Methods and apparatus for knowledge-based authentication using historically-aware questionnaires

US 9,009,844 B1
Filed: 03/30/2012
Issued: 04/14/2015
Est. Priority Date: 03/30/2012
Status: Active Grant

First Claim

Patent Images

1. A knowledge-based authentication method performed by a server for restricting access of a user to a restricted resource, comprising the steps of:

obtaining a plurality of historically different answers from said user for each of at least one question during a registration phase with said user, wherein said plurality of historically different answers for a given question are different for at least two different periods of time;

challenging said user with at least one question that tests the historical knowledge of said user within said historically different answers to said given question for a given period of time;

receiving a response from said user to said at least one question; and

granting access to said restricted resource if said response is accurate for said given period of time based on said historically different answers, wherein at least one of said steps are performed by at least one hardware device.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Knowledge-based authentication (KBA) is provided using historically-aware questionnaires. The KBA can obtain a plurality of historically different answers from the user to at least one question; challenge the user with the question for a given period of time; receive a response from the user to the question; and grant access to the restricted resource if the response is accurate for the given period of time based on the historically different answers. Alternatively, the KBA can be based on historically aware answers to a set of inter-related questions. The user is challenged with the inter-related questions for a given period of time. Historically different answers can comprise answers with applicable dates, or correct answers to the question over time. Historically aware answers can comprise an answer that is accurate for an indicated date or period of time. An accurate response demonstrates knowledge of multiple related personal events.

27 Citations

View as Search Results

41 Claims

1. A knowledge-based authentication method performed by a server for restricting access of a user to a restricted resource, comprising the steps of:
- obtaining a plurality of historically different answers from said user for each of at least one question during a registration phase with said user, wherein said plurality of historically different answers for a given question are different for at least two different periods of time;
  
  challenging said user with at least one question that tests the historical knowledge of said user within said historically different answers to said given question for a given period of time;
  
  receiving a response from said user to said at least one question; and
  
  granting access to said restricted resource if said response is accurate for said given period of time based on said historically different answers, wherein at least one of said steps are performed by at least one hardware device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein said historically different answers comprise answers with applicable dates.
  - 3. The method of claim 1, wherein said historically different answers comprise a series of correct answers to said question over time.
  - 4. The method of claim 1, wherein said historically different answers comprise a series over time of one or more of facts, traits and characteristics of said user.
  - 5. The method of claim 1, further comprising the step of determining a confidence score based on said accuracy of said response for said given period of time based on said historically different answers.
  - 6. The method of claim 5, wherein said confidence score assesses a credibility of said user.
  - 7. The method of claim 5, wherein said confidence score is evaluated relative to a threshold.
  - 8. The method of claim 7, further comprising the step of employing a fraud remediation method when said confidence score is within a predefined tolerance of said threshold.
  - 9. The method of claim 8, wherein said fraud remediation method comprises one or more of denying access and sending a notification of said access attempt.
  - 10. The method of claim 8, wherein said fraud remediation method comprises classifying said response as plausible or correct.
  - 11. The method of claim 10, further comprising the steps of calculating a distance between an actual answer and a received answer and labeling a plausible response as a data mining access attempt.
  - 12. The method of claim 8, wherein said fraud remediation method comprises further interrogation of said user.
  - 13. The method of claim 8, wherein said fraud remediation method comprises granting access to said user and investigating said user to determine an identity of said user.
  - 14. The method of claim 1, wherein an accurate response demonstrates with measurable confidence that said user has global knowledge of multiple related events.

15. A knowledge-based authentication method performed by a server for restricting access of a user to a restricted resource, comprising the steps of:
- obtaining a plurality of historically aware answers from said user to a set of inter-related questions during a registration phase with said user, wherein each of said historically aware answers comprises an answer to a given question that is accurate for an indicated period of time;
  
  challenging said user with one or more of said inter-related questions for a given period of time;
  
  receiving a response from said user to said one or more inter-related questions; and
  
  granting access to said restricted resource if said response is accurate for said given period of time based on said historically aware answers, wherein at least one of said steps are performed by at least one hardware device.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 16. The method of claim 15, further comprising the step of determining a confidence score based on said accuracy of said response for said given period of time based on said historically aware answers.
  - 17. The method of claim 16, wherein said confidence score assesses a credibility of said user.
  - 18. The method of claim 15, wherein said confidence score is evaluated relative to a threshold.
  - 19. The method of claim 18, further comprising the step of employing a fraud remediation method when said confidence score is within a predefined tolerance of said threshold.
  - 20. The method of claim 19, wherein said fraud remediation method comprises one or more of denying access and sending a notification of said access attempt.
  - 21. The method of claim 19, wherein said fraud remediation method comprises classifying said response as plausible or correct.
  - 22. The method of claim 21, further comprising the steps of calculating a distance between an actual answer and a received answer and labeling a plausible response as a data mining access attempt.
  - 23. The method of claim 19, wherein said fraud remediation method comprises further interrogation of said user.
  - 24. The method of claim 19, wherein said fraud remediation method comprises granting access to said user and investigating said user to determine an identity of said user.
  - 25. The method of claim 19, wherein an accurate response demonstrates with measurable confidence that said user has global knowledge of multiple related events.

