CN116457781A - Method and apparatus for multi-factor authentication system - Google Patents

Abstract

A method for implementing error minimization factor fusion in an automatic multi-factor authentication system is provided. The method includes, for each authentication factor, receiving an identity of a principal of an authentication request assigned to an authentication system. The method further comprises, for each authentication factor: adjusting the confidence score of the identity based on the authentication factor specific trust score, thereby obtaining an adjusted confidence score value of less than 1 and having a corresponding uncertainty value; applying a pessimistic uncertainty model to the adjusted confidence scores to generate pessimistic deterministic scores for each identity; an optimistic uncertainty model is applied to the adjusted confidence scores to generate an optimistic uncertainty score for each identity, wherein the optimistic uncertainty model assigns a portion of the uncertainty value to the most likely identity based on the authentication factor. The method further comprises the steps of: for each identity, an average is made between the pessimistic deterministic score and the optimistic deterministic score of the identity to generate an average confidence score for each identity.

Description

Method and apparatus for multi-factor authentication system

Technical Field

The present invention generally relates to the field of automated multi-factor authentication systems.

Background Art

In recent decades, multi-factor authentication systems have become increasingly popular in several areas where data security is required (e.g., social networks, Internet of Things (IoT) applications, banking services, e-commerce applications, etc.), which employ authentication techniques to prevent potential breaches. A multi-factor authentication system determines the identity of an entity by evaluating the authentication factors presented in an authentication request made by or on behalf of the entity. Typically, such an authentication system requires multiple authentication factors (i.e., multiple credentials from the entity) in order to accurately authenticate the identity of the entity. For example, a multi-factor authentication system can use both fingerprints and numeric passwords for authentication.

However, there are some limitations in the existing authentication technology in the existing multi-factor authentication system. First, when more than two authentication factors are used, the existing authentication technology is inaccurate and inefficient in correctly verifying the identity of the entity. For example, when the multi-factor authentication system is applied to a given IoT application, one or more authentication factors are added or deleted for the given IoT application over time, and the decision error rate of the IoT application is high. Generally, the existing authentication system is designed according to one or more authentication factors of a specific type. The design is based on hard-wired technology and algorithms and is only used for one or more specific authentication purposes. Secondly, the existing authentication technology is not suitable for supporting a mixture of authentication factors of different types (i.e., categories) when verifying the identity of the entity (e.g., a mixture of binary authentication factors and biometric authentication factors). For example, when authenticating an entity, if one of the authentication factors has a confidence score of 100%, the authentication factor is superior to other authentication factors, resulting in unfair fusion of multiple authentication factors in the multi-factor authentication system. Therefore, the decision based on the inefficient authentication using such unfair factor fusion is inaccurate and has a high decision error rate.

Existing authentication techniques in existing multi-factor authentication systems do not support fair factor fusion, resulting in inaccurate decisions in real-world applications such as IoT applications. In one example, a veto voting authentication technique based on an exact match between all authentication factors is currently used for authentication systems with low or zero false rejection rates. However, this technique is prone to extreme error rates, which increase as more authentication factors are added. In another example, a Bayesian network authentication technique based on a weighted joint probability distribution is currently used for authentication systems with low uncertainty and well-defined factor dependencies. However, this technique is based on static empirical data, is only suitable for certain authentication purposes, and is prone to quality degradation under changing conditions. In yet another example, a weighted voting authentication technique based on the sum of the authentication confidence score multiplied by the source weight is used for authentication systems with the same type of dependent authentication factors (e.g., replication to achieve reliability and denoising). However, this technique has a rough weight distribution, bias, blind spots (i.e., overweight), does not track changes, and is sensitive to misconfiguration. In yet another example, a subjective logic authentication technique based on a complex probabilistic model of trust, uncertainty, and distrust is used for an authentication system with a well-defined uncertainty measurement. However, this technique is limited in use because existing sensors do not support inputs based on trust, uncertainty, and distrust. In addition, this technique is only optimized for two authentication factors. In another example, a custom artificial intelligence (AI) authentication technique based on a machine learning algorithm is used for an authentication system with a large amount of empirical data and requires more computing resources. However, this technique is hard-coded, prone to high latency, heavy load (and therefore not suitable for applications such as IoT applications), and requires a lot of training and retraining.

Therefore, based on the above discussion, there is a need to overcome the above-mentioned shortcomings associated with existing authentication techniques in existing multi-factor authentication systems.

Summary of the invention

The present invention is directed to providing embodiments of a method and apparatus for error-minimizing factor fusion in an automated multi-factor authentication system. The present invention is directed to providing a solution to the following existing problems: only a limited number and specific types of one or more authentication factors and/or one or more specific authentication purposes are supported, and the unfair fusion of different types of authentication factors associated with existing authentication technologies, which further leads to inaccurate decisions. The purpose of the present invention is to provide a solution that at least partially overcomes the problems encountered in the prior art, and to provide a method and apparatus that is efficient, accurate and reliable in performing authentication by achieving fair fusion of multiple authentication factors in a multi-factor authentication system.

The objects of the invention are achieved by what is presented in the attached independent claim. Advantageous implementations of the invention are further defined in the dependent claims.

In a first aspect, the present invention provides a method for an automatic multi-factor authentication system. The method comprises: for each of at least two authentication factors, receiving an identity of a subject of an authentication request assigned to the authentication system for the corresponding authentication factor, the identity having an associated confidence score or an absolute identity with an implicit confidence score of 1. The method further comprises, for each authentication factor: adjusting the confidence score assigned to the identity for the authentication factor based on an authentication factor-specific trust score reflecting the reliability of the corresponding authentication factor to obtain an adjusted confidence score value less than 1, each adjusted confidence score having a corresponding uncertainty value, namely 1 minus the adjusted confidence score value; applying a pessimistic uncertainty model to the adjusted confidence scores to generate a pessimistic certainty score for each identity; applying an optimistic uncertainty model to the adjusted confidence scores, the optimistic uncertainty model assigning a portion of the uncertainty value to the identity considered most likely based on the authentication factor to generate an optimistic certainty score for each identity. Thereafter, the method includes, for each identity, averaging between the pessimistic certainty score and the optimistic certainty score for the identity to generate an average confidence score for each identity.

The method provides fair fusion of multiple authentication factors. Here, the adjustment of the confidence score of the identity is based on the authentication factor specific trust score to promote fair and efficient authentication factor fusion. In this case, the decision accuracy of the multi-factor authentication system will be improved, and when applied to multiple application fields (such as IoT applications), such a system can reduce the rate of wrong decisions. The method is very suitable for supporting a mixture of different categories of authentication factors (specifically a mixture of binary authentication factors and biometric authentication factors) when authenticating the identity of the subject. The method is not limited to any specific number or type of one or more authentication factors and/or one or more specific authentication purposes, and can be reliably used in real-world applications (e.g., IoT-based applications).

In a first possible implementation manner of the first aspect, each of the at least two authentication factors is used to authenticate any one of a plurality of identities.

By using each of the at least two authentication factors in this manner, the identity of the principal is accurately authenticated as a known identity from the plurality of identities.

In a second possible implementation manner of the first implementation manner, each of the at least two authentication factors is further used to identify the subject as an unknown identity different from each of the multiple identities.

In a third possible implementation of the second implementation, the optimistic uncertainty model is calculated for each authentication factor based on an observation vector w _i , each observation vector w _i being a pair of an observed identity and an adjusted confidence, and for each observation w _i and each identity m _j , P _optimistic (w _i | m _j ) is calculated:

IF identity _i = m _j :

ELSE:

Unknown identity:

For each identity m _j , calculate the identity probability P _optimistic (m _j |{ _wi }):

Where UW is the unknown weight (configuration parameter), P = R + UW, R is the number of different observed identities, Accuracy _i = the adjusted confidence score assigned to the identity m _j of the subject by the correlation factor _wi .

