Question generation in knowledge-based authentication from activity logs

US 9,514,407 B1
Filed: 09/27/2012
Issued: 12/06/2016
Est. Priority Date: 09/27/2012
Status: Active Grant

First Claim

Patent Images

1. A method of generating knowledge-based authentication (KBA) questions, the method comprising:

obtaining, from a user device, an activity log of a user, the activity log including pointers to a set of external fact sources;

deriving external facts from each external fact source of the set of external fact sources; and

generating a set of KBA questions from the external facts;

wherein the activity log of the user includes a web browsing history of the user,wherein the pointers to the set of external fact sources include a list of addresses, within the web browsing history, of websites corresponding to the respective addresses and previously visited by the user, the set of external fact sources including the websites addressed by the list of addresses,wherein deriving the set of external facts includes accessing, over a network, each of the websites addressed by the list of addresses and acquiring the external facts from the websites, andwherein the KBA questions are generated by a KBA server from content of websites distinct from the user device, pointed to by the web browsing history on the user device, and visited by the KBA server connecting to the websites over the network.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An improved technique involves generating KBA questions based on facts from fact sources pointed to by an activity log. A KBA system obtains an activity log from a computer of a user in an organization. For example, the computer records the user'"'"'s web browsing history. The KBA system then considers each entry in the activity log as a source of facts for deriving KBA questions. In the case of a web browsing history, the KBA system generates facts from web pages that the user visited. The KBA system then derives new KBA questions from the facts so derived.

Citations

19 Claims

1. A method of generating knowledge-based authentication (KBA) questions, the method comprising:
- obtaining, from a user device, an activity log of a user, the activity log including pointers to a set of external fact sources;
  
  deriving external facts from each external fact source of the set of external fact sources; and
  
  generating a set of KBA questions from the external facts;
  
  wherein the activity log of the user includes a web browsing history of the user,wherein the pointers to the set of external fact sources include a list of addresses, within the web browsing history, of websites corresponding to the respective addresses and previously visited by the user, the set of external fact sources including the websites addressed by the list of addresses,wherein deriving the set of external facts includes accessing, over a network, each of the websites addressed by the list of addresses and acquiring the external facts from the websites, andwherein the KBA questions are generated by a KBA server from content of websites distinct from the user device, pointed to by the web browsing history on the user device, and visited by the KBA server connecting to the websites over the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method as in claim 1,wherein each address of the list of addresses includes metadata indicating a time at which the user visited the website to which the address corresponds;
    - wherein acquiring the web browsing history includes;
      
      for each address of the list of addresses of the web browsing history;
      
      selecting the address when the metadata indicates that the user visited the website to which the address corresponds later than a threshold time, andnot selecting the address when the metadata indicates that the user visited the website to which the address corresponds earlier than the threshold time.
  - 3. A method as in claim 2,wherein the metadata further indicates a set of keywords used to make a search engine aware of the website when keywords of the set of keywords are entered into the search engine;
    - wherein acquiring the web browsing history further includes;
      
      inputting a keyword of the set of keywords into the search engine;
      
      after inputting the keyword into the search engine, obtaining addresses of an alternate website that was listed as output of the search engine;
      
      wherein deriving the external facts includes;
      
      deriving facts from the alternate website.
  - 4. A method as in claim 1,wherein deriving the external facts includes:
    - for each address of the list of addresses;
      
      navigating a browser to access a document on the website to which the address corresponds, andextracting external facts from the document.
  - 5. A method as in claim 4,wherein the document on the website to which the address corresponds includes textual reference material;
    - andwherein extracting the external facts from the document includes;
      
      performing a parsing operation on the textual reference material of the document, the parsing operation being constructed and arranged to produce a parsing result; and
      
      obtaining the external facts from the parsing result.
  - 6. A method as in claim 5,wherein the parsing result includes a set of chosen sentences extracted from the textual reference material, each chosen sentence of the set of chosen sentences including an external fact;
    - andwherein performing the parsing operation includes;
      
      separating the document into a group of sentences, andassigning a sentence of the group of sentences to be a chosen sentence of the set of chosen sentences when the sentence includes a keyword of a specified set of keywords.
  - 7. A method as in claim 1,wherein the KBA questions of the set of KBA questions are multiple-choice questions having a correct choice and a set of confounders;
    - wherein generating the set of KBA questions from the external facts includes;
      
      producing the correct choice from the external facts, andproducing the set of confounders from the external facts and a set of alternate facts, the set of alternate facts being derived from a specified set of addresses, each address of the specified set of addresses corresponding to a specified website.
  - 8. A method as in claim 1,wherein the set of KBA questions includes a pilot question derived from specific external facts from a specific external fact source of the set of external fact source, the specific external fact source being pointed to by a specific pointer of the activity log;
    - andwherein the method further comprises;
      
      providing the pilot question to a user that has requested authentication;
      
      receiving an answer to the pilot question; and
      
      based on the answer to the pilot question, evaluating a suitability of the specific external fact source as a source of external facts for generating KBA questions.
  - 9. A method as in claim 1, wherein the activity log includes a search term input into a first search engine by the user to find a website visited by the user;
    - andwherein the method further comprises;
      
      inputting the search term into a second search engine, the second search engine outputting a second list of addresses,accessing an alternative website corresponding to an address of the second list of addresses,extracting an alternative fact from the alternative website based on the search term, andgenerating a KBA question based on the alternative fact.
  - 10. A method as in claim 1, further comprising performing an authentication operation in response to a person attempting to authenticate as the user by challenging the user with at least one of the KBA questions generated by the KBA server from the content of the websites pointed to by the web browsing history on the user device.

