System and method for verifying user identity in a virtual environment

US 10,153,901 B2
Filed: 10/12/2015
Issued: 12/11/2018
Est. Priority Date: 11/23/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of providing third party network user authentication for a first party user attempting to access a network service provided by a second party, said method comprising, at a third party authentication server:

registering a network service;

registering a user device with a first user;

generating a first encryption key associated with the user device;

receiving a first encrypted check message from the user device;

generating timestamp information for the first encrypted check message;

receiving a second encrypted check message from the network service;

generating timestamp information for the second encrypted check message;

comparing the timestamp information for the first encrypted check message and the timestamp information for the second encrypted check message;

decrypting the first check message and the second check message using the first encryption key;

authorizing at least one of a network access or a network transaction between the first user and the network service based at least in part on a determination that a difference between the timestamp information for the first encrypted check message and the timestamp information for the second encrypted check message is less than a first threshold, and a comparison of the decrypted information from the first check message and the second check message; and

sending an authorization message to the network service based on said authorizing,wherein authorizing the at least one of a network access or a network transaction between the first user and the network service is further based at least in part on a determination that a time difference between timestamps included in the received first encrypted check message and the received second encrypted check message is less than a second threshold.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for verifying user identity in a virtual environment are provided that may include the use of a trusted third party to perform identity verification. Devices may be configured such that the device is unalterably bound to a particular user via biometric data stored on the device and/or with the third party.

11 Citations

View as Search Results

18 Claims

1. A computer-implemented method of providing third party network user authentication for a first party user attempting to access a network service provided by a second party, said method comprising, at a third party authentication server:
- registering a network service;
  
  registering a user device with a first user;
  
  generating a first encryption key associated with the user device;
  
  receiving a first encrypted check message from the user device;
  
  generating timestamp information for the first encrypted check message;
  
  receiving a second encrypted check message from the network service;
  
  generating timestamp information for the second encrypted check message;
  
  comparing the timestamp information for the first encrypted check message and the timestamp information for the second encrypted check message;
  
  decrypting the first check message and the second check message using the first encryption key;
  
  authorizing at least one of a network access or a network transaction between the first user and the network service based at least in part on a determination that a difference between the timestamp information for the first encrypted check message and the timestamp information for the second encrypted check message is less than a first threshold, and a comparison of the decrypted information from the first check message and the second check message; and
  
  sending an authorization message to the network service based on said authorizing,wherein authorizing the at least one of a network access or a network transaction between the first user and the network service is further based at least in part on a determination that a time difference between timestamps included in the received first encrypted check message and the received second encrypted check message is less than a second threshold.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein registering the user device with the first user includes:
    - acquiring biometric data of the user via an agent of the third party;
      
      storing the biometric data on the user device as biometric reference data using computer instructions and an encryption key provided by the third party;
      
      reacquiring the user'"'"'s biometric data via a test scan using a biometric scanner of the user device;
      
      verifying that the biometric reference data is accurately stored on the user device by comparing the test scan to the biometric reference data; and
      
      causing the user device to delete said computer instructions based on the verification that the biometric reference data is accurately stored on the user device.
  - 3. The method of claim 1, wherein the network service includes a computer network of the second party, and the second encrypted check message is based at least in part on a communication between the user device and a workstation connected to the computer network.
  - 4. The method of claim 1, wherein the network service includes a network banking website, and the second encrypted check message is based at least in part on a communication between the user device and a workstation connected to the network banking website.
  - 5. The method of claim 1, wherein the network service includes an online purchase, and the second encrypted check message is based at least in part on confirming the identity of a person operating the user device.
  - 6. The method of claim 1, wherein:
    - registering the user device with the first user includes storing biometric data of the first user on the user device as biometric reference data using computer instructions provided by the third party;
      
      the first check message is sent from the user device based at least in part on a comparison between current biometric data and the biometric reference data; and
      
      the second check message is sent based at least in part on the comparison between current biometric data and the biometric reference data.
  - 7. The method of claim 6, wherein the user'"'"'s biometric data is not communicated to, or maintained by, the network service or the third party.
  - 8. The method of claim 1, wherein:
    - registering the user device with the first user includes configuring a one-time password service associating the first user and the user device using computer instructions provided by the third party, at least one parameter used by one-time password service being stored locally on the user device and inaccessible by the third party;
      
      the first check message is sent from the user device based at least in part on an identity check performed via the user device using the one-time password service; and
      
      the second check message is sent based at least in part on the identity check.
  - 9. The method of claim 1, wherein the second check message is based at least in part on the network service confirming that the user device is authorized to access the network service.