Through the optimistic uncertainty model, the uncertainty value of each adjusted confidence score is effectively solved to obtain a realistic maximum bound on the uncertainty value. This maximum bound can estimate the true real-world value of the confidence score.

In a fourth possible implementation of the second implementation or the third implementation, the pessimistic uncertainty model is calculated for each authentication factor based on an observation vector w _i , each observation vector w _i being a pair of an observed identity and an adjusted confidence, and for each observation wi and each identity m _j , P _pessimistic (w _i | m _j ) is calculated:

IF identity _i = m _j :

P _pessimistic (w _i |m _j )＝Accuracy _i

ELSE:

Unknown identity:

For each identity m _j , calculate the identity probability P _pessimistic (m _j |{ _wi }):

Where UW is the unknown weight (configuration parameter), P = R + UW, R is the number of different observed identities, Accuracy _i = the adjusted confidence score assigned to the identity m _j of the subject by the correlation factor _wi .

Through the pessimistic uncertainty model, the uncertainty value of each adjusted confidence score is effectively solved to obtain a realistic minimum bound on the uncertainty value. This minimum bound can estimate the true real-world value of the confidence score.

In a fifth possible implementation manner of the fourth implementation manner of the third implementation manner, the averaging is performed by calculating an average of the pessimistic certainty score and the optimistic certainty score for each identity mj:

By averaging, the best estimate of the true value of the confidence score for each identity is obtained, because the true value of the confidence score for each identity lies between the pessimistic certainty score and the optimistic certainty score for each identity.

In a sixth possible implementation of the first aspect itself, or according to any one of the first to fifth implementations, one or more of the at least two authentication factors are biometric authentication factors.

Biometric authentication factors are based on the inherent biological attributes of the subject and therefore enable accurate authentication of the subject.

In a seventh possible implementation manner of the sixth implementation manner, one or more authentication factors of the at least two authentication factors are binary authentication factors.

Binary authentication factors are deterministic in nature and do not leave any ambiguity in authentication.

In an eighth possible implementation of the sixth implementation or the seventh implementation, the authentication factor-specific trust score of the biometric authentication factor is related to a spoof acceptance rate and an imposter acceptance rate of the biometric authentication factor.

An authentication factor-specific trust score is calculated for each authentication factor by taking into account the spoof acceptance rate and the imposter acceptance rate of the biometric authentication factor, thereby improving the accuracy of the trust score calculation and subsequently improving the authentication accuracy of the multi-factor authentication system.

According to the first aspect itself or any one of the first to eighth implementations, in a ninth possible implementation, the authentication factor-specific trust score of the authentication factor is related to a false acceptance rate of the authentication factor.

By considering the false acceptance rate in calculating the authentication factor specific trust score for each authentication factor, the accuracy of the trust score calculation is improved, and subsequently the authentication accuracy of the multi-factor authentication system is improved.

According to the first aspect itself or any one of the first to ninth implementations, in a tenth possible implementation, the authentication factor-specific trust score of the authentication factor is the product of a system security score, and the system security score is a measure of the strength and protection level of various aspects of the authentication system.

By taking into account the system security score used to calculate the authentication factor specific trust score for each authentication factor, the accuracy of the trust score calculation is improved, and subsequently the authentication accuracy of the multi-factor authentication system is improved.

In an eleventh possible implementation of the tenth implementation, aspects of the authentication system that measure strength and degree of protection include one or more of the following:

Proactive threat detection, system protection, sensitive data storage protection, network protection, connection protection, user authentication strength, and device credentials.

When the system security score is calculated by considering various aspects of the multi-factor authentication system, the system security score can be accurately estimated, which improves the accuracy of trust score calculation and authentication of the multi-factor authentication system.

In a second aspect, the present invention provides an apparatus, the apparatus comprising one or more processors and one or more computer-readable hardware storage devices, the one or more computer-readable hardware storage devices storing computer-executable instructions executable by the one or more processors. The computer-executable instructions cause the apparatus to: for each of at least two authentication factors, receive an identity assigned to a subject of an authentication request for the corresponding authentication factor, the identity having an associated confidence score or an absolute identity with an implicit confidence score of 1. In addition, the computer-executable instructions cause the apparatus to: for each authentication factor: adjust the confidence score of the identity based on an authentication factor-specific trust score reflecting the reliability of the corresponding authentication factor to obtain an adjusted confidence score value less than 1, each adjusted confidence score having a corresponding uncertainty value, namely 1 minus the adjusted confidence score value; apply a pessimistic uncertainty model to the adjusted confidence scores to generate a pessimistic certainty score for each identity; apply an optimistic uncertainty model to the adjusted confidence scores, the optimistic uncertainty model assigning a portion of the uncertainty value to the identity considered most likely based on the authentication factor for each authentication factor to generate an optimistic certainty score for each identity. Thereafter, the computer executable instructions cause the apparatus to, for each identity, average between the pessimistic certainty score and the optimistic certainty score for the identity to generate an average confidence score for each identity.

The device of the present invention realizes all the advantages and effects of the method of the present invention and can be easily implemented and used in a multi-factor authentication system.

In a first possible implementation manner of the second aspect, one or more of the at least two authentication factors are biometric authentication factors.

In a second possible implementation manner of the first implementation manner of the second aspect, one or more of the at least two authentication factors are binary authentication factors.

In a third possible implementation of the first or second implementation of the second aspect, the authentication factor-specific trust score of the biometric authentication factor is related to a spoof acceptance rate and an impostor acceptance rate of the biometric authentication factor.

According to the second aspect itself or any one of the first to third implementations of the second aspect, in a fourth possible implementation, each of the at least two authentication factors is used to authenticate any one of a plurality of identities.

In a fifth possible implementation manner of the fourth implementation manner of the second aspect, each of the at least two authentication factors is further used to identify the subject as an unknown identity different from each of the multiple identities.

In a sixth possible implementation of the fifth implementation of the second aspect, the optimistic uncertainty model is calculated for each authentication factor based on an observation vector w _i , each observation vector w _i is a pair of an observed identity and an adjusted confidence, and for each observation wi and each identity m _j , P _optimistic (w _i | m _j ) is calculated:

IF identity _i =m _i :

ELSE:

Unknown identity:

For each identity m _j , calculate the identity probability P _optimistic (m _j |{ _wi }):

Where UW is the unknown weight (configuration parameter), P = R + UW, R is the number of different observed identities, Accuracy _i = the adjusted confidence score assigned to the identity m _j of the subject by the correlation factor _wi .

In a seventh possible implementation manner of the fifth or sixth implementation manner of the second aspect, the pessimistic uncertainty model is calculated for each authentication factor based on an observation vector w _i , each observation vector w _i being a pair of an observed identity and an adjusted confidence, and for each observation w _i and each identity m _j , P _pessimistic (w _i |m _j ) is calculated:

IF identity _i = m _j :

P _pessimistic (w _i |m _j )＝Accuracy _i

ELSE:

Unknown identity:

For each identity m _j , calculate the identity probability P _pessimistic (m _j |{ _wi }):

Where UW is the unknown weight (configuration parameter), P = R + UW, R is the number of different observed identities, Accuracy _i = the adjusted confidence score assigned to the identity m _j of the subject by the correlation factor _wi .

In an eighth possible implementation manner of the seventh implementation manner of the sixth implementation manner of the second aspect, the averaging is performed by calculating an average of the pessimistic certainty score and the optimistic certainty score for each identity m _j :

According to the second aspect itself or any one of the first to eighth implementations of the second aspect, in a ninth possible implementation, the authentication factor-specific trust score of the authentication factor is related to a false acceptance rate of the authentication factor.

According to the second aspect itself or any one of the first to ninth implementations of the second aspect, in a tenth possible implementation, the authentication factor-specific trust score of the authentication factor is the product of a system security score, wherein the system security score is a measure of the strength and degree of protection of various aspects of the authentication system.

In an eleventh implementation of the tenth implementation of the second aspect, aspects of the authentication system that measure strength and degree of protection include one or more of the following:

Proactive threat detection, system protection, sensitive data storage protection, network protection, connection protection, user authentication strength, and device credentials.

Various implementations of the device achieve the advantages and effects of the corresponding implementations of the method.

It should be noted that all devices, elements, circuits, units and modules described in this application can be implemented in software or hardware elements or any type of combination thereof. All steps performed by various entities described in this application and the functions to be performed by various entities described are intended to refer to the corresponding entities for performing the corresponding steps and functions. Although in the description of the following specific embodiments, the specific functions or steps performed by external entities are not embodied in the description of the specific detailed elements of the entities performing the specific steps or functions, it should be clear to the technician that these methods and functions can be implemented by corresponding hardware or software elements or any combination thereof. It should be understood that, without departing from the scope of the present invention defined in the appended claims, various combinations of features of the present invention can be performed.

Additional aspects, advantages, features and objects of the present invention will become apparent from the accompanying drawings and detailed description of illustrative implementations which read in conjunction with the appended claims.

BRIEF DESCRIPTION OF THE DRAWINGS

The above summary of the invention and the following detailed description of illustrative embodiments may be better understood when read in conjunction with the accompanying drawings. In order to illustrate the present invention, exemplary structures of the present invention are shown in the accompanying drawings. However, the present invention is not limited to the specific methods and tools disclosed herein. In addition, it should be understood by those skilled in the art that the drawings are not drawn to scale. Where possible, the same elements are represented by the same numbers.

Embodiments of the present invention will now be described by way of example only with reference to the following drawings, in which:

1A and 1B show a flow chart of a method for an automatic multi-factor authentication system provided by an embodiment of the present invention;

FIG2 is a diagram of an exemplary scenario for generating an average confidence score according to an embodiment of the present invention;

FIG3 is a block diagram of the architecture of the device provided by an embodiment of the present invention;

FIG. 4 is a diagram showing the architecture of an automatic multi-factor authentication system provided by an embodiment of the present invention.

In the drawings, underlined numbers are used to indicate the item in which the underlined number is located or the item adjacent to the underlined number. Non-underlined numbers are associated with the item identified by the line linking the non-underlined number to the item. When a number is not underlined but has an associated arrow, the non-underlined number is used to identify the general item to which the arrow points.

DETAILED DESCRIPTION

The following detailed description describes embodiments of the invention and ways in which these embodiments may be implemented. Although some modes of implementing the invention have been disclosed, those skilled in the art will recognize that there may be other embodiments for implementing or practicing the invention.

1A and 1B show a flowchart of a method 100 for an automatic multi-factor authentication system according to an embodiment of the present invention. The method 100 includes steps 102, 104, 106, 108 and 110.

In step 102, method 100 includes receiving, for each of at least two authentication factors, an identity assigned to a subject of an authentication request of the multi-factor authentication system for the corresponding authentication factor, the identity having an associated confidence score or an absolute identity with an implicit confidence score of 1. In other words, in step 102, at least two identities corresponding to the at least two authentication factors are received, wherein one identity is assigned for one authentication factor.

Throughout the disclosure, the term "multi-factor authentication system" refers to an authentication system that verifies the identity of a subject by requiring authentication of multiple authentication factors. If multiple authentication factors are successfully verified, the identity of the subject is successfully verified, and vice versa. For example, instead of using only a single authentication factor (such as a password) to verify the identity of a user, a multi-factor authentication system uses other additional authentication factors, such as codes, answers to security questions, signatures, fingerprints, facial recognition, etc. It should be understood that a multi-factor authentication system provides multiple layers of security by using multiple authentication factors to verify the identity of a subject. Preferably, the number of authentication factors used is increased to reduce the risk of an intruder accessing critical data. For convenience only, the term "multi-factor authentication system" is referred to as the "authentication system" hereinafter.

Here, the term "subject" refers to an entity. Typically, the entity is a person, but it can be, for example, a non-human animal, such as a pet or livestock. Thus, for example, in a home environment, one could envision a pet access system based on passive biometrics to enable authorized pets (such as cats or dogs) to enter an enclosure (such as a residence) while preventing other animals (such as a neighbor's pet) from entering. Similarly, a livestock control system could manage the entry of livestock, such as cows into a milking facility, based on passive biometrics.

The subject can also be an inanimate object, for example, an autonomous drone that needs to deliver a specific package from one place to another. We can think of it as a postman drone. The drone flies to a designated location to pick up the package, but needs to be authenticated before carrying the package. It can authenticate itself based on location, visual aids, and can use other sensors.

As used herein, the term "authentication factor" refers to a credential used to authenticate the identity of a given subject of an authentication request. Examples of a given authentication factor may include, but are not limited to, a password (e.g., a numeric password, an alphanumeric password, a picture password, etc.), a pattern, an answer to a security question, a personal identification number (PIN), a software token, a personal identity verification (PIV) card, a biometric feature.

Here, the term "identity" refers to the fact or description that a subject is a specific entity. Identity can also be understood as the condition that a subject is the same as a specific entity associated with an authentication request.

As used herein, the term "authentication request" refers to a request to authenticate the identity of a subject. An authentication request may be issued by the subject of the request or may be issued automatically by a component or system - for example, in response to the presence of a subject/individual in a particular location or context. An authentication request is sent to an authentication system for authentication of the identity of the subject of the authentication request.

Each of the at least two authentication factors can be used to authenticate any one of the multiple identities. The multiple identities are associated with multiple subjects.

As an example, the at least two authentication factors may authenticate one of the multiple identities A1, A2, A3, A4, and A5. For example, the known identity A3 may be assigned to the subject for at least two authentication factors. In other words, the subject may be identified as the known identity A3.

Each of the at least two authentication factors may also be used to identify the subject as an unknown identity different from each of the multiple identities. In one embodiment, when no match for the submitted data is found in the reference data, the subject is identified as an unknown identity different from each of the multiple identities. The unknown identity is not from the multiple known identities.

Reference data related to multiple identities may be stored in a data repository. The term "data repository" refers to hardware, software, firmware, or a combination of these hardware, software, and firmware, for storing reference data in an organized (i.e., structured) manner to enable convenient storage, access (i.e., retrieval), updating, and analysis of the reference data. In one embodiment, the comparison between the submitted data and the reference data is performed at one or more front ends of the authentication system.

The term "confidence score" refers to a score that represents the confidence in the correctness of an assigned identity. In other words, the confidence score represents a measure of the confidence that identification has been correctly performed on a subject. When submitted data related to authentication factors is compared to reference data, a subject is identified (as a known identity or an unknown identity) and has a confidence score for such identification.

Regardless of how the information is encoded, the confidence score may be normalized to a range of 0 to 1. For purposes of the present invention, a low confidence score means that the identity assigned to the corresponding authentication factor has a low confidence, while a high confidence score means that the identity assigned to the corresponding authentication factor has a high confidence.

