Using social information for authenticating a user session

US 8,910,251 B2
Filed: 03/06/2009
Issued: 12/09/2014
Est. Priority Date: 03/06/2009
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method comprising:

maintaining user profiles for a plurality of users of a social networking system;

maintaining a plurality of connections between the users of the social networking system;

receiving a request from a requestor for access to a computing resource, wherein the request is associated with a user of the social networking system;

selecting, for forming a challenge question, another user of the social networking system from a plurality of other users connected to the user via the social networking system, the selection based on a rate of interactions between the user and the other user;

obtaining information from a user profile of the other user;

determining whether the request is received from a suspicious source;

determining difficulty level of the challenge question based on whether the source is suspicious;

forming the challenge question according to the determined difficulty level, by a processor, wherein an answer to the challenge question comprises information obtained from the user profile of the other user;

sending the challenge question to the requestor; and

responsive to receiving a correct answer to the challenge question, allowing the requested access.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A social CAPTCHA is presented to authenticate a member of the social network. The social CAPTCHA includes one or more challenge questions based on information available in the social network, such as the user'"'"'s activities and/or connections in the social network. The social information selected for the social CAPTCHA may be determined based on affinity scores associated with the member'"'"'s connections, so that the challenge question relates to information that the user is more likely to be familiar with. A degree of difficulty of challenge questions may be determined and used for selecting the CAPTCHA based on a degree of suspicion.

Citations

38 Claims

1. A computer implemented method comprising:
- maintaining user profiles for a plurality of users of a social networking system;
  
  maintaining a plurality of connections between the users of the social networking system;
  
  receiving a request from a requestor for access to a computing resource, wherein the request is associated with a user of the social networking system;
  
  selecting, for forming a challenge question, another user of the social networking system from a plurality of other users connected to the user via the social networking system, the selection based on a rate of interactions between the user and the other user;
  
  obtaining information from a user profile of the other user;
  
  determining whether the request is received from a suspicious source;
  
  determining difficulty level of the challenge question based on whether the source is suspicious;
  
  forming the challenge question according to the determined difficulty level, by a processor, wherein an answer to the challenge question comprises information obtained from the user profile of the other user;
  
  sending the challenge question to the requestor; and
  
  responsive to receiving a correct answer to the challenge question, allowing the requested access.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the request requires communicating with the social networking system using application programming interface provided by the social networking system.
  - 3. The method of claim 1, further comprising:
    - sending to the requestor a plurality of answers for the challenge question comprising at least a correct answer and one or more incorrect answers.
  - 4. The method of claim 3, further comprising:
    - determining the number of answers in the plurality of answers for the challenge question based on whether the source is suspicious or not.
  - 5. The method of claim 1, wherein the other user is selected responsive to a recent interaction between the user and the other user.
  - 6. The method of claim 1, wherein the request is a request to login to the user'"'"'s account.
  - 7. The method of claim 1, wherein the request is a request to broadcast a message.
  - 8. The method of claim 1, wherein the request is a request to conduct an online purchase on behalf of the user.
  - 9. The method of claim 1, further comprising:
    - responsive to receiving an incorrect answer to the challenge question, denying the requested access.
  - 10. The method of claim 1, wherein an amount of detail for an answer to the challenge question is based on a measure of affinity between the user and the other user.
  - 11. The method of claim 1, wherein the selection of the other user for forming a challenge question is based on a weighted aggregate value based on the interactions between the user and the other user.
  - 12. The method of claim 1, further comprising:
    - selecting a type of information used to form the challenge question based on a measure of affinity between the user and the other user.
  - 13. The method of claim 12, wherein selecting the type of information used to form the challenge question comprises selecting a first type of information if the measure of affinity exceeds a threshold value and selecting a second type of information if the measure of affinity is below the threshold value.
  - 14. The method of claim 1, wherein the selection of the other user for forming a challenge question is based on a time of interaction between the user and the other user.
  - 15. The method of claim 1, wherein the selection of the other user for forming a challenge question is based on an interaction between the other user and an object related to the user.

16. A computer implemented method comprising:
- maintaining user profiles for a plurality of users of a social networking system;
  
  maintaining a plurality of connections between the users of the social networking system;
  
  receiving a request from a requestor for generating a challenge question based on information related to a user of the social networking system, wherein the requestor receives a request for access from the user;
  
  selecting, for forming a challenge question, another user of the social networking system from a plurality of other users connected to the user via the social networking system, the selection based on a rate of on interactions between the user and the other user;
  
  obtaining information from a user profile of the other user;
  
  determining whether the request is received from a suspicious source;
  
  determining difficulty level of the challenge question based on whether the source is suspicious;
  
  forming the challenge question according to the determined difficulty level, by a processor, wherein an answer to the challenge question comprises information obtained from the user profile of the other user; and
  
  sending the challenge question to the requestor wherein the requestor allows a requested access to the user responsive to receiving a correct answer to the challenge question.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
- - 17. The method of claim 16, further comprising:
    - receiving a suspiciousness score value from the requestor; and
      
      determining the difficulty of the challenge question based on the suspiciousness score value.
  - 18. The method of claim 16, further comprising:
    - sending to the requestor a plurality of answers for the challenge question comprising at least a correct answer and one or more incorrect answers.
  - 19. The method of claim 18, further comprising:
    - receiving a suspiciousness score value from the requestor; and
      
      determining the number of answers in the plurality of answers based on the suspiciousness score value.
  - 20. The method of claim 16, wherein the other user is selected responsive to a recent interaction between the user and the other user.
  - 21. The method of claim 16, wherein the selection of the other user for forming a challenge question is based on a weighted aggregate value based on the interactions between the user and the other user.
  - 22. The method of claim 16, further comprising:
    - selecting a type of information used to form the challenge question based on a measure of affinity between the user and the other user.
  - 23. The method of claim 22, wherein selecting the type of information used to form the challenge question comprises selecting a first type of information if the measure of affinity exceeds a threshold value and selecting a second type of information if the measure of affinity is below the threshold value.
  - 24. The method of claim 16, wherein the selection of the other user for forming a challenge question is based on a time of interaction between the user and the other user.

25. A non-transitory computer-readable storage medium storing computer-executable code comprising:
- a member profile store configured to store user profiles for a plurality of users of a social networking system;
  
  a connection store configured to store a plurality of connections between the users of the social networking system;
  
  a web server module configured to;
  
  receive a request from a requestor for access to a computing resource, wherein the request is associated with a user of the social networking system;
  
  a CAPTCHA manager module configured to;
  
  select, for forming a challenge question, another user of the social networking system from a plurality of other users connected to the user via the social networking system, the selection based on a rate of interactions between the user and the other user;
  
  obtain information from a user profile of the other user;
  
  determine whether the request is received from a suspicious source;
  
  determine difficulty level of the challenge question based on whether the source is suspicious; and
  
  form the challenge question according to the determined difficulty level, wherein an answer to the challenge question comprises information obtained from the user profile of the other user; and
  
  the web server module further configured to;
  
  send the challenge question to the requestor; and
  
  responsive to receiving a correct answer to the challenge question, allow the requested access.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 26. The non-transitory computer readable storage medium of claim 25, wherein the selection of the other user for forming a challenge question is based on a weighted aggregate value based on the interactions between the user and the other user.
  - 27. The non-transitory computer readable storage medium of claim 25, wherein the CAPTCHA manager module is further configured to:
    - select a type of information used to form the challenge question based on a measure of affinity between the user and the other user.
  - 28. The non-transitory computer readable storage medium of claim 27, wherein selecting the type of information used to form the challenge question comprises selecting a first type of information if the measure of affinity exceeds a threshold value and selecting a second type of information if the measure of affinity is below the threshold value.
  - 29. The non-transitory computer readable storage medium of claim 25, wherein the selection of the other user for forming a challenge question is based on a time of interaction between the user and the other user.
  - 30. The non-transitory computer readable storage medium of claim 25, wherein sending the challenge question to the requestor comprises:
    - sending to the requestor a plurality of answers for the challenge question comprising at least a correct answer and one or more incorrect answers.
  - 31. The non-transitory computer readable storage medium of claim 25, wherein the selection of the other user for forming a challenge question is based on a weighted aggregate value based on the interactions between the user and the other user.
  - 32. The non-transitory computer readable storage medium of claim 25, wherein the other user is selected responsive to a recent interaction between the user and the other user.
  - 33. The non-transitory computer readable storage medium of claim 25, wherein the CAPTCHA manager module is further configured to:
    - select a type of information used to form the challenge question based on a measure of affinity between the user and the other user.
  - 34. The non-transitory computer readable storage medium of claim 33, wherein selecting the type of information used to form the challenge question comprises selecting a first type of information if the measure of affinity exceeds a threshold value and selecting a second type of information if the measure of affinity is below the threshold value.
  - 35. The non-transitory computer readable storage medium of claim 25, wherein the selection of the other user for forming a challenge question is based on a time of interaction between the user and the other user.
  - 36. The non-transitory computer readable storage medium of claim 25, wherein an amount of detail for an answer to the challenge question is based on a measure of affinity between the user and the other user.
  - 37. The non-transitory computer readable storage medium of claim 25, wherein the request is a request to login to the user'"'"'s account.
  - 38. The non-transitory computer readable storage medium of claim 25, wherein the request is a request to conduct an online purchase on behalf of the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Original Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Inventors
Shepard, Luke Jonathan, Chen, William, Perry, Todd, Popov, Lev
Primary Examiner(s)
CHEN, SHIN HON

Application Number

US12/399,723
Publication Number

US 20100229223A1
Time in Patent Office

2,104 Days
Field of Search

726/5, 726/18
US Class Current

726/5
CPC Class Codes

G06F 21/31   User authentication

H04L 63/083   using passwords cryptograph...

H04L 67/02   based on web technology, e....

Using social information for authenticating a user session

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Using social information for authenticating a user session

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links