Methods and apparatus for fraud detection and remediation in knowledge-based authentication

US 9,021,553 B1
Filed: 03/30/2012
Issued: 04/28/2015
Est. Priority Date: 03/30/2012
Status: Active Grant

First Claim

Patent Images

1. A knowledge-based authentication method performed by a server for restricting access of a user to a restricted resource, comprising the steps of:

challenging said user with one or more questions requiring knowledge by said user, wherein said user previously provided one or more answers to said one or more questions during a set-up phase, wherein at least one of said answers provided by said user encode one or more of historical, inter-relational and contextual information of said user using an encoding scheme defined between said server and said user to signal a fraudulent access attempt;

receiving a response from said user to said one or more questions, wherein at least a portion of said response is encoded by said user using said encoding scheme defined between said server and said user to signal said fraudulent access attempt; and

granting access to said restricted resource if one or more predefined response criteria are satisfied, wherein said one or more predefined response criteria comprises an assessment of whether said encoded portion of said response satisfies said encoding scheme, wherein at least one of said steps are performed by at least one hardware device.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus are provided for fraud detection and remediation in knowledge-based authentication (KBA). A knowledge-based authentication method is performed by a server for restricting access of a user to a restricted resource. The exemplary knowledge-based authentication method comprises challenging the user with one or more questions requiring knowledge by the user; receiving a response from the user to the one or more questions, wherein at least a portion of the response is encoded by the user using an encoding scheme defined between the server and the user to signal a fraudulent access attempt; and granting access to the restricted resource if one or more predefined response criteria are satisfied, wherein the one or more predefined response criteria comprises an assessment of whether the encoded portion of the response satisfies the encoding scheme. A number of exemplary encoding schemes are disclosed.

Citations

58 Claims

1. A knowledge-based authentication method performed by a server for restricting access of a user to a restricted resource, comprising the steps of:
- challenging said user with one or more questions requiring knowledge by said user, wherein said user previously provided one or more answers to said one or more questions during a set-up phase, wherein at least one of said answers provided by said user encode one or more of historical, inter-relational and contextual information of said user using an encoding scheme defined between said server and said user to signal a fraudulent access attempt;
  
  receiving a response from said user to said one or more questions, wherein at least a portion of said response is encoded by said user using said encoding scheme defined between said server and said user to signal said fraudulent access attempt; and
  
  granting access to said restricted resource if one or more predefined response criteria are satisfied, wherein said one or more predefined response criteria comprises an assessment of whether said encoded portion of said response satisfies said encoding scheme, wherein at least one of said steps are performed by at least one hardware device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein said encoding scheme comprises an intentionally incorrect answer to a particular question among a plurality of questions.
  - 3. The method of claim 2, wherein said particular question is determined by a slack value defined between said server and said user.
  - 4. The method of claim 1, wherein said encoding scheme comprises providing an n-th order answer to a particular question having a plurality of possible answers.
  - 5. The method of claim 4, wherein said n-th order is previously defined between said server and said user.
  - 6. The method of claim 1, wherein said encoding scheme comprises a requirement that said user shall not answer any question that addresses a previously defined blocked topic.
  - 7. The method of claim 1, wherein said encoding scheme comprises determining an index based on answers of said user to a plurality of control questions, wherein said index identifies one of a plurality of possible equivalent answers to a primary question.
  - 8. The method of claim 1, wherein said encoding scheme comprises determining an index based on answers of said user to a plurality of control questions, wherein said index identifies one of a plurality of possible queries that can be answered in a database containing information that is personal to the user.
  - 9. The method of claim 1, further comprising the step of determining a confidence score based on said assessment of whether said encoded portion of said response satisfies said encoding scheme.
  - 10. The method of claim 9, wherein said confidence score assesses a credibility of said user.
  - 11. The method of claim 9, wherein said predefined response criteria evaluates said confidence score relative to a threshold.
  - 12. The method of claim 11, further comprising the step of employing a fraud remediation method when said confidence score is within a predefined tolerance of said threshold.
  - 13. The method of claim 12, wherein said fraud remediation method comprises one or more of denying access and sending a notification of said access attempt.
  - 14. The method of claim 12, wherein said fraud remediation method comprises classifying said response as plausible or correct.
  - 15. The method of claim 14, further comprising the steps of calculating a distance between an actual answer and a received answer and labeling a plausible response as a data mining access attempt.
  - 16. The method of claim 12, wherein said fraud remediation method comprises further interrogation of said user.
  - 17. The method of claim 12, wherein said fraud remediation method comprises granting access to said user and investigating said user to determine an identity of said user.