Herein, the term "absolute identity" refers to an identity assigned based on an authentication factor for which an input matches or does not match a reference - for example, an access token is recognized or not recognized, or a password matches or does not match. Thus, for example, when the authentication factor is a password, if the correct password of the subject is submitted, then the identity of the subject is assigned based on the password, and if the correct password of the subject is not submitted, then the identity of the subject is not assigned. Thus, if input data is submitted for an authentication factor that is recognized as either yes or no, then the recognition of the input data will make the assignment of identity for that authentication factor 100% certain: that is, the "implicit confidence score" will be 1. It will be recognized that such an authentication factor is a binary authentication factor. The term "binary authentication factor" refers to a type of authentication factor that is based on either fully identifying (such as yes, or true or pass) the identity of the subject or not identifying (such as no, false or fail) the identity of the subject. Binary authentication factors are based on only two states of authentication: successful authentication (i.e., full identification) or unsuccessful authentication (i.e., not identified). Binary authentication factors are inherently deterministic and do not leave any ambiguity in authentication. Examples of binary authentication factors include, but are not limited to, passwords, software tokens, personal identification numbers (PINs). Such binary authentication factors are associated with an implicit confidence score of one.

Preferably, one or more of the at least two authentication factors are biometric authentication factors. The term "biometric authentication factor" refers to a type of authentication factor based on physiological and/or behavioral characteristics of a subject. A biometric authentication factor is based on an inherent biological attribute of a subject. Examples of biometric authentication factors include, but are not limited to, fingerprints, thumbprints, palm prints, retinal patterns, iris patterns, voice patterns, blood vessel patterns, habitual behavior, facial patterns, signatures, typing rhythms.

In step 104, method 100 includes, for each authentication factor, adjusting the confidence score assigned to the identity for the authentication factor based on an authentication factor-specific trust score reflecting the reliability of the corresponding authentication factor to obtain an adjusted confidence score value less than 1, each adjusted confidence score having a corresponding uncertainty value, namely 1 minus the adjusted confidence score value.

Known decision-making systems based on multi-factor authentication tend to have a considerable rate of false decisions when applied to real-world applications (e.g., Internet of Things (IoT) applications that are typically centered around biometric authentication systems). Existing methods of the system are not suitable for supporting a mixture of authentication factors of different categories (e.g., a mixture of biometric authentication factors and binary authentication factors). This can be attributed to the fact that when the confidence score of one of the authentication factors is 1, it tends to outperform other authentication factors. For example, a binary authentication factor with a confidence score of 1 outperforms the biometric authentication factor. This makes the collaboration of authentication factors (i.e., authentication factor fusion) unfair and inefficient. Therefore, in step 104, an adjustment of the confidence score of each authentication factor is performed to provide a technical benefit of promoting fair and efficient fusion of at least two authentication factors. Such an adjustment brings the confidence score closer to its real-life probability. In this case, decisions using a multi-factor authentication system can be more accurate and reduce the rate of false decisions when applied to real-world applications.

It will be appreciated that method 100 is well suited to supporting a mix of different categories of authentication factors. It will also be appreciated that method 100 enables fair use of binary authentication factors in a multi-factor authentication system by reducing the implicit confidence of the binary authentication factor (i.e., 1). After this reduction, the binary authentication factor is continuous in nature (i.e., having a value within a range, rather than having only the extremes of the range). Biometric authentication factors are typically already continuous in nature. Method 100 is well suited to adjusting the confidence scores (including implicit confidence scores) of one or more authentication factors with administrative configurations (e.g., for authentication factor-specific trust scores) without any recalibration of method 100. This enables method 100 to effectively address the technical issues of inaccurate decisions associated with existing multi-factor authentication systems. Therefore, method 100 can be reliably used in real-world systems (e.g., IoT-based systems) associated with the multi-factor authentication system described herein.

The term "authentication factor specific trust score" refers to a synthetic parameter dynamically calculated based on an authentication factor to enable adjustment of the confidence score assigned to an identity for that authentication factor. This allows consideration of the trustworthiness of the authentication factor in terms of the confidence score. The authentication factor specific trust score can adjust the confidence score based on the security parameter. Here, for each identity, a corresponding authentication factor specific trust score is calculated to improve the confidence score to improve the accuracy of decisions using a multi-factor authentication system/multi-factor authentication system.

The authentication factor-specific trust score of the corresponding authentication factor may be calculated based on the static parameters and dynamic parameters of the corresponding authentication factor. The static parameters and the dynamic parameters include, for example, the reliability of the corresponding authentication factor, the protection level (i.e., security profile) of the corresponding authentication factor, the attacker exposure score of the corresponding authentication factor, etc. The static parameters and the dynamic parameters are determined by experts and/or provided by external sources (such as attacker monitoring systems). It should be understood that the static parameters of the corresponding authentication factor are pre-evaluated and the dynamic parameters of the corresponding authentication factor are regularly updated. The static parameters and the dynamic parameters may be collectively understood as security parameters.

The authentication factor specific trust score may be evaluated by the security auditor based on exemplary values of minimum protection, partial protection, or full protection associated with the corresponding authentication factor. In this case, the authentication factor specific trust score will be updated based on newly discovered weaknesses of the corresponding authentication factor (e.g., from the cloud). In order to achieve such an update, an active communication connection (e.g., an Internet connection) is required between the security auditor's device and the authentication system.

The trust score evaluator may provide a base authentication factor-specific trust score for each authentication factor based on the performance and evaluation of the protection level of the authentication factor in different categories. In this regard, the authentication factor-specific trust score will be evaluated for each component (e.g., algorithm, sensor, etc.) of the corresponding authentication factor. In this case, the authentication factor-specific trust score will be selected as the lowest authentication factor-specific trust score for the given component among the authentication factor-specific trust scores of all components.

An authentication factor-specific trust score for an authentication factor may be related to a false acceptance rate for that authentication factor. As used herein, the term "false acceptance rate" (FAR) refers to the number of instances in which a multi-factor authentication system erroneously accepts an input that would result in an unauthorized subject being authenticated. Typically, the FAR is the ratio of the number of false acceptances divided by the total number of unauthorized subject identification attempts. The FAR for an authentication factor indicates the reliability of that authentication factor. Using the FAR in calculating authentication factor-specific trust scores may improve the accuracy of such trust score calculations.

The authentication factor-specific trust score of an authentication factor may be related to the false rejection rate of the authentication factor. As used herein, the term "false rejection rate" (FRR) refers to the number of instances in which a multi-factor authentication system falsely rejects an input that would result in the authorized subject not being authenticated. Typically, the FRR is the ratio of the number of false identifications divided by the total number of authorized subject identification attempts.

The authentication factor-specific trust score of an authentication factor can be calculated as a function of the false acceptance rate and/or false rejection rate of the authentication factor. It should be understood that when the authentication factor-specific trust score is calculated based on the FAR and FRR, the accuracy (A) of the authentication system is improved. Therefore, the decision to use the authentication system and/or the decision of the authentication system is improved. Mathematically, A=f1(FAR, FRR). Using method 100, unlike existing multi-factor authentication systems, adding new independent authentication factors will continuously reduce the FRR in the multi-factor authentication system of the present invention.

The authentication factor-specific trust score of a biometric authentication factor can be related to the spoof acceptance rate and impostor acceptance rate of the biometric authentication factor. The term "spoof acceptance rate" (SAR) refers to the number of instances in which a multi-factor authentication system based on biometric authentication factors incorrectly accepts a record of an authorized subject to provide access rights to an unauthorized subject. This way of gaining access rights is often referred to as a spoof attack. Typically, SAR is the ratio of the number of spoof acceptances divided by the total number of spoof recognition attempts. In one example, for voice unlocking, the spoof acceptance rate will be related to instances in which a recorded sample of the subject's voice is used to unlock a device associated with the subject, such as a smartphone.

