User authentication without prior user enrollment

US 7,467,401 B2
Filed: 08/12/2004
Issued: 12/16/2008
Est. Priority Date: 08/12/2004
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a user, comprising;

obtaining authorized access to a plurality of data sources;

identifying a plurality of fields in the plurality of data sources, wherein each field stores a value known to the user;

for each identified field, generating at least one question whose correct answer is the value stored in the field;

wherein none of the questions is password related;

for each generated question, associating the generated question with the identified field and with the plurality of data sources;

in response to receiving a request from the user to access at least one of a plurality of protected resources,presenting to the user at least one generated question, by;

transmitting to the user a first generated question;

in response to receiving an answer to the first generated question from the user;

identifying the data source and the field associated with the first generated question;

using an indication of the user'"'"'s identity to query and retrieve from the data source the correct answer;

comparing the user'"'"'s answer with the retrieved correct answer; and

discarding the retrieved correct answer after the compare;

transmitting to the user a next generated question only if the user'"'"'s answer is correct; and

repeating the comparing and transmitting steps until each of the at least one generated questions presented has been answered correctly, wherein a number of generated questions the user must answer correctly is determined based on a level of security required to access the at least one protected resource;

granting access to the at least one protected resource if the user correctly answers each of the at least one generated questions presented, whereby a user'"'"'s identity is authenticated without requiring the user to provide a password or biometric data, and without requiring the user to enroll prior to access;

denying access to the protected resource if the user incorrectly answers any of the at least one generated questions presented; and

transmitting an alert message indicating that an attempt to access the protected resource by the user was unsuccessful.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Authenticating a user includes providing a plurality of questions based on user related information stored in at least one data source, wherein none of the plurality of questions is password related. At least one of the plurality of questions is presented to the user in response to receiving a request from the user to access one or more protected resources. Access is granted to the authorized set of protected resources if the user correctly answers each of the at least one questions presented. According to the present invention, the user'"'"'s identity is authenticated without requiring the user to provide a password or biometric data, and without requiring the user to enroll prior to access.

201 Citations

18 Claims

1. A method for authenticating a user, comprising;
- obtaining authorized access to a plurality of data sources;
  
  identifying a plurality of fields in the plurality of data sources, wherein each field stores a value known to the user;
  
  for each identified field, generating at least one question whose correct answer is the value stored in the field;
  
  wherein none of the questions is password related;
  
  for each generated question, associating the generated question with the identified field and with the plurality of data sources;
  
  in response to receiving a request from the user to access at least one of a plurality of protected resources,presenting to the user at least one generated question, by;
  
  transmitting to the user a first generated question;
  
  in response to receiving an answer to the first generated question from the user;
  
  identifying the data source and the field associated with the first generated question;
  
  using an indication of the user'"'"'s identity to query and retrieve from the data source the correct answer;
  
  comparing the user'"'"'s answer with the retrieved correct answer; and
  
  discarding the retrieved correct answer after the compare;
  
  transmitting to the user a next generated question only if the user'"'"'s answer is correct; and
  
  repeating the comparing and transmitting steps until each of the at least one generated questions presented has been answered correctly, wherein a number of generated questions the user must answer correctly is determined based on a level of security required to access the at least one protected resource;
  
  granting access to the at least one protected resource if the user correctly answers each of the at least one generated questions presented, whereby a user'"'"'s identity is authenticated without requiring the user to provide a password or biometric data, and without requiring the user to enroll prior to access;
  
  denying access to the protected resource if the user incorrectly answers any of the at least one generated questions presented; and
  
  transmitting an alert message indicating that an attempt to access the protected resource by the user was unsuccessful.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein receiving a request further includes:
    - receiving from the user an indication of the user'"'"'s identity, wherein the indication is not a password or biometric data.
  - 3. The method of claim 1, wherein analyzing the user'"'"'s answer further includes:
    - encrypting the user'"'"'s answer and the retrieved correct answer prior to comparing the answers; and
      
      discarding the encrypted answers after comparing the answers.
  - 4. The method of claim 1 wherein presenting at least one generated question includes randomly selecting a generated question.
  - 5. The method of claim 1 further comprising granting access to all protected resources for which the user is authorized after the user correctly answers each of the at least one questions presented.

6. An identity management system for authenticating a user comprising:
- a plurality of data sources for storing user related information, wherein at least one of the data sources is either a private database or a public database with restricted access; and
  
  a server coupled to the at least one data source, wherein the server includes;
  
  a processor for executing an identity management service (IMS) application, wherein the IMS application functions for;
  
  obtaining authorized access to the at least one data source;
  
  identifying a plurality of fields in the at least one data source, wherein each field stores a value known to the user;
  
  generating, for each identified field, at least one question whose correct answer is the value stored in the field;
  
  associating the least one generated question for each identified field with the identified field and with the data source; and
  
  a communication interface for transmitting to the user the at least one generated question in response to receiving a request from the user to access at least one of a plurality of protected resources, and for receiving an answer to the at least one generated question from the user,a query module for identifying the data source and the field associated with the at least one generated question transmitted to the user, composing a query that includes an identity of the user and the field, submitting the query to the data source, and receiving from the data source a correct answer to the question transmitted; and
  
  a compare module coupled to the query module for comparing the user'"'"'s answer to the correct answer, and for discarding the correct answer received from the data source after the compare,wherein the IMS application transmits to the user a next generated question only if the user'"'"'s answer is correct, and repeats the comparing and transmitting steps until each of the at least one generated questions transmitted has been answered correctly, wherein the IMS application authenticates the user without requiring a password or biometric data, and without requiring the user to enroll, and wherein the IMS application denies access to the protected resource if the user incorrectly answers any of the at least one generated questions presented and transmits an alert message indicating that an attempt to access the protected resource by the user was unsuccessful.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system of claim 6,wherein the request from the user includes an indication of the user'"'"'s identity, wherein the indication is not a password or biometric data.
  - 8. The system of claim 6, wherein the user'"'"'s answer and the correct answer are encrypted prior to the comparison and discarded after the comparison.
  - 9. The system of claim 6, wherein the IMS application randomly selects the at least one generated question to present.
  - 10. The system of claim 6, wherein the IMS application also grants access to all protected resources for which the user is authorized after the user correctly answers each of the at least one questions presented.

