Risk-Based Authentication

risk-based authentication - Similar to layered authentication, risk-based authentication requires various levels of proofs, depending on the risk level of the transaction.

This term is used interchangeably for systems where risk assessment is used in two different ways. In some systems, risk assessment is used to determine the stringency of the processes and procedures to enroll and use a particular set of resources. The same credentials will be used in every session but people who need different kinds of resources may use different credentials. A user name and password will be sufficient for some people where others with more access to sensitive information may need a two-factor hardware token, for example.

The second way that risk-based authentication is used is where systems actually require different authentication levels for the same user, based on the specific transaction, not identity. For example, many web services will use a cookie, placed on the browser from an earlier session as a proof of identity for browsing catalogue pages but will ask for a user name and password to make a purchase.

[Category=Geospatial ]

Source: RSA, 21 August 2011 09:14:43, http://www.rsa.com/glossary/