11. A system constructed and arranged to generate knowledge-based authentication (KBA) questions, the system comprising:
- a network interface;
  
  memory; and
  
  a controller including controlling circuitry coupled to the memory, the controlling circuitry being constructed and arranged to;
  
  obtain, from a user device, an activity log of a user, the activity log including pointers to a set of external fact sources;
  
  derive external facts from each external fact source of the set of external fact sources; and
  
  generate a set of KBA questions from the external facts,wherein the activity log of the user includes-a web browsing history of the user,wherein the pointers to the set of external fact sources include a list of addresses, within the web browsing history, of websites corresponding to the respective addresses and previously visited by the user, the set of external fact sources including the websites addressed by the list of addresses,wherein controlling circuitry constructed and arranged to derive the set of external facts is further constructed and arranged to access, over a network, each of the websites addressed by the list of addresses and acquiring the external facts from the websites, andwherein the KBA questions are generated by a KBA server from content of websites distinct from the user device, pointed to by the web browsing history on the user device, and visited by the KBA server connecting to the websites over the network.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. A system as in claim 11,wherein each address of the list of addresses includes metadata indicating a time at which the user visited the website to which the address corresponds;
    - wherein the controlling circuitry constructed and arranged to acquire the web browsing history is further constructed and arranged to;
      
      for each address of the list of addresses of the web browsing history;
      
      select the address when the metadata indicates that the user visited the website to which the address corresponds later than a threshold time, andnot select the address when the metadata indicates that the user visited the website to which the address corresponds earlier than the threshold time.
  - 13. A system as in claim 12,wherein the metadata further indicates a set of keywords used to make a search engine aware of the website when keywords of the set of keywords are entered into the search engine;
    - wherein the controlling circuitry constructed and arranged to acquire the web browsing history is further constructed and arranged to;
      
      input a keyword of the set of keywords into the search engine;
      
      after inputting the keyword into the search engine, obtain addresses of an alternate website that was listed as output of the search engine;
      
      wherein the controlling circuitry constructed and arranged to derive the external facts is further constructed and arranged to;
      
      derive facts from the alternate website.
  - 14. A system as in claim 11,wherein the controlling circuitry constructed and arranged to access the website is further constructed and arranged to:
    - for each address of the list of addresses;
      
      navigate a browser to access a document on the website to which the address corresponds, andextract external facts from the document.
  - 15. A system as in claim 14,wherein the document on the website to which the address corresponds includes textual reference material;
    - andwherein the controlling circuitry constructed and arranged to extract the external facts from the document is further constructed and arranged to;
      
      perform a parsing operation on the textual reference material of the document, the parsing operation being constructed and arranged to produce a parsing result; and
      
      obtain the external facts from the parsing result.
  - 16. A system as in claim 15,wherein the parsing result includes a set of chosen sentences extracted from the textual reference material, each chosen sentence of the set of chosen sentences including an external fact;
    - andwherein the controlling circuitry constructed and arranged to perform the parsing operation is further constructed and arranged to;
      
      separate the document into a group of sentences, andassign a sentence of the group of sentences to be a chosen sentence of the set of chosen sentences when the sentence includes a keyword of a specified set of keywords.

17. A computer program product having a non-transitory, computer-readable storage medium which stores code to perform a method of generating knowledge-based authentication (KBA) questions, the method comprising:
- obtaining, from a user device, an activity log of a user, the activity log including pointers to a set of external fact sources;
  
  deriving external facts from each external fact source of the set of external fact sources; and
  
  generating a set of KBA questions from the external facts;
  
  wherein the activity log of the user includes a web browsing history of the user,wherein the pointers to the set of external fact sources include a list of addresses, within the web browsing history, of websites corresponding to the respective addresses and previously visited by the user, the set of external fact sources including the websites addressed by the list of addresses,wherein deriving the set of external facts includes accessing, over a network, each of the websites addressed by the list of addresses and acquiring the external facts from the websites, andwherein the KBA questions are generated by a KBA server from content of websites distinct from the user device, pointed to by the web browsing history on the user device, and visited by the KBA server connecting to the websites over the network.
- View Dependent Claims (18, 19)
- - 18. A computer program product as in claim 17,wherein each address of the list of addresses includes metadata indicating a time at which the user visited the website to which the address corresponds;
    - wherein acquiring the web browsing history includes;
      
      for each address of the list of addresses of the web browsing history;
      
      selecting the address when the metadata indicates that the user visited the website to which the address corresponds later than a threshold time, andnot selecting the address when the metadata indicates that the user visited the website to which the address corresponds earlier than the threshold time.
  - 19. A computer program product as in claim 18,wherein the metadata further indicates a set of keywords used to make a search engine aware of the website when keywords of the set of keywords are entered into the search engine;
    - wherein acquiring the web browsing history further includes;
      
      inputting a keyword of the set of keywords into the search engine;
      
      after inputting the keyword into the search engine, obtaining addresses of an alternate website that was listed as output of the search engine;
      
      wherein deriving the external facts includes;
      
      deriving facts from the alternate website.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Inventors
Dotan, Yedidya, Levin, Ayelet, Avni, Ayelet, Eliezer, Ayelet
Primary Examiner(s)
Chaki, Kakali
Assistant Examiner(s)
Wu, Fuming

Application Number

US13/628,630
Time in Patent Office

1,531 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 40/279 Recognition of textual enti...

G06N 5/022 Knowledge engineering; Know...

Question generation in knowledge-based authentication from activity logs

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Question generation in knowledge-based authentication from activity logs

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links