Methods and apparatus for fraud detection and remediation in knowledge-based authentication
First Claim
1. A knowledge-based authentication method performed by a server for restricting access of a user to a restricted resource, comprising the steps of:
- challenging said user with one or more questions requiring knowledge by said user, wherein said user previously provided one or more answers to said one or more questions during a set-up phase, wherein at least one of said answers provided by said user encode one or more of historical, inter-relational and contextual information of said user using an encoding scheme defined between said server and said user to signal a fraudulent access attempt;
receiving a response from said user to said one or more questions, wherein at least a portion of said response is encoded by said user using said encoding scheme defined between said server and said user to signal said fraudulent access attempt; and
granting access to said restricted resource if one or more predefined response criteria are satisfied, wherein said one or more predefined response criteria comprises an assessment of whether said encoded portion of said response satisfies said encoding scheme, wherein at least one of said steps are performed by at least one hardware device.
9 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus are provided for fraud detection and remediation in knowledge-based authentication (KBA). A knowledge-based authentication method is performed by a server for restricting access of a user to a restricted resource. The exemplary knowledge-based authentication method comprises challenging the user with one or more questions requiring knowledge by the user; receiving a response from the user to the one or more questions, wherein at least a portion of the response is encoded by the user using an encoding scheme defined between the server and the user to signal a fraudulent access attempt; and granting access to the restricted resource if one or more predefined response criteria are satisfied, wherein the one or more predefined response criteria comprises an assessment of whether the encoded portion of the response satisfies the encoding scheme. A number of exemplary encoding schemes are disclosed.
-
Citations
58 Claims
-
1. A knowledge-based authentication method performed by a server for restricting access of a user to a restricted resource, comprising the steps of:
-
challenging said user with one or more questions requiring knowledge by said user, wherein said user previously provided one or more answers to said one or more questions during a set-up phase, wherein at least one of said answers provided by said user encode one or more of historical, inter-relational and contextual information of said user using an encoding scheme defined between said server and said user to signal a fraudulent access attempt; receiving a response from said user to said one or more questions, wherein at least a portion of said response is encoded by said user using said encoding scheme defined between said server and said user to signal said fraudulent access attempt; and granting access to said restricted resource if one or more predefined response criteria are satisfied, wherein said one or more predefined response criteria comprises an assessment of whether said encoded portion of said response satisfies said encoding scheme, wherein at least one of said steps are performed by at least one hardware device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A knowledge-based authentication method performed by a server for restricting access of a user to a restricted resource, comprising the steps of:
-
receiving a plurality of answers from said user during a set-up phase to a set of personal questions, wherein at least one of said answers received from said user encode one or more of historical, inter-relational and contextual information of said user using an encoding scheme defined between said server and said user to signal a fraudulent access attempt; challenging said user with one or more questions from said set of personal questions; receiving a response from said user to said one or more questions from said set; assigning a score to said response, wherein said score is based on said encoded information; and granting access to said restricted resource based on said score, wherein at least one of said steps are performed by at least one hardware device. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A knowledge-based authentication server for restricting access of a user to a restricted resource, comprising:
-
a memory; and at least one hardware device, coupled to the memory, operative to implement the following steps; challenging said user with one or more questions requiring knowledge by said user, wherein said user previously provided one or more answers to said one or more questions during a set-up phase, wherein at least one of said answers provided by said user encode one or more of historical, inter-relational and contextual information of said user using an encoding scheme defined between said server and said user to signal a fraudulent access attempt; receiving a response from said user to said one or more questions, wherein at least a portion of said response is encoded by said user using said encoding scheme defined between said server and said user to signal said fraudulent access attempt; and granting access to said restricted resource if one or more predefined response criteria are satisfied, wherein said one or more predefined response criteria comprises an assessment of whether said encoded portion of said response satisfies said encoding scheme. - View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
-
-
47. An article of manufacture for knowledge-based authentication by a server for restricting access of a user to a restricted resource, comprising a non-transitory machine readable recordable medium containing one or more programs which when executed implement the steps of:
-
challenging said user with one or more questions requiring knowledge by said user, wherein said user previously provided one or more answers to said one or more questions during a set-up phase, wherein at least one of said answers provided by said user encode one or more of historical, inter-relational and contextual information of said user using an encoding scheme defined between said server and said user to signal a fraudulent access attempt; receiving a response from said user to said one or more questions, wherein at least a portion of said response is encoded by said user using said encoding scheme defined between said server and said user to signal said fraudulent access attempt; and granting access to said restricted resource if one or more predefined response criteria are satisfied, wherein said one or more predefined response criteria comprises an assessment of whether said encoded portion of said response satisfies said encoding scheme.
-
-
48. A knowledge-based authentication server for restricting access of a user to a restricted resource, comprising:
-
a memory; and at least one hardware device, coupled to the memory, operative to implement the following steps; receiving a plurality of answers from said user during a set-up phase to a set of personal questions, wherein at least one of said answers received from said user encode one or more of historical, inter-relational and contextual information of said user using an encoding scheme defined between said server and said user to signal a fraudulent access attempt; challenging said user with one or more questions from said set of personal questions; receiving a response from said user to said one or more questions from said set; assigning a score to said response, wherein said score is based on said encoded information; and granting access to said restricted resource based on said score. - View Dependent Claims (49, 50, 51, 52, 53, 54, 55, 56, 57)
-
-
58. An article of manufacture for knowledge-based authentication by a server for restricting access of a user to a restricted resource, comprising a non-transitory machine readable recordable medium containing one or more programs which when executed implement the steps of:
-
receiving a plurality of answers from said user during a set-up phase to a set of personal questions, wherein at least one of said answers received from said user encode one or more of historical, inter-relational and contextual information of said user using an encoding scheme defined between said server and said user to signal a fraudulent access attempt; challenging said user with one or more questions from said set of personal questions; receiving a response from said user to said one or more questions from said set; assigning a score to said response, wherein said score is based on said encoded information; and granting access to said restricted resource based on said score.
-
Specification