| 发明名称 |
Authentication risk evaluation |
| 摘要 |
A computer is configured to receive an authentication request that identifies one or more authentication form factors, and for each form factor identified, further identifies at least one parameter. The computer is further configured to generate a risk score for the authentication request using the parameter, the risk score being based at least in part on a complexity associated with each of the one or more authentication form factors. The computer is further configured to provide the risk score to a requester. |
| 申请公布号 |
US8806591(B2) |
申请公布日期 |
2014.08.12 |
| 申请号 |
US201112986538 |
申请日期 |
2011.01.07 |
| 申请人 |
Verizon Patent and Licensing Inc. |
发明人 |
Dallas Charles;Tayebnejad Mohammad Reza;Mckeever Ken;Ramachandran Vidhyaprakash;Donfried Paul Andrew |
| 分类号 |
G06F21/00;H04L9/32 |
主分类号 |
G06F21/00 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A system comprising:
a computer server having a processor and a memory, the server configured to: receive an authentication request that identifies one or more authentication form factors, and for each form factor identified, further identifies at least one parameter; generate a risk score for the authentication request using the parameter, the risk score being based at least in part on a complexity associated with each of the one or more authentication form factors and on an upper bound on a number of guesses that an attacker may make to recover a token before the attacker is locked out from additional attacks, the upper bound based on a lockout time and at least one of a token lifetime, an attempt number, or lockout strikes, the lockout time being a time period for which a lockout will apply; provide the risk score to a requester; and when the upper bound is based on the lockout time, token lifetime and lockout strikes, compute the upper bound by dividing a product of the token lifetime and the lockout strikes by the lockout time. |
| 地址 |
Basking Ridge NJ US |
