Method for automatic possession-factor authentication

US 9,801,066 B1
Filed: 05/03/2017
Issued: 10/24/2017
Est. Priority Date: 06/02/2016
Status: Active Grant

First Claim

Patent Images

1. A system for performing authentication using implicit authentication data provided by a possession factor, the system comprising:

a possession factor comprising one of a smartphone or a mobile electronic device having a capability to parse implicit authentication data for use in the implicit authentication for a transaction involving a user and a service provider;

an authentication platform comprising a remote Internet server, wherein at the authentication platform;

receiving, via a communication network, an implicit authentication request for initiating the authentication for the transaction based on the possession factor that is associated with the user;

transmitting, via the communication network, to the possession factor a query to the possession factor requesting implicit authentication data, the implicit authentication data comprising data collected or generated by the possession factor without user intervention and that enables authentication for the transaction;

in response to transmitting the query, receiving, via the communication network, from the possession factor implicit authentication data from the possession factor;

generating a possession confidence level using the implicit authentication data, the possession confidence level being one of a plurality of possession confidence levels, the possession confidence level indicating a likelihood that the possession factor is possessed by the authorized user;

generating authentication requirements based on the possession confidence level, wherein the authentication requirements define a process or an action for performing authentication for the transaction, wherein generating the authentication requirements includes;

(i) selecting a first of a plurality of different, predefined authentication requirements when the possession confidence level satisfies a first confidence threshold, or(ii) selecting a second of the plurality of different, predefined authentication requirements when the possession confidence level satisfies a second confidence threshold; and

performing authentication for the transaction in accordance with the selected predefined authentication requirements.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are provided that include: accessing implicit authentication data from a possession factor associated with an authorized user; at the possession factor or at an authentication platform: generating a possession confidence level using the implicit authentication data, the possession confidence level being one of a plurality of possession confidence levels, the possession confidence level indicating a likelihood that the possession factor is possessed by the authorized user; identifying, among a plurality of varying authentication requirements, an authentication requirement for the transaction based on the possession confidence level, the authentication requirement defines a process or action to prove authority to perform the transaction or a process or action to prove an identity of a user attempting to perform the transaction; and implementing the authentication requirement for the transaction.

68 Citations

View as Search Results

20 Claims

1. A system for performing authentication using implicit authentication data provided by a possession factor, the system comprising:
- a possession factor comprising one of a smartphone or a mobile electronic device having a capability to parse implicit authentication data for use in the implicit authentication for a transaction involving a user and a service provider;
  
  an authentication platform comprising a remote Internet server, wherein at the authentication platform;
  
  receiving, via a communication network, an implicit authentication request for initiating the authentication for the transaction based on the possession factor that is associated with the user;
  
  transmitting, via the communication network, to the possession factor a query to the possession factor requesting implicit authentication data, the implicit authentication data comprising data collected or generated by the possession factor without user intervention and that enables authentication for the transaction;
  
  in response to transmitting the query, receiving, via the communication network, from the possession factor implicit authentication data from the possession factor;
  
  generating a possession confidence level using the implicit authentication data, the possession confidence level being one of a plurality of possession confidence levels, the possession confidence level indicating a likelihood that the possession factor is possessed by the authorized user;
  
  generating authentication requirements based on the possession confidence level, wherein the authentication requirements define a process or an action for performing authentication for the transaction, wherein generating the authentication requirements includes;
  
  (i) selecting a first of a plurality of different, predefined authentication requirements when the possession confidence level satisfies a first confidence threshold, or(ii) selecting a second of the plurality of different, predefined authentication requirements when the possession confidence level satisfies a second confidence threshold; and
  
  performing authentication for the transaction in accordance with the selected predefined authentication requirements.
- View Dependent Claims (2, 3, 4)
- - 2. The system of claim 1, wherein further at the authentication platform:
    - wherein receiving the implicit authentication request is triggered by a transmission indicating a successful primary authentication for the transaction, wherein the primary authentication is;
      
      (i) performed independent of the authentication using the implicit authentication data and(ii) performed by the service provider, the service provider being independent of the authentication platform.
  - 3. The system of claim 1, wherein further at the authentication platform:
    - wherein receiving the implicit authentication request is initialized by a transmission provided midstream of a primary authentication, the transmission indicating that a primary authentication is being performed for authenticating the transaction wherein the primary authentication is;
      
