| 发明名称 | Methods and apparatus for fraud detection and remediation in knowledge-based authentication | ||
| 摘要 | Methods and apparatus are provided for fraud detection and remediation in knowledge-based authentication (KBA). A knowledge-based authentication method is performed by a server for restricting access of a user to a restricted resource. The exemplary knowledge-based authentication method comprises challenging the user with one or more questions requiring knowledge by the user; receiving a response from the user to the one or more questions, wherein at least a portion of the response is encoded by the user using an encoding scheme defined between the server and the user to signal a fraudulent access attempt; and granting access to the restricted resource if one or more predefined response criteria are satisfied, wherein the one or more predefined response criteria comprises an assessment of whether the encoded portion of the response satisfies the encoding scheme. A number of exemplary encoding schemes are disclosed. | ||
| 申请公布号 | US9021553(B1) | 申请公布日期 | 2015.04.28 |
| 申请号 | US201213436125 | 申请日期 | 2012.03.30 |
| 申请人 | EMC Corporation | 发明人 | Corn Thomas S.;Juels Ari;Triandopoulos Nikolaos |
| 分类号 | H04L29/06;G06F21/31 | 主分类号 | H04L29/06 |
| 代理机构 | Ryan, Mason & Lewis, LLP | 代理人 | Ryan, Mason & Lewis, LLP |
| 主权项 | 1. A knowledge-based authentication method performed by a server for restricting access of a user to a restricted resource, comprising the steps of: challenging said user with one or more questions requiring knowledge by said user, wherein said user previously provided one or more answers to said one or more questions during a set-up phase, wherein at least one of said answers provided by said user encode one or more of historical, inter-relational and contextual information of said user using an encoding scheme defined between said server and said user to signal a fraudulent access attempt; receiving a response from said user to said one or more questions, wherein at least a portion of said response is encoded by said user using said encoding scheme defined between said server and said user to signal said fraudulent access attempt; and granting access to said restricted resource if one or more predefined response criteria are satisfied, wherein said one or more predefined response criteria comprises an assessment of whether said encoded portion of said response satisfies said encoding scheme, wherein at least one of said steps are performed by at least one hardware device. | ||
| 地址 | Hopkinton MA US | ||