The term "imposter acceptance rate" (IAR) refers to the number of instances in which a multi-factor authentication system based on biometric authentication factors accepts imposter input that is intended to simulate a known input of an authorized principal. This use of imposter input to gain access is often referred to as an imposter attack. Typically, the IAR is the ratio of the number of imposter input acceptances divided by the total number of imposter identification attempts. In one example, for voice unlocking, the imposter acceptance rate will relate to instances in which a device associated with a principal is unlocked when an imposter attempts to imitate the principal's voice (using a similar tone and/or a similar accent).

The authentication factor-specific trust score of an authentication factor can be calculated as a function of a spoof acceptance rate and an imposter acceptance rate. Since different types of authentication factors are inherently different, they are associated with different SARs and IARs, which indicates the reliability of these authentication factors. Taking into account the SAR and IAR of the authentication factor, an accurate authentication factor-specific trust score of the authentication factor can be calculated. It should be understood that when the authentication factor-specific trust score of each authentication factor is calculated based on the SAR and IAR, the accuracy of the authentication system is improved. This can be attributed to the fact that the accuracy provided by considering the FAR and FRR is further improved (i.e., enhanced) by additionally considering the SAR and IAR. Mathematically, the improved accuracy A^＝A*f2(SAR,IAR). In other words, the accuracy of the multi-factor authentication system is improved even if a minimally accurate authentication factor is added to the system.

The authentication factor-specific trust score of an authentication factor is the product of a system security score, which is a measure of the strength and degree of protection of various aspects of a multi-factor authentication system. Herein, the term "system security score" refers to a score that indicates the security of static parameters and/or dynamic parameters of an authentication factor. Such a system security score for each authentication factor may be optionally assigned by a security expert. It should be understood that the system security score helps to assess the likelihood of an attack (e.g., a spoofing attack, an imposter attack, etc.) on a multi-factor authentication system.

The authentication factor-specific trust score of the authentication factor is preferably a function of the system security score and the improved accuracy of the authentication system, wherein the improved accuracy is based on measurements of FAR, FRR, SAR, and IAR. Mathematically, authentication factor-specific trust score = f(A^, S), where S is the system security score and A^ is the improved accuracy. Specifically, authentication factor-specific trust score = f1(FAR, FRR)*f2(SAR, IAR)*S. By using the system security score in calculating the authentication factor-specific trust score of the authentication factor, the accuracy of the trust score calculation is improved, and subsequently the authentication accuracy of the multi-factor authentication system is improved.

The authentication factor-specific trust score of the authentication factor may be calculated based on at least one of: a system security score, a common vulnerability scoring system (CVSS) score, a smart score, and the like.

Aspects of the multi-factor authentication system that measure its strength and degree of protection preferably include one or more of the following:

Proactive threat detection, system protection, sensitive data storage protection, network protection, connection protection, user authentication strength, and device credentials.

These aspects are of great significance for the effective operation of a multi-factor authentication system, and therefore, their strength and degree of protection are measured to accurately determine the system security score for each authentication factor. In the event of an attack on a multi-factor authentication system, it is unfortunate that at least one of the above aspects is compromised.

Exemplary values for the strength and degree of protection of various aspects of a multi-factor authentication system are shown in Table 1 below.

Table 1

The system security score is preferably calculated by considering one or more of these aspects of the multi-factor authentication system. In one embodiment, the system security score (S) is calculated using at least one mathematical formula, such as:

Among them, CategoryScore _i refers to a given degree of protection for a given aspect, a given strength for a given aspect. In the above formula, the index i varies from 1 to 11, corresponding to the 11 aspects mentioned in Table 1.

Turning again to the method of FIG. 1 , in step 104, the authentication factor-specific trust score is used in conjunction with the confidence score (initially reported for each authentication factor) to adjust the value of the confidence score. In this regard, for each authentication factor, the (initially reported) confidence score is multiplied by the authentication factor-specific trust score to obtain an adjusted confidence score. In one example, for a given authentication factor, given a confidence score of 0.8 (i.e., 80%) and an authentication factor-specific trust score of 0.7 (i.e., 70%), the adjusted confidence score is 0.56 (i.e., 56%). It should be understood that the adjusted confidence score is a more realistic confidence score for a binary authentication factor that otherwise has an implicit confidence score of 1. This helps multi-factor authentication systems to effectively collaborate biometric authentication factors and binary authentication factors to achieve fair and efficient authentication factor fusion and provide better security protection. In this way, untrusted authentication devices will not be able to have a significant impact on confidence scores and/or authentication-based decisions, even if the relevant authentication factor is binary.

It should also be understood that for at least two authentication factors, the adjusted confidence score value is less than 1, ensuring that no authentication factor is preferred over and inappropriately affects other authentication factors simply because of the high confidence assigned to the identity for that authentication factor. In addition, the "uncertainty value" of the adjusted confidence score is a measure of the uncertainty assigned to the identity for the corresponding authentication factor of the adjusted confidence score. This uncertainty may arise due to possible errors in assigning the identity. In the example above, for an adjusted confidence score of 0.56 (i.e., 56%), the uncertainty value would be 0.44.

In step 106, method 100 includes, for each authentication factor, applying a pessimistic uncertainty model to the adjusted confidence scores to generate a pessimistic certainty score for each identity. When a given identity is assigned to an authentication factor, such assigned uncertainty (represented by the uncertainty value corresponding to the adjusted confidence score for the given identity) will include the given identity. Therefore, for each authentication factor, the uncertainty is effectively resolved using the pessimistic uncertainty model. The pessimistic uncertainty model assumes that the uncertainty does not include the given identity. Thus, an adjusted confidence score value less than 1 corresponds to the given identity, while the uncertainty value does not correspond to the given identity. Therefore, the pessimistic uncertainty model is a minimum bound model. The pessimistic uncertainty model provides a realistic minimum bound on the uncertainty value, thereby further enabling an estimate of the true real-world value of the confidence score.

The pessimistic uncertainty model may be computed for each authentication factor based on an observation vector _wi , each observation vector _wi being a pair of an observed identity and an adjusted confidence, and for each observation _wi and each identity _mj , computing _Ppessimistic ( _wi | _mj ):

IF identity _i = m _j :

P _pessimistic (w _i |m _j )＝Accuracy _i

ELSE:

Unknown identity:

For each identity m _j , calculate the identity probability P _pessimistic (m _j |{ _wi }):

Where UW is an unknown weight (configuration parameter), P = R + UW, Accuracy _i = the adjusted confidence score assigned to the identity m _j of the subject by the correlation factor _wi .

In this regard, R is the number of different observed identities. For example, when six different identities are observed in six observations, R = 6. However, when only three different identities are observed in six observations, and these three different identities are repeated in two observations, R = 3.

It should be understood that the value of the unknown weight is dynamic and based on preliminary research. In addition, the unknown weight can be changed as needed to produce better results. The unknown weight is pre-set in the multi-factor authentication system as a configuration parameter. For example, if the unknown weight is 3, it means that the unknown identity will receive the weight of 3 identities in the uncertainty model calculation.

In a first example, there may be observation vectors, _w1 , _w2 , and _w3 , each observation being a pair of an observed identity and an adjusted confidence score for the observed identity, such as (John, 0.81), (Paul, 0.72), and (John, 0.49). Here, the identity John ( _m1 ) may be assigned to the subject by correlation factors _w1 and _w3 , while the identity Paul ( _m2 ) may be assigned to the subject by correlation factor _w2 . The unknown weight (UW) = 3, R = 2 (because the number of different observed entities is only 2, namely John and Paul). Therefore, the value is P = 2 + 3 = 5.

For the first authentication factor corresponding to _w1 , only the observed identity John is true.

For identity John,

P _pessimistic (w ₁ |m ₁ )＝Accuracy ₁ =0.81

For identity Paul,

For unknown identities,

For the second authentication factor corresponding to _w2 , only the observed identity Paul is true.

For identity John,

For identity Paul,

P _pessimistic (w ₂ |m ₂ )＝Accuracy ₂ =0.72

For unknown identities,

For the third authentication factor corresponding to _w3 , only the observed identity John is true.

For identity John,

P _pessimistic (w ₃ |m ₁ )＝Accuracy ₃ =0.49

For identity Paul,

For unknown identities,

Furthermore, the identity probability of identity John can be calculated as follows:

The identity probability of identity Paul can be calculated as follows:

The identity probability of an unknown identity can be calculated as follows:

These calculations of the first example are related to the calculation of the pessimistic model which is performed when applying the pessimistic uncertainty model to the adjusted confidence scores in step 106 of method 100. Thus, the identity probability _Ppessimistic ( _mj |{ _wi }) of an identity is the pessimistic certainty score of the identity.

In step 108, method 100 includes, for each authentication factor, applying an optimistic uncertainty model to the adjusted confidence score, the optimistic uncertainty model assigning a portion of the uncertainty value to the identity that is considered most likely based on the authentication factor to generate an optimistic certainty score for each identity. In this regard, for each authentication factor, the uncertainty value is effectively solved using the optimistic uncertainty model. As previously described, when a given identity is assigned to an authentication factor, such assigned uncertainty includes a portion for the given identity. The optimistic uncertainty model assumes that a portion of the uncertainty includes the given identity. In this case, the adjusted confidence score value that is less than 1 and the portion of the uncertainty value corresponds to the given identity, and the remaining portion of the uncertainty does not include the given identity. In other words, a portion of the uncertainty value is assigned to the identity that is considered most likely based on the authentication factor. Therefore, the optimistic uncertainty model is a maximum bound model. The optimistic uncertainty model provides a realistic maximum bound on the uncertainty value, thereby further enabling an estimate of the true real-world value of the confidence score.

The probability that a given identity is an authorized identity (i.e., a known identity) or an unauthorized identity (i.e., an unknown identity) can be calculated by using the concepts of Bayesian statistics and subjective logic. It should be understood that Bayesian probability calculation is not only applied to optimistic uncertainty models and pessimistic uncertainty models to support better (i.e., more accurate) score fusion of multiple authentication factors. In this way, at least two authentication factors can be efficiently used in the authentication system.

The optimistic uncertainty model may be computed for each authentication factor based on an observation vector _wi , each observation vector _wi being a pair of an observed identity and an adjusted confidence, and for each observation _wi and each identity _mj , P _optimistic ( _wi | _mj ) is computed:

IF identity _i = m _j :

ELSE:

Unknown identity:

For each identity m _j , calculate the identity probability P _optimistic (m _j |{ _wi }):

Where UW is an unknown weight (configuration parameter), P = R + UW, Accuracy _i = the adjusted confidence score assigned to the identity m _j of the subject by the correlation factor _wi .

Here, R is the number of different observed identities. The variables R and UW have been described in detail above in conjunction with the calculation of the pessimistic model.

Referring to and continuing with the first example below, for the first authentication factor corresponding to _w1 , only the observed identity John is true.

For identity John,

For identity Paul,

For unknown identities,

For the second authentication factor corresponding to w2, only the observed identity Paul is true.

For identity John,

For identity Paul,

For unknown identities,

For the third authentication factor corresponding to w3, only the observed identity John is true.

For identity John,

For identity Paul,

For unknown identities,

Furthermore, the identity probability of identity John can be calculated as follows:

The identity probability of identity Paul can be calculated as follows:

The identity probability of an unknown identity can be calculated as follows:

These calculations of the first example are related to the calculations of the optimistic model, which are performed when applying the optimistic uncertainty model to the adjusted confidence scores in step 108 of method 100. Thus, the identity probability P _optimistic ( _mj |* _wi }) of the identity is the optimistic certainty score of the identity.

In step 110, method 100 includes, for each identity, averaging between the pessimistic certainty score and the optimistic certainty score of the identity to generate an average confidence score for each identity. Typically, the true (i.e., realistic) value of the confidence score for each identity lies between the pessimistic certainty score (providing a minimum bound for the value) and the optimistic certainty score (providing a maximum bound for the value) for the identity. It should be appreciated that the average of the pessimistic certainty score and the optimistic certainty score provides a better estimate of the true value of the confidence score for the identity.

The averaging can be performed by computing, for each identity _mj, the average of the pessimistic certainty score and the optimistic certainty score

In this regard, P(* _wi }) provides the best estimate of the true value of the confidence score for each identity _mj .

Referring to and continuing with the first example, the average confidence score for the identity John is calculated as:

The average confidence score for identity Paul is calculated as:

Typically, the resulting score does not have to be directly compared to a threshold. It can be further adjusted based on the decision module, for example to take into account environmental factors, or adjusted to a certain safety level definition.

In one embodiment, the method 100 further comprises comparing the average confidence score of each identity with a predefined threshold and making a decision based on the comparison. In one embodiment, a decision module associated with the system performs the above-mentioned comparison and decision operations. According to one embodiment, the decision module is implemented on the authentication system. According to another embodiment, the decision module is implemented on an external system that is communicatively coupled to the authentication system.

The method 100 corresponds to an algorithm supporting fair authentication factor fusion to improve the accuracy of decisions based on multiple authentication factors provided as input. When the method 100 is used in an IoT-based system that is external to a multi-factor authentication system and communicatively coupled to or integrated with the multi-factor authentication system, the authentication accuracy in the IoT-based system is improved.

As will be appreciated by those skilled in the art, steps 106 and 108 may be performed simultaneously rather than sequentially.

Referring to FIG. 2 , an exemplary scenario 200 for generating an average confidence score provided by an embodiment of the present invention is shown. The exemplary scenario 200 corresponds to steps 106, 108, and 110 of method 100. An average confidence score is generated for an identity (ID) assigned to a subject called "John" for an authentication factor. Here, the confidence score of the authentication factor (associated with the identity "John") is 0.9 (i.e., 90%), and the authentication factor specific trust score (TSC) is 0.89 (i.e., 89%). Therefore, the adjusted confidence score of the subject "John" is 0.8 (the product of 0.9 and 0.89), which means that there is an 80% certainty that the subject's identity will be authenticated as "John", and there is a 20% uncertainty that the subject's identity will be authenticated as "John". The 20% uncertainty value associated with the adjusted confidence score will be solved to verify the identity of the subject "John". When the pessimistic uncertainty model is applied to the adjusted confidence score, a pessimistic certainty score of 0.8 (i.e., 80%) indicates that there is 80% certainty that the identity of the subject "John" will be authenticated as "John". There is 20% certainty that the identity of the subject "John" will be authenticated as "not John" because the pessimistic uncertainty model assumes that the 20% uncertainty does not include the subject "John". However, when the optimistic uncertainty model is applied to the adjusted confidence score, an optimistic certainty score of 0.84 (i.e., 84%) indicates that there is 84% certainty that the identity of the subject "John" will be authenticated as "John", where, for some portion of the 20% uncertainty (e.g., one-fifth portion), the optimistic uncertainty model assumes that the 20% uncertainty will include the subject "John". In the optimistic uncertainty model, the 20% uncertainty is evenly distributed between all categories of known identities and unknown identities. Given one known identity "John" and four unknown identities, the 20% uncertainty is divided by 5. Therefore, the 80% certainty of John is increased by an additional 4% uncertainty. In this case, the identity of subject "John" will be authenticated as "not John" with 16% certainty. The category of unknown identity accounts for four-fifths of the 20% uncertainty. The true confidence score for subject "John" is greater than 80% (determined using the pessimistic uncertainty model) and less than 84% (determined using the optimistic uncertainty model). Furthermore, after averaging the pessimistic and optimistic certainty scores for the identities, the average confidence score for subject "John" is equal to 82%.

