ADAPTIVE MULTI-FACTOR AUTHENTICATION SYSTEM
First Claim
1. A machine for improved secure access to computing devices, systems, resources, or services, comprising:
- one or more computer servers with authentication modality data stored thereon for a plurality of authentication modalities, wherein the authentication modality data for each authentication modality comprises a trustworthiness factor for each of one or more user input devices, a trustworthiness factor for each of one or more user connection media, and a computational complexity cost factor; and
a processor or microprocessor, wherein the processor or microprocessor is programmed to determine one or more of said authentication modalities to use for an authentication verification event by;
determining the objective trustworthiness value for each modality based on device trustworthiness factors and connection media trustworthiness factors for said modality;
determining a penalty value for each modality based on the computation complexity cost factor for said modality and the previous selection history of said modality for previous authentication verification events;
ranking the authentication modalities based on the objective trustworthiness value and the penalty value; and
applying one or more authentication modalities in order of ranking.
5 Assignments
0 Petitions
Accused Products
Abstract
A system and methodology for adaptive selection of multiple modalities for authentication in different operating environments, thereby making authentication strategy unpredictable so to significantly reduce the risk of exploitation by authentication-guessing attacks. The system calculates trustworthiness values of different authentication factors under various environmental settings, and combines a trust-based adaptive, robust and scalable software-hardware framework for the selection of authentication factors for continuous and triggered authentication with optimal algorithms to determine the security parameters of each of the authentication factors. A subset of authentication factors thus are determined for application at triggering events on-the-fly, thereby leaving no exploitable a priori pattern or clue for hackers to exploit.
38 Citations
11 Claims
-
1. A machine for improved secure access to computing devices, systems, resources, or services, comprising:
-
one or more computer servers with authentication modality data stored thereon for a plurality of authentication modalities, wherein the authentication modality data for each authentication modality comprises a trustworthiness factor for each of one or more user input devices, a trustworthiness factor for each of one or more user connection media, and a computational complexity cost factor; and a processor or microprocessor, wherein the processor or microprocessor is programmed to determine one or more of said authentication modalities to use for an authentication verification event by; determining the objective trustworthiness value for each modality based on device trustworthiness factors and connection media trustworthiness factors for said modality; determining a penalty value for each modality based on the computation complexity cost factor for said modality and the previous selection history of said modality for previous authentication verification events; ranking the authentication modalities based on the objective trustworthiness value and the penalty value; and applying one or more authentication modalities in order of ranking. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for improved secure access to a computer-based resource, comprising:
-
one or more computer servers with a processor or microprocessor, wherein the processor or microprocessor is programmed to make an authentication decision by; calculating a trustworthiness value for each of a plurality of authentication factors; selecting two or more factors from the plurality of authentication factors based on the computing device of a user, connection media, history of the previous selection of authentication factors, and surrounding environmental conditions; and permitting or denying access to a computer-based resource based upon testing of the selected authentication factors.
-
Specification