Identity verification via selection of sensible output from recorded digital data

US 8,726,355 B2
Filed: 06/24/2009
Issued: 05/13/2014
Est. Priority Date: 06/24/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

sampling digital data according to a sampling function operating on a computer from a data stream used for generating sensible output during a first session between at least two network nodes initiated under a defined user account, wherein the first session is conducted for a primary purpose other than image recognition training;

storing the sampled digital data on a computer-readable medium in association with an identifier for the user account under which the first session is initiated;

transmitting the sampled digital data and decoy digital data configured for generating discrete sensible outputs to a client for use in an authentication session for a subsequent session under the user account;

authenticating access for the subsequent session in response to receiving input from the client indicating selection of sensible output generated from the sampled digital data from a challenge matrix comprising the sensible output generated from the sampled digital data and the decoy digital data.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A digital data sampler operating in a computer processor selects and stores digital data samples from a data stream used for generating audio-visual output during a session with a client operated by a user. The session generates the data stream independently of the data sampler. The data sampler may collect parameter data correlated to a probability will be remembered by the user at some future time, for each sample. The data sampler may store the data samples and parameter data as shared secret data for use in a future authentication session. During a future authentication session, an authentication device selects test data from the shared secret data to generate sensible output in an authentication process. The authentication process grants access to a controlled resource in response to user input indicating specific knowledge of the shared secret data selected from a presentation of similar sensible outputs.

Citations

24 Claims

1. A method comprising:
- sampling digital data according to a sampling function operating on a computer from a data stream used for generating sensible output during a first session between at least two network nodes initiated under a defined user account, wherein the first session is conducted for a primary purpose other than image recognition training;
  
  storing the sampled digital data on a computer-readable medium in association with an identifier for the user account under which the first session is initiated;
  
  transmitting the sampled digital data and decoy digital data configured for generating discrete sensible outputs to a client for use in an authentication session for a subsequent session under the user account;
  
  authenticating access for the subsequent session in response to receiving input from the client indicating selection of sensible output generated from the sampled digital data from a challenge matrix comprising the sensible output generated from the sampled digital data and the decoy digital data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the discrete sensible outputs transmitted to the client comprise visible outputs.
  - 3. The method of claim 1, wherein the discrete sensible outputs transmitted to the client comprise audible outputs.
  - 4. The method of claim 1, further comprising monitoring parameters of the first session using the sampling function to identify suitable data for sampling.
  - 5. The method of claim 4, wherein the parameters characterize a quantity of client input data received during output of each of the sampled digital data.
  - 6. The method of claim 4, wherein the parameters characterize duration of output for each of the sampled digital data.
  - 7. The method of claim 4, wherein the parameters include a time at which each of the sampled digital data is output from a client node.
  - 8. The method of claim 4, further comprising storing parameter data from monitoring the parameters in association with the sampled digital data.
  - 9. The method of claim 8, further comprising selecting the sampled digital data transmitted for use in the authentication session from a larger database of digital data samples, using the parameter data.
  - 10. The method of claim 1, further comprising processing the sampled digital data to expunge data indicative of the user account.
  - 11. The method of claim 10, wherein the processing comprises blurring textual data in the sampled digital data.
  - 12. The method of claim 1, further comprising generating the decoy digital data to produce discrete sensible output resembling the sensible output sampled by the digital data.
  - 13. The method of claim 1, further comprising generating the challenge matrix comprising multiple-choice questions enabling selection of the sensible output generated from the sampled digital data and sensible output generated from the decoy digital data.
  - 14. The method of claim 1, wherein the first session is a secure session.
  - 15. The method of claim 1, further comprising obtaining a portion of the sampled digital data from a digital camera operated under the control of one of the at least two network nodes during the first session.

16. An apparatus comprising processor operating instructions, configured for causing a computer to:
- sample a data stream for independently generating visible image output during a first session with a client, to produce data sampled according to a sampling function;
  
  store the sampled data in a database in association with an identifier for an account under which the first session is operated;
  
  transmit at least selected ones of the sampled data and decoy data configured for generating visible image outputs to a client, for use in a challenge matrix used to secure access to a subsequent session initiated under the account identifier; and
  
  permit access for the subsequent session in response to receiving input indicating successful discrimination between the sensible output generated from the sampled data and sensible output generated from the decoy data in the challenge matrix.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The apparatus of claim 16, the instructions further configured for causing the computer to monitor parameters of the first session indicative of likelihood that the particular image output is receiving user attention at the client node.
  - 18. The apparatus of claim 17, the instructions further configured for causing the computer to store parameter data from monitoring the parameters in association with the sampled data.
  - 19. The apparatus of claim 17, the instructions further configured for causing the computer to select at least a selected one of the sampled data using the parameter data to increase likelihood that image output during presentation of the challenge matrix will be remembered by a client-side participant in the first session.
  - 20. The apparatus of claim 16, the instructions further configured for causing the computer to identify and expunge data indicative of the account from the sampled data.
  - 21. The apparatus of claim 16, the instructions further configured for causing the computer to generate reduced-size image facsimiles from the sampled data and decoy data for presentation in the challenge matrix.

22. A system, comprising:
- hosting means for hosting a secure online process in which images are output at a client device in response to data from the hosting means;
  
  sampling means for sampling the data from the hosting means independently of the secure online process to generate stored sample data sampled according to a sampling function and configured for replicating images output during the secure online process; and
  
  testing means for presenting images generated from the stored sample data with decoy images to authenticate a client initiating a subsequent process.
- View Dependent Claims (23)
- - 23. The system of claim 22, further comprising image processing means for removing indications of a user account from the stored sample data.

24. A method comprising:
- sampling at least one digital data sample by operating a digital camera under the control of a computer during a first session between the computer and a host node initiated under a defined user account;
  
  storing the sampled digital data on a computer-readable medium in association with an identifier for the user account under which the first session is initiated;
  
  transmitting the sampled digital data and decoy digital data configured for generating discrete images to a client for use in an authentication session for a subsequent session initiated at a client under the user account; and
  
  authenticating access for the subsequent session in response to receiving input from the client indicating selection of an image generated from the sampled digital data sample from a challenge matrix comprising the image generated from the sampled digital data sample and decoy images generated from the decoy digital data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gary S. Shuster
Original Assignee
Gary S. Shuster
Inventors
Shuster, Gary Stephen
Primary Examiner(s)
MOORTHY, ARAVIND K

Application Number

US12/490,793
Publication Number

US 20090328175A1
Time in Patent Office

1,784 Days
Field of Search

726/7, 726/5, 726/22, 713/168, 713/170, 713/182
US Class Current

726/5
CPC Class Codes

G06F 21/31   User authentication

G06F 21/36   by graphic or iconic repres...

H04L 63/08   for authentication of entit...

H04L 63/0861   using biometrical features,...

H04L 63/1416   Event detection, e.g. attac...

H04L 9/3226   using a predetermined code,...

Identity verification via selection of sensible output from recorded digital data

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Identity verification via selection of sensible output from recorded digital data

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links