摘要 |
A technique provides malicious identity profiles. The technique involves storing unsuccessful authentication entries in a database, the unsuccessful authentication entries including (i) descriptions of failed attempts to authenticate users and (ii) biometric records captured from the users during the failed attempts to authenticate the users. The technique further involves generating a set of malicious identity profiles based on the descriptions and the biometric records of the unsuccessful authentication entries stored in the database. Each malicious identity profile includes a profile biometric record for comparison with new biometric records during new authentication attempts. The technique further involves outputting the set of malicious identity profiles. Such a set of malicious identity profiles is well suited for use in future authentication operations, i.e., well suited for predicting intruder attacks and fraud attempts, and for sharing risky identities among authentication systems (e.g., among different security products within a cybercrime detection network). |
主权项 |
1. A method of providing malicious identity profiles, the method comprising:
storing, by processing circuitry, unsuccessful authentication entries in a database, the unsuccessful authentication entries including (i) descriptions of failed attempts to authenticate users and (ii) biometric records captured from the users during the failed attempts to authenticate the users; generating, by the processing circuitry, a set of malicious identity profiles based on the descriptions and the biometric records of the unsuccessful authentication entries stored in the database, each malicious identity profile including a profile biometric record for comparison with new biometric records during new authentication attempts; and outputting, by the processing circuitry, the set of malicious identity profiles;wherein generating the set of malicious identity profiles includes:
performing comparison operations on the descriptions and the biometric records of the unsuccessful authentication entries to group at least some of the unsuccessful authentication entries into sets of similar unsuccessful authentication entries, each set of similar unsuccessful authentication entries including multiple unsuccessful authentication entries which are alike based on a set of similarity scores resulting from the comparison operations, and forming the set of malicious identity profiles from at least some of the sets of similar unsuccessful authentication entries;wherein forming the set of malicious identity profiles from at least some of the sets of similar unsuccessful authentication entries includes:
creating suspicion profiles from the sets of similar unsuccessful authentication entries, each suspicion profile including a particular profile biometric record created from a particular set of similar unsuccessful authentication entries, and collecting historical data from the database for each created suspicion profile; andwherein the method further comprises:
distributing, as the set of malicious identity profiles, the suspicion profiles and suspicion scores which are assigned to the suspicion profiles to a set of adaptive-authentication servers through a computerized network, each adaptive-authentication server being constructed and arranged to perform adaptive-authentication (i) which includes biometric authentication as an adaptive-authentication factor and (ii) which is based on the malicious identity profiles. |