26. A knowledge-based authentication server for restricting access of a user to a restricted resource, comprising:
- a memory; and
  
  at least one hardware device, coupled to the memory, operative to implement the following steps;
  
  obtaining a plurality of historically different answers from said user for each of at least one question during a registration phase with said user, wherein said plurality of historically different answers for a given question are different for at least two different periods of time;
  
  challenging said user with at least one question that tests the historical knowledge of said user within said historically different answers to said given question for a given period of time;
  
  receiving a response from said user to said at least one question; and
  
  granting access to said restricted resource if said response is accurate for said given period of time based on said historically different answers.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33)
- - 27. The server of claim 26, wherein said historically different answers comprise answers with applicable dates.
  - 28. The server of claim 26, wherein said historically different answers comprise a series of correct answers to said question over time.
  - 29. The server of claim 26, wherein said historically different answers comprise a series over time of one or more of facts, traits and characteristics of said user.
  - 30. The server of claim 26, further comprising the step of determining a confidence score based on said accuracy of said response for said given period of time based on said historically different answers.
  - 31. The server of claim 30, wherein said confidence score assesses a credibility of said user.
  - 32. The server of claim 30, wherein said confidence score is evaluated relative to a threshold.
  - 33. The server of claim 32, further comprising the step of employing a fraud remediation server when said confidence score is within a predefined tolerance of said threshold.

34. An article of manufacture for knowledge-based authentication by a server for restricting access of a user to a restricted resource, comprising a non-transitory machine readable recordable medium containing one or more programs which when executed implement the steps of:
- obtaining a plurality of historically different answers from said user for each of at least one question during a registration phase with said user, wherein said plurality of historically different answers for a given question are different for at least two different periods of time;
  
  challenging said user with at least one question that tests the historical knowledge of said user within said historically different answers to said given question for a given period of time;
  
  receiving a response from said user to said at least one question; and
  
  granting access to said restricted resource if said response is accurate for said given period of time based on said historically different answers.

35. A knowledge-based authentication server for restricting access of a user to a restricted resource, comprising:
- a memory; and
  
  at least one hardware device, coupled to the memory, operative to implement the following steps;
  
  obtaining a plurality of historically aware answers from said user to a set of inter-related questions during a registration phase with said user, wherein each of said historically aware answers comprises an answer to a given question that is accurate for an indicated period of time;
  
  challenging said user with one or more of said inter-related questions for a given period of time;
  
  receiving a response from said user to said one or more inter-related questions; and
  
  granting access to said restricted resource if said response is accurate for said given period of time based on said historically aware answers.
- View Dependent Claims (36, 37, 38, 39, 40)
- - 36. The server of claim 35, wherein said at least one hardware device is further configured to determine a confidence score based on said accuracy of said response for said given period of time based on said historically aware answers.
  - 37. The server of claim 36, wherein said confidence score assesses a credibility of said user.
  - 38. The server of claim 35, wherein said confidence score is evaluated relative to a threshold.
  - 39. The server of claim 38, further comprising the step of employing a fraud remediation server when said confidence score is within a predefined tolerance of said threshold.
  - 40. The server of claim 38, wherein an accurate response demonstrates with measurable confidence that said user has global knowledge of multiple related events.

41. An article of manufacture for knowledge-based authentication by a server for restricting access of a user to a restricted resource, comprising a non-transitory machine readable recordable medium containing one or more programs which when executed implement the steps of:
- obtaining a plurality of historically aware answers from said user to a set of inter-related questions during a registration phase with said user, wherein each of said historically aware answers comprises an answer to a given question that is accurate for an indicated period of time;
  
  challenging said user with one or more of said inter-related questions for a given period of time;
  
  receiving a response from said user to said one or more inter-related questions; and
  
  granting access to said restricted resource if said response is accurate for said given period of time based on said historically aware answers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Juels, Ari, Triandopoulos, Nikolaos, Corn, Thomas S.
Primary Examiner(s)
Rahman, Mohammad L

Application Number

US13/436,080
Time in Patent Office

1,110 Days
Field of Search

726/2, 726/27
US Class Current

726/27
CPC Class Codes

H04L 9/0618 Block ciphers, i.e. encrypt...

H04L 9/3271 using challenge-response

Methods and apparatus for knowledge-based authentication using historically-aware questionnaires

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for knowledge-based authentication using historically-aware questionnaires

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links