Abstract: Machine learning models for fraud detection. The method includes receiving a schedule of weights, the schedule comprising a plurality of entries, each entry comprising a transaction value weight, a transaction volume weight, and a range of intervention rates; testing the at least one machine learning model using a holdout data set, resulting in a ranked transactions data set; and evaluating the performance of the at least one machine learning model by computing the weighted harmonic mean of the ranked transactions data set using the schedule of weights.

Abstract: Techniques are provided for generating performance improvement recommendations for machine learning models. One method comprises evaluating performance metrics for multiple implementations of a machine learning model; computing a performance score that aggregates the performance metrics for a given machine learning model implementation; and recommending a modification to the given machine learning model implementation based on the performance score by evaluating one or more performance metrics for the given implementation relative to at least one additional performance metric for the given implementation, wherein the recommended modification is based on a performance with the recommended modification for another implementation. A given performance metric may be weighted based on an expected improvement from modifying a factor related to the given performance metric.

Abstract: Techniques are provided for authenticating a user using shared secret updates. One method comprises, in response to a first authentication of a client using a given shared secret, updating, by the server, the given shared secret using information from the first authentication as part of a secret update protocol to generate an updated shared secret; and evaluating a second authentication using the updated shared secret. An anomaly may be detected when the client attempts the second authentication using a shared secret and the server determines that the shared secret was previously used for an authentication. The server may detect a breach of shared secrets of multiple users by monitoring a number of the detected anomalies across a user population and initiate a predefined recovery flow depending upon a number of impacted users.

Abstract: Methods, apparatus, and processor-readable storage media for automated detection of user device security risks related to process threads and corresponding activity are provided herein. An example computer-implemented method includes obtaining information pertaining to processes running on a user device; obtaining information pertaining to images loaded into at least one memory associated with at least one of the processes running on the user device; obtaining information pertaining to threads created in connection with at least one of the processes running on the user device; automatically identifying at least one of the threads as a security risk by processing the information pertaining to the images and the information pertaining to the threads; and performing at least one automated action based on the identification of at least one of the one or more threads as a security risk.

Abstract: Techniques are provided for generating activity-based network profiles for devices, and for ranking such devices using the activity-based network profiles. One method comprises evaluating device communications to identify services that communicated with devices of an enterprise; generating an activity-based network profile for each device based on the services that communicated with each respective device; clustering the devices into a plurality of clusters based on a functional characterization of the devices derived from the activity-based network profiles; and ranking the devices within a cluster based on network activity and/or network exposure.

Abstract: Techniques are provided for user behavior analytics using keystroke analysis of pseudo-random data strings. One method comprises obtaining timestamps corresponding to keystroke activities on a device of a user associated with typing a pseudo-random character string comprising multiple characters, wherein at least one timestamp is adjusted based on errors associated with the typing of the pseudo-random character string; determining a time difference between keystroke activities associated with the pseudo-random character string using at least one adjusted timestamp; obtaining a time difference distribution for a subset of character sequences in the pseudo-random character string; determining a probability value for one or more character sequences in the subset; and determining an aggregate probability value for the pseudo-random character string based on the probability values.

Abstract: Techniques are provided for communication-efficient device delegation. One method comprises, in response to a request for a new signing key of a given device, determining a number of new signing key requests received for the user of the given device; determining a new public verification key of the given device for an identity-based signature scheme by traversing a cryptographic hash chain backwards from a position of an initial selected value of the cryptographic hash chain; computing a new signing key based on public parameters and secret parameters of a backup component and the initial selected value; and providing the new public verification key and the new signing key to the given device. The given device authenticates to an authentication service using an identity-based signature computed using the new signing key. The request for the new signing key is submitted, for example, when the given device is lost, damaged, unavailable or stolen.

Abstract: Techniques are provided for user authentication using a location assurance based on a location indicator modified by a shared secret. One method comprises obtaining a shared secret; initiating a challenge in connection with an authentication request by a client from a given location to access a protected resource, wherein the challenge comprises a location indicator selected for the given location; processing a response submitted by the client in response to the challenge, wherein the response comprises the location indicator for the given location modified by the client with the shared secret, and wherein the processing comprises evaluating the response submitted by the client relative to the location indicator selected by the authentication server; and resolving the authentication request based on the evaluating. The client modification of the selected location indicator with the shared secret comprises, for example, decrypting, filtering and/or altering the location indicator based on the shared secret.

Abstract: A method for anonymizing data sets for use with risk management applications comprises receiving a data set from a source, the data set containing a plurality of correlated attributes. This embodiment further comprises analyzing the plurality of correlated attributes to create an attribute classification. Applying a differential privacy algorithm to the plurality of correlated attributes if the attribute classification requires data randomization is likewise a part of this embodiment. The randomized data set is provided to a risk management application. The randomized data set is used to create a risk management report, wherein the risk management report is an output of the risk management application.

Abstract: Techniques for generating dynamic challenge questions for use in an authentication process are provided herein. An example computer-implemented method can include outputting a first prompt to a user via a user device interface, wherein the first prompt comprises a first set of information-gathering questions; generating dynamic challenge questions for use in an authentication process, wherein the dynamic challenge questions are generated based on user responses to the first set of information-gathering questions; generating a second prompt in connection with an authentication request, wherein the second prompt is based at least in part on at least one of the dynamic challenge questions; processing a user response to the at least one dynamic challenge question, wherein said processing comprises determining a likelihood that the user response matches an automatically estimated response; and resolving the authentication request based on the processing.