18. A knowledge-based authentication method performed by a server for restricting access of a user to a restricted resource, comprising the steps of:
- receiving a plurality of answers from said user during a set-up phase to a set of personal questions, wherein at least one of said answers received from said user encode one or more of historical, inter-relational and contextual information of said user using an encoding scheme defined between said server and said user to signal a fraudulent access attempt;
  
  challenging said user with one or more questions from said set of personal questions;
  
  receiving a response from said user to said one or more questions from said set;
  
  assigning a score to said response, wherein said score is based on said encoded information; and
  
  granting access to said restricted resource based on said score, wherein at least one of said steps are performed by at least one hardware device.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 19. The method of claim 18, further comprising the step of repeating said set-up phase to update one or more of said set of personal questions, said corresponding answers and said encoded historical, inter-relational or contextual information of said user.
  - 20. The method of claim 18, wherein said score indicates a likelihood that said user has been impersonated.
  - 21. The method of claim 18, wherein said score is evaluated relative to a threshold.
  - 22. The method of claim 21, further comprising the step of employing a fraud remediation method when said score is within a predefined tolerance of said threshold.
  - 23. The method of claim 22, wherein said fraud remediation method comprises one or more of denying access and sending a notification of said access attempt.
  - 24. The method of claim 22, wherein said fraud remediation method comprises classifying said response as plausible or correct.
  - 25. The method of claim 24, further comprising the steps of calculating a distance between an actual answer and a received answer and labeling a plausible response as a data mining access attempt.
  - 26. The method of claim 22, wherein said fraud remediation method comprises further interrogation of said user.
  - 27. The method of claim 22, wherein said fraud remediation method comprises granting access to said user and investigating said user to determine an identity of said user.
  - 28. The method of claim 18, wherein said challenging step further comprises the step of challenging said user with a set of C=ƒ
    - (Q, A, I(Q), S) challenge questions, where ƒ
      
      is a function applied on an initial set of questions Q, their corresponding answers A, the encoded information I(Q) and additional state information S.
  - 29. The method of claim 28, wherein said function ƒ
    - generates a random subset C of Q.
  - 30. The method of claim 28, wherein said function ƒ
    - is a probabilistic function.
  - 31. The method of claim 18, wherein said server applies a function g to {Q, A, I(Q), C, A(C), S} to assign said score, wherein Q is an initial set of questions, A comprises corresponding answers to said initial set of questions, I(Q) is the encoded information, C is a set of challenge questions, A(C) comprises corresponding answers to C, and S comprises additional state information.
  - 32. The method of claim 31, wherein said function g is a probabilistic function.
  - 33. The method of claim 18, further comprising the step of updating a user-specific state {t, Q, A, I(Q), S} by applying a function h on {w, t, Q, A, I(Q), S}, where w is said score, t is a threshold, Q is an initial set of questions, A comprises corresponding answers, I(Q) is the encoded information and S comprises additional state information.
  - 34. The method of claim 33, wherein said function h is a probabilistic function.

35. A knowledge-based authentication server for restricting access of a user to a restricted resource, comprising:
- a memory; and
  
  at least one hardware device, coupled to the memory, operative to implement the following steps;
  
  challenging said user with one or more questions requiring knowledge by said user, wherein said user previously provided one or more answers to said one or more questions during a set-up phase, wherein at least one of said answers provided by said user encode one or more of historical, inter-relational and contextual information of said user using an encoding scheme defined between said server and said user to signal a fraudulent access attempt;
  
  receiving a response from said user to said one or more questions, wherein at least a portion of said response is encoded by said user using said encoding scheme defined between said server and said user to signal said fraudulent access attempt; and
  
  granting access to said restricted resource if one or more predefined response criteria are satisfied, wherein said one or more predefined response criteria comprises an assessment of whether said encoded portion of said response satisfies said encoding scheme.
- View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
- - 36. The server of claim 35, wherein said encoding scheme comprises an intentionally incorrect answer to a particular question among a plurality of questions.
  - 37. The server of claim 36, wherein said particular question is determined by a slack value defined between said server and said user.
  - 38. The server of claim 35, wherein said encoding scheme comprises providing an n-th order answer to a particular question having a plurality of possible answers.
  - 39. The server of claim 38, wherein said n-th order is previously defined between said server and said user.
  - 40. The server of claim 35, wherein said encoding scheme comprises a requirement that said user shall not answer any question that addresses a previously defined blocked topic.
  - 41. The server of claim 35, wherein said encoding scheme comprises determining an index based on answers of said user to a plurality of control questions, wherein said index identifies one of a plurality of possible equivalent answers to a primary question.
  - 42. The server of claim 35, wherein said encoding scheme comprises determining an index based on answers of said user to a plurality of control questions, wherein said index identifies one of a plurality of possible queries that can be answered in a database containing information that is personal to the user.
  - 43. The server of claim 35, further comprising the step of determining a confidence score based on said assessment of whether said encoded portion of said response satisfies said encoding scheme.
  - 44. The server of claim 43, wherein said confidence score assesses a credibility of said user.
  - 45. The server of claim 43, wherein said predefined response criteria evaluates said confidence score relative to a threshold.
  - 46. The server of claim 45, further comprising the step of employing a fraud remediation server when said confidence score is within a predefined tolerance of said threshold.

47. An article of manufacture for knowledge-based authentication by a server for restricting access of a user to a restricted resource, comprising a non-transitory machine readable recordable medium containing one or more programs which when executed implement the steps of:
- challenging said user with one or more questions requiring knowledge by said user, wherein said user previously provided one or more answers to said one or more questions during a set-up phase, wherein at least one of said answers provided by said user encode one or more of historical, inter-relational and contextual information of said user using an encoding scheme defined between said server and said user to signal a fraudulent access attempt;
  
  receiving a response from said user to said one or more questions, wherein at least a portion of said response is encoded by said user using said encoding scheme defined between said server and said user to signal said fraudulent access attempt; and
  
  granting access to said restricted resource if one or more predefined response criteria are satisfied, wherein said one or more predefined response criteria comprises an assessment of whether said encoded portion of said response satisfies said encoding scheme.

48. A knowledge-based authentication server for restricting access of a user to a restricted resource, comprising:
- a memory; and
  
  at least one hardware device, coupled to the memory, operative to implement the following steps;
  
  receiving a plurality of answers from said user during a set-up phase to a set of personal questions, wherein at least one of said answers received from said user encode one or more of historical, inter-relational and contextual information of said user using an encoding scheme defined between said server and said user to signal a fraudulent access attempt;
  
  challenging said user with one or more questions from said set of personal questions;
  
  receiving a response from said user to said one or more questions from said set;
  
  assigning a score to said response, wherein said score is based on said encoded information; and
  
  granting access to said restricted resource based on said score.
- View Dependent Claims (49, 50, 51, 52, 53, 54, 55, 56, 57)
- - 49. The server of claim 48, wherein said at least one hardware device is further configured to repeat said set-up phase to update one or more of said set of personal questions, said corresponding answers and said encoded historical, inter-relational or contextual information of said user.
  - 50. The server of claim 48, wherein said score indicates a likelihood that said user has been impersonated.
  - 51. The server of claim 48, wherein said challenging step further comprises the step of challenging said user with a set of C=ƒ
    - (Q, A, I(Q), S) challenge questions, where ƒ
      
      is a function applied on an initial set of questions Q, their corresponding answers A, the encoded information I(Q) and additional state information S.
  - 52. The server of claim 51, wherein said function ƒ
    - generates a random subset C of Q.
  - 53. The server of claim 51, wherein said function ƒ
    - is a probabilistic function.
  - 54. The server of claim 48, wherein said server applies a function g to {Q, A, I(Q), C, A(C), S} to assign said score, wherein Q is an initial set of questions, A comprises corresponding answers to said initial set of questions, I(Q) is the encoded information, C is a set of challenge questions, A(C) comprises corresponding answers to C, and S comprises additional state information.
  - 55. The server of claim 54, wherein said function g is a probabilistic function.
  - 56. The server of claim 48, further comprising the step of updating a user-specific state {t, Q, A, I(Q), S} by applying a function h on {w, t, Q, A, I(Q), S}, where w is said score, t is a threshold, Q is an initial set of questions, A comprises corresponding answers, I(Q) is the encoded information and S comprises additional state information.
  - 57. The server of claim 56, wherein said function h is a probabilistic function.

58. An article of manufacture for knowledge-based authentication by a server for restricting access of a user to a restricted resource, comprising a non-transitory machine readable recordable medium containing one or more programs which when executed implement the steps of:
- receiving a plurality of answers from said user during a set-up phase to a set of personal questions, wherein at least one of said answers received from said user encode one or more of historical, inter-relational and contextual information of said user using an encoding scheme defined between said server and said user to signal a fraudulent access attempt;
  
  challenging said user with one or more questions from said set of personal questions;
  
  receiving a response from said user to said one or more questions from said set;
  
  assigning a score to said response, wherein said score is based on said encoded information; and
  
  granting access to said restricted resource based on said score.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Corn, Thomas S., Juels, Ari, Triandopoulos, Nikolaos
Primary Examiner(s)
Rahman, Mohammad L

Application Number

US13/436,125
Time in Patent Office

1,124 Days
Field of Search

726/2
US Class Current

726/2
CPC Class Codes

G06F 21/31 User authentication

G06F 2221/2133 Verifying human interaction...

Methods and apparatus for fraud detection and remediation in knowledge-based authentication

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

58 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for fraud detection and remediation in knowledge-based authentication

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

58 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links