公开(公告)号：US08832790B1

公开(公告)日：2014-09-09

申请号：US13720404

申请日：2012-12-19

Applicant: EMC Corporation

Inventor： Yael Villa ,  Alon Kaufman ,  Marcelo Blatt

IPC: H04L9/32

CPC classification number: H04L63/123 ,  G06F21/31 ,  G06F21/316 ,  G06Q40/02

Abstract: There is disclosed some techniques for processing an authentication request which includes a user identifier and current user data. In one example, the technique comprises receiving the authentication request at an adaptive authentication system which includes a database having a set of entries with each entry of the set of entries including an identifier and previous user data in connection with previous authentication requests. The adaptive authentication system being constructed and arranged to perform an adaptive authentication operation on the authentication request as well as an unsupervised machine learning operation on the authentication request.

Abstract translation: 公开了一种用于处理认证请求的技术，其包括用户标识符和当前用户数据。 在一个示例中，该技术包括在自适应认证系统处接收认证请求，所述自适应认证系统包括具有一组条目的数据库，该组条目包括与先前认证请求相关联的标识符和先前用户数据的条目集合的每个条目。 自适应认证系统被构造和布置成对认证请求执行自适应认证操作，以及针对认证请求的无监督机器学习操作。

公开(公告)号：US09560027B1

公开(公告)日：2017-01-31

申请号：US13852187

申请日：2013-03-28

Applicant: EMC Corporation

Inventor： Eyal Kolman ,  Alon Kaufman ,  Yael Villa ,  Alex Vaystikh ,  Ereli Eran ,  Liron Liptz

IPC: G06Q40/02 ,  H04L29/06

CPC classification number: H04L63/08 ,  H04W4/027 ,  H04W12/06

Abstract: There is disclosed some techniques for processing an authentication request. In one example, a method comprises the step of determining the velocity between authentication requests of a user associated with the requests. Additionally, the method determines the likelihood that a location associated with one of the requests is associated with the user location. Furthermore, the method generates an authentication result based on the likelihood that a location associated with one of the requests is associated with the user location.

Abstract translation: 公开了一些用于处理认证请求的技术。 在一个示例中，方法包括确定与请求相关联的用户的认证请求之间的速度的步骤。 此外，该方法确定与一个请求相关联的位置与用户位置相关联的可能性。 此外，该方法基于与一个请求相关联的位置与用户位置相关联的可能性来生成认证结果。

公开(公告)号：US09558346B1

公开(公告)日：2017-01-31

申请号：US13903390

申请日：2013-05-28

Applicant: EMC Corporation

Inventor： Eyal Kolman ,  Alon Kaufman ,  Yael Villa ,  Alex Vaystikh ,  Ereli Eran

IPC: G06F21/50 ,  G06F21/55 ,  G06F21/51 ,  G06F21/57

CPC classification number: G06F21/50 ,  G06F21/51 ,  G06F21/552 ,  G06F21/554 ,  G06F21/57 ,  G06F21/577 ,  G06F2221/2101 ,  H04L63/1441

Abstract: An information processing system implements a security system. The security system comprises a classifier configured to process information characterizing events in order to generate respective risk scores, and a data store coupled to the classifier and configured to store feedback relating to one or more attributes associated with an assessment of the risk scores by one or more users. The classifier is configured to utilize the feedback regarding the risk scores to learn riskiness of particular events and to adjust its operation based on the learned riskiness, such that the risk score generated by the classifier for a given one of the events is based at least in part on the feedback received regarding risk scores generated for one or more previous ones of the events.

Abstract translation: 信息处理系统实现安全系统。 安全系统包括分类器，其被配置为处理表征事件的信息以产生相应的风险分数;以及数据存储，其耦合到分类器并且被配置为存储与风险评分的评估相关联的一个或多个属性的反馈， 更多用户 分类器被配置为利用关于风险分数的反馈来学习特定事件的风险，并且基于所学习的风险来调整其操作，使得分类器为给定的一个事件产生的风险评分至少基于 部分收到关于为一个或多个以前的事件产生的风险分数的反馈。

公开(公告)号：US09160726B1

公开(公告)日：2015-10-13

申请号：US13931151

申请日：2013-06-28

Applicant: EMC Corporation

Inventor： Alon Kaufman ,  Marcelo Blatt ,  Alex Vaystikh ,  Triinu Magi Shaashua ,  Yael Villa

IPC: G06F17/30 ,  H04L29/06

CPC classification number: H04L63/08

Abstract: Authentication systems are provided that select an authentication method to be applied to a given transaction from among a plurality of available authentication methods based on risk reasoning. An authentication request from an authentication requestor for a given transaction is processed by receiving the authentication request from the authentication requester and selecting an authentication method to be applied to the given transaction from among a plurality of available authentication methods based on an evaluation of one or more predefined risk reasons with respect to the available authentication methods. The predefined risk reasons associated with a given transaction comprise, for example, a set of risk reasons that contribute to a risk score that has been assigned to the given transaction. The evaluation may employ one or more of rule-based, heuristic and Bayesian techniques.

Abstract translation: 提供认证系统，其基于风险推理从多个可用认证方法中选择要应用于给定交易的认证方法。 通过从认证请求者接收认证请求来处理来自给定事务的认证请求者的认证请求，并且基于一个或多个的评估从多个可用认证方法中选择要应用于给定交易的认证方法 关于可用认证方法的预定义风险原因。 与给定交易相关联的预定风险原因包括例如有助于已经分配给给定交易的风险分数的一组风险原因。 评估可以采用基于规则，启发式和贝叶斯技术中的一种或多种。

公开(公告)号：US08850537B1

公开(公告)日：2014-09-30

申请号：US13628624

申请日：2012-09-27

Applicant: EMC Corporation

Inventor： Yedidya Dotan ,  Yael Villa ,  Boris Kronrod

IPC: H04L29/06

CPC classification number: H04L63/08 ,  G06F21/31 ,  G06F21/46

Abstract: An improved technique involves automatically producing a set of KBA questions using values of attributes associated with correctly answered questions. A KBA question server obtains such attribute values from a prior set of pilot questions taken from users who were successfully authenticated. Examples of attributes include a source of facts in a question, placement of facts in a question, and question structure. The KBA question server then generates optimal formatting rules based on the attribute values; such formatting rules define a relationship between facts used to derive KBA questions and the words used to express the KBA questions to users. The KBA question generator then produces KBA questions according to the formatting rules.

Abstract translation: 改进的技术涉及使用与正确回答的问题相关联的属性的值自动产生一组KBA问题。 KBA问题服务器从先前成功验证的用户的一组先导问题中获取这样的属性值。 属性的例子包括一个问题中的事实来源，问题中的事实布置以及问题结构。 然后，KBA问题服务器基于属性值生成最佳格式化规则; 这种格式规则定义了用于导出KBA问题的事实与用于向用户表达KBA问题的单词之间的关系。 然后，KBA问题生成器根据格式规则生成KBA问题。

公开(公告)号：US09509688B1

公开(公告)日：2016-11-29

申请号：US13801103

申请日：2013-03-13

Applicant: EMC Corporation

Inventor： Triinu Magi Shaashua ,  Alon Kaufman ,  Yael Villa

IPC: H04L29/06

CPC classification number: H04L63/0861 ,  H04L63/101 ,  H04L63/1408

Abstract: A technique provides malicious identity profiles. The technique involves storing unsuccessful authentication entries in a database, the unsuccessful authentication entries including (i) descriptions of failed attempts to authenticate users and (ii) biometric records captured from the users during the failed attempts to authenticate the users. The technique further involves generating a set of malicious identity profiles based on the descriptions and the biometric records of the unsuccessful authentication entries stored in the database. Each malicious identity profile includes a profile biometric record for comparison with new biometric records during new authentication attempts. The technique further involves outputting the set of malicious identity profiles. Such a set of malicious identity profiles is well suited for use in future authentication operations, i.e., well suited for predicting intruder attacks and fraud attempts, and for sharing risky identities among authentication systems (e.g., among different security products within a cybercrime detection network).

Abstract translation: 一种技术提供恶意身份简档。 该技术涉及在数据库中存储不成功的认证条目，不成功的认证条目包括（i）对用户进行身份验证的失败尝试的描述，以及（ii）在用户认证失败尝试期间从用户捕获的生物特征记录。 该技术还涉及基于存储在数据库中的不成功认证条目的描述和生物特征记录来生成一组恶意身份简档。 每个恶意身份资料包括一个配置文件生物识别记录，用于在新的身份验证尝试期间与新的生物特征记录进行比较。 该技术还包括输出该组恶意身份简档。 这样的一组恶意身份描述文件非常适合在将来的认证操作中使用，即非常适合于预测入侵者攻击和欺诈尝试，以及在认证系统之间共享风险身份（例如，在网络犯罪检测网络内的不同安全产品之间） 。

公开(公告)号：US09130985B1

公开(公告)日：2015-09-08

申请号：US13931830

申请日：2013-06-29

Applicant: EMC Corporation

Inventor： Eyal Kolman ,  Alon Kaufman ,  Yael Villa ,  Alex Vaystikh ,  Ereli Eran ,  Eyal Yehowa Gruss

IPC: G06F7/00 ,  H04L29/06 ,  G06F17/30 ,  G06N5/02

CPC classification number: H04L63/1433 ,  G06F7/00 ,  G06F17/30 ,  G06F21/44 ,  G06F2221/2129 ,  G06N5/02 ,  G06N7/005 ,  H04L63/0876 ,  H04L63/205

Abstract: Data driven device detection is provided, whereby a device is detected by obtaining a plurality of feature values for a given device; obtaining a set of device attributes for a plurality of potential devices; calculating a probability value that the given device is each potential device within the plurality of potential devices; identifying a candidate device associated with a maximum probability value among the calculated probability values; and labeling the given device as the candidate device if the associated maximum probability value satisfies a predefined threshold. The predefined threshold can be a function, for example, of whether the given user has previously used this device. The obtained feature values can be obtained for a selected set of features satisfying one or more predefined characteristic criteria. The device attributes can be obtained, for example, from a profile for each of the plurality of potential devices.

