Password check by decomposing password

US 9,754,101 B2
Filed: 08/15/2016
Issued: 09/05/2017
Est. Priority Date: 06/01/2011
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a non-transitory memory; and

one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising;

receiving a proposed password from a user;

accessing a previous password of the user;

decomposing the proposed password and the previous password into a first plurality of components and a second plurality of components, respectively;

analyzing the first plurality of components and the second plurality of components in relation to the proposed password and the previous password, respectively, to discern a first set of formation rules used to form the proposed password from the first plurality of components and a second set of formation rules used to form the previous password from the second plurality of components;

determining a similarity between the proposed password and the previous password based on a comparison between the first plurality of components and the second plurality of components and a comparison between the first set of formation rules and the second set of formation rules; and

determining to accept the proposed password based on the similarity.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A proposed password is decomposed into basic components to determine and score transitions between the basic components and create a password score that measures the strength of the proposed password based on rules, such as concatenation, insertion, and replacement. The proposed password is scored against all known words, such as when a user is first asked to create a password for an account or access. The proposed password can also be scored against one or more previous passwords for the user, such as when the user is asked to change the user'"'"'s previous password, to determine similarity between the two passwords.

63 Citations

View as Search Results

20 Claims

1. A system comprising:
- a non-transitory memory; and
  
  one or more hardware processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising;
  
  receiving a proposed password from a user;
  
  accessing a previous password of the user;
  
  decomposing the proposed password and the previous password into a first plurality of components and a second plurality of components, respectively;
  
  analyzing the first plurality of components and the second plurality of components in relation to the proposed password and the previous password, respectively, to discern a first set of formation rules used to form the proposed password from the first plurality of components and a second set of formation rules used to form the previous password from the second plurality of components;
  
  determining a similarity between the proposed password and the previous password based on a comparison between the first plurality of components and the second plurality of components and a comparison between the first set of formation rules and the second set of formation rules; and
  
  determining to accept the proposed password based on the similarity.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the determining the similarity comprises:
    - determining a first similarity score based on the comparison between the first plurality of components and the second plurality of components;
      
      determining a second similarity score based on the comparison between the first set of formation rules and the second set of formation rules; and
      
      generating a total similarity score as a function of the first similarity score and the second similarity score.
  - 3. The system of claim 1, wherein the determining the similarity comprises determining a similarity score for the proposed password, and wherein the determining to accept the proposed password based on the similarity includes comparing the similarity score for the proposed password with a threshold score.
  - 4. The system of claim 1, wherein the analyzing the first plurality of components in relation to the proposed password comprises detecting a presence of one or more operations selected from the group of operations consisting of insertion, concatenation, and replacement, used to form the proposed password from the first plurality of components.
  - 5. The system of claim 1, wherein the previous password and the proposed password comprise alphanumeric characters and symbols.
  - 6. The system of claim 1, wherein different formation rules are weighted differently for determining the similarity between the previous password and the proposed password.
  - 7. The system of claim 2, wherein the operations further comprise flagging the proposed password when the total similarity score is below a threshold score.

8. A method comprising:
- receiving, by one or more hardware processors, a proposed password from a user;
  
  accessing, by one or more hardware processors, a previous password of the user;
  
  decomposing, by one or more hardware processors, the proposed password and the previous password into a first plurality of components and a second plurality of components, respectively;
  
  analyzing, by one or more hardware processors, the first plurality of components and the second plurality of components in relation to the proposed password and the previous password, respectively, to discern a first set of formation rules used to form the proposed password from the first plurality of components and a second set of formation rules used to form the previous password from the second plurality of components;
  
  determining, by one or more hardware processors, a similarity between the proposed password and the previous password based on a comparison between the first set of formation rules and the second set of formation rules; and
  
  determining, by one or more hardware processors, to accept the proposed password based on the similarity.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the determining the similarity between the proposed password and the previous password is further based on a comparison between the first plurality of components and the second plurality of components, wherein the determining the similarity further comprises:
    - determining a first similarity score based on the comparison between the first plurality of components and the second plurality of components;
      
      determining a second similarity score based on the comparison between the first set of formation rules and the second set of formation rules; and
      
      generating a total similarity score as a function of the first similarity score and the second similarity score.
  - 10. The method of claim 8, wherein the determining the similarity comprises determining a similarity score for the proposed password, and wherein the determining to accept the proposed password based on the similarity includes comparing the similarity score for the proposed password with a threshold score.
  - 11. The method of claim 8, wherein the analyzing the first plurality of components in relation to the proposed password comprises detecting a presence of one or more operations selected from the group of operations consisting of insertion, concatenation, and replacement, used to form the proposed password from the first plurality of components.
  - 12. The method of claim 8, wherein the previous password and the proposed password comprise alphanumeric characters and symbols.
  - 13. The method of claim 8, wherein different formation rules are weighted differently for determining the similarity between the previous password and the proposed password.
  - 14. The method of claim 9, further comprising flagging the proposed password when the total similarity score is below a threshold score.

15. A non-transitory machine-readable medium having stored thereon machine-readable instructions executable to cause a machine to perform operations comprising:
- receiving a proposed password from a user;
  
  accessing a previous password of the user;
  
  decomposing the proposed password and the previous password into a first plurality of components and a second plurality of components, respectively;
  
  analyzing the first plurality of components and the second plurality of components in relation to the proposed password and the previous password, respectively, to discern a first set of formation rules used to form the proposed password from the first plurality of components and a second set of formation rules used to form the previous password from the second plurality of components;
  
  determining a similarity between the proposed password and the previous password based on a comparison between the first plurality of components and the second plurality of components and a comparison between the first set of formation rules and the second set of formation rules; and
  
  determining to accept the proposed password based on the similarity.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory machine-readable medium of claim 15, wherein the determining the similarity comprises:
    - determining a first similarity score based on the comparison between the first plurality of components and the second plurality of components;
      
      determining a second similarity score based on the comparison between the first set of formation rules and the second set of formation rules; and
      
      generating a total similarity score as a function of the first similarity score and the second similarity score.
  - 17. The non-transitory machine-readable medium of claim 15, wherein the determining the similarity comprises determining a similarity score for the proposed password, and wherein the determining to accept the proposed password based on the similarity includes comparing the similarity score for the proposed password with a threshold score.
  - 18. The non-transitory machine-readable medium of claim 15, wherein the analyzing the first plurality of components in relation to the proposed password comprises detecting a presence of one or more operations selected from the group of operations consisting of insertion, concatenation, and replacement, used to form the proposed password from the first plurality of components.
  - 19. The non-transitory machine-readable medium of claim 15, wherein the previous password and the proposed password comprise alphanumeric characters and symbols.
  - 20. The non-transitory machine-readable medium of claim 15, wherein different formation rules are weighted differently for determining the similarity between the previous password and the proposed password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Inventors
Jakobsson, Bjorn Markus
Primary Examiner(s)
BROWN, ANTHONY D

Application Number

US15/237,525
Publication Number

US 20160350528A1
Time in Patent Office

386 Days
Field of Search

726 6
US Class Current
CPC Class Codes

A61B 2090/3735   Optical coherence tomograph...

A61B 90/37   Surgical systems with image...

G01B 9/02044   Imaging in the frequency do...

G01B 9/02083   characterised by particular...

G01B 9/02089   Displaying the signal, e.g....

G01B 9/02091   Tomographic interferometers...

G06F 21/00   Security arrangements for p...

G06F 21/46   by designing passwords or c...

H04L 63/06   for supporting key manageme...

H04L 63/083   using passwords cryptograph...

Password check by decomposing password

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

63 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Password check by decomposing password

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links