Quantitative risk and income self-adaptive dynamic multiple-factor authentication method

An authentication method and risk-based technology, applied in the field of dynamic multi-factor authentication, can solve problems such as being unable to adapt to highly changing network environments, changing authentication methods, and improving security levels

Active Publication Date: 2012-06-20
FUDAN UNIV
View PDF3 Cites 28 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] 1. Due to the fixed strategy, it cannot adapt to the highly changing network environment
If the network environment changes and needs to change the security level requirements of the current information system, it cannot respond quickly
For example, in the first half of 2011, when the key system of Bank of China's online banking was breached, Bank of China could not change the authentication method in its own online banking system as soon as possible to improve the security level
This provides more attack time for malicious users to compromise system security
[0009] 2. Under the condition of normal network environment, if a more cumbersome authentication method is adopted for normal users, it will disrupt the normal transaction behavior of users, making users tend to choose other online banking services that are easier to use

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Quantitative risk and income self-adaptive dynamic multiple-factor authentication method
  • Quantitative risk and income self-adaptive dynamic multiple-factor authentication method
  • Quantitative risk and income self-adaptive dynamic multiple-factor authentication method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0089] by figure 2 For example, the access process in an online bank is as follows:

[0090] (1) The online banking system administrator determines that the security level is normal according to the current system situation, and sets it accordingly series variable. The authentication strength of access requests and the corresponding authentication methods are divided into four groups:

[0091] Certification Strength and Scope Transfer / Payment Authentication Method very safe, < 0.1

Password + picture verification code Safe, 0.1 – 0.3 Password + one-time password token + picture verification code Normal, 0.3 – 0.5 Password + SMS token + one-time password token suspicious, 0.5 – 0.7 Password+SMS token+USB token Hazardous, 0.7 – 0.8 Password + SMS token + one-time password token + USB token High risk, >= 0.8 reject

[0092] (2) The user purchases goods on a third-party shopping website.

[0093] (3) The user selects ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the technical fields of system safety and access control, and particularly relates to a quantitative risk and income self-adaptive dynamic multiple-factor authentication method. Through the method provided by the invention, an information system dynamically binds multiple authentication factors in different access scenes, thereby carrying out safety identification on a user logging in the system. Through the assessment of quantitative risk and income generated by access and the implementation of multiple-factor binding strategies, the information system determines the combination of authentication factors aiming at the corresponding access implementation so as to realize user identity authentication. The information system updates the assessed source historical data, thereby dynamically updating the assessment result of the quantitative risk and income so as to realize the self-adaptive characteristic of dynamic binding. By applying the method, the requirements for safety and usability of the information system can be balanced, and the response speed of the information system to an abnormal event can be improved.

Description

technical field [0001] The invention belongs to the technical field of system security and access control, and specifically relates to a dynamic multi-factor authentication method based on quantitative risk and self-adaptation of benefits, which dynamically selects an appropriate factor or multi-factor binding from an authentication factor library according to the context of an information system Perform user authentication. Background technique [0002] With the continuous popularization of personal computer and Internet technology, various information systems play an important role in people's daily life. With the increasing complexity of information systems, especially the emergence of various large-scale multi-user information systems, how to ensure the security of information systems has become a hot issue that enterprises, users and researchers are concerned about. [0003] Access control is a core technology that determines whether users can access sensitive informat...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L9/32H04L29/06
Inventor 韩伟力申晨光孙宸郑立荣
Owner FUDAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap