System for transparent authentication across installed applications

US 9,992,023 B2
Filed: 10/24/2016
Issued: 06/05/2018
Est. Priority Date: 07/10/2015
Status: Active Grant

First Claim

Patent Images

1. A method of user authentication on a device, comprising:

receiving a request for a master key to access secure data;

generating, via a processor, a device score based on security factors that are indicative of the integrity of the device;

in response to the device score being above a first threshold;

gathering present conditions from a plurality of device sensors;

generating, via the processor and an encoding algorithm, a user trust score based on cyrptographic hashes of each of the present conditions and weighted pre-recorded hashes stored in a profile repository in a memory of the device, the weighted pre-recorded hashes representing past values of the conditions;

if the user trust score exceeds a second threshold, generating a candidate token by cryptographically hashing a data string formed by the present conditions and comparing it to pre-recorded tokens stored in a token repository of the memory;

if the candidate token matches one of the pre-recorded tokens;

generating, via the processor and a derived key derived from the present conditions, the master key from an encrypted key uniquely associated with the matched token; and

providing the master key to access the secure data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for authenticating mobile device users transparently is disclosed. This invention improves on the existing flaws by deriving encryption keys from environmental condition data when the user and device are trusted. The keys are then cryptographically hashed and compared with repository hashed data to determine if the conditions match a prior set of conditions. If a match is found and trust factors are sufficient, the system uses the condition data to decrypt a master key that allows access to secure data in the same manner as would a user-provided password. The security system cannot be bypassed if the device is stolen, as an attacker would have to replicate the exact environment and behavioral attributes employed and learned from the user without any knowledge as to the factors that constitute them because the factors are not maintained by the system.

51 Citations

18 Claims

1. A method of user authentication on a device, comprising:
- receiving a request for a master key to access secure data;
  
  generating, via a processor, a device score based on security factors that are indicative of the integrity of the device;
  
  in response to the device score being above a first threshold;
  
  gathering present conditions from a plurality of device sensors;
  
  generating, via the processor and an encoding algorithm, a user trust score based on cyrptographic hashes of each of the present conditions and weighted pre-recorded hashes stored in a profile repository in a memory of the device, the weighted pre-recorded hashes representing past values of the conditions;
  
  if the user trust score exceeds a second threshold, generating a candidate token by cryptographically hashing a data string formed by the present conditions and comparing it to pre-recorded tokens stored in a token repository of the memory;
  
  if the candidate token matches one of the pre-recorded tokens;
  
  generating, via the processor and a derived key derived from the present conditions, the master key from an encrypted key uniquely associated with the matched token; and
  
  providing the master key to access the secure data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the first and second thresholds are previously set by a user or a system administrator.
  - 3. The method of claim 1, wherein in response to the device score being below the first threshold, requesting a user supplied password to decrypt the master key to access the secure data.
  - 4. The method of claim 1, wherein if the user trust score does not exceed the second threshold, requesting a user supplied password to decrypt the master key to access the secure data.
  - 5. The method of claim 1, wherein when generating the device score and when generating the user trust score, data is not transmitted external to the device.
  - 6. The method of claim 1, wherein if the candidate token does not match one of the pre-recorded tokens:
    - requesting a user supplied password to decrypt the master key;
      
      deriving the derived key from the present conditions;
      
      encrypting the master key with the derived key; and
      
      storing the candidate token in the token repository in a manner such that it is uniquely associated with the encrypted master key.
  - 7. The method of claim 1, wherein the derived key is a cryptographically hashed representation of a concatenated data string of the present conditions.
  - 8. The method of claim 1, wherein the present conditions indicate at least one of a geographic location where the device presently is, an orientation at which the device is being held, or an availability of a wireless network.
  - 9. The method of claim 1, wherein the security factors that are indicative of the integrity of the device include at least one of an operating system policy violation, a missing patch, large outbound data flows, the device being jailbroken, malicious file system artifacts, connection to an unsecure router, tethering to an unsecured device, binary modification, an altered root password, or an unexpected file size change.

