Authentication using transient event data

US 8,973,154 B2
Filed: 02/02/2010
Issued: 03/03/2015
Est. Priority Date: 02/02/2010
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer readable storage medium configured to store instructions that, when executed by a processor included in a computing device, cause the computing device to authenticate a remote user, by carrying out steps that include:

receiving a notification that the remote user is unable to provide correct authentication information for accessing a set of application servers, wherein the correct authentication information comprises a valid digital certificate;

generating authentication questions for the remote user using transient event data regarding previous interactions of the remote user with the set of application servers, the authentication questions for presentation to the remote user, wherein;

generating comprises selecting the authentication questions randomly from a pool of authentication questions such that authentication questions based on recently-generated transient event data are more likely to be selected than authentication questions based on older transient event data,a difficulty of the authentication questions is proportional to a confidentiality level of data to which the set of application servers grant access, andthe transient event data comprises at least one of a current desktop remote image of the remote user, a current screensaver, or a list of other devices recently connected to a portable device of the remote user; and

validating the remote user based on answers to the authentication questions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments provide a method for authenticating a user to access computing resources that uses transient event data regarding previous interactions of the user with the computing resources. The method receives a notification that a user is unable to provide a correct user identifier and password. The method generates authentication questions for the remote user using the transient event data. The authentication questions are presented to the user. The method authenticates the user based on answers to the password recovery questions. The user may be a remote user and the computing resources are a set of application servers to which the user has forgotten a password. The computing resources may be a portable device that the user wishes to access remotely in order to delete data from the portable device.

Citations

26 Claims

1. A non-transitory computer readable storage medium configured to store instructions that, when executed by a processor included in a computing device, cause the computing device to authenticate a remote user, by carrying out steps that include:
- receiving a notification that the remote user is unable to provide correct authentication information for accessing a set of application servers, wherein the correct authentication information comprises a valid digital certificate;
  
  generating authentication questions for the remote user using transient event data regarding previous interactions of the remote user with the set of application servers, the authentication questions for presentation to the remote user, wherein;
  
  generating comprises selecting the authentication questions randomly from a pool of authentication questions such that authentication questions based on recently-generated transient event data are more likely to be selected than authentication questions based on older transient event data,a difficulty of the authentication questions is proportional to a confidentiality level of data to which the set of application servers grant access, andthe transient event data comprises at least one of a current desktop remote image of the remote user, a current screensaver, or a list of other devices recently connected to a portable device of the remote user; and
  
  validating the remote user based on answers to the authentication questions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The non-transitory computer readable storage medium of claim 1, wherein the steps further include:
    - receiving answers from the remote user to the authentication questions;
      
      determining whether the received answers are correct; and
      
      determining that enough of the received answers are correct for the remote user to be validated.
  - 3. The non-transitory computer readable storage medium of claim 2, wherein the remote user is validated only when all of the answers are correct.
  - 4. The non-transitory computer readable storage medium of claim 2, wherein the remote user is validated when more than a particular percentage of the answers are correct.
  - 5. The non-transitory computer readable storage medium of claim 1, wherein the steps further include refusing validation to the remote user based on answers to the authentication questions.
  - 6. The non-transitory computer readable storage medium of claim 5, wherein the steps further include:
    - receiving answers from the remote user to the authentication questions;
      
      determining whether the received answers are correct; and
      
      determining that not enough of the received answers are correct for the remote user to be validated.
  - 7. The non-transitory computer readable storage medium of claim 1, wherein the set of application servers comprises a plurality of application servers.
  - 8. The non-transitory computer readable storage medium of claim 1, wherein the correct authentication information comprises a user identifier and password.
  - 9. The non-transitory computer readable storage medium of claim 1, wherein the set of application servers comprises an e-mail server.
  - 10. The non-transitory computer readable storage medium of claim 9, wherein:
    - the transient event data comprises recipients of recent e-mails from the remote user, and one of the authentication questions requires the remote user to type a name of a recipient,the transient event data comprises a plurality of documents recently opened on the portable device and one of the authentication questions requires the remote user to identify one document of the plurality of documents,the transient event data comprises a plurality of times at which the remote user logged into or logged out of the portable device, and one of the authentication questions requires the remote user to identify one time of the plurality of times,the transient event data comprises data generated by one or more applications recently executed on the portable device and one of the authentication questions requires the remote user to identify the data, orthe transient event data comprises a ringtone used on the portable device, and one of the authentication questions requires the remote user to identify the ringtone.
  - 11. The non-transitory computer readable storage medium of claim 1, wherein the set of application servers comprises a chat server.
  - 12. The non-transitory computer readable storage medium of claim 11, wherein the transient event data comprises contacts recently chatted with by the remote user and one of the authentication questions requires the remote user to select a particular contact from a list of contacts.
  - 13. The non-transitory computer readable storage medium of claim 1, wherein the steps further include retrieving the transient event data from a set of databases for storing the transient event data.
  - 14. The non-transitory computer readable storage medium of claim 13, wherein the set of databases comprises a separate database for each application server in the set of application servers.