10. A system for providing third party user authentication for a first party user attempting to access a network service provided by a second party, said system comprising:
- a computer processor;
  
  a network interface; and
  
  memory including instructions configured to;
  
  register a network service via the network interface;
  
  register a user device with a first user via the network interface;
  
  generate a first encryption key associated with the user device;
  
  receive a first encrypted check message from the user device via the network interface;
  
  generate timestamp information for the first encrypted check message;
  
  receive a second encrypted check message from the network service via the network interface;
  
  generate timestamp information for the second encrypted check message;
  
  compare the timestamp information for the first encrypted check message and the timestamp information for the second encrypted check message;
  
  decrypt the first check message and the second check message using the first encryption key;
  
  authorize at least one of a network access or a network transaction between the first user and the network service based at least in part on (a) a determination that a difference between the timestamp information for the first encrypted check message and the timestamp information for the second encrypted check message is less than a first threshold, and (b) a comparison of the decrypted information from the first check message and the second check message; and
  
  send an authorization message to the network service via the network interface based on said authorizing,wherein authorizing the at least one of a network access or a network transaction between the first user and the network service is further based at least in part on a determination that a time difference between timestamps included in the received first encrypted check message and the received second encrypted check message is less than a second threshold.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein registering the user device with the first user includes:
    - acquiring biometric data of the user via an agent of the third party;
      
      storing the biometric data on the user device as biometric reference data using computer instructions and an encryption key provided by the third party;
      
      reacquiring the user'"'"'s biometric data via a test scan using a biometric scanner of the user device;
      
      verifying that the biometric reference data is accurately stored on the user device by comparing the test scan to the biometric reference data; and
      
      causing the user device to delete said computer instructions based on the verification that the biometric reference data is accurately stored on the user device.
  - 12. The system of claim 10, wherein the network service includes a computer network of the second party, and the second encrypted check message is based at least in part on a communication between the user device and a workstation connected to the computer network.
  - 13. The system of claim 10, wherein the network service includes a network banking website, and the second encrypted check message is based at least in part on a communication between the user device and a workstation connected to the network banking website.
  - 14. The system of claim 10, wherein the network service includes an online purchase, and the second encrypted check message is based at least in part on confirming the identity of a person operating the user device.
  - 15. The system of claim 10, wherein:
    - registering the user device with the first user includes storing biometric data of the first user on the user device as biometric reference data using computer instructions provided by the third party;
      
      the first check message is sent from the user device based at least in part on a comparison between current biometric data and the biometric reference data; and
      
      the second check message is sent based at least in part on the comparison between current biometric data and the biometric reference data.
  - 16. The system of claim 15, wherein the user'"'"'s biometric data is not communicated to, or maintained by, the network service or the third party.
  - 17. The system of claim 10, wherein:
    - registering the user device with the first user includes configuring a one-time password service associating the first user and the user device using computer instructions provided by the third party, at least one parameter used by one-time password service being stored locally on the user device and inaccessible by the third party;
      
      the first check message is sent from the user device based at least in part on an identity check performed via the user device using the one-time password service; and
      
      the second check message is sent based at least in part on the identity check.
  - 18. The system of claim 10, wherein the second check message is based at least in part on the network service confirming that the user device is authorized to access the network service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Concierge Holdings, Inc.
Original Assignee
Concierge Holdings, Inc.
Inventors
Thackston, James D.
Primary Examiner(s)
Huang, Tsan-Yu J

Application Number

US14/880,647
Publication Number

US 20160036588A1
Time in Patent Office

1,156 Days
Field of Search

705 64, 705 65, 726 2, 726 3
US Class Current
CPC Class Codes

G07F 17/3206   Player sensing means, e.g. ...

G07F 17/3241   Security aspects of a gamin...

H04L 63/0838   using one-time-passwords

H04L 63/0861   using biometrical features,...

H04L 63/102   Entity profiles

H04L 9/083   involving central third par...

H04L 9/321   involving a third party or ...

H04L 9/3231   Biological data, e.g. finge...

System and method for verifying user identity in a virtual environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

11 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for verifying user identity in a virtual environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links