Browse Prior Art Database

System and Method for step-up/multi-factor authentication leveraging mobile device management analytics

IP.com Disclosure Number: IPCOM000241524D
Publication Date: 2015-May-08
Document File: 4 page(s) / 59K

Publishing Venue

The IP.com Prior Art Database

Abstract

The password based user authentication method has been the victim of hacker throughout and there is a constant challenge to make the overall authentication more secure. Usual approach taken by industry is to add another factor to it by asking set of static questions to the user. Most of the present day second-factor authentication questions asked to the user are pretty much static in nature. For example - Where is your native place? Which was the first vehicle you owned? What was the name of your school you first attended?

With the existing scheme of authentication method, challenge-secret pair used to authenticate a person is pre determined and remains constant for comparatively longer duration. So a hacker/insider with some social engineering can get access to such information making the authentication mechanism a weak system.

The present article overcomes the weakness of the existing user authentication system leveraging mobile device management capabilities in conjunction with the Identity and access management solution. The technique make use of analytics engine - 'Dynamic Security Challenge Generator (DSCG)' to generate the dynamic challenge question-secret pair based on the user behavior captured from Mobile Device Management(MDM) or end point management. The method retains the user experience by combining the capability to automate the process of answering dynamic question.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 35% of the total text.

Page 01 of 4

System and Method for step-up/multi-factor authentication leveraging mobile device management analytics

Multi-factor authentication (MFA) is an approach to authentication where two or more of the three independent authentication factors are used: a knowledge factor ("something only the user knows"), a possession factor ("something only the user has"), and an inherence factor ("something only the user is"). After presentation of the challenges, each factor must be validated by the other party for authentication to occur.

Most of the present day second-factor authentication questions asked to the user are pretty much static in nature. The user has the option to change his/her security questions with the system. But once set these questions are fairly static and the system will use a subset of these questions to authenticate the user. So a hacker/insider with some social engineering can get access to such information making the authentication mechanism a weak system. Also increasing the number of static questions to the user authentication does not really defend against hacker but makes hacker's

job little difficult and time consuming!

The existing technique makes the overall scheme of authentication vulnerable and provide a large window of time for hacker to make a targeted attempt to get unauthorized access to these secret questions.

The proposed method, apply the combined capabilities of traditional endpoint, mobile device, mobile device management (MDM), access manager and analytics to achieve the higher degree authentication. The authentication technique described here is used as an additional factor to strengthen the existing authentication solution. The data generated from mobile device are captured in MDM and this data becomes the source for our Dynamic Security Challenge Generator (DSCG) to generate the dynamic challenge question. Access management system make a query to DSCG analytics engine and receive a dynamically generated challenge-secret pair which is further used by access management system to authenticate the user over mobile device.

The example challenge-questions are:

Name the last mobile application installed on your device?

What is the most frequent phone number called from this device?

Name the wifi network that you are usually connect to?

Input the date when you last accessed the ABC application.?

Which country/location you visited on a particular date?

What is the version of your device's Operating system ? When was it updated last?

List three countries you visited last year ? (provided the time period for DSCG was set for more than 1 year)

Below diagram explains a representative use case on how our solution would work. The process of authentication assumes the endpoint management / MDM would regularly be collecting the device and app data of interest for enterprise Mobile Device Management solution.

1


Page 02 of 4


1.

User try to access the protected application from the device which is pre-registered in the...