Claims:WE CLAIM:

1. A processor implemented method (200), the method comprising:
receiving (202), by one or more hardware processors, a plurality of authentication parameters from an authentication request associated with a user, wherein the plurality of authentication parameters comprise a login device Identification (ID) number, a geographic location, an android ID, a login device Universal Unique ID (UUID), a Media Access Control (MAC) address, a login time, and an Internet Protocol (IP) address;
classifying (204), by the one or more hardware processors, the plurality of authentication parameters into a plurality of normal parameters and a plurality of abnormal parameters based on a corresponding threshold associated with each of the plurality of authentication parameters and a corresponding Probability Density Chart (PDC), wherein the plurality of authentication parameters falling below the corresponding threshold in the corresponding PDC are classified as the plurality of normal parameters and, wherein the plurality of authentication parameters falling above the corresponding threshold in the corresponding PDC are classified as the plurality of abnormal parameters;
generating (206), by the one or more hardware processors, a Boolean value corresponding to each of the plurality of parameters based on the classification, wherein the Boolean value associated with each of the plurality of normal parameters is set to one and the Boolean value associated with each of the plurality of abnormal parameters are set to zero;
computing, (208) by the one or more hardware processors, a recommendation value based on the Boolean value corresponding to each of the plurality of authentication parameters using a Boolean function, wherein the Boolean function is generated based on a plurality of historical authentication parameters using a Boolean expression simplification technique; and
recommending (210), by the one or more hardware processors, at least one authentication factor from a plurality of authentication factors based on the recommendation value, wherein the plurality of authentication factors comprises a One Time Password (OTP) based authentication, a Security Question (SQ) based authentication and a biometric based authentication.
2. The method as claimed in claim 1, wherein the dynamic PDC corresponding to each of the plurality of authentication parameters is updated after each login.
3. The method as claimed in claim 1, wherein generating the dynamic PDC corresponding to each of the plurality of authentication parameters comprises:
computing a probability value for each of a plurality of historical values corresponding to each of the plurality of authentication parameters; and
generating a PDC for each of the plurality of authentication parameters based on a corresponding plurality of probability values using a PDC generation technique;
4. The method as claimed in claim 1, wherein the corresponding threshold is computed by dividing a number of normal logins by a total number of abnormal logins corresponding to each of the plurality of authentication parameters.
5. The method as claimed in claim 1, wherein generating the Boolean function based on a plurality of historical authentication parameters using the Boolean expression simplification technique comprises:
receiving the plurality of historical authentication parameters;
generating a truth table based on a plurality of combinations corresponding to each of the plurality of historical authentication parameters;
generating the Karnaugh map based on the truth using a Karnaugh map generation technique; and
generation the Boolean function based on the generated Karnaugh map using a Karnaugh map to Boolean function generation technique.
6. The method as claimed in claim 1, wherein if the recommended authentication factor is OTP, authentication is provided to the user only if the geographic location of the user login device and the geographic location of the OTP received device are equal.
7. A system (100) comprising:
at least one memory (104) storing programmed instructions; one or more Input /Output (I/O) interfaces (112); and one or more hardware processors (102) operatively coupled to the at least one memory (104), wherein the one or more hardware processors (102) are configured by the programmed instructions to:
receive a plurality of authentication parameters from an authentication request associated with a user, wherein the plurality of authentication parameters comprise a login device Identification (ID) number, a geographic location, an android ID, a login device Universal Unique ID (UUID), a Media Access Control (MAC) address, a login time, and an Internet Protocol (IP) address;
classify the plurality of authentication parameters into a plurality of normal parameters and a plurality of abnormal parameters based on a corresponding threshold associated with each of the plurality of authentication parameters and a corresponding Probability Density Chart (PDC), wherein the plurality of authentication parameters falling below the corresponding threshold in the corresponding PDC are classified as the plurality of normal parameters and, wherein the plurality of authentication parameters falling above the corresponding threshold in the corresponding PDC are classified as the plurality of abnormal parameters;
generate a Boolean value corresponding to each of the plurality of parameters based on the classification, wherein the Boolean value associated with each of the plurality of normal parameters is set to one and the Boolean value associated with each of the plurality of abnormal parameters are set to zero;
compute a recommendation value based on the Boolean value corresponding to each of the plurality of authentication parameters using a Boolean function, wherein the Boolean function is generated based on a plurality of historical authentication parameters using a Boolean expression simplification technique; and
recommend at least one authentication factor from a plurality of authentication factors based on the recommendation value, wherein the plurality of authentication factors comprises a One Time Password (OTP) based authentication, a Security Question (SQ) based authentication and a biometric based authentication.
8. The system of claim 7, wherein the dynamic PDC corresponding to each of the plurality of authentication parameters is updated after each login.
9. The system of claim 7, wherein generating the dynamic PDC corresponding to each of the plurality of authentication parameters comprises:
computing a probability value for each of a plurality of historical values corresponding to each of the plurality of authentication parameters; and
generating a PDC for each of the plurality of authentication parameters based on a corresponding plurality of probability values using a PDC generation technique;
10. The system of claim 7, wherein the corresponding threshold is computed by dividing a number of normal logins by a total number of abnormal logins corresponding to each of the plurality of authentication parameters.
11. The system of claim 7, wherein generating the Boolean function based on a plurality of historical authentication parameters using the Boolean expression simplification technique comprises:
receiving the plurality of historical authentication parameters;
generating a truth table based on a plurality of combinations corresponding to each of the plurality of historical authentication parameters;
generating the Karnaugh map based on the truth using a Karnaugh map generation technique; and
generation the Boolean function based on the generated Karnaugh map using a Karnaugh map to Boolean function generation technique.
12. The system of claim 7, wherein if the recommended authentication factor is OTP, authentication is provided to the user only if the geographic location of the user login device and the geographic location of the OTP received device are equal.

Dated this 3rd day of March 2022

(Adheesh Nargolkar)
of Khaitan & Co
Reg No IN-PA-1086 , Description: FORM 2

THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENT RULES, 2003

COMPLETE SPECIFICATION
(See Section 10 and Rule 13)

Title of invention:

METHOD AND SYSTEM FOR DYNAMIC CONTEXT BASED AUTHENTICATION FACTOR RECOMMENDATION

Applicant
Tata Consultancy Services Limited
A company Incorporated in India under the Companies Act, 1956
Having address:
Nirmal Building, 9th floor,
Nariman point, Mumbai 400021,
Maharashtra, India

Preamble to the description:
The following specification particularly describes the invention and the manner in which it is to be performed.
TECHNICAL FIELD
The disclosure herein generally relates to the field of cyber security and, more particularly, to a method and system for dynamic context based authentication factor recommendation.
BACKGROUND
Authentication is a process of confirming digital identity of users before allowing access to restricted resources. There are various types of authentication mechanisms and password based authentication is a most common type of authentication mechanism. However, the password based authentication system is vulnerable to attacks like password stealing, password sharing and password guessing. Many organizations are using a Second Factor Authentication (SFA) like OTP, Security Question to improve the security. However, these SFAs have their own problems like the OTP may be sent to the same device (for example, to a device stolen from a user) from which the user/attacker is trying to login or the usual security questions are easily answered by close friends. Similarly, a forgot password (Fall back Authentication) link helps the attacker to use a SFA service to login to the account.
Conventional methods are mainly focusing on multifactor authentication and context based authentication mechanisms. However, the conventional applications using multi factor authentication mechanisms are based on fixed lookup tables and trust values. The fixed lookup table and trust value based methods are time consuming and limited to predefined parameters which leads to false positives and false negatives. Further, the conventional context based authentication techniques are focusing mainly on a fixed number of static parameter values like time and location of the user. However, actual context based authentication is not possible through the conventional methods since the conventional methods fails to address frequently changing context of the users in recommending authentication factors.

