Mobile application security system and method

US 20130014248A1
Filed: 07/07/2011
Published: 01/10/2013
Est. Priority Date: 07/07/2011
Status: Active Grant

First Claim

Patent Images

1. An authentication server for authenticating a user of a computing device, the authentication server comprising:

a user directory stored in a computer readable memory, the user directory comprising a group of user records, each user record being uniquely associated with an authorized user;

a computing device ID value unique to a computing device assigned to the authorized user associated with the user record;

a group of depictions, each depiction having a group of unique fiducials;

an identification of a key depiction, the key depiction being a single to depiction selected from the group of depictions; and

trace pattern verification data, the trace pattern verification data comprising;

a group of coordinate values, in sequential order, which represent a group of sequential trace stokes, each trace stroke of the group of sequential trace strokes being between a unique pair of fiducials of the group of fiducials within the key depiction.an authentication package received from an authenticating computing device, the authentication package comprising;

an identifier of a selected depiction;

captured trace pattern data, the captured trace pattern data comprising a group of sequential coordinate values which represent a group of sequential trace stokes;

an authentication application comprising authentication instructions stored coded in the computer readable memory and executed by a processor, the authentication instructions comprising which, when executed by the processor;

respond to receiving an authentication request from an authenticating computing device by providing, to the authenticating computing device, each depiction of the group of depictions in the user record with the computing device ID value that matches a device identifier of the authenticating computing device, the device identifier of the authenticating computing device;

respond to receiving the authentication package from the authenticating computing device by generating a message to authorize access to protected functions only if;

the identifier of the selected depiction indicates the key depiction of the user record with the computing device ID value which matches the device identifier of the authenticating computing device; and

the group of sequential trace strokes represented by the sequential coordinate values of the captured trace pattern data matches, within a threshold, the group of sequential trace strokes between unique pairs of fiducials within the key depiction.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for authenticating the user of a computing device comprises an authorized user directory. Each record is uniquely associated with an authorized user and includes at least a computing device ID value that is a globally unique value assigned to the authorized user'"'"'s computing device, a group of unique depictions such as photographs, an identification of a key depiction. Portions of each image form fiducials recognizable by the user. The record further includes trace pattern verification data representing continuous trace strokes between pairs of the fiducials within the key depiction. To authenticate, the group of images are displayed to the user. The user must first select the key image and secondly trace continuous trace strokes between the pairs of fiducials to match the trace pattern verification data.

Citations

20 Claims

1. An authentication server for authenticating a user of a computing device, the authentication server comprising:
- a user directory stored in a computer readable memory, the user directory comprising a group of user records, each user record being uniquely associated with an authorized user;
  
  a computing device ID value unique to a computing device assigned to the authorized user associated with the user record;
  
  a group of depictions, each depiction having a group of unique fiducials;
  
  an identification of a key depiction, the key depiction being a single to depiction selected from the group of depictions; and
  
  trace pattern verification data, the trace pattern verification data comprising;
  
  a group of coordinate values, in sequential order, which represent a group of sequential trace stokes, each trace stroke of the group of sequential trace strokes being between a unique pair of fiducials of the group of fiducials within the key depiction.an authentication package received from an authenticating computing device, the authentication package comprising;
  
  an identifier of a selected depiction;
  
  captured trace pattern data, the captured trace pattern data comprising a group of sequential coordinate values which represent a group of sequential trace stokes;
  
  an authentication application comprising authentication instructions stored coded in the computer readable memory and executed by a processor, the authentication instructions comprising which, when executed by the processor;
  
  respond to receiving an authentication request from an authenticating computing device by providing, to the authenticating computing device, each depiction of the group of depictions in the user record with the computing device ID value that matches a device identifier of the authenticating computing device, the device identifier of the authenticating computing device;
  
  respond to receiving the authentication package from the authenticating computing device by generating a message to authorize access to protected functions only if;
  
  the identifier of the selected depiction indicates the key depiction of the user record with the computing device ID value which matches the device identifier of the authenticating computing device; and
  
