AUTHENTICATION SYSTEM EMPLOYING USER MEMORIES

Abstract

An electronic access security method includes posing multiple categories to a user, where each category relates to a personal event that the user may recall, and providing several questions for a user-selected personal event category, where each question includes multiple corresponding choices. The method also includes storing the received selection of one of the personal event categories and the received choices of the one of the multiple choices, where the stored received selection and received choices are associated with the user.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a computer that may employ aspects of an authentication system.

FIG. 2 is a block diagram illustrating a computing system in which aspects of the authentication system may operate in a networked environment.

FIGS. 3-10 are representative display screens showing one embodiment of the invention.

FIG. 11 is a flow diagram illustrating suitable steps performed under the embodiment of FIGS. 3-10.

FIGS. 12-22 are display screens showing an alternative embodiment to that shown in FIGS. 3-10.

Claims

1. A method of authenticating a user for access to a network, wherein the authentication method avoids the need for specialized authorization hardware, the method comprising: in an initialization session: presenting a user with multiple categories, wherein the multiple categories are related to life events that the user may have experienced;receiving a selection from the user of one of the multiple categories;based on the selected category, presenting multiple queries to the user, wherein each of the multiple queries is related to the selected category and each of the multiple queries is presented with multiple possible responses to the query; andfor each of the multiple queries, receiving a response selected from the multiple possible responses from the user and storing the received response in a profile of the user; andin an authentication session: presenting the multiple queries related to the selected category to the user, wherein each of the multiple queries is presented with multiple possible responses to the query including the response to the query received from the user in the initialization phase;for each of the multiple queries, receiving a response selected from the multiple possible responses from the user; andauthenticating the user if the received response to each of the multiple queries matches the response to each of the multiple queries stored in the profile of the user.

2. The method of claim 1, further comprising repeating the initialization session for two or more different selected categories for each user.

3. A computer-readable medium storing computer-executable instructions that provides an electronic access security method, wherein the electronic access security method avoids the need for specialized authorization hardware, the method comprising: posing multiple categories to a user, wherein each category relates to a personal event that the user may recall;receiving a selection of one of the personal event categories;storing the received selection of the one personal event category;providing several questions for the selected personal event category, wherein each question includes multiple corresponding choices;receiving selected choices for each of the several questions; andstoring the received choices of the one of the multiple choices, wherein the stored received selection and received choices are associated with the user.

4. The computer-readable medium of claim 3, further comprising: posing new multiple categories that do not include the stored received selection, and repeating the receiving a selection, storing the received selection, providing multiple choices, providing several questions, receiving selected choices and storing the received choices.

5. The computer-readable medium of claim 3, further comprising: authenticating a user by providing a selected set of multiple personal event categories, several questions, and multiple corresponding choices, and comparing received selections to the stored received selection and received choices.

6. The computer-readable medium of claim 3, further comprising: developing a stored set of responses to a user's selection of multiple different personal event categories and corresponding selected choices during different sessions.

7. The computer-readable medium of claim 3 wherein the posing of multiple categories includes randomly selecting the multiple categories from a larger set of categories.

8. The computer-readable medium of claim 3 wherein the providing of several questions includes presenting the questions and multiple corresponding choices as a displayed two-dimensional grid from which the user may make selections.

9. The computer-readable medium of claim 3, further comprising: receiving alphanumeric input to a question and storing the received alphanumeric input.

10. The computer-readable medium of claim 3, further comprising: receiving and storing computer identification value, IP address, cursor movement patterns from computer input devices, keystroke generation patterns from keyboards, or thematic choice patterns from chosen personal event categories.

11. The computer-readable medium of claim 3, further comprising: presenting information during authentication, including: presenting a selected set of multiple personal event categories, several selected questions, and multiple corresponding choices, wherein the selected set of multiple personal event categories, several selected questions, and wherein the multiple corresponding choices presented include the stored received choices with different but plausible alternative choices.

12. The computer-readable medium of claim 3, further comprising: receiving and storing response time values for the user, andupon subsequent authentication, presenting several selected questions with multiple corresponding choices, and comparing times to respond to the several selected questions to the stored response time values.

13. A system to authenticate a user, the system comprising: at least one user input portion;at least one memory storing instructions;at least one output portion; andat least one processing portion coupled to the input and output portions, and coupled to the memory to execute the instructions stored in the memory, wherein the instructions configure the system to: present multiple categories to a user via the output portion, wherein each category relates to a personal event that the user may recall;receive via the input portion a user selection of one of the personal event categories;store in the memory the received selection of the one personal event category;provide via the output portion several questions for the one selected personal event category, wherein each question includes multiple corresponding answers;receive via the input portion user-selected answers for each of several questions associated with the one selected personal event category; andstore in the memory the received answers for each of the several questions associated with the one selected personal event category, wherein the stored received selection and the stored received answers are stored as being associated with the user.

14. The system of claim 13 wherein the input portion includes an audio input device, wherein the output portion includes an audio output device, and wherein at least the several questions or multiple corresponding answers are presented audibly via the audio output device.

15. The system of claim 13 wherein the system is an automated teller machine (ATM), portable computer, or phone.

16. A security system, comprising: means for posing multiple categories to a user, wherein each category relates to an experience to be recalled by the user;means for receiving a selection of one of the personal event categories;means for storing the received selection of the one personal event category;means for providing several questions for the one selected personal event category, wherein each question includes multiple corresponding choices;means for receiving selected choices for each of the several questions; andmeans for storing the received choices of the one of the multiple choices, wherein the stored received selection and received choices are associated with the user.

17. The system of claim 16, further comprising: means for posing new multiple categories that do not include the stored received selection, and means for repeating the receiving a selection, storing the received selection, providing multiple choices, providing several questions, receiving selected choices and storing the received choices.

18. The system of claim 16, further comprising: means for authenticating a user by providing a selected set of multiple personal event categories, several questions, and multiple corresponding choices, and means for comparing received selections to the stored received selection and received choices.

19. The system of claim 16, further comprising: means for developing a stored set of responses to a user's selection of multiple different personal event categories and corresponding selected choices during different sessions.