Confidence-based authentication

摘要

Disclosed are various embodiments that perform confidence-based authentication of a user. An identification of a user account is obtained from a user, and a minimum confidence threshold is determined. Multiple authentication challenges are presented to the user. Responses are obtained from the user to a subset of the challenges, with each response having a corresponding authentication point value. A confidence score is generated for the user, where the confidence score is increased by the respective authentication point values of the correct responses. The user is authenticated as being associated with the user account in response to determining that the confidence score meets the minimum confidence threshold.

主权项

1. A non-transitory computer-readable medium embodying a program executable in at least one first computing device, wherein when executed the program causes the at least one first computing device to at least:
in response to receiving an identification of a user account from a second computing device, determine a minimum confidence threshold and a minimum inverse confidence threshold based at least in part on a particular account type associated with the user account; present a plurality of authentication questions; in response to receiving corresponding answers to individual ones of a subset of the plurality of authentication questions, generate a confidence score, wherein the confidence score is increased by respective authentication point values of the corresponding answers that are correct; generate an inverse confidence score, wherein the inverse confidence score is increased by the respective authentication point values of the corresponding answers that are incorrect; determine whether the confidence score meets the minimum confidence threshold and whether the inverse confidence score meets the minimum inverse confidence threshold; authenticate a user at the second computing device as being associated with the user account in response to determining that the confidence score meets the minimum confidence threshold and the inverse confidence score does not meet the minimum inverse confidence threshold; and wherein at least one of the plurality of authentication challenges corresponds to a dummy question, and generating the inverse confidence score further comprises increasing the inverse confidence score by a respective authentication point value associated with a corresponding answer to the dummy question in response to determining that the dummy question is answered by the user.