7, 726 17- 19, 726 26- 30, 726/1, 713182-186, 707/100, 707 1- 5, 707/609, 707/705, 707/723, 707/758, 707/767
US Class Current

713/184
CPC Class Codes

G06F 21/46 by designing passwords or c...

G07C 9/33 by means of a password

Method and apparatus for extracting authentication information from a user

First Claim

25 Assignments

0 Petitions

Accused Products

Abstract

51 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for extracting authentication information from a user

First Claim

25 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links