Risk analysis apparatus and method for risk based authentication

US 11,003,749 B2
Filed: 05/25/2018
Issued: 05/11/2021
Est. Priority Date: 05/25/2017
Status: Active Grant

First Claim

Patent Images

1. A risk analysis apparatus comprising:

at least one memory;

at least one processor configured to execute program codes stored in the at least one memory to perform;

collecting risk factors related to one or more authentication processes for authentication of a user of a client device in an authentication system;

calculating a current risk score for the user based on the collected risk factors based on the one or more authentication processes being successful;

calculating a total risk score based on a risk score history of the user and the current risk score;

determining whether additional authentication of the user is required based on the current risk score and the total risk score; and

requesting the client device for the additional authentication of the user based on the additional authentication being required,wherein the calculating of the total risk score comprises calculating the total risk score by comparing a change pattern of past risk scores included in the risk score history with the current risk score or calculating the total risk score based on a number of times a threshold has been exceeded within a predetermined period of the risk score history.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A risk analysis apparatus and method are provided. According to one embodiment of the present disclosure, the risk analysis apparatus includes: at least one processor configured to: a risk factor collector configured to collect risk factors related to one or more authentication processes for authentication of a user of a client device in an authentication system; a risk analyzer configured to calculate a current risk score for the user based on the collected risk factors and calculate a total risk score based on a risk score history of the user and the current risk score based on the one or more authentication processes being successful; and an additional authentication requester configured to determine whether additional authentication of the user is required based on the current risk score and the total risk score and, request the client device for the additional authentication of the user based on the additional authentication being required.

0 Citations

14 Claims

1. A risk analysis apparatus comprising:
- at least one memory;
  
  at least one processor configured to execute program codes stored in the at least one memory to perform;
  
  collecting risk factors related to one or more authentication processes for authentication of a user of a client device in an authentication system;
  
  calculating a current risk score for the user based on the collected risk factors based on the one or more authentication processes being successful;
  
  calculating a total risk score based on a risk score history of the user and the current risk score;
  
  determining whether additional authentication of the user is required based on the current risk score and the total risk score; and
  
  requesting the client device for the additional authentication of the user based on the additional authentication being required,wherein the calculating of the total risk score comprises calculating the total risk score by comparing a change pattern of past risk scores included in the risk score history with the current risk score or calculating the total risk score based on a number of times a threshold has been exceeded within a predetermined period of the risk score history.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The risk analysis apparatus of claim 1, wherein the risk factors include at least one from among data related to an authentication activity of the user, data related to the client device, and data related to authentication factors used in the one or more authentication processes.
  - 3. The risk analysis apparatus of claim 1, wherein the requesting for the additional authentication comprises requesting the client device for the additional authentication of the user based on the current risk score exceeding a first threshold or the total risk score exceeding a second threshold.
  - 4. The risk analysis apparatus of claim 1, wherein the calculating of the current risk score comprises calculating the current risk score using the risk factors related to the currently performed authentication processes, and at least one from among risk factors related to authentication processes previously performed for the user and risk factors related to authentication processes previously performed for a plurality of users.
  - 5. The risk analysis apparatus of claim 1, wherein the at least one processor is further configured to execute program codes to perform determining a re-authentication time for the user based on the total risk score or an authentication history of the user.
  - 6. The risk analysis apparatus of claim 5, wherein the determining of the re-authentication time comprises calculating a confidence value for the user based on the total risk score and determining the re-authentication time based on the calculated confidence value.
  - 7. The risk analysis apparatus of claim 5, wherein the determining of the re-authentication time comprises calculating an authentication failure probability for the user based on the authentication history of the user and determining the re-authentication time based on the calculated authentication failure probability.

8. A risk analysis method implemented by a risk analysis apparatus comprising:
- collecting risk factors related to one or more authentication processes for authentication of a user of a client device in an authentication system;
  
  calculating a current risk score for the user based on the collected risk factors and the one or more authentication processes being successful;
  
  calculating a total risk score based on a risk score history of the user and the current risk score; and
  
  determining whether additional authentication of the user is required based on the current risk score and the total risk score; and
  
  requesting the client device for the additional authentication of the user based on the determining indicating the additional authentication is required,wherein the calculating of the total risk score comprises calculating the total risk score by comparing a change pattern of past risk scores included in the risk score history with the current risk score or calculating the total risk score based on a number of times a threshold has been exceeded within a predetermined period of the risk score history.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The risk analysis method of claim 8, wherein the risk factors include at least one from among data related to an authentication activity of the user, data related to the client device, and data related to authentication factors used in the one or more authentication processes.
  - 10. The risk analysis method of claim 8, wherein the requesting for the additional authentication comprises requesting the client device for the additional authentication of the user based on the current risk score exceeding a first threshold or the total risk score exceeding a second threshold.
  - 11. The risk analysis method of claim 8, wherein the calculating of the current risk score comprises calculating the current risk score using the risk factors related to the currently performed authentication processes, and at least one from among risk factors related to authentication processes previously performed for the user and risk factors related to authentication processes previously performed for a plurality of users.
  - 12. The risk analysis method of claim 8, further comprising determining a re-authentication time for the user based on the total risk score or an authentication history of the user.
  - 13. The risk analysis method of claim 12, wherein the determining of the re-authentication time comprises calculating a confidence value for the user based on the total risk score and determining the re-authentication time based on the calculated confidence value.
  - 14. The risk analysis method of claim 12, wherein the determining of the re-authentication time comprises calculating an authentication failure probability for the user based on the authentication history of the user and determining the re-authentication time based on the calculated authentication failure probability.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung SDS (China) Co., Ltd. (Samsung Group)
Original Assignee
Samsung SDS (China) Co., Ltd. (Samsung Group)
Inventors
Park, Hyun-Kyung, Seo, Bum-Joon, Oh, Hyun-Min, Lee, Ji-hyun
Primary Examiner(s)
Dolly, Kendall

Application Number

US15/989,301
Publication Number

US 20180341758A1
Time in Patent Office

1,082 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/316   by observing the pattern of...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2139   Recurrent verification

Risk analysis apparatus and method for risk based authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

0 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Risk analysis apparatus and method for risk based authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

0 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links