System for transparent authentication across installed applications
First Claim
1. A system for authenticating a user wishing to access secure data through a protected software application, the system comprising:
- a computing device comprising a processor, a memory, an input mechanism and an output mechanism;
a plurality of sensors associated with the computing device for detecting one or more conditions;
a token repository within the memory for storing a plurality of tokens, each token representative of a unique combination of conditions;
a protected application stored within the memory and executable to provide secure data to the output mechanism upon user authentication; and
an authentication application stored within the memory and integrated with the protected application, the authentication application configured to authenticate the user to the protected application without user input when present conditions detected by the plurality of sensors match the conditions represented by a matched token from among the plurality of tokens within the token repository;
wherein the protected application uses a master key to access the secure data,and wherein the master key was previously decrypted with data obtained from user entry of a password, and may be subsequently decrypted by the authentication application using data derived from the present conditions.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for authenticating mobile device users transparently is disclosed. This invention improves on the existing flaws by deriving encryption keys from environmental condition data when the user and device are trusted. The keys are then cryptographically hashed and compared with repository hashed data to determine if the conditions match a prior set of conditions. If a match is found and trust factors are sufficient, the system uses the condition data to decrypt a master key that allows access to secure data in the same manner as would a user-provided password. The security system cannot be bypassed if the device is stolen, as an attacker would have to replicate the exact environment and behavioral attributes employed and learned from the user without any knowledge as to the factors that constitute them because the factors are not maintained by the system.
-
Citations
23 Claims
-
1. A system for authenticating a user wishing to access secure data through a protected software application, the system comprising:
-
a computing device comprising a processor, a memory, an input mechanism and an output mechanism; a plurality of sensors associated with the computing device for detecting one or more conditions; a token repository within the memory for storing a plurality of tokens, each token representative of a unique combination of conditions; a protected application stored within the memory and executable to provide secure data to the output mechanism upon user authentication; and an authentication application stored within the memory and integrated with the protected application, the authentication application configured to authenticate the user to the protected application without user input when present conditions detected by the plurality of sensors match the conditions represented by a matched token from among the plurality of tokens within the token repository; wherein the protected application uses a master key to access the secure data, and wherein the master key was previously decrypted with data obtained from user entry of a password, and may be subsequently decrypted by the authentication application using data derived from the present conditions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for authenticating a user wishing to access secure data through a protected software application, the system comprising:
-
a computing device comprising a processor, a memory, an input mechanism and an output mechanism; a plurality of sensors associated with the computer device for detecting one or more conditions; a token repository within the memory for storing a plurality of tokens, each token representative of a unique combination of conditions; a protected application stored within the memory and executable to provide secure data to the output mechanism upon user authentication; and an authentication application stored within the memory and integrated with the protected application, the authentication application configured to authenticate the user to the protected application without user input when present conditions detected by the plurality of sensors match the conditions represented by a matched token from among the plurality of tokens within the token repository; wherein the authentication application is further configured to; generate a candidate token using the present conditions; to thereafter discard the present conditions; to compare the candidate token to the plurality of tokens stored in the token repository to identify the matched token; and to decrypt a master key from an encrypted key stored in the token repository that is uniquely associated with the matched token. - View Dependent Claims (12)
-
-
13. A system for providing access to secure data comprising:
-
a computerized user device equipped with a memory, a processor, an input mechanism, an output mechanism, and one or more sensors to gather user environmental data; a first application housed within the memory, the first application configured to send a user authentication request prior to allowing an unauthenticated user access to secure data; a second application housed within the memory and integrated with the first application to receive the user authentication request and to respond to the request by decrypting a master key for use by the first application to access the secure data; and
,a token repository housed within the memory for storing a plurality of tokens generated by the second application, each token representative of a particular set of environmental conditions collected at a previous time by the one or more sensors; wherein, upon receiving the user authentication request, the second application is configured to decrypt the master key by either of; using a user supplied password;
orgenerating a candidate token using present conditions measured by the one or more sensors and, if the candidate token matches one of the plurality of tokens present in the token repository, decrypting the master key from an encrypted key stored in the token repository and uniquely associated with the matched token. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A method of transparent user authentication comprising the steps of:
-
receiving a request for a master key to access secure data; gathering present conditions from a plurality of device sensors; using a processor and an encoding algorithm, cyrptographically hashing each present condition and comparing the resulting present condition hashes to pre-recorded hashes representing past conditions, the pre-recorded hashes stored in a profile repository in a memory of a user computerized device, in order to generate a trust score; if the trust score exceeds a predetermined threshold, generating a candidate token by cryptographically hashing a data string formed by the present conditions and comparing it to pre-recorded tokens stored in a token repository of the memory; if the candidate token matches one of the pre-recorded tokens, using a derived key derived from the present conditions to generate the master key from an encrypted key uniquely associated with the matched token; and providing the master key to access the secure data; wherein all of the above steps except for the gathering of present conditions are performed without transmitting data external to the user computerized device. - View Dependent Claims (19, 20, 21, 22, 23)
-
Specification