Search

US-12619690-B2 - Type-1 authentication based on AI-generated queries

US12619690B2US 12619690 B2US12619690 B2US 12619690B2US-12619690-B2

Abstract

A method and electronic device for type-1 authentication based on AI-generated queries is provided. The method includes receiving, via a user device, a request to access a user account and extracting, based on the request, a NL query of a set of NL queries that is generated based on information associated with a personal life of the user. The method further includes controlling the user device to render the NL query and receiving a response to the NL query from the user device. The method further includes determining a weighted score for the response based on application of a ML model on the response. The weighted score indicates a level of difficulty of the NL query and an accuracy of the response with respect to a NL response for the NL query. The method further includes authenticating the request if the weighted score is above a threshold score.

Inventors

  • Yoji Kawamoto
  • MADHVESH SULIBHAVI
  • Jaison Joseph

Assignees

  • Sony Group Corporation

Dates

Publication Date
20260505
Application Date
20230331

Claims (20)

  1. 1 . A method, comprising: receiving, via a web client on a user device, a request to access a user account associated with a web-based application; extracting a first natural language (NL) query from a query database based on the received request, wherein the query database includes a set of NL queries that is based on information associated with a personal life of a user, and the set of NL queries includes the extracted first NL query; controlling the user device associated with the user to render the extracted first NL query; receiving a first user response to the rendered first NL query from the user device; determining, based on an application of a first machine learning (ML) model on the received first user response, a first weighted score for the received first user response, wherein the determined first weighted score indicates: a level of difficulty associated with the rendered first NL query, and an accuracy of the received first user response with respect to a NL response for the rendered first NL query, and the query database includes the NL response; and authenticating the received request based on the determined first weighted score that is above a threshold score.
  2. 2 . The method according to claim 1 , wherein the query database is a graph database that includes the set of NL queries and a set of NL responses corresponding to the set of NL queries, and the set of NL responses includes the NL response.
  3. 3 . The method according to claim 2 , wherein nodes of the graph database represent the set of NL queries, an edge between each pair of the nodes in the graph database is indicative of a presence of a semantic relationship between a corresponding pair of NL queries from the set of NL queries, and a distance between the each pair of the nodes in the graph database is indicative of a strength the semantic relationship.
  4. 4 . The method according to claim 1 , further comprising updating weight parameters of the first ML model based on the authentication of the received request and the determined first weighted score.
  5. 5 . The method according to claim 1 , further comprising: receiving the information associated with the personal life of the user from an information source; extracting a set of key-value pairs from the received information; generating a set of paragraphs from the extracted set of key-value pairs, wherein each paragraph of the generated set of paragraphs is associated with a key-value pair of the extracted set of key-value pairs, and the each paragraph of the generated set of paragraphs corresponds to an aspect of the personal life; generating the set of NL queries based on an application of a second ML model on the generated set of paragraphs; and generate a subset of NL queries of the generated set of NL queries for the each paragraph of the generated set of paragraphs.
  6. 6 . The method according to claim 5 , further comprising: determining, based on at least one paragraph of the generated set of paragraphs, a semantic relationship between each pair of NL queries of the set of NL queries; and assigning a weight to each NL query of the set of NL queries based on a level of difficulty associated with a corresponding NL query of the set of NL queries and the determined semantic relationship, wherein the query database includes the assigned weight and the determined semantic relationship for the each NL query of the set of NL queries.
  7. 7 . The method according to claim 6 , further comprising: determining, based on the determined first weighted score that is below the threshold score, a requirement to extract a second NL query from the query database, wherein the set of NL queries includes the second NL query; and extracting the second NL query from the query database based on the determined requirement.
  8. 8 . The method according to claim 7 , further comprising extracting the second NL query further based on at least one of the received first user response or the determined semantic relationship between the rendered first NL query and the second NL query.
  9. 9 . The method according to claim 7 , further comprising: controlling the user device to further render the extracted second NL query; receiving a second user response to the rendered second NL query from the user device; determining, based on the application of the first ML model on the received second user response, a second weighted score for the received second user response; computing a sum of the determined first weighted score and the determined second weighted score; and authenticating the received request further based on the computed sum that is above the threshold score.
