EVIDENCE-BASED DYNAMIC SCORING TO LIMIT GUESSES IN KNOWLEDGE-BASED AUTHENTICATION
First Claim
1. A method of providing access to a restricted resource during a session upon receipt of an input that matches a stored answer, the method comprising:
- receiving an input from a user in response to a personal question, the input being different than a stored answer of the personal question;
determining whether the input is a lexicon or semantically similar to a previous input by the user;
assigning a score to the session based on a popularity of the input;
reducing the score when the input is determined to be the lexicon or semantically similar to the previous input; and
transmitting another request for a correct input when a sum of the score and any previous scores of the session is less than a threshold.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques to provide evidence-based dynamic scoring to limit guesses in knowledge based authentication are disclosed herein. In some aspects, an authenticator may receive an input from a user in response to a presentation of a personal question that enables user access to a restricted resource. The authenticator may determine that the input is not equivalent to a stored value, and thus is an incorrect input. The authenticator may then determine whether the input is similar to a previous input received from the user. A score may be assigned to the input. When the input is determined to be similar to the previous input, the score may be reduced. Another request for an input may be transmitted by the authenticator when a sum of the score and any previous scores of the session is less than a threshold.
159 Citations
20 Claims
-
1. A method of providing access to a restricted resource during a session upon receipt of an input that matches a stored answer, the method comprising:
-
receiving an input from a user in response to a personal question, the input being different than a stored answer of the personal question; determining whether the input is a lexicon or semantically similar to a previous input by the user; assigning a score to the session based on a popularity of the input; reducing the score when the input is determined to be the lexicon or semantically similar to the previous input; and transmitting another request for a correct input when a sum of the score and any previous scores of the session is less than a threshold. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. One or more computer-readable media storing computer-executable instructions that, when executed on one or more processors, causes the one or more processors to perform acts comprising:
-
receiving an input from a user in response to a knowledge based personal authentication question; comparing the input to a stored answer of the authentication question; assigning a score based on the input, the score summed with any previous scores to create a total score; determining whether the received input is at least one of a lexicon match or a semantic match with a previous input by the user; reducing the score when the received input is determined to be at least one of the lexicon match or the semantic match; and transmitting an additional request for an input to the user when the total score is less than a threshold value. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A method of analyzing answers to personal questions, the method comprising:
-
receiving a new answer to a personal question; analyzing a collection of received answers to the personal question to create a distribution of the received answers; comparing the new answer to the distribution of received answers; and designating the new answer as a popular answer when an occurrence of the new answer in the distribution of received answers exceeds a popularity threshold. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification