Guided Technical Tour
Six-step journey
Move through the dashboard in order, or jump directly to any step.
Step 3
Challenge and Validation
This stage transitions the Lifestyle Identity Graph into an active security challenge. By presenting a human-only recognition barrier, IWISI forces high-resolution cognitive recognition that distinguishes legitimate users from unauthorized actors with high statistical confidence.
A standard four-option multiple-choice question still favors chance.
Six options with variable correct counts create 25 outcomes.
Seven domains plus a four-digit PIN push average attempts above 3,100.
The anchor-and-decoy format
Instead of random noise, the system uses an adversarial decoy engine that generates distractors engineered to mimic the user’s actual data.
The entropy and guessing penalty
In a standard four-option multiple-choice question, a random guesser has a 25% chance of success. With multi-select complexity and variable correct counts, the search space expands dramatically.
Cryptographic-grade security from stacked domains plus a PIN
Why NOTA matters
The “None of the Above” scenario acts as a powerful filter for automated guessing patterns because the correct behavior is to validate the absence of a match, not just identify a visible answer.
Unauthorized simulations failed at a 17% higher rate when the correct answer count was set to zero, confirming that absence recognition is a higher mathematical hurdle than simple recognition.
Intuitive recognition for legitimate users
While the decoys are indistinguishable to a bot or a distant attacker, they remain intuitive for the account holder, maintaining a 100% success rate for informed users.
That balance is the core of the human-only recognition barrier: high confidence for legitimate users, high rejection for unauthorized actors.
Why this works
The quiz math page shows the combinatorics behind the challenge battery, while the security lab shows the same idea as an interactive attack surface.
Together they prove that the cognitive air-gap is measurable, hard to brute force, and suitable for high-confidence validation in real-world authentication flows.