Evidence-based dynamic scoring to limit guesses in knowledge-based authentication
First Claim
1. A system comprising:
- memoryone or more processors;
one or more modules stored in the memory and executable by the one or more processors to perform operations comprising;
receiving an input from a user in response to a personal question, the input being different than a stored answer of the personal question;
determining, by a computing device including one or more processors, whether the input is a lexicon or semantically similar to a previous input by the user;
assigning a score to the input based on a comparison between the input and previously stored inputs from other users in response to questions related to the personal question;
reducing the score if the input is determined to be the lexicon or semantically similar to the previous input;
summing the score with previous scores of the session to create a total score for the session; and
transmitting another request for a correct input in response to a determination that the total score for the session satisfies a threshold, wherein a number of times that the user is allowed to attempt a correct input to the personal question is dynamically adjusted based at least in part on the total score for the session.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques to provide evidence-based dynamic scoring to limit guesses in knowledge based authentication are disclosed herein. In some aspects, an authenticator may receive an input from a user in response to a presentation of a personal question that enables user access to a restricted resource. The authenticator may determine that the input is not equivalent to a stored value, and thus is an incorrect input. The authenticator may then determine whether the input is similar to a previous input received from the user. A score may be assigned to the input. When the input is determined to be similar to the previous input, the score may be reduced. Another request for an input may be transmitted by the authenticator when a sum of the score and any previous scores of the session is less than a threshold.
178 Citations
20 Claims
-
1. A system comprising:
-
memory one or more processors; one or more modules stored in the memory and executable by the one or more processors to perform operations comprising; receiving an input from a user in response to a personal question, the input being different than a stored answer of the personal question; determining, by a computing device including one or more processors, whether the input is a lexicon or semantically similar to a previous input by the user; assigning a score to the input based on a comparison between the input and previously stored inputs from other users in response to questions related to the personal question; reducing the score if the input is determined to be the lexicon or semantically similar to the previous input; summing the score with previous scores of the session to create a total score for the session; and transmitting another request for a correct input in response to a determination that the total score for the session satisfies a threshold, wherein a number of times that the user is allowed to attempt a correct input to the personal question is dynamically adjusted based at least in part on the total score for the session. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. One or more storage devices storing computer-executable instructions that, when executed on one or more processors, causes the one or more processors to perform acts comprising:
-
receiving an input from a user during a session in response to an authentication question; comparing the input to a stored answer of the authentication question; assigning, based on the comparing, a score to the input; determining whether the input is at least one of a lexicon match or a semantic match with a previous input by the user; reducing the score if the input is determined to be at least one of the lexicon match or the semantic match; after reducing the score, summing the score with one or more previous scores to create a total score for the session; and transmitting an additional request for an additional input to a user device in response to a determination that the total score for the session satisfies a threshold value, wherein a number of times that the user is allowed to attempt a correct input to the authentication question is dynamically adjusted based at least in part on the total score for the session. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A method comprising:
-
receiving, by one or more servers, a new answer to a personal question; analyzing, using the one or more servers, received answers to the personal question to create an answer distribution of received answers; dynamically updating, using the one or more servers, a question list by removing the personal question from the question list in response to determining that the answer distribution of the received answers is less than a predetermined value. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification