DESC:FORM 2
THE PATENTS ACT, 1970
(39 OF 1970)
&
THE PATENTS RULES, 2003

COMPLETE SPECIFICATION
[SEE SECTION 10, RULE 13]

AN AUTHENTICATION SYSTEM AND METHOD THEREOF

BHARAT ELECTRONICS LIMITED
WITH ADDRESS:
OUTER RING ROAD, NAGAVARA, BANGALORE 560045, KARNATAKA, INDIA

THE FOLLOWING SPECIFICATION PARTICULARLY DESCRIBES THE INVENTION AND THE MANNER IN WHICH IT IS TO BE PERFORMED.

TECHNICAL FIELD
[0001] The present invention relates generally to authentication systems. More specifically, the present invention relates generally to an authentication system for handling authentication failures.
BACKGROUND
[0002] Typically, multiple authentication methods are available for handling authentication failures. These authentication methods are related to authentication factors, which are based on “what we know”, “what we have”, “what you are”, and “what we do”. The authentication methods, which are based on “what we know” include authentication factors, such as passwords, pins, patterns, questions, and the like. Some authentication methods which are based on “what we have” include authentication factors, such as tokens, smart cards, and the like. Some authentication methods which are based on “what you are” include authentication factors, such as hard biometric authentication factors and soft biometric authentication factors. The hard biometric authentication factors include fingerprint, palm print, iris, and the like. The soft biometric authentication factors include typing dynamics, swiping dynamics, mouse movement, and the like. Some authentication methods which are based on “what we do”, include authentication factors, such as application usage patterns, and device usage patterns. These factors are playing an important role in authenticating a user. However, there is still a need for new authentication factors for handling authentication failures.

[0003] When authentication fails, a system should identify it and react to it. However, existing systems get locked for some time after few continuous authentications fails, as these systems do not have capability to handle the authentication failures. For example, some systems block the IP address through which an intruder/ unauthorized user is trying to authenticate. Some systems automatically crash if it identifies that it is compromising.
[0004] US Patent Number US8364971 titled “User Authentication System and Method” discloses a high security computer system and method that authenticates a user using iris recognition and liveliness detection. The method for authenticating the user to the secure system includes capturing an image of the user's face and generating an iris template from the image. While the iris template is being generated, liveliness verification is performed on the user's face. User access is granted if the iris template matches the enrolled iris template and if the liveness verification demonstrates the user's face is live, and denied if otherwise. However, it fails to disclose deny of the access to the user, if the user fails in authentication.

[0005] US Patent Number US9590986 titled “Local User Authentication with Neuro and Neuro-Mechanical Fingerprints” discloses that if the authentication match percentage is less than an access match level, access to the user is denied.

[0006] Therefore, there is still a need of an invention which solves the above defined problems and provides an authentication system and method for trapping an unauthorized user, which solves the above defined problems.

SUMMARY
[0007] This summary is provided to introduce concepts related to an authentication system and method thereof. This summary is neither intended to identify essential features of the present invention nor is it intended for use in determining or limiting the scope of the present invention.

[0008] For example, various embodiments herein may include one or more authentication systems and methods are provided. In one of the embodiments, a method for handling authentication failure includes a step of authenticating, by an authentication module, an identity of a user using at least one authentication mechanism. The method includes a step of identifying, by the authentication module, a deviation in the authentication mechanism upon authentication failure. The method includes a step of checking, by the authentication module, whether to re-authenticate the identity of the user based on the identified deviation. The method includes a step of re-authenticating, by a re-authentication module, the identity of the user, and identifying an unauthorized user. The method includes a step of trapping, by a camouflage module, the unauthorized user by allowing the unauthorized user to access the camouflage module. The method includes a step of monitoring, by a monitoring unit, one or more actions performed by the unauthorized user in the camouflage module, and generating monitored data. The method includes a step of storing, in a database, the monitored data, pre-determined vulnerabilities, and creating a log of the monitored data of the unauthorized user. The method includes a step of analysing, by an analyser, the logged data of the unauthorized user. The method includes a step of identifying, by the analyser, an intent of the unauthorized user based on the analysed data. The method includes a step of identifying, by an identification module, vulnerabilities based on the intent. The method includes a step of correcting, by a correction module, the vulnerabilities.

[0009] In another embodiment, an authentication system for handling authentication failure includes a memory, a processor, an authentication module, and a processing engine. The memory is configured to store pre-defined rules. The processor is configured to generate system processing commands based on the pre-defined rules. The authentication module is configured to authenticate an identity of a user using at least one authentication mechanism, identify a deviation in the authentication mechanism upon authentication failure, and check whether to re-authenticate the identity of the user based on the identified deviation. The processing engine includes a re-authentication module, a camouflage module, a monitoring unit, a database, an analyser, an identification module, and a correction module. The re-authentication module is configured to re-authenticate the identity of the user, and identify an unauthorized user. The camouflage module is configured to trap the unauthorized user by allowing the unauthorized user to access the camouflage module. The monitoring unit is configured to monitor one or more actions performed by the unauthorized user in the camouflage module, and generate monitored data. The database is configured to store the monitored data, pre-determined vulnerabilities, and create a log of the monitored data of the unauthorized user. The analyser is configured to analyse the logged data of the unauthorized user, and identify an intent of the unauthorized user based on the analysed data. The identification module is configured to identify vulnerabilities based on the intent. The correction module is configured to correct the vulnerabilities.

BRIEF DESCRIPTION OF ACCOMPANYING DRAWINGS
[0010] The detailed description is described with reference to the accompanying figures. In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. The same numbers are used throughout the drawings to reference like features and modules.

[0011] Figure 1 illustrates a block diagram depicting an authentication system, according to an exemplary implementation of the present invention.

[0012] Figure 2 illustrates a block diagram depicting trapping an unauthorized user using a fake mode of an authentication system of Figure 1, according to an exemplary implementation of the present invention.

[0013] Figure 3 illustrates a schematic diagram depicting generation of suggestions to configuration of an authentication system of Figure 1, according to an exemplary implementation of the present invention.

[0014] Figure 4 illustrates a flow diagram depicting a workflow after allowing an unauthorized user into a camouflage module of an authentication system of Figure 1, according to an exemplary implementation of the present invention.

[0015] Figure 5 illustrates a flowchart depicting a method for trapping an unauthorized user, according to an exemplary implementation of the present invention.

[0016] It should be appreciated by those skilled in the art that any block diagrams herein represent conceptual views of illustrative systems embodying the principles of the present invention. Similarly, it will be appreciated that any flowcharts, flow diagrams, and the like represent various processes which may be substantially represented in computer readable medium and so executed by a computer or processor, whether or not such computer or processor is explicitly shown.

DETAILED DESCRIPTION
[0017] In the following description, for the purpose of explanation, specific details are set forth in order to provide an understanding of the present invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced without these details. One skilled in the art will recognize that embodiments of the present invention, some of which are described below, may be incorporated into a number of systems.

[0018] The various embodiments of the present invention provide an authentication system and method thereof. Furthermore, connections between components and/or modules within the figures are not intended to be limited to direct connections. Rather, these components and modules may be modified, re-formatted or otherwise changed by intermediary components and modules.

[0019] References in the present invention to “one embodiment” or “an embodiment” mean that a particular feature, structure, characteristic, or function described in connection with the embodiment is included in at least one embodiment of the invention. The appearances of the phrase “in one embodiment” in various places in the specification are not necessarily all referring to the same embodiment.
[0020] In one of the embodiments, a method for handling authentication failure includes a step of authenticating, by an authentication module, an identity of a user using at least one authentication mechanism. The method includes a step of identifying, by the authentication module, a deviation in the authentication mechanism upon authentication failure. The method includes a step of checking, by the authentication module, whether to re-authenticate the identity of the user based on the identified deviation. The method includes a step of re-authenticating, by a re-authentication module, the identity of the user, and identifying an unauthorized user. The method includes a step of trapping, by a camouflage module, the unauthorized user by allowing the unauthorized user to access the camouflage module. The method includes a step of monitoring, by a monitoring unit, one or more actions performed by the unauthorized user in the camouflage module, and generating monitored data. The method includes a step of storing, in a database, the monitored data, pre-determined vulnerabilities, and creating a log of the monitored data of the unauthorized user. The method includes a step of analysing, by an analyser, the logged data of the unauthorized user. The method includes a step of identifying, by the analyser, an intent of the unauthorized user based on the analysed data. The method includes a step of identifying, by an identification module, vulnerabilities based on the intent. The method includes a step of correcting, by a correction module, the vulnerabilities.