      (i) performed independent of the authentication using the implicit authentication data and(ii) performed by the service provider, the service provider being independent of the authentication platform.
  - 4. The system of claim 1, wherein further at the authentication platform:
    - generating a likelihood of possession of the possession factor by the user, wherein the likelihood of possession comprises a probability value indicating a probability that the possession factor is possessed by the user, wherein the generating the likelihood of possession includes;
      
      (i) parsing determinative data indicating a potential possession or indicating a potential lack of possession of the possession factor by the user from the implicit authentication data thereby generating a subset of the implicit authentication data,(ii) applying one or more analysis techniques or transformation techniques to the subset of implicit authentication data to determine possession insights relating to a possession or lack of possession of the possession factor, and(iii) calculating a value for the likelihood of possession using the implicit authentication data and the possession insights.

5. A method for performing implicit authentication for a transaction based on a possession factor, the method comprising:
- receiving, via a remote Internet server, a transaction request;
  
  responsive to receiving the transaction request, accessing implicit authentication data from a possession factor associated with an authorized user, the implicit authentication data comprising data that is captured automatically by the possession factor and relating to one or more of an operation of one or more sensors of the possession factor and a usage of the possession factor,at the possession factor or at an authentication platform, wherein the possession factor comprises a mobile computing device, and wherein the authentication platform comprises a remote computing server;
  
  generating a possession confidence level using the implicit authentication data, the possession confidence level being one of a plurality of possession confidence levels, the possession confidence level indicating a likelihood that the possession factor is possessed by the authorized user;
  
  identifying, among a plurality of varying authentication requirements, an authentication requirement for the transaction based on the possession confidence level, the authentication requirement defines a process or action to prove authority to perform the transaction or a process or action to prove an identity of a user attempting to perform the transaction, wherein identifying the authentication requirement for the transaction includes;
  
  (i) selecting a first of a plurality of different, predefined authentication requirements when the possession confidence level satisfies a first confidence threshold, or(ii) selecting a second of the plurality of different, predefined authentication requirements when the possession confidence level satisfies a second confidence threshold; and
  
  implementing the selected predefined authentication requirements for the transaction.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 6. The method of claim 5, further comprising:
    - receiving a possession-factor authentication request, the receipt of the possession-factor authentication request triggering an initialization of the implicit authentication based on the possession factor.
  - 7. The method of claim 6, wherein the possession-factor authentication request comprises an indication that a primary authentication separate from the implicit authentication was performed successfully or is being performed on a basis of authentication data provided expressly by a party.
  - 8. The method of claim 6, wherein the possession factor comprises a query able to be submitted to the possession factor, wherein the query comprises a request for implicit authentication data from the possession factor.
  - 9. The method of claim 5, further comprising:
    - querying the possession factor for the implicit authentication data and analysis of the implicit authentication data, wherein the analysis provides one or more indications to determine if the possession factor is possessed by the authorized user.
  - 10. The method of claim 9, wherein the possession factor comprises a smartphone or a mobile electronic device that includes a mechanism native to an operating system thereof that generates the analysis of the implicit authentication data captured or generated one or more of device sensors and computing resources of the smartphone or the mobile electronic device.
  - 11. The method of claim 5, further comprising:
    - identifying or selecting a decay rate to apply to a data subset of the implicit authentication data, wherein the decay rate reduces a value of the data subset prior to the generation of the possession confidence level; and
      
      applying the decay rate to the data subset, wherein the generation of the possession confidence level is based at least on the data subset having the applied decay rate.
  - 12. The method of claim 5, wherein the implicit authentication data comprises biometric data, wherein the biometric data comprises:
    - (1) an analysis of or data related to a gait of a user having, at some historical time, possession of the possession factor, or(2) an analysis of or data related to a fingerprint of a user, wherein the analysis of or the data related to the fingerprint was generated or collected in a historical authentication event that is separate from the implicit authentication.
  - 13. The method of claim 5, wherein identifying the authentication requirements is further based on predetermined possession factor authentication policy set at the possession factor or at the authentication platform, wherein the predetermined possession factor authentication policy defines the plurality of authentication requirements permissible via implicit authentication and dictates one or more conditions for performing each of the plurality of authentication requirements.
  - 14. The method of claim 5, wherein generating the possession confidence level comprises generating a possession confidence score using implicit authentication data and transaction request data, wherein the transaction request data comprises data exchanged as part of a transaction request initiating the transaction, and wherein the data exchanged comprises one or more of an originating service provider, an originating IP address of the transaction request, a time of the transaction request, and details of a primary authentication for the transaction.
  - 15. The method of claim 5, wherein the identified authentication requirement comprises one of:
    - (1) performing automatic authentication of the transaction without intervention at the possession factor by the authorized user,(2) performing user-interactive authentication based on transmitting a push notification to the possession factor, wherein the user-interactive authentication comprises a binary prompt for approval or denial of the transaction by the authorized user,(3) performing additional authentication to verify the identity or the authorization of the user attempting to perform the transaction, and(4) automatically denying authentication of the transaction.
  - 16. The method of claim 5, wherein further at the possession factor or the authentication platform:
    - generating a likelihood of possession of the possession factor by the user, wherein the likelihood of possession comprises a probability value indicating a probability that the possession factor is possessed by the user,wherein generating the possession confidence level includes;
      
