The embodiments described herein relate generally to electronic authentication for access to computing resources, and more particularly, to devices and methods for threat-based authentication.
An increase in the capabilities of electronic devices has led to a large expansion in the manner in which such electronic devices are used. In some instances, personal and/or otherwise sensitive information (or data representing such information) can be accessed through the use of an electronic device and in general, such information is meant to be accessed by a single user or a select group of users, while access to that information by users other than the user of the select group of users is restricted. Thus, some systems and/or devices can authenticate the identity of a user based on a set of credentials. In most cases, authentication is based on at least one of “what you have,” “what you know,” or “what you are.” For example, a user can be authenticated using a “what you have” method via an electronic device, a magnetic device, or combination thereof such as, a mobile electronic device (e.g., a smartphone, tablet, ultrabook, laptop, personal digital assistant (PDA), etc.), a key fob, a card or the like including a magnetic and/or electromagnetic component, etc.; a user can be authenticated using a “what you know” method via input of a user password, personal identification number (PIN), unique pattern on a touch screen, answer to a question, and/or the like; and a user can be authenticated using a “what you are” method via an input of, for example, biometric data such as a fingerprint scan, an electrocardiogram (EKG), a retina scan, gait characteristics, and/or the like.
In some instances, access to, for example, an at least partially restricted physical entity (e.g., location, building, section or room within a building, etc.), data, network, and/or the like may be based on the authentication of one or a combination of active (e.g., a input of a user password, PIN, or other credential via a set of keystrokes, voice command, touch screen inputs, mouse clicks, etc.) and/or passive (e.g., a biometric reading, gait characteristics, internet protocol (IP) address, geolocation, time, historical patterns, and/or the like) credentials associated with a user. In an effort to mitigate the risk of unauthorized access, some systems may provide access based on multiple active and/or passive authentication modes. For example, some such systems can use a string of Boolean expressions to define an authentication mode. Such Boolean expressions, however, can be complex and/or difficult to manage when scaled to include a larger number of inputs.
In some instances, a system can use, for example, risk-based authentication (RBA) methods to mitigate the risk of unauthorized access. Such RBA methods are based on a risk profile associated with a user, a device, and/or a physical entity in which, higher risk is associated with increased and/or more challenging authorization methods. Such systems can have relatively high false positive and/or false negative results. Moreover, some such RBA methods do not determine, define, and/or compute why or what characteristics influenced a given risk score, rather an output is simply a value.
Thus, a need exists for improved apparatus and methods for threat-based authentication.