  the group of sequential trace strokes represented by the sequential coordinate values of the captured trace pattern data matches, within a threshold, the group of sequential trace strokes between unique pairs of fiducials within the key depiction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The authentication server of claim 1, wherein:
    - each record of the user directory further includes an authentic static coordinate value that is distinct from the authentic static coordinate value of each other user record;
      
      the authentication package further includes identification of a captured static coordinate value; and
      
      the authentication application instructions further generate the message to authorize the protected functions only if the captured static coordinate matches, within a threshold, the authentic static coordinate value.
  - 3. The authentication server of claim 2, wherein:
    - a verification radius value is associated with each coordinate value of the trace pattern verification data of each user record;
      
      a measured radius value is associated with each coordinate value of the captured trace pattern data;
      
      the authentication application instructions further generate the message to authorize the protected functions only if a radius verification value derived from the measured radius values associated with coordinate values of the captured trace pattern data matches, within a threshold, an authentic radius verification value derived from the verification radius values of the trace pattern verification data.
  - 4. The authentication server of claim 2, wherein:
    - a verification time stamp is associated with each coordinate value of the trace pattern verification data of each user record;
      
      a measured time stamp is associated with each coordinate value of the captured trace pattern data;
      
      the authentication application instructions further;
      
      calculates at least one velocity verification value for at least one trace stroke, the velocity verification value being a function of a change in time between verification time stamps of at least two coordinate values of the trace pattern verification data which represents the trace stroke;
      
      calculates a measured velocity value for the trace stroke, the measured velocity value being a function of a change in time between measured time stamps of at least two coordinate values of the captured trace pattern data which represents the trace stroke; and
      
      generates the message to authorize the protected functions only if the measured velocity value matches, within a threshold, the velocity verification value.
  - 5. The authentication server of claim 2, wherein the authentication application instructions further:
    - calculates at least one direction verification value for at least one trace stroke, the direction verification value being a function of displacement between at least two sequential coordinate values of the trace pattern verification data which represents the trace stroke;
      
      calculates a measured direction value for the trace stroke, the measured direction value being a function of displacement between at least two coordinate values of the captured trace pattern data which represents the trace stroke; and
      
      to generates the message to authorize the protected functions only if the measured direction value matches, within a threshold, the direction verification value.
  - 6. The authentication server of claim 1, wherein the group of depictions of each user record is a unique group of depictions distinct from the group of depictions of each other user record.
  - 7. The authentication server of claim 6, wherein:
    - a verification radius value is associated with each coordinate value of the trace pattern verification data of each user record;
      
      a measured radius value is associated with each coordinate value of the captured trace pattern data;
      
      the authentication application instructions further generate the message to authorize the protected functions only if a radius verification value derived from the measured radius values associated with coordinate values of the captured trace pattern data matches, within a threshold, an authentic radius verification value derived from the verification radius values of the trace pattern verification data.
  - 8. The authentication server of claim 6, wherein:
    - a verification time stamp is associated with each coordinate value of the trace pattern verification data of each user record;
      
      a measured time stamp is associated with each coordinate value of the captured trace pattern data;
      
      the authentication application instructions further;
      
      calculates at least one velocity verification value for at least one trace stroke, the velocity verification value being a function of a change in time between verification time stamps of at least two coordinate values of the trace pattern verification data which represents the trace stroke;
      
      calculates a measured velocity value for the trace stroke, the measured velocity value being a function of a change in time between measured time stamps of at least two coordinate values of the captured trace pattern data which represents the trace stroke; and
      
      generates the message to authorize the protected functions only if the measured velocity value matches, within a threshold, the velocity verification value.
  - 9. The authentication server of claim 6, wherein the authentication application instructions further:
    - calculates at least one direction verification value for at least one trace stroke, the direction verification value being a function of displacement between at least two sequential coordinate values of the trace pattern verification data which represents the trace stroke;
      
      calculates a measured direction value for the trace stroke, the measured direction value being a function of displacement between at least two coordinate values of the captured trace pattern data which represents the trace stroke; and
      
      generates the message to authorize the protected functions only if the measured direction value matches, within a threshold, the direction verification value.
  - 10. The authentication server of claim 6, wherein:
    - each user record of the user directory further includes a unique user ID and password;
      
      the authentication application instructions only provides each depiction of the group of depictions if a tendered user ID and a tendered password, provided by the authenticating computing device, match the user ID and password of the user record with the computing device ID value which matches the device identifier.