[0021] In another implementation, authentication mechanism includes passwords, pins, patterns, security questions, login credentials, biometrics, tokens, swiping dynamics, typing dynamics, mouse movements, and the like.

[0022] In another implementation, the method includes generating, by a suggestions generation module, one or more suggestions to configuration by analysing the logged data.

[0023] In another implementation, the generated suggestions are based on pre-defined rules.
[0024] In another implementation, the method includes a step of monitoring, by the monitoring unit, the actions of the unauthorized user in the camouflage module, and generating the monitored data. The method includes a step of classifying, by an analyser, an intent of the unauthorized user by analysing the actions in the camouflage module. The method includes a step of observing, by an observer, the camouflage module compromising with the actions of the unauthorized user. The method includes a step of identifying, by the identification module, vulnerabilities based on the intent. The method includes a step of checking, by the identification module, whether the identified vulnerabilities is similar to a pre-determined vulnerability. The method includes a step of correcting, by a correction module, the vulnerabilities by using corrective measures.

[0025] In another implementation, the corrective measures are pre-defined for each vulnerability.

[0026] In another implementation, the step of identifying the deviation is unaware by the user.

[0027] In another embodiment, an authentication system for handling authentication failure includes a memory, a processor, an authentication module, and a processing engine. The memory is configured to store pre-defined rules. The processor is configured to generate system processing commands based on the pre-defined rules. The authentication module is configured to authenticate an identity of a user using at least one authentication mechanism, identify a deviation in the authentication mechanism upon authentication failure, and check whether to re-authenticate the identity of the user based on the identified deviation. The processing engine includes a re-authentication module, a camouflage module, a monitoring unit, a database, an analyser, an identification module, and a correction module. The re-authentication module is configured to re-authenticate the identity of the user, and identify an unauthorized user. The camouflage module is configured to trap the unauthorized user by allowing the unauthorized user to access the camouflage module. The monitoring unit is configured to monitor one or more actions performed by the unauthorized user in the camouflage module, and generate monitored data. The database is configured to store the monitored data, pre-determined vulnerabilities, and create a log of the monitored data of the unauthorized user. The analyser is configured to analyse the logged data of the unauthorized user, and identify an intent of the unauthorized user based on the analysed data. The identification module is configured to identify vulnerabilities based on the intent. The correction module is configured to correct the vulnerabilities.

[0028] In another implementation, the system includes a suggestions generation module. The suggestions generation module is configured to analyse the logged data, and generate one or more suggestions to configuration of the system.

[0029] In another implementation, the monitoring unit is configured to monitor the actions of the unauthorized user in the camouflage module, and generate the monitored data. The analyser is configured to classify an intent of the unauthorized user by analysing the actions in the camouflage module. An observer is configured to observe the camouflage module compromising with the actions of the unauthorized user. The identification module is configured to identify vulnerabilities based on the intent, and check whether the identified vulnerabilities is similar to a pre-determined vulnerability. The correction module is configured to correct the vulnerabilities by using corrective measures.

[0030] Figure 1 illustrates a block diagram depicting an authentication system (100), according to an exemplary implementation of the present invention.

[0031] The authentication system (hereinafter referred to as “system”) (100) is configured to specify what can be done when a user fails in authentication. When authentication fails, the system (100) is configured to identify the intent, vulnerabilities, and the unauthorized user, and react to it. The system (100) is based on reactive methods. The reactive methods include time based reactive methods, event based reactive methods, and the like. In an embodiment, the system (100) is configured to trap an unauthorized user by allowing him into a fake mode of the system (100). If the system (100) identifies considerable amount of deviation in a sequence of operations, the system (100) assumes that some unauthorized user is trying to access an actual device (not shown in a figure), which is associated with an authorized user. Instead of blocking the unauthorized user for not entering in the actual device, or not allowing him to access the actual device, the system (100) is configured to allow him to access a fake mode of the system (100) to deceive the unauthorized user. The fake mode of the system (100) is similar to the actual device, and contains misleading information to deceive the unauthorized user. In an embodiment, the unauthorized user can be an intruder including a masquerader, misfeasor, etc., a hacker, an attacker, spyers, and the like.

[0032] In an embodiment, the system (100) is configured to identify authentication failures, identify whether the user fails in an authentication mechanism, and estimate that deviation and provides access to a fake mode of the system (100). In one embodiment, the system (100) includes an event based reactive method. If the system (100) experience authentication failures, then it becomes unavailable until another event happens. There is another system of a set of devices for a purpose where the user has to prove his identity. When the user proves his identity in those devices, then the actual device receives a notification signal and unlocks the authentication procedure for the user. The user can participate in the authentication procedure as usual.

[0033] The system (100) includes a memory (102), a processor (104), an authentication module (106), and a processing engine (108).

[0034] The memory (102) is configured to store pre-defined rules related to authentication, and processing the various modules. In an embodiment, the memory (102) can include any computer-readable medium known in the art including, for example, volatile memory, such as static random-access memory (SRAM) and dynamic random-access memory (DRAM), and/or non-volatile memory, such as read only memory (ROM), erasable programmable ROM, flash memories, hard disks, optical disks, and magnetic tapes. The memory (102) also includes a cache memory to work with the system (100) more effectively.

[0035] The processor (104) is configured to cooperate with the memory (102) to receive the pre-determined rules. The processor (104) is further configured to generate system processing commands. In an embodiment, the processor (104) may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, and/or any devices that manipulate signals based on operational instructions. Among other capabilities, the at least one processor (104) is configured to fetch the pre-determined rules from the memory (102) and execute different modules of the system (100).

[0036] The authentication module (106) is configured to cooperate with the processor (104) to receive the system processing commands. The authentication module (106) is configured to authenticate an identity of a user to access the system (100). In an embodiment, the authentication module (106) is configured to authenticate the identity of the user by using at least one authentication mechanism. The authentication mechanism includes passwords, pins, patterns, security questions, login credentials, biometrics, tokens, swiping dynamics, typing dynamics, mouse movements, and the like. In an embodiment, the authentication mechanism is pre-determined by a user. The authentication module (106) is configured to register a user to access the system (100), where the user selects at least one authentication factor for verifying his identity to the system (100). The authentication module (106) is further configured to identify a deviation in the authentication mechanism upon authentication failure, and check whether to re-authenticate the identity of the user based on the identified deviation. In an embodiment, the identifying the deviation is unaware by the user.
[0037] The processing engine (108) is configured to cooperate with the authentication module (106) to receive the authenticated identity of the user, and the identified deviation. The processing engine (108) includes a re-authentication module (110), a camouflage module (112), a monitoring unit (114), a database (116), an analyser (118), an identification module (120), and a correction module (122).

[0038] In an embodiment, if the identity of the user fails by the authentication module (106), the re-authentication module (110) is configured to re-authenticate the identity of the user, and identify an unauthorized user. In an embodiment, if the identity if the user fails at the time of re-authentication, the re-authentication module (110) is configured to change the behavior of the system (100) into a fake mode of the system (100), accordingly. In another embodiment, if the user is authenticated at the time of re-authentication, an actual device associated with an authorized user gets unlocked, and the user can access the actual device. In one embodiment, the authorized user can involve in an authentication procedure.

[0039] The camouflage module (112) is configured to cooperate with the re-authentication module (110). The camouflage module (112) is configured to trap the unauthorized user by allowing the unauthorized user to access the camouflage module (112). In an embodiment, the camouflage module (112) is a fake mode of an actual device.

