Authentication method and apparatus

US 8,495,718 B2
Filed: 09/28/2010
Issued: 07/23/2013
Est. Priority Date: 09/29/2009
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating an identity of a user, in response to a user request to access an online service, comprising:

obtaining records information for a valid user, where the records information indicates behaviors having been executed by the valid user;

mapping, based on an orthogonal behavior model having a plurality of mutually orthogonal dimensions, the records information to the plurality of mutually orthogonal dimensions;

generating an authentication questionnaire including a plurality of authentication questions based on the records information;

a computer system computing, responsive to answers of the user to the authentication questionnaire, a total confidence probability P for the user being the valid user, wherein the total confidence probability P is determined according to;

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An identity authentication method is provided. The method comprises obtaining records information of a valid user, where the records information indicates behaviors having been executed by the valid user; mapping, based on an orthogonal behavior model having multiple mutually orthogonal dimensions, records information to the multiple dimensions, wherein behaviors indicated by records information mapped to different dimensions do not overlap therebetween and have no logical cause and effect relationship; sampling records information mapped to different dimensions, respectively, so as to generate an authentication questionnaire including a plurality of authentication questions; computing, responsive to answers of a client to the authentication questionnaire, a total confidence P for the client being a valid user; outputting a positive authentication result, responsive to the total confidence probability P falling into a confidence interval; and outputting a negative authentication result, responsive to the total confidence probability P failing to fall into a confidence interval. The present invention further provides a corresponding identity authentication apparatus.

232 Citations

11 Claims

1. A method for authenticating an identity of a user, in response to a user request to access an online service, comprising:
- obtaining records information for a valid user, where the records information indicates behaviors having been executed by the valid user;
  
  mapping, based on an orthogonal behavior model having a plurality of mutually orthogonal dimensions, the records information to the plurality of mutually orthogonal dimensions;
  
  generating an authentication questionnaire including a plurality of authentication questions based on the records information;
  
  a computer system computing, responsive to answers of the user to the authentication questionnaire, a total confidence probability P for the user being the valid user, wherein the total confidence probability P is determined according to;
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method according to claim 1, wherein for a particular service application, the orthogonal behavior model used when mapping the records information to the plurality of mutually orthogonal dimensions is determined by analyzing user behaviors when interacting with the particular service application.
  - 3. The method according to claim 1, wherein the generating step comprises:
    - sampling the records information mapped to different dimensions of the orthogonal behavior model, wherein each dimension of the different dimensions is sampled simultaneously so as to generate authentication questions of the authentication questionnaire.
  - 4. The method according to claim 3, wherein the sampling step dynamically samples either a current dimension or a next dimension dependent on the user'"'"'s answer to a preceding authentication question to generate a next authentication question.
  - 5. The method according to claim 3, wherein the authentication question is generated according to the sampled records information based on a question template provided for the records information mapped to the different dimensions.
  - 6. The method according to claim 3, wherein a confidence probability weight w is assigned to behaviors indicated by the records information mapped to the different dimensions.
  - 7. The method according to claim 6, wherein the behaviors indicated by the records information mapped to the different dimensions do not overlap therebetween and have no logical cause and effect relationship with respect to one another.
  - 8. The method according to claim 7, wherein assigning the confidence probability weight w is performed according to one of the following rules:
    - 1) occurrence frequency of a behavior indicated by the records information in a service scenario, wherein when the occurrence frequency is relatively high, a lower confidence probability weight is assigned, and when the occurrence frequency is relatively low, a higher confidence probability weight is assigned;
      
      2) a number of behavior participants, wherein when the number of behavior participants is relatively high, a lower confidence probability weight is assigned, and when the number of behavior participants is relatively small, a higher confidence probability weight is assigned.
  - 9. The method according to claim 7 further comprising:
    - ordering the records information of the different dimensions according to a policy before the sampling step; and
      
      performing the sampling step based on the ordering result, wherein the policy comprises at least one item in the following group;
      
      ordering with time as an index; and
      
      ordering with the confidence probability weight w as an index.
  - 10. The method according to claim 7, wherein:
    - if given ones of the authentication questions in the authentication questionnaire belong to the different dimensions, a confidence probability pi of an ith dimension is computed according to the following expression;

11. A method for authenticating an identity of a user, in response to a request to access an online service, comprising:
- obtaining records information for a valid user, where the records information indicates behaviors having been executed by the valid user;
  
  mapping, based on an orthogonal behavior model having a plurality of mutually orthogonal dimensions, the records information to the plurality of mutually orthogonal dimensions, wherein the behaviors indicated by the records information mapped to the different dimensions do not overlap therebetween and have no logical cause and effect relationship with respect to one another;
  
  generating an authentication questionnaire including a plurality of authentication questions based on the records information, wherein the generating step comprises sampling the records information mapped to different dimensions of the orthogonal behavior model, wherein each dimension of the different dimensions is sampled simultaneously so as to generate authentication questions of the authentication questionnaire;
  
  a computer system computing, responsive to answers of the user to the authentication questionnaire, a total confidence probability P for the user being the valid user;
  
  outputting a positive authentication result, responsive to the total confidence probability P falling into a confidence interval; and
  
  outputting a negative authentication result, responsive to the total confidence probability P failing to fall into the confidence interval, wherein a confidence probability weight w is assigned to behaviors indicated by the records information mapped to the different dimensions, and wherein;
  
  if given ones of the authentication questions in the authentication questionnaire belong to a same dimension, a modified confidence probability p_k′ of a kth question originating from the ith dimension is computed according to the following expression;

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Han, Zhu, Zou, Huan Hao, Quiang, Liu
Primary Examiner(s)
Kim, Jung
Assistant Examiner(s)
Jamshidi, Ghodrat

Application Number

US12/892,599
Publication Number

US 20120079576A1
Time in Patent Office

1,029 Days
Field of Search

726 5- 7
US Class Current

726/7
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 2221/2101   Auditing as a secondary aspect

H04L 2209/56   Financial cryptography, e.g...

H04L 9/321   involving a third party or ...

Authentication method and apparatus

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

232 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication method and apparatus

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

232 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links