Abstract: Biometric authentication techniques are provided using selected manipulations of biometric samples. An exemplary method comprises obtaining enrollment information from a user, wherein the enrollment information comprises first manipulations to a first biometric sample of the user; initiating a challenge to the user in connection with an authentication request by the user to access a protected resource; processing second manipulations by the user of a second biometric sample of the user submitted in response to the challenge, and wherein the processing comprises determining a likelihood that the second manipulations of the second biometric sample of the user submitted in response to the challenge matches the first manipulations to the first biometric sample of the user submitted by the user with the enrollment information; and resolving the authentication request based on the likelihood.

Abstract: A method is used in monitoring strength of passwords. A a request is received from a user to use a user password. A password score is determined for the user password. The password score indicates quality of the user password. Based on the password score, the strength of the user password is evaluated in a privacy preserving manner. The privacy preserving manner indicates avoiding storing information regarding the user password after strength of the user password has been evaluated.

Abstract: Techniques are provided for authenticating a user using molecular snapshots of the user. One method comprises obtaining enrollment information of a user, wherein the enrollment information comprises a reference molecular snapshot of the user obtained following an ingestion by the user of nanoparticles; initiating a challenge to the user in connection with an authentication request by the user to access a protected resource; processing a responsive molecular snapshot obtained in response to the challenge, wherein the processing comprises evaluating the responsive molecular snapshot obtained in response to the challenge relative to the reference molecular snapshot; and resolving the authentication request based on the evaluating. The ingested nanoparticles optionally target one or more predefined cell types, and wherein the resolving further comprises the step of evaluating a ratio of cell types in the responsive molecular snapshot.

Abstract: Techniques are provided for account recovery using an identity assurance scoring system. One method comprises providing multiple available identity assurance techniques, each assigned a corresponding identity assurance value indicating a level of assurance for the corresponding available identity assurance technique; in response to a user request to obtain access to a protected resource following a loss incident of a user authenticator: receiving, from the user, authentication information associated with the available identity assurance techniques; aggregating the corresponding assigned identity assurance values for the received available identity assurance techniques to determine an aggregate identity assurance value; determining if the aggregate identity assurance value satisfies a predefined identity assurance level criteria; and evaluating the user request to access the protected resource based on the determining.

Abstract: Techniques are provided for authenticating a user using shared secret seed updates for one-time passcode (OTP) generation. One method comprises, in response to a first authentication of a client using a given OTP derived from a given shared secret seed, updating, by a server, the given shared secret seed using the given OTP and/or a timestamp from the first authentication to generate an updated given shared secret seed; and evaluating a second authentication using a new OTP derived from the updated given shared secret seed. An anomaly may be detected when the client attempts the second authentication using an OTP and the server determines that the OTP was generated by a previously used shared secret seed. The server may store a set of previously accepted OTPs, and evaluate the previously accepted OTPs to validate the new OTP.

Abstract: There is disclosed herein techniques for categorizing computerized messages into categories. In one embodiment, there is disclosed a method. The method comprising performing an analysis of one or more computerized messages that includes identifying a set of discriminatory tokens in the one or more computerized messages that are representative of a category and determining for each discriminatory token a respective weight by which the token describes the category. The method also comprises determining a similarity between a computerized message and the category based on the content of the computerized message, the set of discriminatory tokens and the respective weights. The method further comprises classifying the computerized message as belonging to the category upon determining that the computerized message and the category are similar.

Abstract: Account recovery control systems and methods are provided to support a self-service account recovery process for registered users of an information system. Account recovery protocols implement a secret sharing scheme between trusted referees and registered users of the information system to enable a registered user to regain access to the user's registered account when one or more authentication factors of the registered user are lost (e.g., forgotten, misplaced, damaged, stolen, etc.).

Abstract: User authentication techniques are provided using biometric representations of one-time passcodes. An exemplary method comprises initiating a challenge to a user in connection with an authentication request by the user to access a protected resource, wherein the challenge comprises a biometric encoding of a one-time passcode using a dictionary; processing a biometric representation by the user in response to the challenge in accordance with the biometric encoding and wherein the processing comprises determining a likelihood that the biometric representation by the user in response to the challenge matches the biometric encoding in the challenge; and resolving the authentication request based on the likelihood. The biometric encoding comprises, for example, a vocal passphrase and/or instructions for the user to perform a specified manipulation to a biometric sample of the user.

Abstract: User authentication techniques are provided using a scene composed of selected objects. An exemplary method comprises obtaining enrollment information from a user, wherein the enrollment information comprises a first scene comprised of a first selection of objects; initiating a challenge to the user in connection with an authentication request by the user to access a protected resource; processing a second scene comprised of a second selection of objects submitted by the user in response to the challenge, and wherein the processing comprises determining a likelihood that the submitted second scene comprised of the second selection of objects matches the first scene comprised of the first selection of objects submitted by the user with the enrollment information; and resolving the authentication request based on the likelihood. Objects in the first selection of objects are optionally selected from a catalog and arranged into the first scene.

Abstract: A cryptographic device comprises a processor coupled to a memory and is configured to maintain an event counter characterizing a number of successful administrative accesses to the cryptographic device. The cryptographic device is further configured to receive an event-based one-time passcode for a given administrative access attempt, to compare the received event-based one-time passcode to an expected event-based one-time passcode determined as a function of a current value of the event counter, and to grant or deny the given administrative access attempt based at least in part on a result of the comparing. The cryptographic device may store an administrative seed value, with the expected event-based one-time passcode being determined as a function of the administrative seed value and the current value of the event counter.