[0040] The monitoring unit (114) is configured to cooperate with the camouflage module (112). The monitoring unit (114) is configured to monitor one or more actions performed by the unauthorized user in the camouflage module (112), and generate monitored data.

[0041] The database (116) is configured to cooperate with the monitoring unit (114). The database (116) is configured to store the monitored data, pre-determined vulnerabilities, and create a log of the monitored data of the unauthorized user. In an embodiment, the database (116) can be implemented as, but is not limited to, an enterprise database, a remote database, a local database, and the like. In one embodiment, the database (116) may themselves be located either within the vicinity of each other or may be located at different geographic locations. In another embodiment, the database (116) can be implemented inside or outside the processing engine (108) and the database (116) can be implemented as a single database. The analyser (118) is configured to cooperate with the database (116) to receive the logged data of the unauthorized user. The analyser (118) is configured to analyse the logged data of the unauthorized user, and identify an intent of the unauthorized user based on the analysed data.

[0042] The identification module (120) is configured to cooperate with the analyser (118) to receive the identified intent of the unauthorized user. The identification module (120) is configured to identify vulnerabilities in the camouflage module (112), based on the intent. In an embodiment, the identification module (120) is configured to identify the unauthorized user based on the intent and the logged data stored in the database (116). In an exemplary embodiment, after knowing the identity of the unauthorized user, the identification module (120) is configured to gather the past transactions or the one or more actions of the unauthorized user, which were performed on the actual device or similar devices, from the logged data. In an embodiment, the logged data is a dataset containing such transaction details performed by analysing the transactions, and extract the identity of the unauthorized user. Once the identity of the unauthorized user is identified, punish the unauthorized user.

[0043] The correction module (122) is configured to cooperate with the identification module (120) to receive the identified vulnerabilities. The correction module (122) is configured to correct the identified vulnerabilities.

[0044] In an embodiment, the system (100) includes a suggestions generation module (124). The suggestions generation module (122) is configured to cooperate with the processing engine (108). The suggestions generation module (122) is configured to analyse the logged data stored in the database (114), and generate one or more suggestions to configuration of the system (100). In an embodiment, the generated suggestions are based on pre-defined rules related to configuration of the system (100). In one embodiment, these pre-defined rules are stored in the database (114).

[0045] In an embodiment, the system (100) includes an observer (126). The observer (126) is configured to cooperate with the camouflage module (112). The observer (126) is configured to observe the camouflage module (112) compromising with actions of the unauthorized user.

[0046] In one embodiment, the monitoring unit (114) is configured to monitor the actions of the unauthorized user in the camouflage module (112), and generate monitored data. The analyser (118) is configured to classify an intent of the unauthorized user by analysing the actions in the camouflage module (112). The observer (126) is configured to observe the camouflage module (112) compromising with the actions of the unauthorized user. The identification module (120) is configured to identify vulnerabilities based on the intent, and check whether the identified vulnerabilities is similar to a pre-determined vulnerability stored in the database (116). The correction module (122) is configured to correct the vulnerabilities by using the corrective measures. In one embodiment, the corrective measures are pre-defined for each vulnerability.

[0047] In an embodiment, the system (100) is configured to describe when to react the authentication failures. In an embodiment, the system (100) is configured to react:
a. When authentication fails with deviation, and deviation is higher than a pre-configured threshold. The threshold can vary depending on an authentication mechanism.
b. After single authentication failure.
c. After one or more authentication factors failures in multi- factored authentication.
d. After all of the authentication factors failure in multi-factored authentication.
e. After one or more authentication level failures in multi-level authentication.
f. After all of the authentication levels failure in multi-level authentication.
g. When a series of a specific number of contiguous authentication failures.
h. When a series of specific number of contiguous authentication failures in certain time duration.
i. When {failed authentication attempts / successful authentication attempts} ratio crosses certain threshold in the given time duration.
j. When multiple end devices are part of a system (100), then correlation among authentication failures from a plurality of devices belonging to the system (100).
k. Any combinations thereof.

