System for transparent authentication across installed applications

US 9,477,825 B1
Filed: 04/05/2016
Issued: 10/25/2016
Est. Priority Date: 07/10/2015
Status: Active Grant

First Claim

Patent Images

1. A system for authenticating a user wishing to access secure data through a protected software application, the system comprising:

a computing device comprising a processor, a memory, an input mechanism and an output mechanism;

a plurality of sensors associated with the computing device for detecting one or more conditions;

a token repository within the memory for storing a plurality of tokens, each token representative of a unique combination of conditions;

a protected application stored within the memory and executable to provide secure data to the output mechanism upon user authentication; and

an authentication application stored within the memory and integrated with the protected application, the authentication application configured to authenticate the user to the protected application without user input when present conditions detected by the plurality of sensors match the conditions represented by a matched token from among the plurality of tokens within the token repository;

wherein the protected application uses a master key to access the secure data,and wherein the master key was previously decrypted with data obtained from user entry of a password, and may be subsequently decrypted by the authentication application using data derived from the present conditions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for authenticating mobile device users transparently is disclosed. This invention improves on the existing flaws by deriving encryption keys from environmental condition data when the user and device are trusted. The keys are then cryptographically hashed and compared with repository hashed data to determine if the conditions match a prior set of conditions. If a match is found and trust factors are sufficient, the system uses the condition data to decrypt a master key that allows access to secure data in the same manner as would a user-provided password. The security system cannot be bypassed if the device is stolen, as an attacker would have to replicate the exact environment and behavioral attributes employed and learned from the user without any knowledge as to the factors that constitute them because the factors are not maintained by the system.

Citations

23 Claims

1. A system for authenticating a user wishing to access secure data through a protected software application, the system comprising:
- a computing device comprising a processor, a memory, an input mechanism and an output mechanism;
  
  a plurality of sensors associated with the computing device for detecting one or more conditions;
  
  a token repository within the memory for storing a plurality of tokens, each token representative of a unique combination of conditions;
  
  a protected application stored within the memory and executable to provide secure data to the output mechanism upon user authentication; and
  
  an authentication application stored within the memory and integrated with the protected application, the authentication application configured to authenticate the user to the protected application without user input when present conditions detected by the plurality of sensors match the conditions represented by a matched token from among the plurality of tokens within the token repository;
  
  wherein the protected application uses a master key to access the secure data,and wherein the master key was previously decrypted with data obtained from user entry of a password, and may be subsequently decrypted by the authentication application using data derived from the present conditions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein each of the plurality of tokens are irreversibly hashed and the conditions they represent are not retained by the system.
  - 3. The system of claim 1, wherein the authentication application uses data represented by the matched token to encrypt the master key.
  - 4. The system of claim 3, wherein the encrypted master key is stored in the token repository and is uniquely associated with the matched token.
  - 5. The system of claim 1, wherein the authentication application is further configured to generate a candidate token using the present conditions, and to compare the candidate token to the plurality of tokens stored in the token repository to identify the matched token, and wherein the system does not thereafter store the present conditions.
  - 6. The system of claim 1, wherein the authentication application generates a trust score using the present conditions detected by the plurality of sensors, wherein the trust score measures the extent to which the present conditions match the conditions measured during prior user authentications.
  - 7. The system of claim 6, wherein the authentication application irreversibly hashes each present condition into a hashed present condition and determines whether a match to the hashed present condition exists in a profile repository stored in the memory, the profile repository containing a plurality of previously hashed conditions generated by the authentication application during prior user authentications.
  - 8. The system of claim 7, wherein the trust score is a reflection of the number of matches between hashed present conditions and previously hashed conditions;
    - and wherein neither the present conditions nor conditions used to generate the previously hashed conditions are retained by the system.
  - 9. The system of claim 6, wherein, if the trust score is below a predetermined threshold, the authentication application will solicit the password from the user in order to complete the authentication.
  - 10. The system of claim 1, wherein the present conditions indicate at least a geographic location where the computing device presently is, an orientation at which the computing device is being held, and an availability of a wireless network.

11. A system for authenticating a user wishing to access secure data through a protected software application, the system comprising:
- a computing device comprising a processor, a memory, an input mechanism and an output mechanism;
  
  a plurality of sensors associated with the computer device for detecting one or more conditions;
  
  a token repository within the memory for storing a plurality of tokens, each token representative of a unique combination of conditions;
  
  a protected application stored within the memory and executable to provide secure data to the output mechanism upon user authentication; and
  
  an authentication application stored within the memory and integrated with the protected application, the authentication application configured to authenticate the user to the protected application without user input when present conditions detected by the plurality of sensors match the conditions represented by a matched token from among the plurality of tokens within the token repository;
  
  wherein the authentication application is further configured to;
  
  generate a candidate token using the present conditions;
  
  to thereafter discard the present conditions;
  
  to compare the candidate token to the plurality of tokens stored in the token repository to identify the matched token; and
  
  to decrypt a master key from an encrypted key stored in the token repository that is uniquely associated with the matched token.
- View Dependent Claims (12)
- - 12. The system of claim 11, wherein, when the present conditions detected by the plurality of sensors do not match the conditions represented by any of the plurality of tokens within the token repository, the authentication application prompts the user for a password and decrypts the master key using the password entered by the user into the input mechanism.