11. A computer readable medium containing programming instructions for authenticating a user comprising instructions for:
- obtaining authorized access to a plurality of data sources;
  
  identifying a plurality of fields in the plurality of data sources, wherein each field stores a value known to the user;
  
  for each identified field, generating at least one question whose correct answer is the value stored in the field;
  
  for each generated question, associating the generated question with the identified field and with the plurality of data sources;
  
  in response to receiving a request from the user to access at least one of a plurality of protected resources,presenting to the user at least one generated question bytransmitting to the user a first generated question;
  
  in response to receiving an answer to the first generated question from the user;
  
  identifying the data source and the field associated with the first generated question presented;
  
  using the indication of the user'"'"'s identity to retrieve from the data source the correct answer;
  
  comparing the user'"'"'s answer with the retrieved correct answer; and
  
  discarding the retrieved correct answer after the comparing;
  
  transmitting to the user a next generated question only if the user'"'"'s answer is correct; and
  
  repeating the comparing and transmitting steps until each of the at least one generated questions presented has been answered correctly, wherein a number of generated questions the user must answer correctly is determined based on a level of security required to access the at least one protected resource; and
  
  granting access to the at least one protected resource if the user correctly answers each of the at least one generated questions presented, whereby a user'"'"'s identity is authenticated without requiring the user to provide a password or biometric data, and without requiring the user to enroll prior to access;
  
  denying access to the protected resource if the user incorrectly answers any of the at least one generated questions presented; and
  
  transmitting an alert message indicating that an attempt to access the protected resource by the user was unsuccessful.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The computer readable medium of claim 11 wherein receiving a request includes:
    - receiving from the user an indication of the user'"'"'s identity, wherein the indication is not a password or biometric data.
  - 13. The computer readable medium of claim 11, wherein analyzing the user'"'"'s answer further includes:
    - encrypting the user'"'"'s answer and the retrieved correct answer prior to comparing the answers; and
      
      discarding the encrypted answers after comparing the answers.
  - 14. The computer readable medium of claim 11 wherein presenting at least one generated question includes randomly selecting a generated question.
  - 15. The computer readable medium of claim 11 further comprising granting access to all protected resources for which the user is authorized after the user correctly answers each of the at least one questions presented.

16. An authentication server for authenticating a user comprising:
- a processor for executing an identity management service (IMS) application, wherein the MS application obtains authorized access to at least one of a plurality of external data sources, identifies a plurality of fields in the at least one external data source, wherein each field stores a value known to the user, generates, for each identified field, at least one challenge question whose correct answer is the value stored in the field, and associates each challenge question with the identified field and with the at least one external data source;
  
  memory for storing the challenge questions;
  
  a communication interface for receiving a request from the user to access at least one protected resource, for transmitting at least one challenge question to the user; and
  
  for receiving from the user an answer to the at least one challenge question;
  
  a query module for identifying the data source and the field associated with the at least one generated question presented to the user, composing a query that includes the user'"'"'s identity and the field, submitting the query to the data source, and receiving from the data source a correct answer to the question presented; and
  
  a compare module coupled to the query module for comparing the user'"'"'s answer to the correct answer, and for discarding the correct answer received from the data source after the comparing,wherein the IMS application transmits to the user a next challenge question only if the user'"'"'s answer is correct; and
  
  repeats the comparing and transmitting steps until each of the at least one challenge questions presented has been answered correctly, wherein a number of challenge questions the user must answer correctly is determined based on a level of security required to access the at least one protected resource, wherein the IMS application determines whether the user'"'"'s answer is correct and authenticates the user if the user correctly answers the at least one challenge question; and
  
  wherein the IMS application denies access to the protected resource if the user incorrectly answers any of the at least one generated questions presented, and transmits an alert message indicating that an attempt to access the protected resource by the user was unsuccessful.
- View Dependent Claims (17, 18)
- - 17. The server of claim 16, wherein the server transmits an alert message to a system administrator if the user incorrectly answers the at least one challenge question.
  - 18. The server of claim 16, wherein the server is controlled by an application service provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avatier Corporation
Original Assignee
Avatier Corporation
Inventors
Cicchitto, Nelson A.
Primary Examiner(s)
Smithers; Matthew
Assistant Examiner(s)
PYZOCHA, MICHAEL J

Application Number

US10/917,998
Publication Number

US 20060036868A1
Time in Patent Office

1,587 Days
Field of Search

713/182, 726/4
US Class Current

726/4
CPC Class Codes

G06F 21/305   by remotely controlling dev...

G06F 21/40   by quorum, i.e. whereby two...

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2103   Challenge-response

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

H04L 63/08   for authentication of entit...

User authentication without prior user enrollment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

201 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

User authentication without prior user enrollment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

201 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links