11. A system for authenticating the user of a computing device, the system comprising:
- an authentication server, the authentication server comprising;
  
  a user directory stored in a computer readable memory, the user directory comprising a group of user records, each user record being uniquely associated with an authorized user, each user record comprising;
  
  a computing device ID value unique to a computing device assigned to the authorized user associated with the user record;
  
  a group of depictions, each depiction having a group of unique fiducials;
  
  an identification of a key depiction, the key depiction being a single depiction selected from the group of depictions; and
  
  trace pattern verification data, the trace pattern verification data comprising;
  
  a group of coordinate values, in sequential order, which represent a group of sequential trace stokes, each trace stroke of the group of sequential trace strokes being between a unique pair of fiducials of the group of fiducials within the key depiction; and
  
  an authentication application, the authentication application comprising authentication instructions coded in the computer readable memory and executed by a processor;
  
  a computing device, the computing device comprising a processor, a computer readable memory, and a graphic user interface comprising a display screen and a touch sensitive panel overlying the display, the computer device further comprising;
  
  a unique device identifier stored in the computer readable memory.computing device application instructions coded in the computer readable memory and executed by the processor, the computing device application instructions which, when executed by the processor;
  
  transfer to the authentication server, an authentication request comprising the unique device identifier;
  
  the authentication application instructions, when executed by the processor;
  
  respond to receiving the authentication request by providing to the computing device, each depiction of the group of depictions in the user record with the computing device ID value that matches the device identifier of the authentication request.the computing device application instructions further;
  
  display each depiction provided by the authentication server;
  
  respond to user activation of the touch sensitive panel to identify a selected depiction by generating a display of the selected;
  
  generate captured trace pattern data, the captured trace pattern data comprising a group of sequential coordinate values representing user trace strokes formed by continuous motion on the touch sensitive panel over the display of the selected depiction,provide to the authentication server, an authentication package the authentication package comprising;
  
  the unique device identifieran identifier of the selected depiction;
  
  the captured trace pattern data;
  
  the authentication application instructions further;
  
  respond to receiving the authentication package by generating a message to authorize access to protected functions only if;
  
  the identifier of the selected depiction indicates the key depiction of the user record with the computing device ID value which matches the unique device identifier; and
  
  the group of sequential trace strokes represented by the sequential coordinate values of the captured trace pattern data matches, within a threshold, the group of sequential trace strokes between unique pairs of fiducials within the key depiction.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein:
    - each record of the user directory further includes an authentic static coordinate value that is distinct from the authentic static coordinate value of each other user record;
      
      the computing device application instructions further detects static contact with the touch sensitive panel while the user trace strokes are formed on the touch sensitive panel, a captured static coordinate value identifies location of the static contact;
      
      the authentication package further includes identification of the captured static coordinate value; and
      
      the authentication application instructions further generate the message to authorize the protected functions only if the captured static coordinate matches, within a threshold, the authentic static coordinate value.
  - 13. The system of claim 12, wherein:
    - a verification radius value is associated with each coordinate value of the trace pattern verification data of each user record;
      
      the computing device application instructions further associate a measured radius value with each coordinate value of the captured trace pattern data, the measured radius value representing size of contact which was made with the touch sensitive panel at the coordinate value;
      
      the authentication application instructions further generate the message to authorize the protected functions only if a radius verification value derived from the measured radius values associated with coordinate values of the captured trace pattern data matches, within a threshold, an authentic radius verification value derived from the verification radius values of the trace pattern verification data.
  - 14. The system of claim 12, wherein:
    - a verification time stamp is associated with each coordinate value of the trace pattern verification data of each user record;
      