10. A system for providing access to secure data comprising:
- a computerized user device including memory, a processor, an input mechanism, an output mechanism, and sensors to gather user environmental data;
  
  a first application stored within the memory, the first application configured to send a user authentication request in response to a request to access the secure data;
  
  a second application stored within the memory and integrated with the first application to supply a master key for use by the first application to access the secure data;
  
  wherein, upon receiving the user authentication request, the second application is to;
  
  generate a device score based on security factors that are indicative of the integrity of the computerized user device;
  
  in response to the device score being above a first threshold;
  
  gather present conditions from the sensors;
  
  generate a user trust score based on cyrptographic hashes of each of the present conditions and weighted pre-recorded hashes stored in a profile repository in a memory of the device;
  
  if the user trust score exceeds a second threshold, generating a candidate token by cryptographically hashing a data string formed by the present conditions and comparing it to pre-recorded tokens stored in a token repository of the memory;
  
  if the candidate token matches one of the pre-recorded tokens;
  
  generate the master key from an encrypted key uniquely associated with the matched token; and
  
  provide the master key the first application.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein the first and second thresholds are previously set by a user or a system administrator.
  - 12. The system of claim 10, wherein in response to the device score being below the first threshold, the second application is to request a user supplied password to decrypt the master key.
  - 13. The system of claim 10, wherein if the user trust score does not exceed the second threshold, the second application is to request a user supplied password to decrypt the master key.
  - 14. The system of claim 10, wherein when generating the device score and when generating the user trust score, the second application does not transmit data external to the computerized user device.
  - 15. The system of claim 10, wherein if the candidate token does not match one of the pre-recorded tokens, the second application is to:
    - request a user supplied password to decrypt the master key;
      
      derive the derived key from the present conditions;
      
      encrypt the master key with the derived key; and
      
      store the candidate token in the token repository in a manner such that it is uniquely associated with the encrypted master key.
  - 16. The system of claim 10, wherein the derived key is a cryptographically hashed representation of a concatenated data string of the present conditions.
  - 17. The system of claim 10, wherein the present conditions indicate at least one of a geographic location where the device presently is, an orientation at which the device is being held, or an availability of a wireless network.
  - 18. The system of claim 10, wherein the security factors that are indicative of the integrity of the device include at least one of an operating system policy violation, a missing patch, large outbound data flows, the device being jailbroken, malicious file system artifacts, connection to an unsecure router, tethering to an unsecured device, binary modification, an altered root password, or an unexpected file size change.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trusted Mobile, Llc
Original Assignee
Trusted Mobile, Llc
Inventors
Sinchak, Jason Richard, Frost, Troy
Primary Examiner(s)
SIMITOSKI, MICHAEL J

Application Number

US15/332,850
Publication Number

US 20170041145A1
Time in Patent Office

589 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/57   Certifying or maintaining t...

G06F 21/6218   to a system of files or obj...

G06F 21/88   Detecting or preventing the...

G06F 2221/2107   File encryption

G06F 2221/2111   Location-sensitive, e.g. ge...

G06Q 20/108   Remote banking, e.g. home b...

G06Q 20/40   Authorisation, e.g. identif...

H04L 2209/80   Wireless network architectu...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 63/107   wherein the security polici...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/0861   Generation of secret inform...

H04L 9/0872   using geo-location informat...

H04L 9/14   using a plurality of keys o...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3236   using cryptographic hash fu...

H04W 12/02 : Protecting privacy or anony...

H04W 12/04 : Key management, e.g. using ...

H04W 12/06 : Authentication

H04W 12/65 : Environment-dependent, e.g....

H04W 12/67 : Risk-dependent, e.g. select...

View All

System for transparent authentication across installed applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

51 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System for transparent authentication across installed applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links