Dynamic generation of risk score thresholds for optimized configuration of policy rules in an adaptive authentication service
First Claim
1. A computer-implemented method for optimized configuration of an adaptive authentication service, comprising executing, on at least one processor, the steps of:
- automatically maintaining, in a memory communicably coupled to the at least one processor, a log storing data describing previously processed authentication requests and risk scores associated with those previously processed authentication requests;
generating, using the log storing data describing the previously processed authentication requests and the risk scores associated with those previously processed authentication requests, a transactions risk distribution for an upcoming time period, wherein the transactions risk distribution for the upcoming time period comprises, for each one of a plurality of risk scores in a range of possible risk scores, a number of previous transactions for which that risk score was generated by the adaptive authentication service during a preceding time period, wherein each risk score indicates a probability that an associated authentication request is fraudulent, and wherein the transactions risk distribution further comprises, for each one of a plurality of probabilities, a predicted number of authentication requests received during the upcoming time period for which that probability will be generated as the probability that the authentication request is fraudulent;
generating, responsive to the transactions risk distribution for the upcoming time period, at least one risk score threshold for the upcoming time period that minimizes business damages estimated to occur during the upcoming time period, wherein the business damages estimated to occur during the upcoming time period include business damages resulting from false negative authentication determinations, wherein each of the false negative authentication determinations incorrectly indicates that a fraudulent authentication request is legitimate;
automatically configuring at least one policy rule of the adaptive authentication service with the risk score threshold to provide an optimized configuration of the adaptive authentication service, wherein configuring the at least one policy rule of the adaptive authentication service with the risk score threshold includes storing the risk score threshold in the policy rule;
in response to the risk score threshold in the policy rule, requiring authentication requests having associated risk scores greater than the risk score threshold to go through at least one additional stage of authentication processing after completing an initial stage of authentication processing;
wherein the business damages estimated to occur during the upcoming time period further include business damages resulting from false positive authentication determinations, wherein each of the false positive authentication determinations incorrectly indicates that a legitimate authentication request is fraudulent;
wherein the business damages estimated to occur during the upcoming time period are offset by a beneficial value resulting from true positive authentication determinations, wherein each true positive determination correctly indicates that an authentication request is fraudulent;
wherein the business damages resulting from false negative authentication determinations comprises a result of multiplying i) a probability of a false negative authentication determination occurring during the upcoming time period using the risk threshold, and ii) a predetermined withdrawal transaction amount that is the same for all authentication requests;
wherein the business damages resulting from false positive authentication determination comprises a result of multiplying i) a probability of a false positive authentication determination occurring during the upcoming time period using the risk threshold, and ii) a predetermined bothering damage amount that is an estimation of costs resulting from losing a customer who is forced to go through at least one additional stage of authentication processing after completing the initial stage of authentication processing;
wherein the initial stage of authentication processing comprises requiring a user requesting access to a secure resource to correctly enter their username and password; and
wherein the at least one additional stage of authentication processing required to be performed after completion of the initial stage of authentication processing for requests having associated risk scores greater than the risk score threshold comprises requiring the user to correctly answer questions presented through text messaging.
4 Assignments
0 Petitions
Accused Products
Abstract
A system for optimized configuration of an adaptive authentication service is disclosed that automatically generates one or more risk score thresholds. The system generates a risk score threshold or thresholds for an upcoming time period such that the business damages estimated to occur during the upcoming time period are minimized. The business damages estimated to occur during the upcoming time period may include business damages resulting from false negative authentication determinations, which incorrectly indicate that a fraudulent authentication request is legitimate, and false positive authentication determinations, which incorrectly indicate that a legitimate authentication request is fraudulent, and may be offset by the beneficial value of the enhancement to an organization'"'"'s reputation resulting from true positive authentication determinations, which correctly indicate that an authentication request is fraudulent.
-
Citations
14 Claims
-
1. A computer-implemented method for optimized configuration of an adaptive authentication service, comprising executing, on at least one processor, the steps of:
-
automatically maintaining, in a memory communicably coupled to the at least one processor, a log storing data describing previously processed authentication requests and risk scores associated with those previously processed authentication requests; generating, using the log storing data describing the previously processed authentication requests and the risk scores associated with those previously processed authentication requests, a transactions risk distribution for an upcoming time period, wherein the transactions risk distribution for the upcoming time period comprises, for each one of a plurality of risk scores in a range of possible risk scores, a number of previous transactions for which that risk score was generated by the adaptive authentication service during a preceding time period, wherein each risk score indicates a probability that an associated authentication request is fraudulent, and wherein the transactions risk distribution further comprises, for each one of a plurality of probabilities, a predicted number of authentication requests received during the upcoming time period for which that probability will be generated as the probability that the authentication request is fraudulent; generating, responsive to the transactions risk distribution for the upcoming time period, at least one risk score threshold for the upcoming time period that minimizes business damages estimated to occur during the upcoming time period, wherein the business damages estimated to occur during the upcoming time period include business damages resulting from false negative authentication determinations, wherein each of the false negative authentication determinations incorrectly indicates that a fraudulent authentication request is legitimate; automatically configuring at least one policy rule of the adaptive authentication service with the risk score threshold to provide an optimized configuration of the adaptive authentication service, wherein configuring the at least one policy rule of the adaptive authentication service with the risk score threshold includes storing the risk score threshold in the policy rule; in response to the risk score threshold in the policy rule, requiring authentication requests having associated risk scores greater than the risk score threshold to go through at least one additional stage of authentication processing after completing an initial stage of authentication processing; wherein the business damages estimated to occur during the upcoming time period further include business damages resulting from false positive authentication determinations, wherein each of the false positive authentication determinations incorrectly indicates that a legitimate authentication request is fraudulent; wherein the business damages estimated to occur during the upcoming time period are offset by a beneficial value resulting from true positive authentication determinations, wherein each true positive determination correctly indicates that an authentication request is fraudulent; wherein the business damages resulting from false negative authentication determinations comprises a result of multiplying i) a probability of a false negative authentication determination occurring during the upcoming time period using the risk threshold, and ii) a predetermined withdrawal transaction amount that is the same for all authentication requests; wherein the business damages resulting from false positive authentication determination comprises a result of multiplying i) a probability of a false positive authentication determination occurring during the upcoming time period using the risk threshold, and ii) a predetermined bothering damage amount that is an estimation of costs resulting from losing a customer who is forced to go through at least one additional stage of authentication processing after completing the initial stage of authentication processing; wherein the initial stage of authentication processing comprises requiring a user requesting access to a secure resource to correctly enter their username and password; and wherein the at least one additional stage of authentication processing required to be performed after completion of the initial stage of authentication processing for requests having associated risk scores greater than the risk score threshold comprises requiring the user to correctly answer questions presented through text messaging. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for optimized configuration of an adaptive authentication service, comprising:
-
at least one processor; a memory having program code stored thereon, wherein the program code, when executed by the processor, causes the processor to; automatically maintain, in the memory, a log storing data describing previously processed authentication requests and risk scores associated with those previously processed authentication requests; generate, using the log storing data describing the previously processed authentication requests and the risk scores associated with those previously processed authentication requests, a transactions risk distribution for an upcoming time period, wherein the transactions risk distribution for the upcoming time period comprises, for each one of a plurality of risk scores in a range of possible risk scores, a number of previous transactions for which that risk score was generated by the adaptive authentication service during a preceding time period, wherein each risk score indicates a probability that an associated authentication request is fraudulent, and wherein the transactions risk distribution further comprises, for each one of a plurality of probabilities, a predicted number of authentication requests received during the upcoming time period for which that probability will be generated as the probability that the authentication request is fraudulent; generate, responsive to the transactions risk distribution for the upcoming time period, at least one risk score threshold for the upcoming time period that minimizes business damages estimated to occur during the upcoming time period, wherein the business damages estimated to occur during the upcoming time period include business damages resulting from false negative authentication determinations, wherein each of the false negative authentication determinations incorrectly indicates that a fraudulent authentication request is legitimate; automatically configure at least one policy rule of the adaptive authentication service with the risk score threshold to provide an optimized configuration of the adaptive authentication service, wherein configuring the at least one policy rule of the adaptive authentication service with the risk score threshold includes storing the risk score threshold in the policy rule; in response to the risk score threshold in the policy rule, requiring authentication requests having associated risk scores greater than the risk score threshold to go through at least one additional stage of authentication processing after completing an initial stage of authentication processing; wherein the business damages estimated to occur during the upcoming time period further include business damages resulting from false positive authentication determinations, wherein each of the false positive authentication determinations incorrectly indicates that a legitimate authentication request is fraudulent; wherein the business damages estimated to occur during the upcoming time period are offset by a beneficial value resulting from true positive authentication determinations, wherein each true positive determination correctly indicates that an authentication request is fraudulent; wherein the business damages resulting from false negative authentication determinations comprises a result of multiplying i) a probability of a false negative authentication determination occurring during the upcoming time period using the risk threshold, and ii) a predetermined withdrawal transaction amount that is the same for all authentication requests; wherein the business damages resulting from false positive authentication determination comprises a result of multiplying i) a probability of a false positive authentication determination occurring during the upcoming time period using the risk threshold, and ii) a predetermined bothering damage amount that is an estimation of costs resulting from losing a customer who is forced to go through at least one additional stage of authentication processing after completing the initial stage of authentication processing; wherein the initial stage of authentication processing comprises requiring a user requesting access to a secure resource to correctly enter their username and password; and wherein the at least one additional stage of authentication processing required to be performed after completion of the initial stage of authentication processing for requests having associated risk scores greater than the risk score threshold comprises requiring the user to correctly answer questions presented through text messaging. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A non-transitory computer readable medium for optimized configuration of an adaptive authentication service, comprising instructions stored thereon, that when executed on a processor, perform the steps of:
-
automatically maintaining, in a memory communicably coupled to the at least one processor, a log storing data describing previously processed authentication requests and risk scores associated with those previously processed authentication requests; generating, using the log storing data describing the previously processed authentication requests and the risk scores associated with those previously processed authentication requests, a transactions risk distribution for an upcoming time period, wherein the transactions risk distribution for the upcoming time period comprises, for each one of a plurality of risk scores in a range of possible risk scores, a number of previous transactions for which that risk score was generated by the adaptive authentication service during a preceding time period, wherein each risk score indicates a probability that an associated authentication request is fraudulent, and wherein the transactions risk distribution further comprises, for each one of a plurality of probabilities, a predicted number of authentication requests received during the upcoming time period for which that probability will be generated as the probability that the authentication request is fraudulent; generating, responsive to the transactions risk distribution for the upcoming time period, at least one risk score threshold for the upcoming time period that minimizes business damages estimated to occur during the upcoming time period, wherein the business damages estimated to occur during the upcoming time period include business damages resulting from false negative authentication determinations, wherein each of the false negative authentication determinations incorrectly indicates that a fraudulent authentication request is legitimate; automatically configuring at least one policy rule of the adaptive authentication service with the risk score threshold to provide an optimized configuration of the adaptive authentication service, wherein configuring the at least one policy rule of the adaptive authentication service with the risk score threshold includes storing the risk score threshold in the policy rule; in response to the risk score threshold in the policy rule, requiring authentication requests having associated risk scores greater than the risk score threshold to go through at least one additional stage of authentication processing after completing an initial stage of authentication processing; wherein the business damages estimated to occur during the upcoming time period further include business damages resulting from false positive authentication determinations, wherein each of the false positive authentication determinations incorrectly indicates that a legitimate authentication request is fraudulent; wherein the business damages estimated to occur during the upcoming time period are offset by a beneficial value resulting from true positive authentication determinations, wherein each true positive determination correctly indicates that an authentication request is fraudulent; wherein the business damages resulting from false negative authentication determinations comprises a result of multiplying i) a probability of a false negative authentication determination occurring during the upcoming time period using the risk threshold, and ii) a predetermined withdrawal transaction amount that is the same for all authentication requests; wherein the business damages resulting from false positive authentication determination comprises a result of multiplying i) a probability of a false positive authentication determination occurring during the upcoming time period using the risk threshold, and ii) a predetermined bothering damage amount that is an estimation of costs resulting from losing a customer who is forced to go through at least one additional stage of authentication processing after completing the initial stage of authentication processing; wherein the initial stage of authentication processing comprises requiring a user requesting access to a secure resource to correctly enter their username and password; and wherein the at least one additional stage of authentication processing required to be performed after completion of the initial stage of authentication processing for requests having associated risk scores greater than the risk score threshold comprises requiring the user to correctly answer questions presented through text messaging.
-
Specification