Suppression of authorization risk feedback to mitigate risk factor manipulation in an authorization system
First Claim
1. A computer-implemented method of dynamic risk communication associated with a computer device, the method performed by one or more hardware processors, comprising:
- automatically detecting one or more security risk factors for the computer device based on current context information associated with the computer device, the security risk factors used for authenticating a user, wherein for selected security risk factors the computer device requires additional information before authenticating the user;
determining whether an attempt is being made via the computer device to discover the one or more security risk factors to manipulate the computer device from using the selected security risk factors and from requiring the additional information in an attempt to reduce a security level of a computer-implemented authentication procedure, the determining of the attempt to discover the one or more security risk factors performed by detecting at least a repeated initiating of a transaction without proceeding past an authentication prompt;
responsive to determining that the attempt is being made to manipulate the one or more security risk factors, communicating a new challenge for additional identification for presenting on a user interface device of the computer device and suppressing the one or more security risk factors from being presented on the user interface device.
3 Assignments
0 Petitions
Accused Products
Abstract
Dynamic risk communication associated with a computer device may include automatically detecting one or more security risk factors for the computer device based on current context information associated with the computer device. Whether an attempt is being made via the computer device to manipulate the one or more risk factors in an attempt to reduce a security level of a computer-implemented authentication procedure may be determined. Responsive to determining that the attempt is being made to manipulate the one or more risk factors, a new challenge for additional identification may be communicated for presentation on a user interface device of the computer device while suppressing one or more security risk factors from being presented on the user interface device. Responsive to determining that an attempt is not being made to manipulate the one or more risk factors, the new challenge and one or more security risk factors may be communicated.
-
Citations
20 Claims
-
1. A computer-implemented method of dynamic risk communication associated with a computer device, the method performed by one or more hardware processors, comprising:
-
automatically detecting one or more security risk factors for the computer device based on current context information associated with the computer device, the security risk factors used for authenticating a user, wherein for selected security risk factors the computer device requires additional information before authenticating the user; determining whether an attempt is being made via the computer device to discover the one or more security risk factors to manipulate the computer device from using the selected security risk factors and from requiring the additional information in an attempt to reduce a security level of a computer-implemented authentication procedure, the determining of the attempt to discover the one or more security risk factors performed by detecting at least a repeated initiating of a transaction without proceeding past an authentication prompt; responsive to determining that the attempt is being made to manipulate the one or more security risk factors, communicating a new challenge for additional identification for presenting on a user interface device of the computer device and suppressing the one or more security risk factors from being presented on the user interface device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer readable storage medium storing a program of instructions executable by a machine to perform a method of dynamic risk communication associated with a computer device, the method comprising:
-
automatically detecting one or more security risk factors for the computer device based on current context information associated with the computer device, the security risk factors used for authenticating a user, wherein for selected security risk factors the computer device requires additional information before authenticating the user; determining whether an attempt is being made via the computer device to discover the one or more security risk factors to manipulate the computer device from using the selected security risk factors and from requiring the additional information in an attempt to reduce a security level of a computer-implemented authentication procedure, the determining of the attempt to discover the one or more security risk factors performed by detecting at least a repeated initiating of a transaction without proceeding past an authentication prompt; responsive to determining that the attempt is being made to manipulate the one or more security risk factors, communicating a new challenge for additional identification for presenting on a user interface device of the computer device and suppressing the one or more security risk factors from being presented on the user interface device. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for dynamic risk communication associated with a computer device, comprising:
-
one or more computer processors coupled to a memory, one or more of computer processors operable to automatically detect one or more security risk factors for the computer device based on current context information associated with the computer device, the security risk factors used for authenticating a user, wherein for selected security risk factors the computer device requires additional information before authenticating the user, one or more of computer processors further operable to determine whether an attempt is being made via the computer device to discover the one or more security risk factors to manipulate the computer device from using the selected security risk factors and from requiring the additional information in an attempt to reduce a security level of a computer-implemented authentication procedure, the one or more of computer processors determining the attempt to discover the one or more security risk factors by detecting at least a repeated initiating of a transaction without proceeding past an authentication prompt, responsive to determining that the attempt is being made to manipulate the one or more security risk factors, one or more of computer processors further operable to communicate a new challenge for additional identification for presenting on a user interface device of the computer device and suppress the one or more security risk factors from being presented on the user interface device. - View Dependent Claims (18, 19, 20)
-
Specification