SUMMARY
Embodiments of the present disclosure present technological improvements as solutions to one or more of the above-mentioned technical problems recognized by the inventors in conventional systems. For example, in one embodiment, a method for dynamic context based authentication factor recommendation is provided. The method includes receiving, by one or more hardware processors, a plurality of authentication parameters from an authentication request associated with a user, wherein the plurality of authentication parameters comprise a login device Identification (ID) number, a geographic location, an android ID, a login device Universal Unique ID (UUID), a Media Access Control (MAC) address, a login time, and an Internet Protocol (IP) address. Further, the method includes classifying, by the one or more hardware processors, the plurality of authentication parameters into a plurality of normal parameters and a plurality of abnormal parameters based on a corresponding threshold associated with each of the plurality of authentication parameters and a corresponding Probability Density Chart (PDC), wherein the plurality of authentication parameters falling below the corresponding threshold in the corresponding PDC are classified as the plurality of normal parameters and, wherein the plurality of authentication parameters falling above the corresponding threshold in the corresponding PDC are classified as the plurality of abnormal parameters. Furthermore, the method includes generating, by the one or more hardware processors, a Boolean value corresponding to each of the plurality of parameters based on the classification, wherein the Boolean value associated with each of the plurality of normal parameters is set to one and the Boolean value associated with each of the plurality of abnormal parameters are set to zero. Furthermore, the method includes, computing, by the one or more hardware processors, a recommendation value based on the Boolean value corresponding to each of the plurality of authentication parameters using a Boolean function, wherein the Boolean function is generated based on a plurality of historical authentication parameters using a Boolean expression simplification technique. Finally, the method includes recommending, by the one or more hardware processors, at least one authentication factor from a plurality of authentication factors based on the recommendation value, wherein the plurality of authentication factors comprises a One Time Password (OTP) based authentication, a Security Question (SQ) based authentication and a biometric based authentication.
In another aspect, a system for dynamic context based authentication factor recommendation is provided. The system includes at least one memory storing programmed instructions, one or more Input /Output (I/O) interfaces, and one or more hardware processors operatively coupled to the at least one memory, wherein the one or more hardware processors are configured by the programmed instructions to receive
a plurality of authentication parameters from an authentication request associated with a user, wherein the plurality of authentication parameters comprise a login device Identification (ID) number, a geographic location, an android ID, a login device Universal Unique ID (UUID), a Media Access Control (MAC) address, a login time, and an Internet Protocol (IP) address. Further, the one or more hardware processors are configured by the programmed instructions to classify the plurality of authentication parameters into a plurality of normal parameters and a plurality of abnormal parameters based on a corresponding threshold associated with each of the plurality of authentication parameters and a corresponding Probability Density Chart (PDC), wherein the plurality of authentication parameters falling below the corresponding threshold in the corresponding PDC are classified as the plurality of normal parameters and, wherein the plurality of authentication parameters falling above the corresponding threshold in the corresponding PDC are classified as the plurality of abnormal parameters. Furthermore, the one or more hardware processors are configured by the programmed instructions to generate a Boolean value corresponding to each of the plurality of parameters based on the classification, wherein the Boolean value associated with each of the plurality of normal parameters is set to one and the Boolean value associated with each of the plurality of abnormal parameters are set to zero. Furthermore, the one or more hardware processors are configured by the programmed instructions to compute a recommendation value based on the Boolean value corresponding to each of the plurality of authentication parameters using a Boolean function, wherein the Boolean function is generated based on a plurality of historical authentication parameters using a Boolean expression simplification technique. Finally, the one or more hardware processors are configured by the programmed instructions to recommend at least one authentication factor from a plurality of authentication factors based on the recommendation value, wherein the plurality of authentication factors comprises a One Time Password (OTP) based authentication, a Security Question (SQ) based authentication and a biometric based authentication.
In yet another aspect, a computer program product including a non-transitory computer-readable medium having embodied therein a computer program for dynamic context based authentication factor recommendation is provided. The computer readable program, when executed on a computing device, causes the computing device to receive a plurality of authentication parameters from an authentication request associated with a user, wherein the plurality of authentication parameters comprise a login device Identification (ID) number, a geographic location, an android ID, a login device Universal Unique ID (UUID), a Media Access Control (MAC) address, a login time, and an Internet Protocol (IP) address. Further, the computer readable program, when executed on a computing device, causes the computing device to classify the plurality of authentication parameters into a plurality of normal parameters and a plurality of abnormal parameters based on a corresponding threshold associated with each of the plurality of authentication parameters and a corresponding Probability Density Chart (PDC), wherein the plurality of authentication parameters falling below the corresponding threshold in the corresponding PDC are classified as the plurality of normal parameters and, wherein the plurality of authentication parameters falling above the corresponding threshold in the corresponding PDC are classified as the plurality of abnormal parameters. Furthermore, the computer readable program, when executed on a computing device, causes the computing device to generate a Boolean value corresponding to each of the plurality of parameters based on the classification, wherein the Boolean value associated with each of the plurality of normal parameters is set to one and the Boolean value associated with each of the plurality of abnormal parameters are set to zero. Furthermore, the computer readable program, when executed on a computing device, causes the computing device to compute a recommendation value based on the Boolean value corresponding to each of the plurality of authentication parameters using a Boolean function, wherein the Boolean function is generated based on a plurality of historical authentication parameters using a Boolean expression simplification technique. Finally, the computer readable program, when executed on a computing device, causes the computing device to recommend at least one authentication factor from a plurality of authentication factors based on the recommendation value, wherein the plurality of authentication factors comprises a One Time Password (OTP) based authentication, a Security Question (SQ) based authentication and a biometric based authentication.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated in and constitute a part of this disclosure, illustrate exemplary embodiments and, together with the description, serve to explain the disclosed principles:
FIG. 1 is a functional block diagram of a system for dynamic context based authentication factor recommendation, in accordance with some embodiments of the present disclosure.
FIG. 2 is an exemplary flow diagram illustrating a processor implemented method for dynamic context based authentication factor recommendation, implemented by the system of FIG. 1, in accordance with some embodiments of the present disclosure.
FIG. 3 illustrates an example Probability Density Chart (PDC), in accordance with some embodiments of the present disclosure.
FIG. 4 is an overall functional architecture for the processor implemented method for dynamic context based authentication factor recommendation implemented by the system of FIG. 1, in accordance with some embodiments of the present disclosure.

DETAILED DESCRIPTION OF EMBODIMENTS
Exemplary embodiments are described with reference to the accompanying drawings. In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. Wherever convenient, the same reference numbers are used throughout the drawings to refer to the same or like parts. While examples and features of disclosed principles are described herein, modifications, adaptations, and other implementations are possible without departing from the spirit and scope of the disclosed embodiments.
Conventional multi factor authentication mechanisms are based on a fixed lookup tables and trust values. The fixed lookup table and trust value based methods are time consuming and limited to predefined parameters which leads to false positives and false negatives. Further, the conventional context based authentication techniques are focusing mainly on a fixed number of static parameter values like time and location of the user and fails to provide a dynamic context based authentication factor recommendation.
Embodiments herein provide a method and system for dynamic context based authentication factor recommendation. The present disclosure is capable of providing a dynamic context based authentication factor recommendation. Initially, the system receives a plurality of authentication parameters from an authentication request associated with a user. The plurality of authentication parameters includes a geographic location, an android ID, a login device Universal Unique ID (UUID), a Media Access Control (MAC) address, a login time, and an Internet Protocol (IP) address. Further, the plurality of authentication parameters are classified into a plurality of normal parameters and a plurality of abnormal parameters based on a corresponding threshold and a corresponding Probability Density Chart (PDC). After classification, a Boolean value corresponding to each of the plurality of parameters are generated based on the classification. The Boolean value associated with each of the plurality of normal parameters are set to one and the Boolean value associated with each of the plurality of abnormal parameters are set to zero. Post generating the Boolean value, a recommendation value is computed based on the Boolean value corresponding to each of the plurality of authentication parameters using a Boolean function. The Boolean function is generated based on the plurality of historical authentication parameters using a Boolean expression simplification technique. Finally, at least one authentication factor from a plurality of authentication factors is recommended based on the recommendation value. The plurality of authentication factors includes a One Time Password (OTP) based authentication, a Security Question (SQ) based authentication and a biometric based authentication.
Referring now to the drawings, and more particularly to FIGS. 1 through 4, where similar reference characters denote corresponding features consistently throughout the figures, there are shown preferred embodiments and these embodiments are described in the context of the following exemplary system and/or method.
FIG. 1 is a functional block diagram of an onboard system connected to a mobile robot for dynamic context based authentication factor recommendation, in accordance with some embodiments of the present disclosure. The system 100 includes or is otherwise in communication with hardware processors 102, at least one memory such as a memory 104, an I/O interface 112. The hardware processors 102, memory 104, and the Input /Output (I/O) interface 112 may be coupled by a system bus such as a system bus 108 or a similar mechanism. In an embodiment, the hardware processors 102 can be one or more hardware processors.
The I/O interface 112 may include a variety of software and hardware interfaces, for example, a web interface, a graphical user interface, and the like. The I/O interface 112 may include a variety of software and hardware interfaces, for example, interfaces for peripheral device(s), such as a keyboard, a mouse, an external memory, a printer and the like. Further, the I/O interface 112 may enable the system 100 to communicate with other devices, such as web servers, and external databases. For example, other devices comprises a plurality of sensors and a plurality of camera
The I/O interface 112 can facilitate multiple communications within a wide variety of networks and protocol types, including wired networks, for example, local area network (LAN), cable, etc., and wireless networks, such as Wireless LAN (WLAN), cellular, or satellite. For the purpose, the I/O interface 112 may include one or more ports for connecting several computing systems with one another or to another server computer. The I/O interface 112 may include one or more ports for connecting several devices to one another or to another server.
The one or more hardware processors 102 may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, node machines, logic circuitries, and/or any devices that manipulate signals based on operational instructions. Among other capabilities, the one or more hardware processors 102 is configured to fetch and execute computer-readable instructions stored in the memory 104.
The memory 104 may include any computer-readable medium known in the art including, for example, volatile memory, such as static random access memory (SRAM) and dynamic random access memory (DRAM), and/or non-volatile memory, such as read only memory (ROM), erasable programmable ROM, flash memories, hard disks, optical disks, and magnetic tapes. In an embodiment, the memory 104 includes a plurality of modules 106. The memory 104 also includes a data repository (or repository) 110 for storing data processed, received, and generated by the plurality of modules 106.
The plurality of modules 106 include programs or coded instructions that supplement applications or functions performed by the system 100 for dynamic context based authentication factor recommendation. The plurality of modules 106, amongst other things, can include routines, programs, objects, components, and data structures, which performs particular tasks or implement particular abstract data types. The plurality of modules 106 may also be used as, signal processor(s), node machine(s), logic circuitries, and/or any other device or component that manipulates signals based on operational instructions. Further, the plurality of modules 106 can be used by hardware, by computer-readable instructions executed by the one or more hardware processors 102, or by a combination thereof. The plurality of modules 106 can include various sub-modules (not shown). The plurality of modules 106 may include computer-readable instructions that supplement applications or functions performed by the system 100 for the context based authentication factor recommendation. In an embodiment, the plurality of modules 106 includes a classification module (shown in FIG. 4), a Boolean value generation module (shown in FIG. 4), a recommendation value computation module (shown in FIG. 4) and a recommendation module (shown in FIG. 4). FIG. 4 is an overall functional architecture for the processor implemented method for dynamic context based authentication factor recommendation implemented by the system of FIG. 1, in accordance with some embodiments of the present disclosure.
The data repository (or repository) 110 may include a plurality of abstracted piece of code for refinement and data that is processed, received, or generated as a result of the execution of the plurality of modules in the module(s) 106.
Although the data repository 110 is shown internal to the system 100, it will be noted that, in alternate embodiments, the data repository 110 can also be implemented external to the system 100, where the data repository 110 may be stored within a database (repository 110) communicatively coupled to the system 100. The data contained within such external database may be periodically updated. For example, new data may be added into the database (not shown in FIG. 1) and/or existing data may be modified and/or non-useful data may be deleted from the database. In one example, the data may be stored in an external system, such as a Lightweight Directory Access Protocol (LDAP) directory and a Relational Database Management System (RDBMS).
FIG. 2 is an exemplary flow diagram illustrating a method 200 for dynamic context based authentication factor recommendation implemented by the system of FIG. 1 according to some embodiments of the present disclosure. In an embodiment, the system 100 includes one or more data storage devices or the memory 104 operatively coupled to the one or more hardware processor(s) 102 and is configured to store instructions for execution of steps of the method 200 by the one or more hardware processors 102. The steps of the method 200 of the present disclosure will now be explained with reference to the components or blocks of the system 100 as depicted in FIG. 1 and FIG. 4 and the steps of flow diagram as depicted in FIG. 2. The method 200 may be described in the general context of computer executable instructions. Generally, computer executable instructions can include routines, programs, objects, components, data structures, procedures, modules, functions, etc., that perform particular functions or implement particular abstract data types. The method 200 may also be practiced in a distributed computing environment where functions are performed by remote processing devices that are linked through a communication network. The order in which the method 200 is described is not intended to be construed as a limitation, and any number of the described method blocks can be combined in any order to implement the method 200, or an alternative method. Furthermore, the method 200 can be implemented in any suitable hardware, software, firmware, or combination thereof.
At step 202 of the method 200, the one or more hardware processors 102 are configured by the programmed instructions to receive the plurality of authentication parameters from an authentication request associated with a user. For example, the plurality of authentication parameters includes a geographic location (for example “41.40338, 2.17403”), an android ID, a login device Universal Unique ID (UUID) (for example “8f14a65f-3032-42c8-a196-1cf55d11b930”), a Media Access Control (MAC) address (for example “00:00:5e:00:53:bf”), a login time (for example “16:15:44”), and an Internet Protocol (IP) address (for example “190.155.1.120”).
