Knowledge based authentication using mobile devices

What is claimed is: 1. A method of performing knowledge based authentication (KBA), the method comprising: collecting, by processing circuitry, activity data and time data based on operation of a mobile device which is remote from the processing circuitry, the activity data identifying an activity performed by the mobile device, and the time data identifying a time of the activity; generating, by the processing circuitry, a KBA question based on the activity data and the time data; and providing, by the processing circuitry, the KBA question to a user to authenticate the user; wherein the KBA question has a correct answer; wherein information from which to derive the correct answer is omitted from the mobile device prior to providing the KBA question to the user to prevent a malicious person from figuring out the correct answer to the KBA question from the information; wherein generating the KBA question based on the activity data and the time data includes forming, as the KBA question, a multiple choice time-based question from the activity data and the time data; wherein the time data is not locally stored on the mobile device to prevent a fraudster from discovering the correct answer to the KBA question through interrogation of the mobile device; wherein the multiple choice time-based question queries the user to identify which event of multiple selectable events recently occurred via the mobile device; wherein an operating system and a local app run on the mobile device, the operating system providing an application programming interface (API); wherein collecting the activity data includes receiving the activity data from the local app running on the mobile device, the local app having extracted the activity data via the API; wherein receiving the activity data includes (i) detection of an event by the mobile device and (ii) receipt of the activity data from the mobile device in real time in response to the detection of the event; wherein the activity data includes update information defining an incremental change in information on the mobile device; and wherein the time data includes a current time of receipt of the activity data. 2. A method as in claim 1 wherein receiving the activity data includes periodic receipt of lists from the mobile device. 3. A method as in claim 2 wherein the KBA question is based on a difference between the lists from the mobile device. 4. A method as in claim 1 , further comprising: receiving, as an answer to the multiple choice time-based question, an incorrect event selection resulting in unsuccessful authentication of the user; and performing a remedial operation in response to unsuccessful authentication of the user. 5. A method as in claim 4 wherein performing the remedial operation includes: providing the user with a step-up authentication challenge in a follow-up attempt to authenticate the user. 6. A method as in claim 4 wherein performing the remedial operation includes: locking out the user from a protected resource which is otherwise accessible via the mobile device. 7. A method as in claim 4 wherein performing the remedial operation includes: outputting an alarm to warn an administrator that authentication of the user is unsuccessful. 8. An electronic apparatus, comprising: memory; and control circuitry coupled to the memory, the memory storing instructions which, when carried out by the control circuitry, cause the control circuitry to: collect activity data and time data based on operation of a mobile device which is remote from the electronic apparatus, the activity data identifying an activity performed by the mobile device, and the time data identifying a time of the activity, generate a knowledge based authentication (KBA) question based on the activity data and the time data, and provide the KBA question to a user to authenticate the user; wherein the KBA question has a correct answer; wherein information from which to derive the correct answer is omitted from the mobile device prior to providing the KBA question to the user to prevent a malicious person from figuring out the correct answer to the KBA question from the information; wherein the control circuitry, when generating the KBA question based on the activity data and the time data, is constructed and arranged to form, as the KBA question, a multiple choice time-based question from the activity data and the time data; wherein the time data is not locally stored on the mobile device to prevent a fraudster from discovering the correct answer to the KBA question through interrogation of the mobile device; wherein the multiple choice time-based question queries the user to identify which event of multiple selectable events recently occurred via the mobile device; wherein an operating system and a local app runs on the mobile device, the operating system providing an application programming interface (API); wherein the control circuitry, when collecting the activity data, is constructed and arranged to receive the activity data from the local app running on the mobile device, the local app having extracted the activity data via the API; wherein receiving the activity data includes (i) detection of an event by the mobile device and (ii) receipt of the activity data from the mobile device in real time in response to the detection of the event; wherein the activity data includes update information defining an incremental change in information on the mobile device; and wherein the time data includes a current time of receipt of the activity data. 9. An electronic apparatus as in claim 8 wherein the control circuitry is further constructed and arranged to: receive, as an answer to the multiple choice time-based question, an incorrect event selection resulting in unsuccessful authentication of the user, and perform a remedial operation in response to unsuccessful authentication of the user. 10. An electronic apparatus as in claim 9 wherein the control circuitry, when performing the remedial operation, is constructed and arranged to: provide the user with a step-up authentication challenge in a follow-up attempt to authenticate the user, and in response to unsuccessful authentication via the step-up authentication challenge, (i) lock out the user from a protected resource which is otherwise accessible via the mobile device, and (ii) output an alarm to warn an administrator that authentication of the user is unsuccessful. 11. A computer program product having a non-transitory computer readable medium which stores a set of instructions to perform knowledge based authentication (KBA), the set of instructions, when carried out by computerized circuitry, causing the computerized circuitry to perform a method of: collecting activity data and time data based on operation of a mobile device which is remote from the computerized circuitry, the activity data identifying an activity performed by the mobile device, and the time data identifying a time of the activity; generating a KBA question based on the activity data and the time data; and providing the KBA question to a user to authenticate the user; wherein the KBA question has a correct answer; wherein information from which to derive the correct answer is omitted from the mobile device prior to providing the KBA question to the user to prevent a malicious person from figuring out the correct answer to the KBA question from the information; wherein generating the KBA question based on the activity data and the time data includes forming, as the KBA question, a multiple choice time-based question from the activity data and the time data; wherein the time data is not locally stored on the