METHOD AND APPARATUS TO PROVIDE CONTINUOUS AUTHENTICATION BASED ON DYNAMIC PERSONAL INFORMATION

US 20130133055A1
Filed: 08/04/2010
Published: 05/23/2013
Est. Priority Date: 08/04/2010
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a user via a handheld electronic device, comprising:

storing at the handheld electronic device a first plurality of dynamic personal identification data samples specific to the user that are collected over time;

sending a copy of the first plurality of dynamic personal identification data samples to a remote computing device to be stored as a second plurality of dynamic personal identification samples;

receiving at the handheld electronic device an authentication challenge that is computed based on at least a subset of the second plurality of dynamic personal identification samples; and

computing at the handheld electronic device a first authentication response to the authentication challenge based on at least a subset of the first plurality of dynamic personal identification samples to authenticate the user in response to the first authentication response corresponding to the authentication challenge.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication method, system and device are provided to continuously collect dynamic personal identification data (DPID) samples through a user device by using one or more sensors to continuously collect biometric and location data samples associated with the user and then securely transfer the DPID samples to a central authentication server where attributes of the DPID samples may be captured and incorporated as part of a challenge-response pair which requests an arbitrarily generated N-tuple of the DPID samples from a predetermined time interval from the user device that is unique to the user and dynamic based on the sensed data and the time-interval of collection.

159 Citations

24 Claims

1. A method of authenticating a user via a handheld electronic device, comprising:
- storing at the handheld electronic device a first plurality of dynamic personal identification data samples specific to the user that are collected over time;
  
  sending a copy of the first plurality of dynamic personal identification data samples to a remote computing device to be stored as a second plurality of dynamic personal identification samples;
  
  receiving at the handheld electronic device an authentication challenge that is computed based on at least a subset of the second plurality of dynamic personal identification samples; and
  
  computing at the handheld electronic device a first authentication response to the authentication challenge based on at least a subset of the first plurality of dynamic personal identification samples to authenticate the user in response to the first authentication response corresponding to the authentication challenge.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising collecting the first plurality of dynamic personal identification data samples from at least a first sensor located proximate to the user.
  - 3. The method of claim 1, where storing the first plurality of dynamic personal identification data samples comprises storing over time a plurality of biometric data samples associated with the user.
  - 4. The method of claim 3, where storing the first plurality of dynamic personal identification data samples comprises storing a plurality of location data samples specific to the user or handheld electronic device and associated time information with the plurality of biometric data samples.
  - 5. The method of claim 1, where storing the first plurality of dynamic personal identification data samples comprises storing at the handheld electronic device over time a plurality of biometric data samples associated with the user and a corresponding plurality of location samples associated with the handheld electronic device.
  - 6. The method of claim 1, where receiving an authentication challenge comprises receiving a request for an N-tuple that is computed by a remote authentication server based on at least a subset of the second plurality of dynamic personal identification samples.
  - 7. The method of claim 1, where computing the first authentication response comprises computing an N-tuple based on at least a subset of the first plurality of dynamic personal identification samples to authenticate the user in response to the first authentication response corresponding to the authentication challenge.
  - 8. The method of claim 1, further comprising sending the first authentication response to a remote authentication server to compare with a second authentication response computed at the remote authentication server in response to the authentication challenge based on at least a subset of the second plurality of dynamic personal identification samples to authenticate the user in response to the second authentication response matching the first authentication response.
  - 9. The method of claim 1, where receiving the authentication challenge comprises receiving a different authentication challenge each time the user requests authentication.
  - 10. The method of claim 1, further comprising:
    - computing at the handheld electronic device a second authentication challenge based on at least a subset of the first plurality of dynamic personal identification samples;
      
      sending the second authentication challenge to the remote computing device to compute a second authentication response based on at least a subset of the second plurality of dynamic personal identification samples; and
      
      receiving at the handheld electronic device the second authentication response to authenticate the remote computing device when the second authentication response corresponds to the second authentication challenge.
  - 11. The method of claim 1, where the storing at the handheld electronic device the first plurality of dynamic personal identification data samples comprises storing the first plurality of dynamic personal identification data samples on a server computer that is securely connected to the handheld electronic device.
  - 12. The method of claim 6, where the N-tuple that is computed by the remote authentication server includes at least one of a randomly generated length, and a randomly generated sequence.
  - 13. The method of claim 1, where computing the first authentication response comprises:
    - generating a first N-tuple having a first length and sequence from at least a subset of a first plurality of biometric data samples associated with the user; and
      
      generating a second N-tuple having a second length and sequence from at least a subset of a first plurality of location data samples associated with the handheld electronic device, where the first N-tuple and second N-tuple are each generated in response to the authentication challenge.

14. An authentication system, comprising:
- a first computing device configured to request data access by storing a first plurality of dynamic personal identification data samples specific to an individual and generating a challenge response in response to any received challenge question;
  
  a second computing device configured to authenticate a data access request from the first computing device by storing a copy of the first plurality of dynamic personal identification data samples, formulating a first challenge question based on at least a subset of the copy of the first plurality of dynamic personal identification samples, and authenticating the data access request from first computing device in response to a first challenge response received from the first computing device corresponding to the first challenge question.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. The authentication system of claim 14, where the first computing device is configured to generate the first challenge response by:
    - generating a first N-tuple having a first length and sequence from at least a subset of a first plurality of biometric data samples associated with the individual; and
      
      generating a second N-tuple having a second length and sequence from at least a subset of a first plurality of location data samples associated with the first computing device, where the first N-tuple and second N-tuple are each generated in response to the first challenge question received from the second computing device.
  - 16. The authentication system of claim 14, further comprising one or more sensors located proximate to the individual to collect a plurality of biometric data samples associated with the individual and to transmit the plurality of biometric data samples to the first computing device to store as at least part of the first plurality of dynamic personal identification data samples.
  - 17. The authentication system of claim 14, where the first computing device is configured to collect a plurality of location data samples associated with the first computing device to store as at least part of the first plurality of dynamic personal identification data samples.
  - 18. The authentication system of claim 14, where the second computing device is configured to formulate a different challenge question each time the first computing device requests data access.
  - 19. The authentication system of claim 14, where the first computing device is configured to authenticate the second computing device by formulating a second challenge question based on at least a subset of the first plurality of dynamic personal identification samples, to send the second challenge question to the second computing device to compute a second challenge response based on at least a subset of the copy of the first plurality of dynamic personal identification samples, and to receive the second challenge response to authenticate the second computing device when the second challenge response corresponds to the second challenge question.
  - 20. The authentication system of claim 14, where the first computing device is configured to store the first plurality of dynamic personal identification data samples at the first computing device or at a server computer that is securely connected to the first computing device.
  - 21. The authentication system of claim 14, where the second computing device is configured to formulate the first challenge question as a request for an N-tuple based on at least a subset of the copy of the first plurality of dynamic personal identification samples, where the N-tuple includes at least one of a randomly generated length randomly generated sequence.

22. A non-transitory computer readable storage medium embodying computer program code, the computer program code comprising computer executable instructions configured to authenticate information from a computer by:
- storing a plurality of dynamic personal identification data samples specific to a user associated with the computer, where a copy of the plurality of dynamic personal identification data samples is also stored at a remote computer, and where the plurality of dynamic personal identification data samples comprises a plurality of biometric data samples specific to the user and a corresponding plurality of location data samples associated in time with the plurality of biometric data samples;
  
  generating an authentication challenge that requests a first N-tuple that is computed from at least a subset of the copy of the plurality of dynamic personal identification samples stored at the remote computer;
  
  sending the authentication challenge to the remote computer; and
  
  receiving the first N-tuple from the remote computer for purposes of authenticating information from the remote computer in response to the first N-tuple matching a second N-tuple that is computed from at least a subset of the plurality of dynamic personal identification samples.
- View Dependent Claims (23, 24)
- - 23. The computer readable storage medium of claim 22, where the computer program code is embodied in an authentication server computer configured to authenticate information from a remote handheld computer that collects the plurality of biometric data samples specific to the user and the corresponding plurality of location data samples specific to the remote handheld computer.
  - 24. The computer readable storage medium of claim 22, where the computer program code is embodied in a handheld computer configured to authenticate information from a remote server computer that stores a copy of the plurality of dynamic personal identification data samples.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Ali, Shirook M., Labrador, Christopher, Warden, James, Wilson, Kelce S.

Granted Patent

US 9,342,677 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/30   Authentication, i.e. establ...

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/60   Protecting data

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

H04L 63/08   for authentication of entit...

H04L 63/0861   using biometrical features,...

H04L 63/107   wherein the security polici...

H04W 12/06   Authentication

H04W 12/065   Continuous authentication

H04W 12/40   Security arrangements using...

H04W 12/63   Location-dependent; Proximi...

METHOD AND APPARATUS TO PROVIDE CONTINUOUS AUTHENTICATION BASED ON DYNAMIC PERSONAL INFORMATION

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

159 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS TO PROVIDE CONTINUOUS AUTHENTICATION BASED ON DYNAMIC PERSONAL INFORMATION

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

159 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links