[0048] In an embodiment, the system (100) is configured to increase a complexity level at the time of re-authenticating the identity of the user, and when the user fails in one or more authentication attempts. In an embodiment, the system (100) is configured to use multiple configurable parameters, and provide suggestions.

[0049] Figure 2 illustrates a block diagram (200) depicting trapping an unauthorized user using a fake mode of an authentication system of Figure 1, according to an exemplary implementation of the present invention.

[0050] Figure 2 describes trapping an unauthorized user using a fake mode (i.e. a camouflage module (112)) of the authentication system (100). In an embodiment, when a user (202) fails in the authentication with large deviation, then the system (100) is configured to trap the user (202) by allowing the user (202) into the camouflage module (112) of the system (100). However, an unauthorized user thinks that he successfully intruded. On the basis of this, the unauthorized user accesses the camouflage module (112) of the system (100) and thinks he is accessing the actual device. He spends his time on the camouflage module (112) of the system (100) and the actual device free from the unauthorized user. In an embodiment, if the user (202) successfully authenticates by using the authentication module (106), as shown in Figure 1, the system (100) allows to the user (202) to access the actual device, as shown in a block (204). If the user (202) fails in the authentication with slight deviation, then the user (202) is asked for re-authentication, as shown in a block (206). In an embodiment, a re-authentication module (110), as shown in Figure 1, is configured to re-authenticate the user. If the user (202) fails in re-authentication, the re-authentication module (110) is configured to identify an unauthorized user. The system (100) is then configured to trap the unauthorized user by providing access to the camouflage module (112) of the system (100), as shown in a block (208).

[0051] Figure 3 illustrates a schematic diagram (300) depicting generation of suggestions to configuration of an authentication system of Figure 1, according to an exemplary implementation of the present invention.

[0052] In Figure 3, a suggestions generation module (124) is configured to generate suggestions to configuration (302) of an authentication system (100), as shown in Figure 1. In an embodiment, there are multiple configurable parameters. For example, configuring the system (100) to react when three consecutive authentication failures. Here, the configuration is 3. In one embodiment, administrator of the system (100) can configure the configuration with any other number also. As another example, the user can configure deviation threshold. Similarly, there are many other configurations. These configurations also play an important role on the accuracy. The suggestions generation module (124) is configured to analyze the existing configuration of the system (100), and authentication logs (304) stored in the database, as shown in Figure 1, and provides suggestions to the configuration (306) for better performance. In an embodiment, the suggestions to the configuration (306) reduce the attacks from the unauthorized user.

[0053] Figure 4 illustrates a flow diagram depicting a workflow (400) after allowing an unauthorized user into a camouflage module (112) of an authentication system (100) of Figure 1, according to an exemplary implementation of the present invention.

[0054] The workflow (400) starts when re-authentication fails, and an unauthorized user is identified. The system (100) of Figure 1 is configured to allow the unauthorized user to access the camouflage module (112) of the system (100). At a step (402), monitoring and log actions of an authorized user. In an embodiment, a monitoring unit (114) is configured to monitor one or more actions performed by the unauthorized user, and generate monitored data. At a step (404), identifying an intent of the unauthorized user by analysing his actions in the camouflage module (112) of the system (100). In an embodiment, an analyser (118) is configured to analyse the logged data of the unauthorized user, and identify an intent of the unauthorized user based on the analysed data. At a step (406), observing how that the camouflage module (112) of the system (100) is compromising with the actions of the unauthorized user. In an embodiment, the observer (126) is configured to observe the camouflage module (112) of the system (100) compromise with the one or more actions of the unauthorized user, and identify an intent of the unauthorized user based on the observation of the camouflage module (112) of the system (100). At a step (408), checking whether similar vulnerabilities are there in an actual device. In an embodiment, an identification module (120) is configured to identify the vulnerabilities, and is further configured to check whether the similar vulnerabilities are present in the actual device. If the similar vulnerabilities are not there in the actual device, the system (100) stops the process, else taking appropriate actions to correct them, as shown in a step (410). In an embodiment, a correction module (122) is configured to correct the vulnerabilities.

