1. Help Reference for Oracle Advanced Authentication Admin Console
  2. Oracle Adaptive Risk Management Home Page
  3. Configure Security Questions for Knowledge-Based Authentication

2.18 Configure Security Questions for Knowledge-Based Authentication

Knowledge-based authentication (KBA) is an authentication method which is used to challenge the user to prove identity based on the user’s answers substantiated by a real-time interactive question and answer process.

The Security Questions page provides information about managing tasks that impact challenge questions, validations and levels of logic algorithms used for answers, question categories, and levels of logic algorithms used for registration.

The Security Questions page manages the following key elements:

Elements Description
Registration Logic Manages the registration of challenge questions and answers. You can configure number of questions that a user must register, the number of questions that appear in each menu, and the number of categories per menu. The user is required to select one question from each menu and enter answers for them. Only one question from each question menu can be registered. To configure Registration Logic, you specify the settings for question set generation as follows:
  • Questions User Will Register: Refers to the number of questions that a user must register. The new user registration should display the same number of question menus as the number of questions that a user must register.
  • Questions per Menu: Refers to the number of questions that appear on each menu.

    Note: The total number of questions from all the menus (number of menus multiplied by the questions in each menu) cannot exceed the total number of questions available in the database.

  • Categories per Menu: Refers to the number of categories per menu.

To learn more about the key concepts of registration logic, see Configuring Registration Logic.

Answer Logic Validates if the answer provided by the user matches with what was provided during registration. Answer Logic consists of advanced algorithms selected by the system to configure the level of tolerance of the erroneous answer. The algorithms are divided into three categories: Common Abbreviations, Keyboard Fat Fingering (accidentally pressing the nearest neighbor on the keyboard), and Phonetics. You can enable or disable the Answer Logic algorithms.

You can also configure the strength of some algorithms, such as Keyboard Fat Fingering and Phonetics for evaluating answers given for challenge questions as follows:

  • Off: No Answer Logic is used. Answers must exactly match those provided at the time of registration.
  • Low: Low level of Answer Logic is used. Answers provided by the user must be a match or near-match to the answers that were provided at the time of registration.
  • Medium: More Answer Logic is used. You are given some freedom for the answers that are provided. For instance, St. is acceptable for Street.
  • High: Highest level of Answer Logic is used. The constraints are not strict for matching.

To learn more about the key concepts of answer logic, see Configuring Answer Logic.

Top Categories Lists the top five categories based on the number of questions linked with a category in descending order.

The questions are grouped into several categories and the user can select questions from these categories.

Click View All Categories link to see a list of standard categories that questions can be grouped into as follows:

  • Childhood
  • Sports
  • Your Birth
  • Parents, Grandparents, Siblings
  • Children
  • Your Employment
  • Significant Other
  • Pets
  • Automobile
  • Education
  • Miscellaneous
Top Questions Lists the five most used questions based on user and validation statistics.

Click View All Questions link to view a list of supported questions.

Click View All Validations link to view a list of supported validations.