Dynamic generation of risk score thresholds for optimized configuration of policy rules in an adaptive authentication service

US 10,147,065 B1
Filed: 03/30/2015
Issued: 12/04/2018
Est. Priority Date: 03/30/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for optimized configuration of an adaptive authentication service, comprising executing, on at least one processor, the steps of:

automatically maintaining, in a memory communicably coupled to the at least one processor, a log storing data describing previously processed authentication requests and risk scores associated with those previously processed authentication requests;

generating, using the log storing data describing the previously processed authentication requests and the risk scores associated with those previously processed authentication requests, a transactions risk distribution for an upcoming time period, wherein the transactions risk distribution for the upcoming time period comprises, for each one of a plurality of risk scores in a range of possible risk scores, a number of previous transactions for which that risk score was generated by the adaptive authentication service during a preceding time period, wherein each risk score indicates a probability that an associated authentication request is fraudulent, and wherein the transactions risk distribution further comprises, for each one of a plurality of probabilities, a predicted number of authentication requests received during the upcoming time period for which that probability will be generated as the probability that the authentication request is fraudulent;

generating, responsive to the transactions risk distribution for the upcoming time period, at least one risk score threshold for the upcoming time period that minimizes business damages estimated to occur during the upcoming time period, wherein the business damages estimated to occur during the upcoming time period include business damages resulting from false negative authentication determinations, wherein each of the false negative authentication determinations incorrectly indicates that a fraudulent authentication request is legitimate;

automatically configuring at least one policy rule of the adaptive authentication service with the risk score threshold to provide an optimized configuration of the adaptive authentication service, wherein configuring the at least one policy rule of the adaptive authentication service with the risk score threshold includes storing the risk score threshold in the policy rule;

in response to the risk score threshold in the policy rule, requiring authentication requests having associated risk scores greater than the risk score threshold to go through at least one additional stage of authentication processing after completing an initial stage of authentication processing;

wherein the business damages estimated to occur during the upcoming time period further include business damages resulting from false positive authentication determinations, wherein each of the false positive authentication determinations incorrectly indicates that a legitimate authentication request is fraudulent;

wherein the business damages estimated to occur during the upcoming time period are offset by a beneficial value resulting from true positive authentication determinations, wherein each true positive determination correctly indicates that an authentication request is fraudulent;

wherein the business damages resulting from false negative authentication determinations comprises a result of multiplying i) a probability of a false negative authentication determination occurring during the upcoming time period using the risk threshold, and ii) a predetermined withdrawal transaction amount that is the same for all authentication requests;

wherein the business damages resulting from false positive authentication determination comprises a result of multiplying i) a probability of a false positive authentication determination occurring during the upcoming time period using the risk threshold, and ii) a predetermined bothering damage amount that is an estimation of costs resulting from losing a customer who is forced to go through at least one additional stage of authentication processing after completing the initial stage of authentication processing;

wherein the initial stage of authentication processing comprises requiring a user requesting access to a secure resource to correctly enter their username and password; and

wherein the at least one additional stage of authentication processing required to be performed after completion of the initial stage of authentication processing for requests having associated risk scores greater than the risk score threshold comprises requiring the user to correctly answer questions presented through text messaging.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for optimized configuration of an adaptive authentication service is disclosed that automatically generates one or more risk score thresholds. The system generates a risk score threshold or thresholds for an upcoming time period such that the business damages estimated to occur during the upcoming time period are minimized. The business damages estimated to occur during the upcoming time period may include business damages resulting from false negative authentication determinations, which incorrectly indicate that a fraudulent authentication request is legitimate, and false positive authentication determinations, which incorrectly indicate that a legitimate authentication request is fraudulent, and may be offset by the beneficial value of the enhancement to an organization'"'"'s reputation resulting from true positive authentication determinations, which correctly indicate that an authentication request is fraudulent.

Citations

14 Claims

1. A computer-implemented method for optimized configuration of an adaptive authentication service, comprising executing, on at least one processor, the steps of:
- automatically maintaining, in a memory communicably coupled to the at least one processor, a log storing data describing previously processed authentication requests and risk scores associated with those previously processed authentication requests;
  
  generating, using the log storing data describing the previously processed authentication requests and the risk scores associated with those previously processed authentication requests, a transactions risk distribution for an upcoming time period, wherein the transactions risk distribution for the upcoming time period comprises, for each one of a plurality of risk scores in a range of possible risk scores, a number of previous transactions for which that risk score was generated by the adaptive authentication service during a preceding time period, wherein each risk score indicates a probability that an associated authentication request is fraudulent, and wherein the transactions risk distribution further comprises, for each one of a plurality of probabilities, a predicted number of authentication requests received during the upcoming time period for which that probability will be generated as the probability that the authentication request is fraudulent;
  
  generating, responsive to the transactions risk distribution for the upcoming time period, at least one risk score threshold for the upcoming time period that minimizes business damages estimated to occur during the upcoming time period, wherein the business damages estimated to occur during the upcoming time period include business damages resulting from false negative authentication determinations, wherein each of the false negative authentication determinations incorrectly indicates that a fraudulent authentication request is legitimate;
  
  automatically configuring at least one policy rule of the adaptive authentication service with the risk score threshold to provide an optimized configuration of the adaptive authentication service, wherein configuring the at least one policy rule of the adaptive authentication service with the risk score threshold includes storing the risk score threshold in the policy rule;
  
  in response to the risk score threshold in the policy rule, requiring authentication requests having associated risk scores greater than the risk score threshold to go through at least one additional stage of authentication processing after completing an initial stage of authentication processing;
  
  wherein the business damages estimated to occur during the upcoming time period further include business damages resulting from false positive authentication determinations, wherein each of the false positive authentication determinations incorrectly indicates that a legitimate authentication request is fraudulent;
  
  wherein the business damages estimated to occur during the upcoming time period are offset by a beneficial value resulting from true positive authentication determinations, wherein each true positive determination correctly indicates that an authentication request is fraudulent;
  
  wherein the business damages resulting from false negative authentication determinations comprises a result of multiplying i) a probability of a false negative authentication determination occurring during the upcoming time period using the risk threshold, and ii) a predetermined withdrawal transaction amount that is the same for all authentication requests;
  
  wherein the business damages resulting from false positive authentication determination comprises a result of multiplying i) a probability of a false positive authentication determination occurring during the upcoming time period using the risk threshold, and ii) a predetermined bothering damage amount that is an estimation of costs resulting from losing a customer who is forced to go through at least one additional stage of authentication processing after completing the initial stage of authentication processing;
  
  wherein the initial stage of authentication processing comprises requiring a user requesting access to a secure resource to correctly enter their username and password; and
  
  wherein the at least one additional stage of authentication processing required to be performed after completion of the initial stage of authentication processing for requests having associated risk scores greater than the risk score threshold comprises requiring the user to correctly answer questions presented through text messaging.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - wherein generating the risk score threshold for the upcoming time period that minimizes the business damages estimated to occur during the upcoming time period is further responsive to an amount of resources available for performing additional levels of authentication.
  - 3. The method of claim 1, wherein generating the risk score threshold for the upcoming time period that minimizes the business damages estimated to occur during the upcoming time period generates a plurality of risk score thresholds, wherein each of the risk score thresholds is associated with a corresponding range of transaction values within a plurality of ranges of transaction values.
  - 4. The method of claim 3, wherein configuring at least one policy rule of the adaptive authentication service with the risk score threshold includes storing each of the risk score thresholds into a corresponding one of a plurality of policy rules operable to control processing of transactions with associated values within the range of transaction values associated with the risk score threshold.
  - 5. The method of claim 1, further comprising:
    - dynamically performing the steps of i) generating the transactions risk distribution for an upcoming time period, ii) generating the at least one risk score threshold for the upcoming time period, and iii) configuring the at least one policy rule of the adaptive authentication service on a periodic basis.
  - 6. The method of claim 1, further comprising:
    - generating the transactions risk distribution for the upcoming time period from historical data describing previous authentication requests and their associated risk scores.
  - 7. The method of claim 1, wherein for each one of the plurality of probabilities, the predicted number of authentication requests received during the upcoming time period for which that probability will be generated as the probability that the authentication request is fraudulent is equal to a number of authentication requests received during a preceding time period for which that probability was generated as the probability that the authentication request was fraudulent.

8. A system for optimized configuration of an adaptive authentication service, comprising:
- at least one processor;
  
  a memory having program code stored thereon, wherein the program code, when executed by the processor, causes the processor to;
  
  automatically maintain, in the memory, a log storing data describing previously processed authentication requests and risk scores associated with those previously processed authentication requests;
  
  generate, using the log storing data describing the previously processed authentication requests and the risk scores associated with those previously processed authentication requests, a transactions risk distribution for an upcoming time period, wherein the transactions risk distribution for the upcoming time period comprises, for each one of a plurality of risk scores in a range of possible risk scores, a number of previous transactions for which that risk score was generated by the adaptive authentication service during a preceding time period, wherein each risk score indicates a probability that an associated authentication request is fraudulent, and wherein the transactions risk distribution further comprises, for each one of a plurality of probabilities, a predicted number of authentication requests received during the upcoming time period for which that probability will be generated as the probability that the authentication request is fraudulent;
  
  generate, responsive to the transactions risk distribution for the upcoming time period, at least one risk score threshold for the upcoming time period that minimizes business damages estimated to occur during the upcoming time period, wherein the business damages estimated to occur during the upcoming time period include business damages resulting from false negative authentication determinations, wherein each of the false negative authentication determinations incorrectly indicates that a fraudulent authentication request is legitimate;
  
  automatically configure at least one policy rule of the adaptive authentication service with the risk score threshold to provide an optimized configuration of the adaptive authentication service, wherein configuring the at least one policy rule of the adaptive authentication service with the risk score threshold includes storing the risk score threshold in the policy rule;
  
  in response to the risk score threshold in the policy rule, requiring authentication requests having associated risk scores greater than the risk score threshold to go through at least one additional stage of authentication processing after completing an initial stage of authentication processing;
  
  wherein the business damages estimated to occur during the upcoming time period further include business damages resulting from false positive authentication determinations, wherein each of the false positive authentication determinations incorrectly indicates that a legitimate authentication request is fraudulent;
  
  wherein the business damages estimated to occur during the upcoming time period are offset by a beneficial value resulting from true positive authentication determinations, wherein each true positive determination correctly indicates that an authentication request is fraudulent;
  
  wherein the business damages resulting from false negative authentication determinations comprises a result of multiplying i) a probability of a false negative authentication determination occurring during the upcoming time period using the risk threshold, and ii) a predetermined withdrawal transaction amount that is the same for all authentication requests;
  
  wherein the business damages resulting from false positive authentication determination comprises a result of multiplying i) a probability of a false positive authentication determination occurring during the upcoming time period using the risk threshold, and ii) a predetermined bothering damage amount that is an estimation of costs resulting from losing a customer who is forced to go through at least one additional stage of authentication processing after completing the initial stage of authentication processing;
  
  wherein the initial stage of authentication processing comprises requiring a user requesting access to a secure resource to correctly enter their username and password; and
  
  wherein the at least one additional stage of authentication processing required to be performed after completion of the initial stage of authentication processing for requests having associated risk scores greater than the risk score threshold comprises requiring the user to correctly answer questions presented through text messaging.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The system of claim 8, further comprising:
    - wherein generating the risk score threshold for the upcoming time period that minimizes the business damages estimated to occur during the upcoming time period is further responsive to an amount of resources available for performing additional levels of authentication.
  - 10. The system of claim 8, wherein the program code that, when executed by the processor, causes the processor to generate the risk score threshold for the upcoming time period that minimizes the business damages estimated to occur during the upcoming time period generates a plurality of risk score thresholds, wherein each of the risk score thresholds is associated with a corresponding range of transaction values within a plurality of ranges of transaction values.
  - 11. The system of claim 10, wherein the program code that, when executed by the processor, causes the processor to configure at least one policy rule of the adaptive authentication service with the risk score threshold stores each one of the risk score thresholds into a corresponding one of a plurality of policy rules operable to control processing of transactions with associated values within the range of transaction values associated with the risk score threshold.
  - 12. The system of claim 8, wherein the program code further includes:
    - program code that, when executed by the processor, causes the processor to dynamically perform the steps of i) generating the transactions risk distribution for an upcoming time period, ii) generating the at least one risk score threshold for the upcoming time period, and iii) configuring the at least one policy rule of the adaptive authentication service on a periodic basis.
  - 13. The system of claim 8, wherein the program code further includes program that, when executed by the processor, causes the processor to:
    - generate the transactions risk distribution for the upcoming time period from historical data describing previous authentication requests and their associated risk scores.

14. A non-transitory computer readable medium for optimized configuration of an adaptive authentication service, comprising instructions stored thereon, that when executed on a processor, perform the steps of:
- automatically maintaining, in a memory communicably coupled to the at least one processor, a log storing data describing previously processed authentication requests and risk scores associated with those previously processed authentication requests;
  
  generating, using the log storing data describing the previously processed authentication requests and the risk scores associated with those previously processed authentication requests, a transactions risk distribution for an upcoming time period, wherein the transactions risk distribution for the upcoming time period comprises, for each one of a plurality of risk scores in a range of possible risk scores, a number of previous transactions for which that risk score was generated by the adaptive authentication service during a preceding time period, wherein each risk score indicates a probability that an associated authentication request is fraudulent, and wherein the transactions risk distribution further comprises, for each one of a plurality of probabilities, a predicted number of authentication requests received during the upcoming time period for which that probability will be generated as the probability that the authentication request is fraudulent;
  
  generating, responsive to the transactions risk distribution for the upcoming time period, at least one risk score threshold for the upcoming time period that minimizes business damages estimated to occur during the upcoming time period, wherein the business damages estimated to occur during the upcoming time period include business damages resulting from false negative authentication determinations, wherein each of the false negative authentication determinations incorrectly indicates that a fraudulent authentication request is legitimate;
  
  automatically configuring at least one policy rule of the adaptive authentication service with the risk score threshold to provide an optimized configuration of the adaptive authentication service, wherein configuring the at least one policy rule of the adaptive authentication service with the risk score threshold includes storing the risk score threshold in the policy rule;
  
  in response to the risk score threshold in the policy rule, requiring authentication requests having associated risk scores greater than the risk score threshold to go through at least one additional stage of authentication processing after completing an initial stage of authentication processing;
  
  wherein the business damages estimated to occur during the upcoming time period further include business damages resulting from false positive authentication determinations, wherein each of the false positive authentication determinations incorrectly indicates that a legitimate authentication request is fraudulent;
  
  wherein the business damages estimated to occur during the upcoming time period are offset by a beneficial value resulting from true positive authentication determinations, wherein each true positive determination correctly indicates that an authentication request is fraudulent;
  
  wherein the business damages resulting from false negative authentication determinations comprises a result of multiplying i) a probability of a false negative authentication determination occurring during the upcoming time period using the risk threshold, and ii) a predetermined withdrawal transaction amount that is the same for all authentication requests;
  
  wherein the business damages resulting from false positive authentication determination comprises a result of multiplying i) a probability of a false positive authentication determination occurring during the upcoming time period using the risk threshold, and ii) a predetermined bothering damage amount that is an estimation of costs resulting from losing a customer who is forced to go through at least one additional stage of authentication processing after completing the initial stage of authentication processing;
  
  wherein the initial stage of authentication processing comprises requiring a user requesting access to a secure resource to correctly enter their username and password; and
  
  wherein the at least one additional stage of authentication processing required to be performed after completion of the initial stage of authentication processing for requests having associated risk scores greater than the risk score threshold comprises requiring the user to correctly answer questions presented through text messaging.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Inventors
Yiftachel, Peleg, Zaslavsky, Alex, Blatt, Marcelo, Kaufman, Alon
Primary Examiner(s)
Koneru, Sujay

Application Number

US14/672,419
Time in Patent Office

1,345 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/45   Structures or tools for the...

G06F 21/577   Assessing vulnerabilities a...

G06Q 10/0635   Risk analysis of enterprise...

G06Q 30/06   Buying, selling or leasing ...

G06Q 40/02   Banking, e.g. interest calc...

Dynamic generation of risk score thresholds for optimized configuration of policy rules in an adaptive authentication service

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic generation of risk score thresholds for optimized configuration of policy rules in an adaptive authentication service

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links