SYSTEM AND METHOD FOR VERIFYING USER IDENTITY IN A VIRTUAL ENVIRONMENT

US 20160036588A1
Filed: 10/12/2015
Published: 02/04/2016
Est. Priority Date: 11/23/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of providing third party user authentication for a first party user attempting to access a network service provided by a second party, said method comprising:

registering a network service;

registering a user device with a first user;

generating a first encryption key associated with the user device;

receiving a first encrypted check message from the user device;

receiving a second encrypted check message from the network service;

decrypting the first check message and the second check message using the first encryption key;

comparing timestamps included in the first check message and the second check message;

authorizing at least one of a network access or a transaction between the first user and the network service based at least in part on a difference between the timestamps being less than a threshold; and

sending an authorization message to the network service based on said authorizing.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for verifying user identity in a virtual environment are provided that may include the use of a trusted third party to perform identity verification. Devices may be configured such that the device is unalterably bound to a particular user via biometric data stored on the device and/or with the third party.

42 Citations

View as Search Results

20 Claims

1. A computer-implemented method of providing third party user authentication for a first party user attempting to access a network service provided by a second party, said method comprising:
- registering a network service;
  
  registering a user device with a first user;
  
  generating a first encryption key associated with the user device;
  
  receiving a first encrypted check message from the user device;
  
  receiving a second encrypted check message from the network service;
  
  decrypting the first check message and the second check message using the first encryption key;
  
  comparing timestamps included in the first check message and the second check message;
  
  authorizing at least one of a network access or a transaction between the first user and the network service based at least in part on a difference between the timestamps being less than a threshold; and
  
  sending an authorization message to the network service based on said authorizing.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein registering the user device with the first user includes:
    - acquiring biometric data of the user via an agent of the third party;
      
      storing the biometric data on the user device as biometric reference data using computer instructions and an encryption key provided by the third party;
      
      reacquiring the user'"'"'s biometric data via a test scan using a biometric scanner of the user device;
      
      verifying that the biometric reference data is accurately stored on the user device by comparing the test scan to the biometric reference data;
      
      causing the user device to delete said computer instructions based on the verification that the biometric reference data is accurately stored on the user device.
  - 3. The method of claim 1, wherein the network service includes a computer network of the second party, and the second encrypted check message is based at least in part on a communication between the user device and a workstation connected to the computer network.
  - 4. The method of claim 1, wherein the network service includes a network banking website, and the second encrypted check message is based at least in part on a communication between the user device and a workstation connected to the network banking website.
  - 5. The method of claim 1, wherein the network service includes an online purchase, and the second encrypted check message is based at least in part on confirming the identity of a person operating the user device.
  - 6. The method of claim 1, wherein:
    - registering the user device with the first user includes storing biometric data of the first user on the user device as biometric reference data using computer instructions provided by the third party;
      
      the first check message is sent from the user device based at least in part on a comparison between current biometric data and the biometric reference data; and
      
      the second check message is sent based at least in part on the comparison between current biometric data and the biometric reference data.
  - 7. The method of claim 6, wherein the user'"'"'s biometric data is not communicated to, or maintained by, the network service or the third party.
  - 8. The method of claim 1, wherein:
    - registering the user device with the first user includes configuring a one-time password service associating the first user and the user device using computer instructions provided by the third party, at least one parameter used by one-time password service being stored locally on the user device and inaccessible by the third party;
      
      the first check message is sent from the user device based at least in part on an identity check performed via the user device using the one-time password service; and
      
      the second check message is sent based at least in part on the identity check.
  - 9. The method of claim 1, wherein the second check message is based at least in part on the network service confirming that the user device is authorized to access the network service.

10. A method of registering a secure identity device, comprising:
- receiving an authorization proof message from an authorizing agent, the authorization proof message including an authorization device identifier, location information, and a timestamp;
  
  receiving a composite proof message via the user device, the composite proof message including a unique device identifier, an encrypted version of the authorization proof message, and a timestamp;
  
  generating a first encryption key associated with the user device based at least in part on a comparison of the authorization proof message and the composite proof message; and
  
  sending the first encryption key to at least one of the authorizing agent and the user device.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10, further comprising:
    - receiving a first encrypted check message from the user device;
      
      receiving a second encrypted check message from a network service provider;
      
      decrypting the first check message and the second check message using the first encryption key;
      
      comparing timestamps included in the first check message and the second check message;
      
      authorizing at least one of a network access or a transaction between the first user and the network service provider based at least in part on a difference between the timestamps being less than a threshold; and
      
      sending an authorization message to the network service provider based on said authorizing.
  - 12. The method of claim 11, wherein the first and second check messages are based at least in part on a biometric user confirmation performed by the user device.
  - 13. The method of claim 10, wherein comparing the authorization proof message and the composite proof message includes comparing the timestamp information and decrypting the encrypted authorization proof message.
  - 14. The method of claim 10, further comprising authorizing biometric data to be stored on the user device based at least in part on confirmation that the user device is located in proximity to the authorizing device.

15. A secure identity user device, comprising:
- a processor,memory including instructions configured to;
  
  establish local communication with an authorization device;
  
  receive an authorization proof message from the authorization device, the authorization proof message including an authorization device identifier, location information, and a timestamp;
  
  generate a composite proof message including a unique user device identifier, an encrypted version of the authorization proof message, and a timestamp;
  
  send the composite proof message to an authorization service;
  
  receive a first encryption key via at least one of the authorization device and the device authorization service; and
  
  authenticate the user device with a second party service provider including;
  
  encrypt a first check message using the first encryption key;
  
  encrypt a second check message using the first encryption key;
  
  send the first check message to the authorization service;
  
  send the second check message to the service provider;
  
  wherein, the first check message and the second check message include the user device identifier and a timestamp.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The user device of claim 15, further comprising instructions configured to:
    - acquire biometric data of the user based at least in part on local communication with the authorization device;
      
      store the biometric data on the user device as biometric reference data using first computer instructions and an encryption key provided by the device authorization service;
      
      reacquire the user'"'"'s biometric data via a test scan using a biometric scanner of the user device;
      
      verify that the biometric reference data is accurately stored on the user device by comparing the test scan to the biometric reference data;
      
      delete said first computer instructions based on the verification that the biometric reference data is accurately stored on the user device.
  - 17. The user device of claim 16, wherein the first and second check messages are based at least in part on a biometric user confirmation performed by the user device using the biometric reference data.
  - 18. The user device of claim 16, wherein the biometric data is stored on the user device based at least in part on confirmation that the user device is located in proximity to the authorizing device.
  - 19. The user device of claim 16, wherein the biometric reference data is configured such that a user of the user device cannot change the biometric reference data without participation of the device authorization service.
  - 20. The user device of claim 16, further comprising a data delete circuit configured to automatically render inoperable the biometric reference data based on physical tampering with the user device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Concierge Holdings, Inc.
Original Assignee
Concierge Holdings, Inc.
Inventors
Thackston, James D.

Granted Patent

US 10,153,901 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G07F 17/3206   Player sensing means, e.g. ...

G07F 17/3241   Security aspects of a gamin...

H04L 63/0838   using one-time-passwords

H04L 63/0861   using biometrical features,...

H04L 63/102   Entity profiles

H04L 9/083   involving central third par...

H04L 9/321   involving a third party or ...

H04L 9/3231   Biological data, e.g. finge...

SYSTEM AND METHOD FOR VERIFYING USER IDENTITY IN A VIRTUAL ENVIRONMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

42 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR VERIFYING USER IDENTITY IN A VIRTUAL ENVIRONMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links