[0055] Figure 5 illustrates a flowchart (500) depicting a method for trapping an unauthorized user, according to an exemplary implementation of the present invention.

[0056] The flowchart (500) starts at a step (502), authenticating, by an authentication module (106), an identity of a user using at least one authentication mechanism. In an embodiment, an authentication module (106) is configured to authenticate an identity of a user using at least one authentication mechanism. At a step (504), identifying, by the authentication module (106), a deviation in the authentication mechanism upon authentication failure. In an embodiment, the authentication module (106) is configured to identify a deviation in the authentication mechanism upon authentication failure. At a step (506), checking, by the authentication module (106), whether to re-authenticate the identity of the user based on the identified deviation. In an embodiment, the authentication module (106) is configured to check whether to re-authenticate the identity of the user based on the identified deviation. At a step (508), re-authenticating, by a re-authentication module (110), the identity of the user, and identifying an unauthorized user. In an embodiment, a re-authentication module (110) is configured to re-authenticate the identity of the user, and identify an unauthorized user. At a step (510), trapping, by a camouflage module (112), the unauthorized user by allowing the unauthorized user to access the camouflage module (112). In an embodiment, a camouflage module (112) is configured to trap the unauthorized user by allowing the unauthorized user to access the camouflage module (112). At a step (512), monitoring, by a monitoring unit (112), one or more actions performed by the unauthorized user in the camouflage module (112), and generating monitored data. In an embodiment, a monitoring unit (112) is configured to monitor one or more actions performed by the unauthorized user in the camouflage module (112), and generate monitored data. At a step (514), storing, in a database (114), the monitored data, pre- determined vulnerabilities, and creating a log of the monitored data of the unauthorized user. In an embodiment, a database (114) is configured to store the monitored data, pre-determined vulnerabilities, and create a log of the monitored data of the unauthorized user. At a step (516), analysing, by an analyser (116), the logged data of the unauthorized user. In an embodiment, an analyser (116) is configured to analyse the logged data of the unauthorized user. At a step (518), identifying, by the analyser (116), an intent of the unauthorized user based on the analysed data. In an embodiment, the analyser (116) is configured to identify an intent of the unauthorized user based on the analysed data. At a step (520), identifying, by an identification module (118), vulnerabilities based on the intent. In an embodiment, an identification module (118) is configured to identify vulnerabilities based on the intent. At a step (522), correcting, by a correction module (120), the vulnerabilities. In an embodiment, a correction module (120) is configured to correct the vulnerabilities.

[0057] It should be noted that the description merely illustrates the principles of the present invention. It will thus be appreciated that those skilled in the art will be able to devise various arrangements that, although not explicitly described herein, embody the principles of the present invention. Furthermore, all examples recited herein are principally intended expressly to be only for explanatory purposes to help the reader in understanding the principles of the invention and the concepts contributed by the inventor(s) to furthering the art and are to be construed as being without limitation to such specifically recited examples and conditions. Moreover, all statements herein reciting principles, aspects, and embodiments of the invention, as well as specific examples thereof, are intended to encompass equivalents thereof.
,CLAIMS:We claim:
1. A method for handling authentication failure, said method comprising:
authenticating, by an authentication module (106), an identity of a user using at least one authentication mechanism;
identifying, by said authentication module (106), a deviation in said authentication mechanism upon authentication failure;
checking, by said authentication module (106), whether to re-authenticate said identity of said user based on said identified deviation;
re-authenticating, by a re-authentication module (110), said identity of said user, and identifying an unauthorized user;
trapping, by a camouflage module (112), said unauthorized user by allowing said unauthorized user to access said camouflage module;
monitoring, by a monitoring unit (114), one or more actions performed by said unauthorized user in said camouflage module (112), and generating monitored data;
storing, in a database (116), said monitored data, pre-determined vulnerabilities, and creating a log of said monitored data of said unauthorized user;
analysing, by an analyser (118), said logged data of said unauthorized user;
identifying, by said analyser (118), an intent of said unauthorized user based on said analysed data;
identifying, by an identification module (120), vulnerabilities based on said intent; and
correcting, by a correction module (122), said vulnerabilities.

