SYSTEMS AND METHODS FOR AUTOMATICALLY IDENTIFYING AND REMOVING WEAK STIMULI USED IN STIMULUS-BASED AUTHENTICATION

US 20140130126A1
Filed: 09/24/2013
Published: 05/08/2014
Est. Priority Date: 11/05/2012
Status: Active Grant

First Claim

Patent Images

1. An authentication system, comprising:

a memory, the memory configured to store a plurality of stimuli, a first count associated with each stimulus of the stimuli, and a second count associated with each stimulus;

a network interface component configured to transmit at least one of the stimuli and receive events associated with each transmitted stimulus; and

one or more processors coupled to the memory and the network interface component, the one or more processors configured to;

increment the first count when a first event occurs and increment the second count when a second event occurs;

determine a ratio of the second count to the first count;

compare the ratio to a threshold; and

determine an output action when the ratio is greater than the threshold.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for identifying a weak stimulus in a stimulus-based authentication system is provided. Counters are associated with each stimulus used in the authentication and a first counter is incremented when the stimulus is used in an authentication session and a second counter is incremented when a successful event occurs with respect to the stimulus during the authentication session, but the authentication session ultimately fails. A ratio of the second counter and the first counter is compared to a threshold and the stimulus is identified as weak when the ratio exceeds the threshold. The stimulus may then be removed and no longer be used in the stimulus-based authentication system.

61 Citations

View as Search Results

20 Claims

1. An authentication system, comprising:
- a memory, the memory configured to store a plurality of stimuli, a first count associated with each stimulus of the stimuli, and a second count associated with each stimulus;
  
  a network interface component configured to transmit at least one of the stimuli and receive events associated with each transmitted stimulus; and
  
  one or more processors coupled to the memory and the network interface component, the one or more processors configured to;
  
  increment the first count when a first event occurs and increment the second count when a second event occurs;
  
  determine a ratio of the second count to the first count;
  
  compare the ratio to a threshold; and
  
  determine an output action when the ratio is greater than the threshold.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The authentication system of claim 1, wherein the one or more processors are configured to determine an output action comprising removing the transmitted stimulus when the ratio is greater than the threshold.
  - 3. The authentication system of claim 1, wherein the one or more processors are further configured to generate a log of the first and second events and the memory is further configured to store the generated log.
  - 4. The authentication system of claim 1, wherein the stimuli comprise at least one of an image, a transformation, media, word or number strings, and a combination thereof.
  - 5. The authentication system of claim 1, wherein the first event comprises a successful selection, manipulation, or identification of at least one of the transmitted stimuli and the second event comprises a failed selection, manipulation, or identification of at least one of the transmitted stimuli.
  - 6. The authentication system of claim 1, wherein the first event comprises a successful interaction round in a session and the second event comprises a failed session.
  - 7. The authentication system of claim 6, wherein the interaction round comprises an authentication round and the session comprises an authentication session.
  - 8. The authentication system of claim 1, wherein the determined output comprises an indication the transmitted stimuli associated with the first count and the second count is statistically vulnerable to attack.

9. A method for identifying a weak stimulus used in a stimulus-based authentication, comprising:
- transmitting, by a network interface component of at least one server, at least one stimulus from a stimulus database during a stimulus-based authentication session;
  
  increasing, by one or more processors of the at least one server, a first count associated with the transmitted stimulus;
  
  increasing, by the one or more processors, a second count associated with the transmitted stimulus if the transmitted stimulus is successfully selected during an authentication round of the authentication session and the authentication session fails;
  
  determining, by the one or more processors, a ratio of the second count to the first count; and
  
  indicating, by the one or more processors, that the stimulus is vulnerable when the determined ratio exceeds a threshold.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, further comprising removing, by the one or more processors, the transmitted stimulus from the stimulus database when the determined ratio exceeds a predetermined threshold.
  - 11. The method of claim 9, wherein the transmitted stimulus comprises at least one of an image, a transformation, media, word or number strings, and a combination thereof.
  - 12. The method of claim 9, further comprising removing, by the one or more processors, the stimulus from the stimulus database when the determined ratio exceeds the threshold.

13. A tangible, non-transitory computer-readable medium including instructions that, when executed by one or more processors of an authentication system, cause the authentication system to perform a method comprising:
- transmitting at least one stimulus from a stimulus database in response to an authentication request;
  
  receiving at least one event related to the transmitted at least one stimulus;
  
  incrementing a first count associated with the transmitted at least one stimulus when a first event related to the transmitted at least one stimulus occurs;
  
  incrementing a second count associated with the transmitted at least one stimulus when a second event related to the transmitted at least one stimulus occurs;
  
  determining a ratio of the second count to the first count;
  
  comparing the ratio to a threshold; and
  
  determining an output action when the ratio is greater than the threshold.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The computer-readable medium of claim 13, wherein determining an output action comprises removing the transmitted stimulus when the ratio is greater than the threshold.
  - 15. The computer-readable medium of claim 13, wherein the method further comprises generating a log of the first and second events and storing the generated log.
  - 16. The computer-readable medium of claim 13, wherein the transmitted at least one stimulus comprises at least one of an image, a transformation, media, word or number strings, and a combination thereof.
  - 17. The computer-readable medium of claim 13, wherein the first event comprises a successful selection, manipulation, or identification of at least one of the transmitted stimuli and the second event comprises a failed selection, manipulation, or identification of at least one of the transmitted stimuli.
  - 18. The computer-readable medium of claim 13, wherein the first event comprises a successful interaction round in a session and the second event comprises a failed session.
  - 19. The computer-readable medium of claim 18, wherein the interaction round comprises an authentication round and the session comprises an authentication session.
  - 20. The computer-readable medium of claim 13, wherein determining an output action comprises determining that the transmitted stimuli associated with the first count and the second count is statistically vulnerable to attack.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Inventors
Jakobsson, Bjorn Markus

Granted Patent

US 9,742,751 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/3
CPC Class Codes

G06F 21/36   by graphic or iconic repres...

G06F 21/46   by designing passwords or c...

G06F 2221/2133   Verifying human interaction...

H04L 2463/144   Detection or countermeasure...

H04L 63/08   for authentication of entit...

SYSTEMS AND METHODS FOR AUTOMATICALLY IDENTIFYING AND REMOVING WEAK STIMULI USED IN STIMULUS-BASED AUTHENTICATION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

61 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR AUTOMATICALLY IDENTIFYING AND REMOVING WEAK STIMULI USED IN STIMULUS-BASED AUTHENTICATION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links