  10. 10 . The method according to claim 9 , further comprising: updating, based on the authentication of the received request, the determined semantic relationship of at least one pair of NL queries of the set of NL queries in the query database; and updating, based on the updated semantic relationship, the assigned weight of the at least one pair of NL queries of the set of NL queries.
  11. 11 . The method according to claim 1 , further comprising issuing an authentication token to the web client based on the authentication of the received request.
  12. 12 . The method according to claim 11 , wherein the authentication is a type-1 authentication, and the authentication token is used to initiate a process for a type-2 authentication of the received request.
  13. 13 . An electronic device, comprising: a memory configured to store a first machine learning (ML) model and a second ML model; and circuitry configured to: receive, via a web client on a user device, a request to access a user account associated with a web-based application; extract a first natural language (NL) query from a query database based on the received request, wherein the query database includes a set of NL queries that is based on information associated with a personal life of a user, and the set of NL queries includes the extracted first NL query; control the user device associated with the user to render the extracted first NL query; receive a first user response to the rendered first NL query from the user device; determine, based on an application of the stored first ML model on the received first user response, a first weighted score for the received first user response, wherein the determined first weighted score indicates: a level of difficulty associated with the rendered first NL query; and an accuracy of the received first user response with respect to a NL response for the first NL query, and the query database includes the NL response; and authenticate the received request based on the determined first weighted score that is above a threshold score.
  14. 14 . The electronic device according to claim 13 , wherein the circuitry is further configured to: receive the information associated with the personal life of the user from an information source; extract a set of key-value pairs from the received information; generate a set of paragraphs from the set of key-value pairs, wherein each paragraph of the generated set of paragraphs is associated with a key-value pair of the set of key-value pairs, and the each paragraph of the generated set of paragraphs corresponds to an aspect of the personal life; generate the set of NL queries based on an application of the stored second ML model on the generated set of paragraphs; and generate a subset of NL queries of the generated set of NL queries for the each paragraph of the generated set of paragraphs.
  15. 15 . The electronic device, according to claim 14 , wherein the circuitry is further configured to: determine, based on at least one paragraph of the generated set of paragraphs, a semantic relationship between each pair of NL queries of the set of NL queries; and assign a weight to each NL query of the set of NL queries based on a level of difficulty associated with a corresponding NL query of the set of NL queries and the determined semantic relationship, wherein the query database includes the assigned weight and the determined semantic relationship for each NL query of the set of NL queries.
  16. 16 . The electronic device, according to claim 15 , wherein the circuitry is further configured to: determine, based on the determined first weighted score that is below the threshold score, a requirement to extract a second NL query from the query database, wherein the set of NL queries includes the second NL query; and extract the second NL query from the query database based on the determined requirement.
  17. 17 . The electronic device according to claim 16 , wherein the circuitry is further configured to extract the second NL query further based on at least one of the received first user response or the determined semantic relationship between the rendered first NL query and the second NL query.
  18. 18 . The electronic device according to claim 16 , wherein the circuitry is further configured to: control the user device to further render the extracted second NL query; receive a second user response to the rendered second NL query from the user device; determine, based on the application of the first ML model on the second user response, a second weighted score for the received second user response; compute a sum of the determined first weighted score and the determined second weighted score; and authenticate the received request further based on the computed sum that is above the threshold score.
  19. 19 . The electronic device according to claim 13 , wherein the circuitry is further configured to issue an authentication token to the web client based on the authentication of the received request.