At step 204 of the method 200, the classification module (402) executed by the one or more hardware processors 102 is configured by the programmed instructions to classify the plurality of authentication parameters into the plurality of normal parameters and the plurality of abnormal parameters using the corresponding threshold associated with each of the plurality of authentication parameters and the corresponding Probability Density Chart (PDC). The plurality of authentication parameters falling below the corresponding threshold in the corresponding PDC are classified as the plurality of normal parameters and the plurality of authentication parameters falling above the corresponding threshold in the corresponding PDC are classified as the plurality of abnormal parameters. The threshold and the dynamic PDC corresponding to each of the plurality of authentication parameters are updated after each login.
In an embodiment, the dynamic PDC corresponding to each of the plurality of authentication parameters is generated by initially computing a probability value for each of a plurality of historical values corresponding to each of the plurality of authentication parameters. Further the PDC, for each of the plurality of authentication parameters, is generated based on the corresponding plurality of probability values using a PDC generation technique. For example, the PDC generation technique initially sorts the corresponding plurality of probability values in descending order. Further the corresponding PDC is generated based on the sorted corresponding plurality of probability values associated with each of the plurality of authentication parameters.
In an embodiment, the threshold corresponding to each of the plurality of authentication parameters is computed by dividing a number of (normal) successful logins by a total number of successful (abnormal) logins based on the corresponding authentication parameter. For example, if there are 100 successful logins at a particular point of time for a user using MAC address, out of them 80 times it looked like normal MAC address and 20 times it looked like abnormal MAC address then the threshold for MAC address is 80/100 i.e. 0.8.
In an embodiment, the corresponding threshold ranges between 0.5 and 0.9. In another embodiment, the threshold can be updated by an administrator based on the application requirement.
The PDC referred in step 204 is explained in conjunction with FIG. 3, which illustrates an example Probability Density Chart (PDC), in accordance with some embodiments of the present disclosure. Now referring to FIG. 3, the PD for the authentication parameter “UUID” for a plurality of devices of a user is illustrated. For example, if the data set for the “UUID” is {a, b, c, a, a, b, a, a, d, b}, which indicates that the corresponding user used the device ‘a’ for five times, device ‘b’ for three times, device ‘c’ for one time and device ‘d’ for one time. Initially, a probability value for each of the plurality of devices are computed. For example, considering the above dataset, the probability for device ‘a’ is 0.5, device ‘b’ is 0.3, device ‘c’ and ‘d’ is 0.1. Further, the PDC for the corresponding user is generated based on the computed probability as shown in FIG. 3. Now referring to FIG. 3, 302 is the PD for the device ‘a’, 304 is the PD for device ‘b’, 306 is the PD for device ‘c’ and 308 is the PD for device ‘d’.
For example, if the threshold of the UUID authentication parameter is 0.8, then by referring the corresponding PDC as shown in FIG. 3, the plurality of devices falling below the corresponding threshold (0.8 in this example) are the normal devices. In this example, the normal devices are device ‘a’ and the device ‘b’. For example, if a user login through device ‘a’ or device ‘b’, the login is considered as normal and if the same user logins with other devices, then the login is considered as abnormal.
Similarly, the plurality of normal parameters and the plurality of abnormal parameters are identified based on the corresponding threshold and the corresponding dynamic PDC.
In an embodiment, if the user stops using device 'b' and starts using a new device 'e', now referring to the corresponding PDCs (PDC corresponding to each of the plurality of authentication parameters) the device 'b' moves to the right of PDC over time and device 'e' moves to the left of the corresponding PDCs which makes the device 'b' abnormal and device 'e' normal. This is achieved using the dynamic PDC of the present disclosure.
Referring back to method 200, at step 206, the Boolean value generation module executed by the one or more hardware processors 102 is configured by the programmed instructions to generate a Boolean value corresponding to each of the plurality of parameters based on the classification. The Boolean value associated with each of the plurality of normal parameters are set to one and the Boolean value associated with each of the plurality of abnormal parameters are set to zero as shown in Table I.
Table I
Sl. No Authentication parameters Normal/Abnormal
1 geographic location 0
2 android ID 0
3 login device UUID 1
4 MAC address 0
5 IP address 1

At step 208 of the method 200, the recommendation value computation module executed by the one or more hardware processors 102 is configured by the programmed instructions to compute the recommendation value based on the Boolean value corresponding to each of the plurality of authentication parameters using a Boolean function. The Boolean function is generated based on the plurality of historical authentication parameters using a Boolean expression simplification technique. For example, the Boolean expression simplification technique used here is a Quine-McClusky reduction technique.
Table II
Input Output
MAC Address (a) IP Address (b) Geographic location (c) Login time
(d) Android Id
(e) F1 F2
0 0 0 0 0 0 0
0 0 0 1 0 1 1
0 0 1 0 0 1 0
.
.
. .
.
. .
.
. .
.
. .
.
. .
.
. .
.
.
1 1 1 1 1 0 1

In an embodiment, the Boolean expression simplification technique initially receives the plurality of historical authentication parameters. Further, a truth table is generated as shown in Table II based on a plurality of combinations corresponding to each of the plurality of historical authentication parameters. Further, the Karnaugh map (K-map) is generated based on the truth using a Karnaugh map generation technique. Finally, the Boolean function is generated based on the generated K-map using a Karnaugh map to Boolean function generation technique. For example, the Boolean function for generated for the example truth table and the corresponding K-map is as given in equations (1) and (2). Now referring to the equations (1) and (2), the variable ‘e’ is removed by the Boolean function generation technique the MAC Address and the Android ID changes with a change in device. Further, the recommendation value is computed using the equations (1) and (2). For example, the recommendation value can be 01. 0 is the output of F1, 1 is of F2. This 01 will be corresponded to one of the authentication factor for example Security Question (SQ). In an embodiment, the recommendation value “00” recommends the OTP based authentication and “01” recommends the SQ based authentication. Similarly, more number of authentications can be included by increasing the number of Authentication functions and increasing the number of authentication parameters.
F1 = (~a)(~b)c(~d) + ab(~c)(~d) + (~a)(~c)d +(~a)bd ….(1)
F2 = ab(~c)(~d) + (~a)(~c)d + bcd ………………..(2)
At step 212 of the method 200, the recommendation module executed by the one or more hardware processors 102 is configured by the programmed instructions to recommending at least one authentication factor from a plurality of authentication factors based on the recommendation value. The plurality of authentication factors comprises a One Time Password (OTP) based authentication, a Security Question (SQ) based authentication and a biometric based authentication.
In an embodiment, if the recommended authentication factor is OTP, the geographic location of the OTP received device is identified and verified whether it is in the vicinity of login device location. The login is allowed only if the OTP received device and the login device are in the same geographic location.
In an embodiment, a plurality of possible scenarios and the corresponding authentication factor recommendation is shown in Table III.
Table III
Unique ID (A) IP address (B) Location (C) Login time (D) Possible scenarios Authentication factor
Abnormal (AN)
AN
AN
AN May be some random person (Hacker) trying to get access. Can use phishing to get OTP Security Question (SQ)