      the computing device application instructions further associate a measured time stamp with each coordinate value of the captured trace pattern data, the measured time stamp representing a time at which contact was made with the touch sensitive panel at the coordinate value;
      
      the authentication application instructions further;
      
      calculates at least one velocity verification value for at least one trace stroke, the velocity verification value being a function of a change in time between verification time stamps of at least two coordinate values of the trace pattern verification data which represents the trace stroke;
      
      calculates a measured velocity value for the trace stroke, the measured velocity value being a function of a change in time between measured time stamps of at least two coordinate values of the captured trace pattern data which represents the trace stroke; and
      
      generates the message to authorize the protected functions only if the measured velocity value matches, within a threshold, the velocity verification value.
  - 15. The system of claim 12, wherein the authentication application instructions further:
    - calculates at least one direction verification value for at least one trace stroke, the direction verification value being a function of displacement between at least two sequential coordinate values of the trace pattern verification data which represents the trace stroke;
      
      calculates a measured direction value for the trace stroke, the measured direction value being a function of displacement between at least two coordinate values of the captured trace pattern data which represents the trace stroke; and
      
      generates the message to authorize the protected functions only if the measured direction value matches, within a threshold, the direction verification value.
  - 16. The system of claim 11, wherein the group of depictions of each user record is a unique group of depictions distinct from the group of depictions of each other user record.
  - 17. The system of claim 16, wherein:
    - a verification radius value is associated with each coordinate value of the trace pattern verification data of each user record;
      
      the computing device application instructions further associate a measured radius value with each coordinate value of the captured trace pattern data, the measured radius value representing size of contact which was made with the touch sensitive panel at the coordinate value;
      
      the authentication application instructions further generate the message to authorize the protected functions only if a radius verification value derived from the to measured radius values associated with coordinate values of the captured trace pattern data matches, within a threshold, an authentic radius verification value derived from the verification radius values of the trace pattern verification data.
  - 18. The system of claim 16, wherein:
    - a verification time stamp is associated with each coordinate value of the trace pattern verification data of each user record;
      
      the computing device application instructions further associate a measured time stamp with each coordinate value of the captured trace pattern data, the measured time stamp representing a time at which contact was made with the touch sensitive panel at the coordinate value;
      
      the authentication application instructions further;
      
      calculates at least one velocity verification value for at least one trace stroke, the velocity verification value being a function of a change in time between verification time stamps of at least two coordinate values of the trace pattern verification data which represents the trace stroke;
      
      calculates a measured velocity value for the trace stroke, the measured velocity value being a function of a change in time between measured time stamps of is at least two coordinate values of the captured trace pattern data which represents the trace stroke; and
      
      generates the message to authorize the protected functions only if the measured velocity value matches, within a threshold, the velocity verification value.
  - 19. The system of claim 16, wherein the authentication application instructions further:
    - calculates at least one direction verification value for at least one trace stroke, the direction verification value being a function of displacement between at least two sequential coordinate values of the trace pattern verification data which represents the trace stroke;
      
      calculates a measured direction value for the trace stroke, the measured direction value being a function of displacement between at least two coordinate values of the captured trace pattern data which represents the trace stroke; and
      
      to generates the message to authorize the protected functions only if the measured direction value matches, within a threshold, the direction verification value.
  - 20. The system of claim 16, wherein:
    - each user record of the user directory further includes a unique user ID and password;
      
      the computing device application instructions further obtains from the user a tendered user ID and tendered password; and
      
      the authentication application instructions only provides each depiction of the group of depictions if the tendered user ID and the tendered password, provided by the authenticating computing device, match the user ID and password of the user record with the computing device ID value which matches the device identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bottomline Technologies Incorporated
Original Assignee
Bottomline Technologies Incorporated
Inventors
McLaughlin, Brian Smith, Gil, Leonardo B., Tracy, Marshall Joseph, Mitchell, Erik Vanghn, Dixon, Jeffrey Todd

Granted Patent

US 8,776,213 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/17
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/36   by graphic or iconic repres...

G06F 3/04883   for inputting data by handw...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0876   based on the identity of th...

Mobile application security system and method

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile application security system and method

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links