      (i) comparing the probability value of the likelihood of possession to a possession factor continuum, the possession factor continuum being defined by the plurality of possession confidence levels provided in an increasing manner or a decreasing manner along the possession factor continuum, and(ii) determining the possession confidence level based on the comparison.
  - 17. The method of claim 5, wherein:
    - (i) wherein implementing the selected authentication requirement includes performing the first authentication by performing the authentication for the transaction automatically without intervention by the authorized user,or(ii) wherein implementing the selected authentication requirement includes performing the second authentication by automatically denying authentication based on the possession factor or performing additional authentication requiring user-intervention via the possession factor.

18. A method for executing authentication for a transaction between an authorized user and a service provider, the method comprising:
- in response to receiving, at the service provider, primary authentication data associated with a primary authentication for the transaction, initializing a secondary authentication for the transaction using implicit authentication data from a possession factor associated with the authorized user, wherein initializing the secondary transaction includes transmitting a transaction request associated with the transaction, via a network, to a remote secondary authentication computing server, wherein the implicit authentication data comprises data that enables a determination of whether the possession factor is currently or near currently in possession of the authorized user, wherein the implicit authentication data is collected by the possession factor during a normal course of operation of the possession factor without user assistance in the collection;
  
  generating a likelihood of possession based on the implicit authentication data;
  
  identifying an authentication action or an authentication process for implementing the secondary authentication using the likelihood of possession to inform a selection of the authentication action or the authentication process from among a plurality of authentication actions or a plurality of authentication processes, wherein identifying the authentication action or the authentication process for implementing the secondary authentication includes;
  
  (i) selecting a first of a plurality of different, predefined authentication actions or predefined authentication processes when the likelihood of possession satisfies a first possession threshold, or(ii) selecting a second of the plurality of different, predefined authentication actions or predefined authentication processes when the likelihood of possession satisfies a second possession threshold; and
  
  performing the secondary authentication in accordance with the selected predefined authentication action or the selected predefined authentication process.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, wherein the likelihood of possession corresponds to one of the plurality of authentication actions or one of the plurality of authentication processes.
  - 20. The method of claim 18, wherein the primary authentication includes receiving explicit authentication response data from the authorized user, and wherein the secondary authentication includes receiving authentication response data only if the implicit authentication data informs a requirement for a non-automatic authentication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Duo Security Incorporated (Cisco Systems, Inc.)
Inventors
Hanley, Michael, Oberheide, Jon
Primary Examiner(s)
Schwartz, Darren B

Application Number

US15/586,148
Time in Patent Office

174 Days
Field of Search
US Class Current
CPC Class Codes

G06N 7/01   Probabilistic graphical mod...

G06Q 20/1085   involving automatic teller ...

G06Q 20/3221   Access to banking informati...

G06Q 20/3224   Transactions dependent on l...

G06Q 20/385   using an alias or single-us...

G06Q 20/4012   Verifying personal identifi...

G06Q 20/40145   Biometric identity checks

G06Q 20/4016   involving fraud or risk lev...

G06Q 20/405   Establishing or using trans...

G07C 9/32   in combination with an iden...

G07C 9/37   using biometric data, e.g. ...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/107   wherein the security polici...

H04W 12/06   Authentication

H04W 12/63   Location-dependent; Proximi...

H04W 12/64   using geofenced areas

H04W 12/68   Gesture-dependent or behavi...

Method for automatic possession-factor authentication

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

68 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method for automatic possession-factor authentication

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

68 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links