Dynamic multi-factor authentication challenge generation

What is claimed is: 1. A computer-implemented method for dynamic multi-factor authentication challenge selection to control access to protected network resources, the computer-implemented method comprising: determining, by a computer, a risk associated with an operation to access a resource connected to a network that requires authentication of a user of a client device; identifying, by the computer, a plurality of authentication methods, each respective authentication method associated with a level of security offsetting the risk and a computing cost associated with a respective authentication method; sending, by the computer responsive to the computer determining that a set of client-side selection factors maintained at the client device are needed to achieve a required confidence level in an identity of the user, a request for the set of client-side selection factors to the client device; responsive to the computer requesting the set of client-side selection factors from the client device, receiving, by the computer, the set of client-side selection factors of time and memory needed to capture a biometric sample by the client device; selecting, by the computer, a set of authentication methods from the plurality of authentication methods to send to the client device to achieve the required confidence level in the identity of the user based on a set of server-side selection factors maintained at the computer and the set of client-side selection factors received by the computer to minimize the risk and the computing cost associated with authenticating the operation to access the resource connected to the network; sending, by the computer, the selected set of authentication methods to the client device; responsive to the computer determining that a confidence level in the identity of the user is less than a defined confidence level threshold based on a score corresponding to one or more responses received from the client device to the selected set of authentication methods, determining, by the computer, whether more authentication methods having an equivalent associated computing cost exist in an equivalence class associated with the selected set of authentication methods, wherein the equivalence class is a group of interchangeable challenges having an equivalence relation between them to satisfy the set of client-side selection factors; responsive to the computer determining that no more authentication methods having the equivalent associated computing cost exist in the equivalence class associated with the selected set of authentication methods, determining, by the computer, that the authentication of the user was unsuccessful; and denying, by the computer, access by the client device to the resource connected to the network based on the unsuccessful authentication of the user. 2. The computer-implemented method of claim 1 , wherein each respective authentication method has an associated user convenience factor, and wherein the computer selects the selected set of authentication methods to maximize an aggregate user convenience that satisfies the risk associated with the operation to access the resource connected to the network. 3. The computer-implemented method of claim 1 , wherein the computer randomizes which respective authentication method is selected to minimize spoofing. 4. The computer-implemented method of claim 1 , wherein the computer selects the selected set of authentication methods based on a history of authentication method selection by the computer for a given operation to access a particular resource connected to the network requiring user authentication. 5. The computer-implemented method of claim 4 , wherein the computer selects a different authentication method than a most recently selected authentication method according to the history of authentication method selection to minimize replay attacks on the computer. 6. The computer-implemented method of claim 1 further comprising: analyze, by the computer, a set of responses to the selected set of authentication methods, wherein each response in the set of responses corresponds to a respective authentication method in the selected set of authentication methods; scoring, by the computer, each response in the set of responses; fusing, by the computer, scores corresponding to the set of responses to generate a fusion score; and generating, by the computer, the confidence level in the identity of the user of the client device based on the fusion score. 7. The computer-implemented method of claim 1 further comprising: responsive to the computer determining that the confidence level in the identity of the user is greater than or equal to the defined confidence level threshold, determining, by the computer, that the authentication of the user was successful; and authorizing, by the computer, access by the client device to the resource connected to the network based on the successful authentication of the user. 8. The computer-implemented method of claim 1 further comprising: responsive to the computer determining that more authentication methods having the equivalent associated computing cost exist in the equivalence class associated with the selected set of authentication methods, repeating, by the computer, steps to generate a new confidence level in the identity of the user. 9. The computer-implemented method of claim 1 , wherein the plurality of authentication methods include authentication challenges and contextual challenges. 10. The computer-implemented method of claim 1 , wherein authentication method selection factors are selected from a group consisting of user experience factors, environmental factors, authentication strength factors, computational cost factors, network cost factors, authentication service factors, contextual factors, user history factors, user trust level factors, and value of resource at risk factors. 11. A computer system for dynamic multi-factor authentication challenge selection to control access to protected network resources, the computer system comprising: a bus system; a storage device connected to the bus system, wherein the storage device stores program instructions; and a processor connected to the bus system, wherein the processor executes the program instructions to: determine a risk associated with an operation to access a resource connected to a network that requires authentication of a user of a client device; identify a plurality of authentication methods, each respective authentication method associated with a level of security offsetting the risk and a computing cost associated with a respective authentication method; send, responsive to determining that a set of client-side selection factors maintained at the client device are needed to achieve a required confidence level in an identity of the user, a request for the set of client-side selection factors to the client device; receive the set of client-side selection factors of time and memory needed to capture a biometric sample by the client device in response to requesting the set of client-side selection factors from the client device; select a set of authentication methods from the plurality of authentication methods to send to the client device to achieve the required confidence level in the identity of the user based on a set of server-side selection factors maintained at the computer system and the set of client-side selection factors received by the computer system to minimize the risk and the computing cost associated with authenticating the operation to access the resource connected to the network; send the selected set of authentication methods to the client device; determine whether more authenticatio