Enterprise password reset

US 8,881,266 B2
Filed: 11/13/2008
Issued: 11/04/2014
Est. Priority Date: 11/13/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-executed method for authenticating a user, the method comprising:

receiving a request from the user for authentication;

extracting, by a server computer, user-behavior information associated with the user from user-specific information stored in an enterprise computer, wherein the extracted user-behavior information includes one or more temporal activities associated with the user, and wherein the user-behavior information is extracted by the server computer so that the user'"'"'s privacy is not compromised by a clerk of an enterprise information help-desk;

generating one or more challenges based on the extracted user-behavior information for the user, wherein generating a respective challenge involves;

selecting a behavior-information item from the extracted user-behavior information;

generating a question so that the selected behavior-information item is the answer to the question, wherein the question is formulated in a way that the question does not reveal the selected behavior-information item; and

formulating the respective challenge using the generated question;

receiving respective responses from the user to the challenges;

comparing the user'"'"'s responses to the behavior-information items used to formulate the corresponding challenges; and

authenticating the user using the challenges without asking the user to input a password.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment of the present invention provides a system for automatically authenticating a user. During operation, the system receives a user'"'"'s request for authentication. The system then extracts information associated with the user from user-specific information stored in an enterprise computer. The extracted user information does not explicitly relate to a password. The system further generates one or more challenges based on the extracted user information, and receives the user'"'"'s response to the challenges. Subsequently, the system compares the user'"'"'s response to the extracted user information, and authenticates the user.

118 Citations

24 Claims

1. A computer-executed method for authenticating a user, the method comprising:
- receiving a request from the user for authentication;
  
  extracting, by a server computer, user-behavior information associated with the user from user-specific information stored in an enterprise computer, wherein the extracted user-behavior information includes one or more temporal activities associated with the user, and wherein the user-behavior information is extracted by the server computer so that the user'"'"'s privacy is not compromised by a clerk of an enterprise information help-desk;
  
  generating one or more challenges based on the extracted user-behavior information for the user, wherein generating a respective challenge involves;
  
  selecting a behavior-information item from the extracted user-behavior information;
  
  generating a question so that the selected behavior-information item is the answer to the question, wherein the question is formulated in a way that the question does not reveal the selected behavior-information item; and
  
  formulating the respective challenge using the generated question;
  
  receiving respective responses from the user to the challenges;
  
  comparing the user'"'"'s responses to the behavior-information items used to formulate the corresponding challenges; and
  
  authenticating the user using the challenges without asking the user to input a password.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising identifying a risk indication.
  - 3. The method of claim 1, further comprising subsequently resetting a password of the authenticated user.
  - 4. The method of claim 1, wherein the user-specific information includes one or more of:
    - calendar entries of the user;
      
      file usage history of the user;
      
      emails of the user;
      
      web browsing history of the user;
      
      contact list of the user; and
      
      past activities of the user.
  - 5. The method of claim 1, further comprising presenting the challenges to the user using a web-based application.
  - 6. The method of claim 1, wherein the user response is generated by a human.
  - 7. The method of claim 1, wherein the user response is generated by a proxy for the user.
  - 8. The method of claim 1, further comprising generating the challenges based on temporal information associated with computer work files of the user, wherein the temporal information is extracted from time stamps of the work files.

9. A non-transitory computer-readable storage medium storing instructions which when executed by a computer cause the computer to perform a method for authenticating a user, the method comprising:
- receiving a request from the user for authentication;
  
  extracting user-behavior information associated with the user from user-specific information stored in an enterprise computer, wherein the extracted user-behavior information includes one or more temporal activities associated with the user, and wherein the user-behavior information is extracted by a server computer so that the user'"'"'s privacy is not compromised by a clerk of an enterprise information help-desk;
  
  generating one or more challenges based on the extracted user-behavior information for the user, wherein generating a respective challenge involves;
  
  selecting a behavior-information item from the extracted user-behavior information;
  
  generating a question so that the selected behavior-information item is the answer to the question, wherein the question is formulated in a way that the question does not reveal the selected behavior-information item; and
  
  formulating the respective challenge using the generated question;
  
  receiving respective responses from the user to the challenges;
  
  comparing the user'"'"'s responses to the behavior-information items used to formulate the corresponding challenges; and
  
  authenticating the user using the challenges without asking the user to input a password.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer-readable storage medium of claim 9, wherein the method further comprises identifying a risk indication.
  - 11. The computer-readable storage medium of claim 9, wherein the method further comprises subsequently resetting a password of the authenticated user.
  - 12. The computer-readable storage medium of claim 9, wherein the user-specific information includes one or more of:
    - calendar entries of the user;
      
      file usage history of the user;
      
      emails of the user;
      
      web browsing history of the user;
      
      contact list of the user; and
      
      past activities of the user.
  - 13. The computer-readable storage medium of claim 9, wherein the method further comprises presenting the challenges to the user using a web-based application.
  - 14. The computer-readable storage medium of claim 9, wherein the user response is generated by a human.
  - 15. The computer-readable storage medium of claim 9, wherein the user response is generated by a proxy for the user.
  - 16. The computer-readable storage medium of claim 9, wherein the method further comprises generating the challenges based on temporal information associated with computer work files of the user, wherein the temporal information is extracted from time stamps of the work files.

17. A computer system for authenticating a user, comprising:
- a processor;
  
  a memory;
  
  a receiving mechanism configured to receive a request from the user for authentication;
  
  an extracting mechanism configured to extract user-behavior information associated with the user from user-specific information stored in an enterprise computer, wherein the extracted user-behavior information includes one or more temporal activities associated with the user, and wherein the user-behavior information is extracted by the computer system so that the user'"'"'s privacy is not compromised by a clerk of an enterprise information help-desk;
  
  a formulating mechanism configured to;
  
  select a behavior-information item from the extracted user-behavior information; and
  
  generate a question so that the selected behavior-information item is the answer to the question, wherein the question is formulated in a way that the question does not reveal the selected behavior-information item;
  
  a generating mechanism configured to generate one or more challenges using the generated questions;
  
  a receiving mechanism configured to receive respective responses from the user to the challenges;
  
  a comparing mechanism configured to compare the user'"'"'s responses to the behavior-information items used to formulate the corresponding challenges; and
  
  an authenticating mechanism configured to authenticate the user using the challenges without asking the user to input a password.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The computer system of claim 17, further comprising an identifying mechanism configured to identify a risk indication.
  - 19. The computer system of claim 17, further comprising a password resetting mechanism configured to subsequently reset a password of the authenticated user.
  - 20. The computer system of claim 17, wherein the user-specific information includes one or more of:
    - calendar entries of the user;
      
      file usage history of the user;
      
      emails of the user;
      
      web browsing history of the user;
      
      contact list of the user; and
      
      past activities of the user.
  - 21. The computer system of claim 17, further comprising a presenting mechanism configured to present the challenges to the user using a web-based application.
  - 22. The computer system of claim 17, wherein the user response is generated by a human.
  - 23. The computer system of claim 17, wherein the user response is generated by a proxy for the user.
  - 24. The computer system of claim 17, wherein the challenges are generated based on temporal information associated with computer work files of the user, wherein the temporal information is extracted from time stamps of the work files.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Xerox Corporation (Xerox Holdings Corp.)
Original Assignee
Palo Alto Research Center, Inc. (Xerox Holdings Corp.)
Inventors
Chow, Richard, Golle, Philippe J. P., Jakobsson, Bjorn Markus, Staddon, Jessica N.
Primary Examiner(s)
Vostal, O. C.

Application Number

US12/270,159
Publication Number

US 20100122340A1
Time in Patent Office

2,182 Days
Field of Search

726/18, 726/6, 726/4, 713/168, 713/183
US Class Current

726/18
CPC Class Codes

G06F 16/00   Information retrieval; Data...

G06F 21/31   User authentication

G06F 21/46   by designing passwords or c...

G06F 7/02   Comparing digital values G0...

H04L 63/083   using passwords cryptograph...

H04L 63/0846   using time-dependent-passwo...

Enterprise password reset

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

118 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Enterprise password reset

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

118 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links