Knowledge-based authentication for restricting access to mobile devices
First Claim
1. In a mobile apparatus, a method of restricting access to resources stored in a storage device of the mobile apparatus, comprising:
- generating, by a processor of the mobile apparatus, a set of knowledge-based authentication (KBA) questions based on data stored in the storage device of the mobile apparatus;
receiving, by the processor via an input device of the mobile apparatus, a request for a user to be granted access to the resources stored in the storage device of the mobile apparatus;
in response to receiving the request, presenting, by the processor via an output device of the mobile apparatus, questions of the set of KBA questions to the user;
obtaining, by the processor via the input device, answers from the user to the questions; and
performing, by the processor, a KBA operation configured to produce an authentication result from the answers, the user being granted or denied access to the resources based on the authentication result;
wherein generating the set of KBA questions includes, for each of the set of KBA questions, store a timestamp corresponding to the time at which that KBA question was generated;
wherein presenting the questions of the set of KBA questions to the user includes selecting the questions according to differences between the time at which the request was received and the timestamps corresponding to the times at which the KBA questions of the set of KBA questions were generated; and
wherein a fixed number of questions is selected.
9 Assignments
0 Petitions
Accused Products
Abstract
An improved technique employs knowledge-based authentication (KBA) based on data stored in a mobile apparatus. The mobile apparatus collects data from sources including email data, web browsing data, accessed YouTube video data, and GPS location data recently stored in the mobile apparatus. From such data, the mobile apparatus builds questions and stores the questions on a database on the phone. Upon receiving a request to access a resource stored in the mobile apparatus from a user, the mobile apparatus selects questions at random and ranks them according to a policy accessible to the mobile apparatus. The mobile apparatus presents the highest-ranked questions to the user. The mobile apparatus grants or rejects access to the resource based on an authentication result that the mobile apparatus generates from answers to the questions submitted by the user.
29 Citations
23 Claims
-
1. In a mobile apparatus, a method of restricting access to resources stored in a storage device of the mobile apparatus, comprising:
-
generating, by a processor of the mobile apparatus, a set of knowledge-based authentication (KBA) questions based on data stored in the storage device of the mobile apparatus; receiving, by the processor via an input device of the mobile apparatus, a request for a user to be granted access to the resources stored in the storage device of the mobile apparatus; in response to receiving the request, presenting, by the processor via an output device of the mobile apparatus, questions of the set of KBA questions to the user; obtaining, by the processor via the input device, answers from the user to the questions; and performing, by the processor, a KBA operation configured to produce an authentication result from the answers, the user being granted or denied access to the resources based on the authentication result; wherein generating the set of KBA questions includes, for each of the set of KBA questions, store a timestamp corresponding to the time at which that KBA question was generated; wherein presenting the questions of the set of KBA questions to the user includes selecting the questions according to differences between the time at which the request was received and the timestamps corresponding to the times at which the KBA questions of the set of KBA questions were generated; and wherein a fixed number of questions is selected. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A mobile apparatus, comprising:
-
a storage device; an input device; an output device; memory; and a controller including controlling circuitry coupled to the memory, the controlling circuitry being constructed and arranged to; generate a set of knowledge-based authentication (KBA) questions based on data stored in the storage device of the mobile apparatus; receive, via the input device, a request for a user to be granted access to the resources stored in the storage device of the mobile apparatus; in response to receiving the request, present, via the output device, questions of the set of KBA questions to the user; obtain, via the input device, answers from the user to the questions; and perform a KBA operation configured to produce an authentication result from the answers, the user being granted or denied access to the resources based on the authentication result; wherein the controlling circuitry constructed and arranged to generate the set of KBA questions is further constructed and arranged to, for each of the set of KBA questions, store a timestamp corresponding to the time at which that KBA question was generated; wherein the controlling circuitry constructed and arranged to present the questions of the set of KBA questions to the user is further constructed and arranged to select the questions according to differences between the time at which the request was received and the timestamps corresponding to the times at which the KBA questions of the set of KBA questions were generated; and wherein a fixed number of questions is selected. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. In a mobile apparatus, a computer program product having a non-transitory, computer-readable storage medium which stores code to restrict access to resources stored in a storage device of the mobile apparatus, the code including instructions to:
-
generate a set of knowledge-based authentication (KBA) questions based on data stored in the storage device of the mobile apparatus; receive, via an input device of the mobile apparatus, a request for a user to be granted access to the resources stored in the storage device of the mobile apparatus; in response to receiving the request, present, via an output device of the mobile apparatus, questions of the set of KBA questions to the user; obtain, via the input device, answers from the user to the questions; and perform a KBA operation configured to produce an authentication result from the answers, the user being granted or denied access to the resources based on the authentication result; wherein generating the set of KBA questions includes, for each of the set of KBA questions, store a timestamp corresponding to the time at which that KBA question was generated; and wherein presenting the questions of the set of KBA questions to the user includes selecting the questions according to differences between the time at which the request was received and the timestamps corresponding to the times at which the KBA questions of the set of KBA questions were generated; and wherein a fixed number of questions is selected.
-
-
23. In a mobile apparatus, a method of restricting access to a resource stored in a storage device of the mobile apparatus, comprising:
-
generating, by a processor of the mobile apparatus, a set of knowledge-based authentication (KBA) questions based on data stored in the storage device of the mobile apparatus; receiving, by the processor, a request for a user to be granted access to the resource; in response to receiving the request, presenting, by the processor, a question of the set of KBA questions to the user; obtaining, by the processor, an answer from the user to the question; and performing, by the processor, a KBA operation configured to produce an authentication result from the answer, the authentication result indicating whether the user is an authorized user of the mobile device; wherein generating the set of KBA questions includes storing a timestamp corresponding to a time at which a KBA question of the set of KBA questions was generated; and wherein presenting the question to the user includes selecting the KBA question according to a difference between (i) a time at which the request was received and (ii) the time at which the KBA question was generated; wherein a single question is selected.
-
Specification