  20. 20 . A non-transitory computer-readable medium having stored thereon, computer-executable instructions that, when executed by an electronic device, causes the electronic device to perform operations, the operations comprising: receiving, via a web client on a user device, a request to access a user account associated with a web-based application; extracting a first natural language (NL) query from a query database based on the received request, wherein the query database includes a set of NL queries that is based on information associated with a personal life of a user, and the set of NL queries includes the extracted first NL query; controlling the user device associated with the user to render the extracted first NL query; receiving a first user response to the rendered first NL query from the user device; determining, based on an application of a first machine learning (ML) model on the received first user response, a first weighted score for the received first user response, wherein the determined first weighted score indicates: a level of difficulty associated with the rendered first NL query; and an accuracy of the received first user response with respect to a NL response for the rendered first NL query, and the query database includes the NL response; authenticating the received request based on the determined first weighted score that is above a threshold score.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS/INCORPORATION BY REFERENCE None. FIELD Various embodiments of the disclosure relate to information security and multi-factor authentication. More specifically, various embodiments of the disclosure relate to type-1 authentication based on artificial intelligence (AI)-generated queries. BACKGROUND Advancements in the field of information security have led to development of various authentication options. A multifactor authentication (MFA) is one such option that requires a user to provide valid responses to two or more authentication factors to obtain access to a system such as a website or an application. Typically, authentication requests from the user may be authenticated based on at least one of information known to the user (for type-1 authentication factor), information that may be transmitted to devices or included in transaction cards (for type-2 authentication factor), unique features of the user (for type-3 authentication factor), or a location of the user. Type-1 authentication may be used to verify whether the user knows specific information such as passwords or passcodes. Type-2 authentication may be used to verify whether the user has access to the devices where codes or one-time-passwords may be sent or the transaction cards that include codes and card numbers. Type-3 authentication may be used to verify whether the user, requesting access to a machine or a protected space, is a certified, genuine, or is a legitimate user, based on features such as fingerprints or voice pattern of a user. Multi-factor authentication (such as a transaction card and a numeric code, or a password and a passcode) may be preferred over single factor authentication to ensure security. With type-1 authentication, a major issue is that passwords can be easily guessed or stolen. Some users may use the same password across many accounts, which makes them susceptible to security breaches. Another issue with type-1 authentication is that it is vulnerable to phishing attacks, in which a bad actor impersonates a trustworthy website or service in an effort to deceive consumers into disclosing their login details. Another issue is that type-1 authentication is vulnerable to keylogger malware, which records all keystrokes performed on a computer, including passwords. Thus, type-1 authentication is widely used, but it is considered insecure for many applications and websites. Limitations and disadvantages of conventional and traditional approaches will become apparent to one of skill in the art, through comparison of described systems with some aspects of the present disclosure, as set forth in the remainder of the present application and with reference to the drawings. SUMMARY An electronic device and method for type-1 authentication based on artificial intelligence (AI)-generated queries, is provided substantially as shown in, and/or described in connection with, at least one of the figures, as set forth more completely in the claims. These and other features and advantages of the present disclosure may be appreciated from a review of the following detailed description of the present disclosure, along with the accompanying figures in which like reference numerals refer to like parts throughout. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a diagram that illustrates an exemplary network environment for type-1 authentication based on artificial intelligence (AI)-generated queries, in accordance with an embodiment of the disclosure. FIG. 2 is a block diagram that illustrates an exemplary electronic device for type-1 authentication based on AI-generated queries, in accordance with an embodiment of the disclosure. FIG. 3 is a diagram that illustrates an exemplary execution pipeline for a generation of a set of natural language (NL) queries for type-1 authentication, in accordance with an embodiment of the disclosure. FIG. 4 is a diagram that illustrates an exemplary execution pipeline for an evaluation of user responses to AI-generated NL queries for type-1 authentication, in accordance with an embodiment of the disclosure. FIG. 5 is a diagram that illustrates an exemplary scenario for creation of a graph database based on semantic relationships between pairs of AI-generated NL queries, in accordance with an embodiment of the disclosure. FIG. 6 is a diagram that illustrates an exemplary scenario for a rendering of AI-generated NL queries and a reception of user responses for type-1 authentication, in accordance with an embodiment of the disclosure. FIG. 7 is a flowchart that illustrates operations for an exemplary method for type-1 authentication based on AI-generated queries, in accordance with an embodiment of the disclosure. DETAILED DESCRIPTION The following described implementations may be found in a disclosed method for type-1 authentication based on artificial intelligence (AI)-generated queries. Exemplary aspects of the disclosure provide a method that may be implemented in an electro