Feedback-based data security
First Claim
1. A computer-implemented method, comprising:
- receiving a first request to store user data encrypted under a user key, the request specifying one or more user credentials for obtaining access to the user data and the user data including at least one of an access token, a credit card number, a social security number, a financial account number, a date of birth, or a health record;
specifying a security identifier for the user data, the security identifier including at least one of an image, an animation, a video clip, a sound or sequence of sounds, a song clip, a haptic feedback pattern, or a light pattern;
generating the user key and encrypting the user data using the user key;
storing the user key and the security identifier;
receiving a second request to access the user data, the second request specifying at least one incorrect user credential;
presenting, in response to receiving the at least one incorrect user credential, an incorrect security identifier for confirmation by a submitter of the second request;
receiving confirmation of the presented incorrect security identifier, the confirmation corresponding to a verification of the presented incorrect security identifier;
generating a set of incorrect data values, in response to the confirmation of the presented incorrect security identifier, the incorrect data values having formats corresponding to the user data;
changing the set of incorrect data values for subsequent confirmations of incorrect security identifiers; and
providing, to the submitter of the second request, access to the set of incorrect data values, wherein the submitter does not receive the access to the user data.
1 Assignment
0 Petitions
Accused Products
Abstract
Encryption of sensitive data on consumer devices is provided with format-preserving cryptography and feedback via the use of security identifiers. A request to access the sensitive data will specify user credentials for the access. The submitter is requested to confirm a security identifier for the requested access. An incorrect security identifier will be presented for incorrect credentials, which will be easy for a user to identify but not for an attacker or other unauthorized user. If the incorrect security identifier is confirmed, the device assumes the request was received from an unauthorized source. The sensitive data is stored under format-preserving cryptography, such that false data values can be generated that have the correct format. An unauthorized user receiving the false data will not be readily able to determine the data received is incorrect, and will be likely to discontinue the attack, particularly for an automated process.
10 Citations
18 Claims
-
1. A computer-implemented method, comprising:
-
receiving a first request to store user data encrypted under a user key, the request specifying one or more user credentials for obtaining access to the user data and the user data including at least one of an access token, a credit card number, a social security number, a financial account number, a date of birth, or a health record; specifying a security identifier for the user data, the security identifier including at least one of an image, an animation, a video clip, a sound or sequence of sounds, a song clip, a haptic feedback pattern, or a light pattern; generating the user key and encrypting the user data using the user key; storing the user key and the security identifier; receiving a second request to access the user data, the second request specifying at least one incorrect user credential; presenting, in response to receiving the at least one incorrect user credential, an incorrect security identifier for confirmation by a submitter of the second request; receiving confirmation of the presented incorrect security identifier, the confirmation corresponding to a verification of the presented incorrect security identifier; generating a set of incorrect data values, in response to the confirmation of the presented incorrect security identifier, the incorrect data values having formats corresponding to the user data; changing the set of incorrect data values for subsequent confirmations of incorrect security identifiers; and providing, to the submitter of the second request, access to the set of incorrect data values, wherein the submitter does not receive the access to the user data. - View Dependent Claims (2, 3, 4, 5, 9)
-
-
6. A computer-implemented method, comprising:
-
receiving a request to access target data stored on an electronic device, the request specifying an access credential and the target data including at least one of an access token, a credit card number, a social security number, a financial account number, a date of birth, or a health record; determining that the access credential differs from a valid access credential for obtaining the access; presenting an incorrect security identifier to a source of the request, the security identifier including at least one of an image, an animation, a video clip, a sound or sequence of sounds, a song clip, a haptic feedback pattern, or a light pattern; receiving confirmation of the presented incorrect security identifier on behalf of the source of the request, the confirmation corresponding to a verification of the presented incorrect security identifier; generating a set of incorrect data values, in response to the confirmation of the presented incorrect security identifier, having formats corresponding to formats of the target data; changing the set of incorrect data values for subsequent confirmations of incorrect security identifiers; and providing access to the set of incorrect data values in response to the request, wherein the source receives the access to the incorrect data values without indication that the incorrect data values differ from the target data. - View Dependent Claims (7, 8, 10, 11, 12, 13)
-
-
14. A system, comprising:
-
at least one processor; and a memory including instructions that, when executed by the system, cause the system to; receive a request to access target data stored on an electronic device, the request specifying a user credential and the target data including at least one of an access token, a credit card number, a social security number, a financial account number, a date of birth, or a health record; determine that the user credential differs from a valid user credential for obtaining the access; present an incorrect security identifier to a source of the request, the security identifier including at least one of an image, an animation, a video clip, a sound or sequence of sounds, a song clip, a haptic feedback pattern, or a light pattern; receive confirmation of the presented incorrect security identifier on behalf of the source of the request, the confirmation corresponding to a verification of the presented incorrect security identifier; generate, in response to the confirmation of the presented incorrect security identifier, a set of incorrect data values having formats corresponding to formats of the target data; change the set of incorrect data values for subsequent confirmations of incorrect security identifiers; and provide access to the set of incorrect data values in response to the request, wherein the source receives the access to the incorrect data values without indication that the incorrect data values differ from the target data. - View Dependent Claims (15, 16, 17, 18)
-
Specification