Abstract translation: 提供数据驱动装置检测，由此通过获得给定装置的多个特征值来检测装置; 获得一组用于多个潜在设备的设备属性; 计算所述给定设备是所述多个潜在设备内的每个潜在设备的概率值; 识别在所计算的概率值中与最大概率值相关联的候选设备; 以及如果所述相关联的最大概率值满足预定阈值，则将所述给定设备标记为候选设备。 预定义的阈值可以是例如给定用户先前使用该设备的功能。 可以针对满足一个或多个预定特征标准的所选择的特征集获得所获得的特征值。 可以例如从多个潜在设备中的每一个的配置文件获得设备属性。

公开(公告)号：US09601000B1

公开(公告)日：2017-03-21

申请号：US14039875

申请日：2013-09-27

Applicant: EMC Corporation

Inventor： Eyal Gruss ,  Alex Vaystikh ,  Eyal Kolman ,  Alon Kaufman ,  Yael Villa ,  Ereli Eran

IPC: G08B23/00 ,  G06F11/00

CPC classification number: G06Q20/40 ,  G06F21/31 ,  G06F21/45 ,  G06F21/552 ,  G06Q20/4016 ,  G06Q20/405

Abstract: A technique provides alert prioritization. The technique involves selecting attributes to use as alert scoring factors. The technique further involves updating, for an incoming alert having particular attribute values for the selected attributes, count data to represent encounter of the incoming alert from perspectives of the selected attributes. The technique further involves generating an overall significance score for the incoming alert based on the updated count data. The overall significance score is a measure of alert significance relative to other alerts. Scored alerts then can be sorted so that investigators focus on the alerts with the highest significance scores. Such a technique is well suited for adaptive authentication (AA) and Security Information and Event Management (SIEM) systems among other alert-based systems such as churn analysis systems, malfunction detection systems, and the like.

公开(公告)号：US09355234B1

公开(公告)日：2016-05-31

申请号：US14039868

申请日：2013-09-27

Applicant: EMC Corporation

Inventor： Triinu Magi Shaashua ,  Alon Kaufman ,  Yael Villa

IPC: H04L29/06 ,  G06F21/32 ,  H04L29/08 ,  H04L12/58

CPC classification number: G06F21/32 ,  H04L51/32 ,  H04L63/0861 ,  H04L67/22

Abstract: An authentication technique involves obtaining, by processing circuitry, a set of suitability factors from a user device of a user. The authentication technique further involves performing, based on the set of suitability factors and by the processing circuitry, a selection operation which selects a set of suitable biometric methods to apply during authentication from available biometric methods which are available to the processing circuitry for use in authentication. The authentication technique further involves applying, after the set of suitable biometric methods is selected and by the processing circuitry, the set of suitable biometric methods during an authentication operation to determine whether the user is authentic. Accordingly, poorly suited biometric methods can be ruled out (i.e., made unavailable for use by authentication).

Abstract translation: 认证技术涉及通过处理电路从用户的用户设备获得一组适合性因素。 认证技术还包括基于适合性因素集合和处理电路来执行选择操作，该选择操作选择一组合适的生物测定方法以在可用的生物测定方法中从可用的生物测定方法中应用到用于认证的处理电路 。 认证技术还包括在认证操作中选择合适的生物测定方法集合之后，通过处理电路应用该组合适的生物测定方法来确定用户是否可信。 因此，可以排除不合适的生物测定方法（即，使得不能通过认证使用）。

公开(公告)号：US09122866B1

公开(公告)日：2015-09-01

申请号：US13889805

申请日：2013-05-08

Applicant: EMC Corporation

Inventor： Eyal Kolman ,  Alon Kaufman ,  Yael Villa

IPC: G06F7/04 ,  G06F21/45 ,  G06F21/31

CPC classification number: G06F21/46

Abstract: There is disclosed some techniques for selecting a user authentication challenge. In one example, the method comprises the steps of receiving an authentication request to authenticate a user and selecting a user authentication challenge to issue to the user in response to receiving the authentication request. The selection of the user authentication challenge comprises selecting a user authentication challenge among a plurality of user authentication challenges based on the cost effectiveness of the respective user authentication challenges and characteristics of the authentication request.

Abstract translation: 公开了一些用于选择用户认证挑战的技术。 在一个示例中，该方法包括以下步骤：响应于接收到认证请求，接收认证请求以认证用户并选择用户认证挑战以向用户发布。 用户认证挑战的选择包括基于各个用户认证挑战的成本效益和认证请求的特性来选择多个用户认证挑战中的用户认证挑战。