Un-password™: risk aware end-to-end multi-factor authentication via dynamic pairing

US 9,407,619 B2
Filed: 03/17/2014
Issued: 08/02/2016
Est. Priority Date: 03/17/2013
Status: Active Grant

First Claim

Patent Images

1. A method for determining a dynamic pairing code for use in encrypting information communicated between a first and a second communications endpoint, the method comprising:

at the first communications endpoint;

determining a first authentication score associated with a first information exchange session between the first and second communications endpoints;

determining a second authentication score associated with a second information exchange session between the first and second communications endpoints, the second information exchange after the first information exchange;

combining the first and second authentication scores to create a cumulative risk analysis score;

responsive to the first authentication score, generating an encryption key for encrypting the cumulative risk analysis score, wherein the encryption key is known by the first and the second communications endpoints;

encrypting the cumulative risk analysis score using the encryption key to generate a dynamic pairing code;

encrypting information communicated between the first and second communications endpoints according to the dynamic pairing code; and

modifying the cumulative risk analysis score responsive to the occurrence of invalid attempts by an intruder to effect information exchange between the first and the second communications endpoints.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for determining an authentication score for use in exchanging information between a first and a second device. The method comprises at the first device: determining a first authentication score associated with a first information exchange session between the first and second devices; determining a second authentication score associated with a second information exchange session between the first and second devices, the second information exchange after the first information exchange; combining the first and second authentication scores to create a combined score; responsive to the first authentication score, generating an encryption key for encrypting the combined score, wherein the encryption key is known by the first and the second devices; and encrypting the combined score to generate a dynamic pairing code.

Citations

19 Claims

1. A method for determining a dynamic pairing code for use in encrypting information communicated between a first and a second communications endpoint, the method comprising:
- at the first communications endpoint;
  
  determining a first authentication score associated with a first information exchange session between the first and second communications endpoints;
  
  determining a second authentication score associated with a second information exchange session between the first and second communications endpoints, the second information exchange after the first information exchange;
  
  combining the first and second authentication scores to create a cumulative risk analysis score;
  
  responsive to the first authentication score, generating an encryption key for encrypting the cumulative risk analysis score, wherein the encryption key is known by the first and the second communications endpoints;
  
  encrypting the cumulative risk analysis score using the encryption key to generate a dynamic pairing code;
  
  encrypting information communicated between the first and second communications endpoints according to the dynamic pairing code; and
  
  modifying the cumulative risk analysis score responsive to the occurrence of invalid attempts by an intruder to effect information exchange between the first and the second communications endpoints.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1 further comprising encrypting the dynamic pairing code.
  - 3. The method of claim 1 wherein one of the first and second communications endpoints can derive the second authentication score from the cumulative risk analysis score after decrypting the dynamic pairing code, wherein the second authentication score is not communicated between the first and second communications endpoints.
  - 4. The method of claim 1 further comprising modifying the cumulative risk analysis score responsive to an information exchange between the first and second communications endpoints wherein the information exchange is unrelated to the dynamic pairing code.
  - 5. The method of claim 1 further comprising sending the dynamic pairing code from the first communications endpoint to the second communications endpoint through a midpoint communications device, the dynamic pairing code encrypted at the midpoint communications device.
  - 6. The method of claim 1 wherein the first communications endpoint comprises an authenticator.
  - 7. The method of claim 1 wherein the second communications endpoint comprises a mobile device or a computing device.
  - 8. The method of claim 1 wherein the first and second authentication scores are responsive to one or more of user identifiers and access parameters.
  - 9. The method of claim 1 further comprising:
    - sending the dynamic pairing code from the first communications endpoint to the second communications endpoint;
      
      at the second communications endpoint decrypting the dynamic pairing code using the first authentication score as a decryption key to determine the cumulative risk analysis score; and
      
      at the second communications endpoint determining the second authentication score from the cumulative risk analysis score.
  - 10. The method of claim 9 wherein information exchanges between the first and second communications endpoints are further responsive to the second authentication score.
  - 11. The method of claim 9 further comprising:
    - adding the second authentication score to the cumulative risk analysis score at the second communications endpoint to produce an updated cumulative risk analysis score;
      
      determining whether the updated cumulative risk analysis score is above a threshold value; and
      
      if the updated cumulative risk analysis score is above the threshold value, including the first device within an access level of the second device, and if the updated cumulative risk analysis score is below the threshold value not exchanging information between the first and second devices.
  - 12. The method of claim 11 comprising a plurality of access levels based on a relationship between the updated cumulative risk analysis score and a threshold value associated with each one of the plurality of access levels.
  - 13. The method of claim 12 wherein at least one of the first and second communications endpoints requires that a third device have a predetermined access level for the one of the first and second communications endpoints to communicate with the third communications endpoint.
  - 14. The method of claim 1 further comprising:
    - sending the dynamic pairing code from the first communications endpoint to the second device;
      
      at the second device attempting to decrypt the dynamic pairing code using the first authentication score as a decryption key to determine the cumulative risk analysis score; and
      
      wherein if the decryption operation at the second communications endpoint fails, access to the second communications endpoint by the first communications endpoint is denied.
  - 15. The method of claim 1 wherein the first and second authentication scores are in polynomial form.
  - 16. The method of claim 1 wherein the encryption key is generated further in response to a pseudo-random number.
  - 17. The method of claim 1 further comprising encrypting the dynamic pairing code.
  - 18. The method of claim 1 further comprising sending the dynamic pairing code to other entities for communicating with the first or second communications endpoints.
  - 19. The method of claim 1 wherein the cumulative risk analysis score further comprises additional authentication past scores determined after determining the first and second authentication scores.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
LogicMark LLC (Nxt-Id, Inc.)
Original Assignee
Nxt-Id, Inc.
Inventors
Tunnell, Charles David, Mitchell, Justin, Zurasky, Jacob
Primary Examiner(s)
Lim, Krisna

Application Number

US14/217,202
Publication Number

US 20140325220A1
Time in Patent Office

869 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/00   Security arrangements for p...

H04L 2463/082   applying multi-factor authe...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/18   using different networks or...

H04L 9/0869   involving random numbers or...

H04L 9/0872   using geo-location informat...

H04L 9/16   the keys or algorithms bein...

H04L 9/3215   using a plurality of channe...

Un-password™: risk aware end-to-end multi-factor authentication via dynamic pairing

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Un-password™: risk aware end-to-end multi-factor authentication via dynamic pairing

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links