15. A non-transitory computer readable storage medium configured to store instructions that, when executed by a processor included in a server computer system, cause the server computer system to carry out steps that include:
- receiving, from a portable device, a notification that a user of the portable device is requesting to remove personal data from the portable device;
  
  connecting remotely to the portable device and retrieving transient event data from the portable device in response to receiving the notification, the transient event data regarding previous interactions of the user with the portable device;
  
  generating authentication questions for the user based on the retrieved transient event data in response to retrieving the transient event data, the authentication questions for presentation to the user, wherein;
  
  generating comprises selecting the authentication questions randomly from a pool of authentication questions such that authentication questions based on recently-generated transient event data are more likely to be selected than authentication questions based on older transient event data,a difficulty of the authentication questions is proportional to a confidentiality level of the personal data to which the server grants access, andthe transient event data comprises a current desktop image of the user, a current screensaver, or a list of other devices recently connected to the portable device;
  
  sending the authentication questions to the portable device in response to generating the authentication questions; and
  
  in response to receiving, from the portable device, a sufficient number of correct answers provided by the user;
  
  initiating a procedure on the portable device to remove the personal data from the portable device.
- View Dependent Claims (16, 17, 18, 19, 26)
- - 16. The non-transitory computer readable storage medium of claim 15, wherein the portable device is a smartphone.
  - 17. The non-transitory computer readable storage medium of claim 15, wherein the portable device comprises firmware and the personal data does not include the firmware.
  - 18. The non-transitory computer readable storage medium of claim 15, wherein the personal data comprises the transient event data.
  - 19. The non-transitory computer readable storage medium of claim 15, wherein the steps further include identifying a physical location of the portable device and including the physical location in the transient event data.
  - 26. The non-transitory computer readable storage medium of claim 15, wherein:
    - the transient event data comprises a plurality of documents recently opened on the portable device, and one of the authentication questions requires the user to identify one document of the plurality of documents,the transient event data comprises a plurality of times at which the user logged into or logged out of the portable device, and one of the authentication questions requires the user to identify one time of the plurality of times,the transient event data comprises data generated by one or more applications recently executed on the portable device, and one of the authentication questions requires the user to identify the data, orthe transient event data comprises a ringtone used on the portable device, and one of the authentication questions requires the user to identify the ringtone.

20. A method, comprising:
- at a server computer system;
  
  receiving, from a portable device, an indication that a user of the portable device is unable to provide correct authentication information for accessing the portable device, wherein the correct authentication information comprises a valid digital certificate;
  
  connecting remotely to the portable device and retrieving transient event data from the portable device in response to receiving the indication, the transient event data regarding previous interactions of the user with the portable device;
  
  generating authentication questions for the user based on the retrieved transient event data in response to retrieving the transient event data, the authentication questions for presentation to the user, wherein;
  
  generating comprises selecting the authentication questions randomly from a pool of authentication questions such that authentication questions based on recently-generated transient event data are more likely to be selected than authentication questions based on older transient event data,a difficulty of the authentication questions is proportional to a confidentiality level of data to which the server grants access, andthe transient event data comprises a current desktop image of the user, a current screensaver, or a list of other devices recently connected to the portable device;
  
  sending the authentication questions to the portable device in response to generating the authentication questions; and
  
  in response to receiving, from the portable device, a sufficient number of correct answers provided by the user;
  
  providing access to the portable device to the user.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. The method of claim 20, wherein providing access to the portable device to the user comprises at least one of providing a device password to the user and presenting an opportunity to the user to choose a new password for the portable device.
  - 22. The method of claim 20, wherein the authentication questions include simple multiple choice authentication questions when the server computer system provides access to data with minimal confidentiality concerns.
  - 23. The method of claim 20, wherein the authentication questions require the user to type an answer when the server computer system provides access to highly confidential information.
  - 24. The method of claim 20, further comprising:
    - identifying a physical location of the portable device; and
      
      including the physical location of the portable device in the transient event data.
  - 25. The method of claim 20, wherein:
    - the transient event data comprises applications recently run by the user and data generated by use of the applications,the transient event data comprises a plurality of documents recently opened on the portable device,the transient event data comprises a plurality of times at which the user logged into or logged out of the portable device, orthe transient event data comprises a ringtone used on the portable device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Yanagihara, Kazu
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Shepperd, Eric W

Application Number

US12/699,027
Publication Number

US 20110191838A1
Time in Patent Office

1,855 Days
Field of Search

726 2- 5, 726/7, 726 16- 17, 726/19, 726/21, 726 26- 28, 726 34- 35, 713182-184, 380/247
US Class Current

726/28
CPC Class Codes

G06F 15/16   Combinations of two or more...

G06F 21/00   Security arrangements for p...

G06F 21/31   User authentication

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2103   Challenge-response

G06F 2221/2143   Clearing memory, e.g. to pr...

H04L 63/308   retaining data, e.g. retain...

H04L 9/321   involving a third party or ...

Authentication using transient event data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication using transient event data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links