Referring to FIG. 3 , a block diagram of the architecture of an apparatus 300 provided in an embodiment of the present invention is shown. The apparatus 300 includes one or more processors (described as processor 302) and one or more computer-readable hardware storage devices (described as computer-readable hardware storage devices 304). The one or more computer-readable hardware storage devices 304 store computer-executable instructions that can be executed by the one or more processors 302, and the computer-executable instructions enable the apparatus 300 to perform the following operations:

- for each of the at least two authentication factors, receiving an identity assigned to the subject of the authentication request for the respective authentication factor, said identity having an associated confidence score or being an absolute identity with an implicit confidence score of 1;

For each authentication factor:

- adjusting the confidence score of the identity based on an authentication factor-specific trust score reflecting the reliability of the corresponding authentication factor to obtain an adjusted confidence score value less than 1, each adjusted confidence score having a corresponding uncertainty value of 1 minus the adjusted confidence score value;

- applying a pessimistic uncertainty model to the adjusted confidence scores to generate a pessimistic certainty score for each identity;

- applying an optimistic uncertainty model to the adjusted confidence scores, the optimistic uncertainty model assigning, for each authentication factor, a portion of the uncertainty value to the identity considered most likely based on the authentication factor to generate an optimistic certainty score for each identity; thereafter

- For each identity, average between the pessimistic certainty score and the optimistic certainty score for that identity to generate an average confidence score for each identity.

Herein, the term "processor" refers to hardware, software, firmware, or a combination of these. One or more processors 302 control the operation of the device 300. One or more processors 302 are communicatively coupled to one or more computer-readable hardware storage devices 304 in a wireless and/or wired manner. One or more processors 302 are used to perform the method 100 by executing computer-executable instructions stored on the one or more computer-readable hardware storage devices 304. Specifically, the one or more processors 302 are used to perform at least steps 102, 104, 106, 108, and 110 of the method 100.

The computer executable instructions stored in the one or more computer readable hardware storage devices 304 cause a series of steps (i.e., steps 102 to 110 of the method 100) to be performed to achieve fair authentication factor fusion. The one or more computer readable hardware storage devices 304 include, but are not limited to, electronic storage devices, magnetic storage devices, optical storage devices, electromagnetic storage devices, semiconductor storage devices, portable computer floppy disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), static random access memory (SRAM), portable compact disc read-only memory (CD-ROM), digital versatile disk (DVD), memory stick, floppy disk, mechanical encoding devices such as a punch card or a raised structure with instructions recorded in a groove, or any suitable combination thereof.

Referring to FIG. 4 , the architecture of an automatic multi-factor authentication system 400 provided by an embodiment of the present invention is shown. The multi-factor authentication system 400 includes the device 300. The multi-factor authentication system 400 is also shown to include a trust score evaluator 402, a decision module 404, and one or more sensors (described as sensors 406). In some implementations, the decision module 404 can be implemented in an external system. In this implementation, the decision module 404 is communicatively coupled to the device 300. As an example, the decision module 404 can be part of an IoT-based system, and can enable the decision module 404 to make effective and accurate decisions for IoT applications based on the authentication performed by the multi-factor authentication system 400. Similarly, each of the trust score evaluator 402 and the one or more sensors 406 can be implemented in an external system. In this implementation, the trust score evaluator 402 and the one or more sensors 406 are communicatively coupled to the device 300.

In one embodiment, the one or more sensors 406 are implemented as one or more of the following: a biometric sensor (e.g., a fingerprint scanner, a retinal scanner, a camera, a microphone, a touch-sensitive surface, etc.), an input device (e.g., a touch-sensitive smartphone, a computer, a digital assistant, etc.). In one embodiment, the one or more sensors 406 include at least two sensors, one sensor corresponding to one authentication factor. In one embodiment, the authentication request is received via the one or more sensors 406.

In conjunction with the method 100 , the various embodiments, operations, and variations disclosed above are applicable to the apparatus 300 mutatis mutandis.

In the apparatus 300, one or more of the at least two authentication factors may be a biometric authentication factor.

In the apparatus 300, one or more of the at least two authentication factors may be binary authentication factors.

In device 300, the factor-specific trust score of the biometric authentication factor can be correlated to the spoof acceptance rate and impostor acceptance rate of the biometric authentication factor.

In the apparatus 300, preferably, each of the at least two authentication factors is used to authenticate any one of the multiple identities.

In the apparatus 300, preferably, each of the at least two authentication factors is further used to identify the subject as an unknown identity different from each of the plurality of identities.

In the apparatus 300, an optimistic uncertainty model is preferably calculated for each authentication factor based on an observation vector _wi , each observation vector _wi being a pair of an observed identity and an adjusted confidence, and for each observation _wi and each identity _mj , P _optimistic ( _wi | _mj ) is calculated:

IF identity _i = m _j :

ELSE:

Unknown identity:

For each identity m _j , calculate the identity probability P _optimistic ( m _j |* w _i }):

Where UW is the unknown weight (configuration parameter), P = R + UW, R is the number of different observed identities, Accuracy _i = the adjusted confidence score assigned to the identity m _j of the subject by the correlation factor _wi .

In the apparatus 300, a pessimistic uncertainty model is preferably calculated for each authentication factor based on an observation vector _wi , each observation vector _wi being a pair of an observed identity and an adjusted confidence, and for each observation _wi and each identity _mj , _Ppessimistic ( _wi | _mj ) is calculated:

IF identity _i = m _j :

P _pessimistic (w _i |m _j )＝Accuracy _i

ELSE:

Unknown identity:

For each identity m _j , calculate the identity probability P _pessimistic ( m _j |* w _i }):

Where UW is the unknown weight (configuration parameter), P = R + UW, R is the number of different observed identities, Accuracy _i = the adjusted confidence score assigned to the identity m _j of the subject by the correlation factor _wi .

In apparatus 300, averaging is preferably performed by calculating, for each identity _mj, the average of the pessimistic certainty score and the optimistic certainty score.

In the apparatus 300, the factor-specific trust score of an authentication factor is preferably related to the false acceptance rate of that authentication factor.

In apparatus 300 , the factor-specific trust scores of the authentication factors are preferably the product of a system security score, which is a measure of the strength and degree of protection of various aspects of the authentication system 400 .

In the device 300, aspects of the authentication system 400 that measure its strength and degree of protection preferably include one or more of the following:

Proactive threat detection, system protection, sensitive data storage protection, network protection, connection protection, user authentication strength, and device credentials.

Without departing from the scope of the invention as defined by the appended claims, the embodiments of the invention described above may be modified. "Including", "combining", "having", "being", etc., used to describe and claim the present invention, are intended to be interpreted in a non-exclusive manner, that is, to allow items, components or elements that are not explicitly described to also exist. References to the singular should also be interpreted as involving the plural. The word "exemplary" used herein means "as an example, instance or illustration". Any embodiment described as "exemplary" is not necessarily interpreted as being more preferred or more advantageous than other embodiments, and/or excluding the combination of the features of other embodiments. The word "optionally" used herein means "provided in some embodiments and not provided in other embodiments". It should be understood that, for the sake of brevity of description, certain features of the present invention described in the context of a single embodiment may also be provided in combination in a single embodiment. On the contrary, the various features of the present invention described in the context of a single embodiment for the sake of brevity may also be provided separately, in any suitable combination, or suitable for any other described embodiment of the present invention.

