Managing deviations between expected and normal operations of authentication systems

US 10,284,601 B1
Filed: 05/17/2017
Issued: 05/07/2019
Est. Priority Date: 03/31/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

generating, by processing circuitry, a first distribution of risk scores expected to be produced by an authentication system in connection with a first set of one or more requests to access a computerized resource, wherein generating the first distribution comprises utilizing a normalization process to produce the expected risk scores by normalizing preliminary expected risk scores in connection with the first set of one or more requests to a scale of risk scores such that a pre-defined amount of the first set of one or more requests have expected risk scores in a range of risk scores at an end of the scale indicating high risk;

generating, by processing circuitry, a second distribution relating to risk scores actually produced by the authentication system in connection with a second set of one or more requests to access the computerized resource, wherein generating the second distribution comprises utilizing a normalization process to produce the actual risk scores by normalizing preliminary actual risk scores in connection with the second set of one or more requests to the scale of risk scores;

performing, by processing circuitry, a comparison between the first and the second distributions, wherein performing the comparison comprises utilizing the Kolmogorov-Smirnov distance to detect a deviation between the expected and the actual risk scores in the range of risk scores at the end of the scale indicating high risk;

performing, by processing circuitry, a normalization process failover to a new normalization process after detection of the deviation, wherein the new normalization process is configured to reduce the deviation between the expected and the actual risk scores in the range of risk scores at the end of the scale indicating high risk, wherein the new normalization process is based on data related to a third set of one or more requests to access the computerized resource that are received after the detection of the deviation;

receiving, by processing circuitry, a fourth set of one or more requests to access the computerized resource after the detection of the deviation,determining, by processing circuitry, actual risk scores in connection with the fourth set of one or more requests by normalizing preliminary actual risk scores in connection with the fourth set of one or more requests to the scale of risk scores in accordance with the new normalization process; and

utilizing, by processing circuitry, the actual risk scores in connection with the fourth set of one or more requests to control access to the computerized resource.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

There are disclosed techniques for use in authentication. In one embodiment, the techniques comprise generating first and second distributions. The first distribution relating to risk scores expected to be produced by an authentication system in connection with requests to access a computerized resource. The expected risk scores are based on a normalization process configured to produce risk scores by normalizing raw risk scores in connection with requests. The second distribution relates to risk scores actually produced by the authentication system in connection with requests. The actual risk scores include risk scores normalized by the normalization process. The techniques also comprise comparing the first and second distributions by determining a Kolmogorov-Smirnov distance between the respective distributions. The techniques also comprise initiating, based on the comparison, a failover of the normalization process to a new normalization process for use by the authentication system.

Citations

18 Claims

1. A computer-implemented method, comprising:
- generating, by processing circuitry, a first distribution of risk scores expected to be produced by an authentication system in connection with a first set of one or more requests to access a computerized resource, wherein generating the first distribution comprises utilizing a normalization process to produce the expected risk scores by normalizing preliminary expected risk scores in connection with the first set of one or more requests to a scale of risk scores such that a pre-defined amount of the first set of one or more requests have expected risk scores in a range of risk scores at an end of the scale indicating high risk;
  
  generating, by processing circuitry, a second distribution relating to risk scores actually produced by the authentication system in connection with a second set of one or more requests to access the computerized resource, wherein generating the second distribution comprises utilizing a normalization process to produce the actual risk scores by normalizing preliminary actual risk scores in connection with the second set of one or more requests to the scale of risk scores;
  
  performing, by processing circuitry, a comparison between the first and the second distributions, wherein performing the comparison comprises utilizing the Kolmogorov-Smirnov distance to detect a deviation between the expected and the actual risk scores in the range of risk scores at the end of the scale indicating high risk;
  
  performing, by processing circuitry, a normalization process failover to a new normalization process after detection of the deviation, wherein the new normalization process is configured to reduce the deviation between the expected and the actual risk scores in the range of risk scores at the end of the scale indicating high risk, wherein the new normalization process is based on data related to a third set of one or more requests to access the computerized resource that are received after the detection of the deviation;
  
  receiving, by processing circuitry, a fourth set of one or more requests to access the computerized resource after the detection of the deviation,determining, by processing circuitry, actual risk scores in connection with the fourth set of one or more requests by normalizing preliminary actual risk scores in connection with the fourth set of one or more requests to the scale of risk scores in accordance with the new normalization process; and
  
  utilizing, by processing circuitry, the actual risk scores in connection with the fourth set of one or more requests to control access to the computerized resource.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method as claimed in claim 1, wherein the first distribution comprises a first empirical cumulative distribution suitable for comparing with a distribution that relates to actual risk scores.
  - 3. The method as claimed in claim 1, wherein the second distribution comprises a second empirical cumulative distribution suitable for comparing with a distribution that relates to expected risk scores.
  - 4. The method as claimed in claim 1, wherein the initiation of the failover is based on the Kolmogorov-Smirnov distance between the respective distributions being larger than a value that is based on Kolmogorov-Smirnov distances associated with historical distributions.
  - 5. The method as claimed in claim 1, wherein the initiation of the failover is based on the Kolmogorov-Smirnov distance between the respective distributions being larger than a conversion function associated with a required assurance level of a goodness-of-fit test.
  - 6. The method as claimed in claim 1, wherein the initiation of the failover is based on there being a sufficient amount of historical information.

7. An apparatus, comprising:
- memory; and
  
  processing circuitry coupled to the memory, the memory storing instructions which, when executed by the processing circuitry, cause the processing circuitry to;
  
  generate a first distribution of risk scores expected to be produced by an authentication system in connection with a first set of one or more requests to access a computerized resource, wherein generating the first distribution comprises utilizing a normalization process to produce the expected risk scores by normalizing preliminary expected risk scores in connection with the first set of one or more requests to a scale of risk scores such that a pre-defined amount of the first set of one or more requests have expected risk scores in a range of risk scores at an end of the scale indicating high risk;
  
  generate a second distribution relating to risk scores actually produced by the authentication system in connection with a second set of one or more requests to access the computerized resource, wherein generating the second distribution comprises utilizing a normalization process to produce the actual risk scores by normalizing preliminary actual risk scores in connection with the second set of one or more requests to the scale of risk scores;
  
  perform a comparison between the first and the second distributions, wherein performing the comparison comprises utilizing the Kolmogorov-Smirnov distance to detect a deviation between the expected and the actual risk scores in the range of risk scores at the end of the scale indicating high risk;
  
  perform a normalization process failover to a new normalization process after detection of the deviation, wherein the new normalization process is configured to reduce the deviation between the expected and the actual risk scores in the range of risk scores at the end of the scale indicating high risk, wherein the new normalization process is based on data related to a third set of one or more requests to access the computerized resource that are received after the detection of the deviation;
  
  receive a fourth set of one or more requests to access the computerized resource after the detection of the deviation;
  
  determine actual risk scores in connection with the fourth set of one or more requests by normalizing preliminary actual risk scores in connection with the fourth set of one or more requests to the scale of risk scores in accordance with the new normalization process; and
  
  utilize actual risk scores in connection with the fourth set of one or more requests to control access to the computerized resource.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The apparatus as claimed in claim 7, wherein the first distribution comprises a first empirical cumulative distribution suitable for comparing with a distribution that relates to actual risk scores.
  - 9. The apparatus as claimed in claim 7, wherein the second distribution comprises a second empirical cumulative distribution suitable for comparing with a distribution that relates to expected risk scores.
  - 10. The apparatus as claimed in claim 7, wherein the initiation of the failover is based on the Kolmogorov-Smirnov distance between the respective distributions being larger than a value that is based on Kolmogorov-Smirnov distances associated with historical distributions.
  - 11. The apparatus as claimed in claim 7, wherein the initiation of the failover is based on the Kolmogorov-Smirnov distance between the respective distributions being larger than a conversion function associated with a required assurance level of a goodness-of-fit test.
  - 12. The apparatus as claimed in claim 7, wherein the initiation of the failover is based on there being a sufficient amount of historical information.

13. A computer program product having a non-transitory computer-readable medium storing instructions, the instructions, when carried out by processing circuitry, causing the processing circuitry to perform a method of:
- generating a first distribution of risk scores expected to be produced by an authentication system in connection with a first set of one or more requests to access a computerized resource, wherein generating the first distribution comprises utilizing a normalization process to produce the expected risk scores by normalizing preliminary expected risk scores in connection with the first set of one or more requests to a scale of risk scores such that a pre-defined amount of the first set of one or more requests have expected risk scores in a range of risk scores at an end of the scale indicating high risk;
  
  generating a second distribution relating to risk scores actually produced by the authentication system in connection with a second set of one or more requests to access the computerized resource, wherein generating the second distribution comprises utilizing a normalization process to produce the actual risk scores by normalizing preliminary actual risk scores in connection with the second set of one or more requests to the scale of risk scores;
  
  performing a comparison between the first and the second distributions, wherein performing the comparison comprises utilizing the Kolmogorov-Smirnov distance to detect a deviation between the expected and the actual risk scores in the range of risk scores at the end of the scale indicating high risk;
  
  performing a normalization process failover to a new normalization process after detection of the deviation, wherein the new normalization process is configured to reduce the deviation between the expected and the actual risk scores in the range of risk scores at the end of the scale indicating high risk, wherein the new normalization process is based on data related to a third set of one or more requests to access the computerized resource that are received after the detection of the deviation;
  
  receiving a fourth set of one or more requests to access the computerized resource after the detection of the deviation;
  
  determining actual risk scores in connection with the fourth set of one or more requests by normalizing preliminary actual risk scores in connection with the fourth set of one or more requests to the scale of risk scores in accordance with the new normalization process; and
  
  utilizing the actual risk scores in connection with the fourth set of one or more requests to control access to the computerized resource.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer program product as claimed in claim 13, wherein the first distribution comprises a first empirical cumulative distribution suitable for comparing with a distribution that relates to actual risk scores.
  - 15. The computer program product as claimed in claim 13, wherein the second distribution comprises a second empirical cumulative distribution suitable for comparing with a distribution that relates to expected risk scores.
  - 16. The computer program product as claimed in claim 13, wherein the initiation of the failover is based on the Kolmogorov-Smirnov distance between the respective distributions being larger than a value that is based on Kolmogorov-Smirnov distances associated with historical distributions.
  - 17. The computer program product as claimed in claim 13, wherein the initiation of the failover is based on the Kolmogorov-Smirnov distance between the respective distributions being larger than a conversion function associated with a required assurance level of a goodness-of-fit test.
  - 18. The computer program product as claimed in claim 13, wherein the initiation of the failover is based on there being a sufficient amount of historical information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Inventors
Bar-Menachem, Ika, Blatt, Marcelo, Meidan, Tomer, Koren, Elad, Peer, Oded, Israeli, Shachar
Primary Examiner(s)
Cribbs, Malcolm
Assistant Examiner(s)
Huang, Cheng-Feng

Application Number

US15/597,393
Time in Patent Office

720 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4016   involving fraud or risk lev...

G07G 3/00   Alarm indicators, e.g. bells

H04L 63/08   for authentication of entit...

H04L 63/1433   Vulnerability analysis

Managing deviations between expected and normal operations of authentication systems

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Managing deviations between expected and normal operations of authentication systems

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links