2. The method as claimed in claim 1, wherein said authentication mechanism include passwords, pins, patterns, security questions, login credentials, biometrics, tokens, swiping dynamics, typing dynamics, mouse movements, and the like.

3. The method as claimed in claim 1, wherein said method includes generating, by a suggestions generation module (124), one or more suggestions to configuration by analysing said logged data.

4. The method as claimed in claim 3, wherein said generated suggestions are based on pre-defined rules.

5. The method as claimed in claim 1, wherein said method comprising:
monitoring, by said monitoring unit (114), said actions of said unauthorized user in said camouflage module (112), and generating said monitored data;
classifying, by an analyser (118), an intent of said unauthorized user by analysing said actions in said camouflage module (112);
observing, by an observer (126), said camouflage module (112) compromising with said actions of said unauthorized user;
identifying, by said identification module (120), vulnerabilities based on said intent;
checking, by said identification module (120), whether said identified vulnerabilities is similar to a pre-determined vulnerability;
correcting, by a correction module (122), said vulnerabilities by using corrective measures.

6. The method as claimed in claim 6, wherein said corrective measures are pre-defined for each vulnerability.

7. The method as claimed in claim 1, wherein identifying said deviation is unaware by said user.

8. An authentication system (100) for handling authentication failure, said system (100) comprising:
a memory (102) configured to store pre-defined rules;
a processor (104) configured to cooperate with said memory (102), said processor (104) configured to generate system processing commands based on said pre-defined rules;
an authentication module (106) configured to cooperate with said processor (104), said authentication module (106) configured to authenticate an identity of a user using at least one authentication mechanism, identify a deviation in said authentication mechanism upon authentication failure, and check whether to re-authenticate the identity of said user based on said identified deviation; and
a processing engine (108) configured to cooperate with said processor (104) and said authentication module (106), said processing engine (108) comprising:
a re-authentication module (110) configured to re-authenticate said identity of said user, and identify an unauthorized user;
a camouflage module (112) configured to cooperate with said re-authentication module (110), said camouflage module (112) configured to trap said unauthorized user by allowing the unauthorized user to access said camouflage module;
a monitoring unit (114) configured to cooperate with said camouflage module (112), said monitoring unit (114) configured to monitor one or more actions performed by said unauthorized user in said camouflage module (112), and generate monitored data;
a database (116) configured to store said monitored data, pre-determined vulnerabilities, and create a log of said monitored data of said unauthorized user;
an analyser (118) configured to cooperate with said database (116), said analyser (118) configured to analyse said logged data of said unauthorized user, and identify an intent of said unauthorized user based on said analysed data;
an identification module (120) configured to cooperate with said analyser (118), said identification module (120) configured to identify vulnerabilities based on said intent; and
a correction module (122) configured to cooperate with said identification module (120), said correction module (122) configured to correct said vulnerabilities.

9. The system (!00) as claimed in claim 8, wherein said system (100) includes a suggestions generation module (124), said suggestions generation module (124) is configured to analyse said logged data, and generate one or more suggestions to configuration of said system.

10. The system as claimed in claim 8, wherein said processing engine (108) comprising:
said monitoring unit (114) is configured to monitor said actions of said unauthorized user in said camouflage module (112), and generate said monitored data;
said analyser (118) is configured to classify an intent of said unauthorized user by analysing said actions in said camouflage module (112);
an observer (126) configured to observe said camouflage module (112) compromising with said actions of said unauthorized user;
said identification module (120) configured to identify vulnerabilities based on said intent, and check whether said identified vulnerabilities is similar to a pre-determined vulnerability; and
said correction module (122) configured to correct said vulnerabilities by using corrective measures.
Dated this April 01, 2019
FOR BHARAT ELECTRONICS LIMITED
By their Agent)

D. Manoj Kumar) (IN/PA 2110)
KRISHNA & SAURASTRI ASSOCIATES LLP