Claims (24)

1. A method (100) for an automatic multi-factor authentication system (400), the method (100) comprising:

-for each of at least two authentication factors, receiving an identity of a principal of an authentication request given to the authentication system (400) for the respective authentication factor, the identity having an associated confidence score or being an absolute identity with an implicit confidence score of 1;

-for each authentication factor:

-adjusting the confidence score of the identity assigned to the authentication factor based on an authentication factor specific trust score reflecting the reliability of the respective authentication factor to obtain an adjusted confidence score value of less than 1, each adjusted confidence score having a corresponding uncertainty value, i.e. 1 minus the adjusted confidence score value;

-applying a pessimistic uncertainty model to the adjusted confidence scores to generate pessimistic certainty scores for each identity;

-applying an optimistic uncertainty model to the adjusted confidence scores, the optimistic uncertainty model assigning a portion of the uncertainty values to identities deemed most likely based on the authentication factors to generate an optimistic certainty score for each identity; thereafter

-for each identity, averaging between the pessimistic deterministic score and the optimistic deterministic score of the identity to generate an average confidence score for each identity.

2. The method (100) of claim 1, wherein each of the at least two authentication factors is used to authenticate any one of a plurality of identities.

3. The method (100) of claim 2, wherein each of the at least two authentication factors is further for identifying the principal as an unknown identity different from each of the plurality of identities.

4. The method (100) according to any one of the preceding claims, wherein the optimistic uncertainty model is based on an observation vector w for each authentication factor _i Calculated, each observation vector w _i Is the pair of observed identity and adjusted confidence, and for each observation w _i And each identity m _j Calculate P _optimistic (w _i |m _j )：

IF identity _i ＝m _j :

ELSE:

Unknown identity:

for each identity m _j Calculating identity probability P _optimistic (m _j |*w _i +)：

Where UW is the unknown weight (configuration parameter), p=r+uw, R is the number of different observed identities, accuracy _i By a correlation factor w _i The identity m assigned to the principal _j Is provided.

5. The method (100) of claim 3 or 4, wherein the pessimistic uncertainty model is based on an observation vector w for each authentication factor _i Calculated, each observation vector w _i Is the pair of observed identity and adjusted confidence, and for each observation w _i And each identity m _j Calculate P _pessimistic (w _i |m _j )：

IF identity _i ＝m _j :

P _pessimistic (w _i |m _j )＝Accuracy _i

ELSE:

Unknown identity:

for each identity m _j Calculating identity probability P _pessimistic (m _j |*w _i +)：

Where UW is the unknown weight (configuration parameter), p=r+uw, R is the number of different observed identities, accuracy _i By a correlation factor w _i The identity m assigned to the principal _j Is provided.

6. The method (100) according to claim 5 when dependent on claim 4, wherein the averaging is by, for each identity m _j Computing an average of the pessimistic deterministic score and the optimistic deterministic score:

7. the method (100) according to any one of the preceding claims, wherein one or more of the at least two authentication factors are biometric authentication factors.

8. The method (100) of claim 7, wherein the authentication factor specific trust score of a biometric authentication factor is related to a spoof acceptance rate and an imposter acceptance rate of the biometric authentication factor.

9. The method (100) according to any one of the preceding claims, wherein one or more of the at least two authentication factors are binary authentication factors.

10. The method (100) according to any of the preceding claims, wherein the authentication factor specific trust score of an authentication factor relates to a false acceptance rate of the authentication factor.

11. The method (100) of any of the preceding claims, wherein the authentication factor specific trust score of an authentication factor is a product of a system security score, the system security score being a measure of strength and degree of protection of aspects of the authentication system (400).

12. The method (100) of claim 11, wherein aspects of the authentication system (400) that measure strength and protection level include one or more of:

active threat detection, system protection, sensitive data storage protection, network protection, connection protection, user authentication strength, and device credentials.

13. An apparatus (300), characterized in that it comprises:

one or more processors (302);

one or more computer-readable hardware storage devices (304) having stored thereon computer-executable instructions executable by the one or more processors (302) to cause the apparatus (300) to:

-for each of the at least two authentication factors, receiving an identity assigned to the principal of the authentication request for the respective authentication factor, the identity having an associated confidence score or being an absolute identity having an implicit confidence score of 1;

-for each authentication factor:

-adjusting the confidence scores of the identities based on an authentication factor specific trust score reflecting the reliability of the respective authentication factor to obtain adjusted confidence score values smaller than 1, each adjusted confidence score having a corresponding uncertainty value, i.e. 1 minus the adjusted confidence score value;

-applying a pessimistic uncertainty model to the adjusted confidence scores to generate pessimistic certainty scores for each identity;

-applying an optimistic uncertainty model to the adjusted confidence scores, the optimistic uncertainty model assigning, for each authentication factor, a portion of the uncertainty values to identities deemed most likely based on the authentication factor to generate an optimistic certainty score for each identity; thereafter

-for each identity, averaging between the pessimistic deterministic score and the optimistic deterministic score of the identity to generate an average confidence score for each identity.

14. The apparatus (300) of claim 13, wherein each of the at least two authentication factors is configured to authenticate any one of a plurality of identities.

15. The apparatus (300) of claim 14, wherein each of the at least two authentication factors is further configured to identify the principal as an unknown identity different from each of the plurality of identities.

16. The apparatus (300) of claim 15, wherein the optimistic uncertainty model is based on an observation vector w for each authentication factor _i Calculated, each observation vector w _i Is the pair of observed identity and adjusted confidence, and for each observation w _i And each identity m _j Calculate P _optimistic (w _i |m _j )：

IF identity _i ＝m _j :

ELSE:

Unknown identity:

for each identity m _j Calculating identity probability P _optimistic (m _j |*w _i +)：

Where UW is the unknown weight (configuration parameter), p=r+uw, R is the number of different observed identities, accuracy _i By a correlation factor w _i The identity m assigned to the principal _j Is provided.

17. The apparatus (300) of claim 15 or 16, wherein the pessimistic uncertainty model is based on an observation vector w for each authentication factor _i Calculated, each observation vector w _i Is the pair of observed identity and adjusted confidence, and for each observation w _i And each identity m _j Calculate P _pessimistic (w _i |m _j )：

IF identity _i ＝m _j :

P _pessimistic (w _i |m _j )＝Accuracy _i

ELSE:

Unknown identity:

for each identity m _j Calculating identity probability P _pessimistic (m _j |*w _i +)：

Where UW is the unknown weight (configuration parameter), p=r+uw, R is the number of different observed identities, accuracy _i By a correlation factor w _i The identity m assigned to the principal _j Is provided.

18. The apparatus (300) of claim 20 when dependent on claim 19, wherein the averaging is by, for each identity m _j Computing an average of the pessimistic deterministic score and the optimistic deterministic score:

19. the apparatus (300) according to any one of claims 13 to 18, wherein one or more of said at least two authentication factors are biometric authentication factors.

20. The apparatus (300) of claim 19, wherein one or more of the at least two authentication factors are binary authentication factors.

21. The apparatus (300) of claim 19 or 20, wherein the authentication factor specific trust score of a biometric authentication factor is related to a spoof acceptance rate and an impostor acceptance rate of the biometric authentication factor.

22. The apparatus (300) of any of claims 13 to 21, wherein the authentication factor specific trust score of an authentication factor relates to a false acceptance rate of the authentication factor.

23. The apparatus (300) of any of claims 13 to 22, wherein the authentication factor specific trust score of an authentication factor is a product of a system security score, the system security score being a measure of strength and degree of protection of aspects of an authentication system (400).

24. The apparatus (300) of claim 23, wherein aspects of the authentication system (400) that measure strength and protection level include one or more of:

active threat detection, system protection, sensitive data storage protection, network protection, connection protection, user authentication strength, and device credentials.