Using social information for authenticating a user session
First Claim
Patent Images
1. A computer implemented method comprising:
- maintaining user profiles for a plurality of users of a social networking system;
maintaining a plurality of connections between the users of the social networking system;
receiving a request from a requestor for access to a computing resource, wherein the request is associated with a user of the social networking system;
selecting, for forming a challenge question, another user of the social networking system from a plurality of other users connected to the user via the social networking system, the selection based on a rate of interactions between the user and the other user;
obtaining information from a user profile of the other user;
determining whether the request is received from a suspicious source;
determining difficulty level of the challenge question based on whether the source is suspicious;
forming the challenge question according to the determined difficulty level, by a processor, wherein an answer to the challenge question comprises information obtained from the user profile of the other user;
sending the challenge question to the requestor; and
responsive to receiving a correct answer to the challenge question, allowing the requested access.
2 Assignments
0 Petitions
Accused Products
Abstract
A social CAPTCHA is presented to authenticate a member of the social network. The social CAPTCHA includes one or more challenge questions based on information available in the social network, such as the user'"'"'s activities and/or connections in the social network. The social information selected for the social CAPTCHA may be determined based on affinity scores associated with the member'"'"'s connections, so that the challenge question relates to information that the user is more likely to be familiar with. A degree of difficulty of challenge questions may be determined and used for selecting the CAPTCHA based on a degree of suspicion.
-
Citations
38 Claims
-
1. A computer implemented method comprising:
-
maintaining user profiles for a plurality of users of a social networking system; maintaining a plurality of connections between the users of the social networking system; receiving a request from a requestor for access to a computing resource, wherein the request is associated with a user of the social networking system; selecting, for forming a challenge question, another user of the social networking system from a plurality of other users connected to the user via the social networking system, the selection based on a rate of interactions between the user and the other user; obtaining information from a user profile of the other user; determining whether the request is received from a suspicious source; determining difficulty level of the challenge question based on whether the source is suspicious; forming the challenge question according to the determined difficulty level, by a processor, wherein an answer to the challenge question comprises information obtained from the user profile of the other user; sending the challenge question to the requestor; and responsive to receiving a correct answer to the challenge question, allowing the requested access. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer implemented method comprising:
-
maintaining user profiles for a plurality of users of a social networking system; maintaining a plurality of connections between the users of the social networking system; receiving a request from a requestor for generating a challenge question based on information related to a user of the social networking system, wherein the requestor receives a request for access from the user; selecting, for forming a challenge question, another user of the social networking system from a plurality of other users connected to the user via the social networking system, the selection based on a rate of on interactions between the user and the other user; obtaining information from a user profile of the other user; determining whether the request is received from a suspicious source; determining difficulty level of the challenge question based on whether the source is suspicious; forming the challenge question according to the determined difficulty level, by a processor, wherein an answer to the challenge question comprises information obtained from the user profile of the other user; and sending the challenge question to the requestor wherein the requestor allows a requested access to the user responsive to receiving a correct answer to the challenge question. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A non-transitory computer-readable storage medium storing computer-executable code comprising:
-
a member profile store configured to store user profiles for a plurality of users of a social networking system; a connection store configured to store a plurality of connections between the users of the social networking system; a web server module configured to; receive a request from a requestor for access to a computing resource, wherein the request is associated with a user of the social networking system; a CAPTCHA manager module configured to; select, for forming a challenge question, another user of the social networking system from a plurality of other users connected to the user via the social networking system, the selection based on a rate of interactions between the user and the other user; obtain information from a user profile of the other user; determine whether the request is received from a suspicious source; determine difficulty level of the challenge question based on whether the source is suspicious; and form the challenge question according to the determined difficulty level, wherein an answer to the challenge question comprises information obtained from the user profile of the other user; and the web server module further configured to; send the challenge question to the requestor; and responsive to receiving a correct answer to the challenge question, allow the requested access. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
Specification