AN
AN
AN Normal (N) May be some random person (Hacker) trying to get access. Can use phishing to get OTP
SQ

AN
AN

N

AN
1. Colleague trying to access from his device
2. User trying to login from colleague's device
OTP

AN

AN

N

N
1. Colleague trying to access from his device
2. User trying to login from colleague's device
OTP

AN
N
AN
AN Not possible (Unusual location – Ip address can’t be usual) -

AN
N
AN
N Not possible (Unusual location – Ip address can’t be usual) -

AN
N
N

AN
1. Colleague trying to access from his device
2. User trying to login from colleague's device
OTP

AN

N

N

N
1. Colleague trying to access from his device
2. User trying to login from colleague's device
OTP

N

AN

AN

AN
1. User trying to login from different location
2. Someone trying to login from stolen phone
SQ

N

AN

AN

N
1. User trying to login from different location
2. Someone trying to login from stolen phone
SQ

N

AN

N

AN
1. User trying to login in at different time
2. An employee in same organization trying to login
3. A family member trying to login from phone/PC

SQ
N AN N N Normal Login OTP/SQ

N
N
AN
AN Not possible (Unusual location – Ip address can’t be usual) -

N
N
AN
N Not possible (Unusual location – Ip address can’t be usual) -

N

N

N

AN
1. User trying to login in at different time
2. An employee in same organization trying to login
3. A family member trying to login from phone/PC

SQ
N N N N Normal Login OTP/SQ

The written description describes the subject matter herein to enable any person skilled in the art to make and use the embodiments. The scope of the subject matter embodiments is defined by the claims and may include other modifications that occur to those skilled in the art. Such other modifications are intended to be within the scope of the claims if they have similar elements that do not differ from the literal language of the claims or if they include equivalent elements with insubstantial differences from the literal language of the claims.
The embodiments of present disclosure herein address the unresolved problem of providing a dynamic context based authentication mechanism using a threshold and dynamic PDC based classification mechanism. The method of updating the dynamic PDC provides more accurate classification of normal and abnormal authentication parameters. Further the suitable authentication factor is decided based on the normal and abnormal authentication parameters. Further, the present disclosure stores the lookup table as a Boolean function not only reduces memory consumption but also increases the speed of computation.
It is to be understood that the scope of the protection is extended to such a program and in addition to a computer-readable means having a message therein such computer-readable storage means contain program-code means for implementation of one or more steps of the method when the program runs on a server or mobile device or any suitable programmable device. The hardware device can be any kind of device which can be programmed including e.g. any kind of computer like a server or a personal computer, or the like, or any combination thereof. The device may also include means which could be e.g. hardware means like e.g. an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA), or a combination of hardware and software means, e.g. an ASIC and an FPGA, or at least one microprocessor and at least one memory with software modules located therein. Thus, the means can include both hardware means and software means. The method embodiments described herein could be implemented in hardware and software. The device may also include software means. Alternatively, the embodiments may be implemented on different hardware devices, e.g. using a plurality of CPUs, GPUs and edge computing devices.
The embodiments herein can comprise hardware and software elements. The embodiments that are implemented in software include but are not limited to, firmware, resident software, microcode, etc. The functions performed by various modules described herein may be implemented in other modules or combinations of other modules. For the purposes of this description, a computer-usable or computer readable medium can be any apparatus that can comprise, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. The illustrated steps are set out to explain the exemplary embodiments shown, and it should be anticipated that ongoing technological development will change the manner in which particular functions are performed. These examples are presented herein for purposes of illustration, and not limitation. Further, the boundaries of the functional building blocks have been arbitrarily defined herein for the convenience of the description. Alternative boundaries can be defined so long as the specified functions and relationships thereof are appropriately performed. Alternatives (including equivalents, extensions, variations, deviations, etc., of those described herein) will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein. Such alternatives fall within the scope and spirit of the disclosed embodiments. Also, the words “comprising,” “having,” “containing,” and “including,” and other similar forms are intended to be equivalent in meaning and be open ended in that an item or items following any one of these words is not meant to be an exhaustive listing of such item or items, or meant to be limited to only the listed item or items. It must also be noted that as used herein and in the appended claims, the singular forms “a,” “an,” and “the” include plural references unless the context clearly dictates otherwise. Furthermore, one or more computer-readable storage media may be utilized in implementing embodiments consistent with the present disclosure. A computer-readable storage medium refers to any type of physical memory on which information or data readable by a processor may be stored. Thus, a computer-readable storage medium may store instructions for execution by one or more processors, including instructions for causing the processor(s) to perform steps or stages consistent with the embodiments described herein. The term “computer-readable medium” should be understood to include tangible items and exclude carrier waves and transient signals, i.e. non-transitory. Examples include random access memory (RAM), read-only memory (ROM), volatile memory, nonvolatile memory, hard drives, CD ROMs, DVDs, flash drives, disks, and any other known physical storage media.
It is intended that the disclosure and examples be considered as exemplary only, with a true scope of disclosed embodiments being indicated by the following claims.