13. A system for providing access to secure data comprising:
- a computerized user device equipped with a memory, a processor, an input mechanism, an output mechanism, and one or more sensors to gather user environmental data;
  
  a first application housed within the memory, the first application configured to send a user authentication request prior to allowing an unauthenticated user access to secure data;
  
  a second application housed within the memory and integrated with the first application to receive the user authentication request and to respond to the request by decrypting a master key for use by the first application to access the secure data; and
  
  ,a token repository housed within the memory for storing a plurality of tokens generated by the second application, each token representative of a particular set of environmental conditions collected at a previous time by the one or more sensors;
  
  wherein, upon receiving the user authentication request, the second application is configured to decrypt the master key by either of;
  
  using a user supplied password;
  
  orgenerating a candidate token using present conditions measured by the one or more sensors and, if the candidate token matches one of the plurality of tokens present in the token repository, decrypting the master key from an encrypted key stored in the token repository and uniquely associated with the matched token.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The system of claim 13, wherein the candidate token and all of the tokens in the token repository are irreversibly hashed representations of environmental conditions, and wherein the environmental conditions represented by the tokens are not retained by the system.
  - 15. The system of claim 14, wherein the second application previously generated the encrypted key from the master key using environmental conditions associated with the matched token.
  - 16. The system of claim 13, wherein the second application will only generate the candidate token when a user score indicative of the regularity of present environmental conditions is at or above a pre-designated level.
  - 17. The system of claim 16, wherein the second application will generate the master key using the user supplied password when the user score is below the pre-designated level.

18. A method of transparent user authentication comprising the steps of:
- receiving a request for a master key to access secure data;
  
  gathering present conditions from a plurality of device sensors;
  
  using a processor and an encoding algorithm, cyrptographically hashing each present condition and comparing the resulting present condition hashes to pre-recorded hashes representing past conditions, the pre-recorded hashes stored in a profile repository in a memory of a user computerized device, in order to generate a trust score;
  
  if the trust score exceeds a predetermined threshold, generating a candidate token by cryptographically hashing a data string formed by the present conditions and comparing it to pre-recorded tokens stored in a token repository of the memory;
  
  if the candidate token matches one of the pre-recorded tokens, using a derived key derived from the present conditions to generate the master key from an encrypted key uniquely associated with the matched token; and
  
  providing the master key to access the secure data;
  
  wherein all of the above steps except for the gathering of present conditions are performed without transmitting data external to the user computerized device.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The method of claim 18, wherein, if the trust score falls below the predetermined threshold, soliciting a password for use in decrypting the master key.
  - 20. The method of claim 18, wherein the step of generating the master key is performed by decrypting the encrypted key using the derived key.
  - 21. The method of claim 18, wherein the derived key is a cryptographically hashed representation of a concatenated data string of the present conditions.
  - 22. The method of claim 18, wherein, if the candidate token does not match any of the pre-recorded tokens, the method further comprises the steps of soliciting a password for use in decrypting the master key.
  - 23. The method of claim 22, wherein, if the password successfully decrypts the master key, the method further comprises the steps of:
    - deriving the derived key from the present conditions;
      
      encrypting the master key with the derived key; and
      
      storing the candidate token in the token repository in a manner such that it is uniquely associated with the encrypted master key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trusted Mobile, Llc
Original Assignee
Trusted Mobile, Llc
Inventors
Sinchak, Jason Richard, Frost, Troy
Primary Examiner(s)
SIMITOSKI, MICHAEL J

Application Number

US15/091,382
Time in Patent Office

203 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/57   Certifying or maintaining t...

G06F 21/6218   to a system of files or obj...

G06F 21/88   Detecting or preventing the...

G06F 2221/2107   File encryption

G06F 2221/2111   Location-sensitive, e.g. ge...

G06Q 20/108   Remote banking, e.g. home b...

G06Q 20/40   Authorisation, e.g. identif...

H04L 2209/80   Wireless

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 63/107   wherein the security polici...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/0861   Generation of secret inform...

H04L 9/0872   using geo-location informat...

H04L 9/14   using a plurality of keys o...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3236   using cryptographic hash fu...

H04W 12/02 : Protecting privacy or anony...

H04W 12/04 : Key management, e.g. using ...

H04W 12/06 : Authentication

H04W 12/65 : Environment-dependent, e.g....

H04W 12/67 : Risk-dependent, e.g. select...

View All

System for transparent authentication across installed applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

System for transparent authentication across installed applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links