System for transparent authentication across installed applications
First Claim
1. A method of user authentication on a device, comprising:
- receiving a request for a master key to access secure data;
generating, via a processor, a device score based on security factors that are indicative of the integrity of the device;
in response to the device score being above a first threshold;
gathering present conditions from a plurality of device sensors;
generating, via the processor and an encoding algorithm, a user trust score based on cyrptographic hashes of each of the present conditions and weighted pre-recorded hashes stored in a profile repository in a memory of the device, the weighted pre-recorded hashes representing past values of the conditions;
if the user trust score exceeds a second threshold, generating a candidate token by cryptographically hashing a data string formed by the present conditions and comparing it to pre-recorded tokens stored in a token repository of the memory;
if the candidate token matches one of the pre-recorded tokens;
generating, via the processor and a derived key derived from the present conditions, the master key from an encrypted key uniquely associated with the matched token; and
providing the master key to access the secure data.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for authenticating mobile device users transparently is disclosed. This invention improves on the existing flaws by deriving encryption keys from environmental condition data when the user and device are trusted. The keys are then cryptographically hashed and compared with repository hashed data to determine if the conditions match a prior set of conditions. If a match is found and trust factors are sufficient, the system uses the condition data to decrypt a master key that allows access to secure data in the same manner as would a user-provided password. The security system cannot be bypassed if the device is stolen, as an attacker would have to replicate the exact environment and behavioral attributes employed and learned from the user without any knowledge as to the factors that constitute them because the factors are not maintained by the system.
51 Citations
18 Claims
-
1. A method of user authentication on a device, comprising:
-
receiving a request for a master key to access secure data; generating, via a processor, a device score based on security factors that are indicative of the integrity of the device; in response to the device score being above a first threshold; gathering present conditions from a plurality of device sensors; generating, via the processor and an encoding algorithm, a user trust score based on cyrptographic hashes of each of the present conditions and weighted pre-recorded hashes stored in a profile repository in a memory of the device, the weighted pre-recorded hashes representing past values of the conditions; if the user trust score exceeds a second threshold, generating a candidate token by cryptographically hashing a data string formed by the present conditions and comparing it to pre-recorded tokens stored in a token repository of the memory; if the candidate token matches one of the pre-recorded tokens; generating, via the processor and a derived key derived from the present conditions, the master key from an encrypted key uniquely associated with the matched token; and providing the master key to access the secure data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for providing access to secure data comprising:
-
a computerized user device including memory, a processor, an input mechanism, an output mechanism, and sensors to gather user environmental data; a first application stored within the memory, the first application configured to send a user authentication request in response to a request to access the secure data; a second application stored within the memory and integrated with the first application to supply a master key for use by the first application to access the secure data; wherein, upon receiving the user authentication request, the second application is to; generate a device score based on security factors that are indicative of the integrity of the computerized user device; in response to the device score being above a first threshold; gather present conditions from the sensors; generate a user trust score based on cyrptographic hashes of each of the present conditions and weighted pre-recorded hashes stored in a profile repository in a memory of the device; if the user trust score exceeds a second threshold, generating a candidate token by cryptographically hashing a data string formed by the present conditions and comparing it to pre-recorded tokens stored in a token repository of the memory; if the candidate token matches one of the pre-recorded tokens; generate the master key from an encrypted key uniquely associated with the matched token; and provide the master key the first application. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification