US2020021582A1PendingUtilityA1

Verifying a user based on digital fingerprint signals derived from out-of-band data

54
Assignee: AVERON US INCPriority: Oct 17, 2014Filed: Apr 19, 2019Published: Jan 16, 2020
Est. expiryOct 17, 2034(~8.3 yrs left)· nominal 20-yr term from priority
G06F 21/6254G06F 21/316G06F 21/31G06F 16/9535G06F 16/84G06F 21/34H04L 63/0861H04L 63/0876H04L 63/18H04L 9/3239H04L 9/0643H04W 12/68
54
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

In general, embodiments of the present invention provide systems, methods and computer readable media for providing a user verification service based on analyzing digital fingerprint signals derived from out-of-band data (i.e., data not directly supplied by the user). In some embodiments, a digital fingerprint engine embedded in an app hosted on a client device being accessed by a user reads various device or user data and then creates a set of encoded user verification data representing out-of-band data stored locally on that device. In some embodiments, the user verification data are encoded as hashes generated by a hash function. In some embodiments, the app is configured to contact a business server via the cloud, and the set of digital fingerprints are included in an authorization request transmitted from the client device to the business server. In some embodiments, a digital fingerprint verification service verifies the set of digital fingerprints by determining whether they match any of a stored set of digital fingerprints representing a group of previously verified users.

Claims

exact text as granted — not AI-modified
1 .- 21 . (canceled) 
     
     
         22 . A computer-implemented method for generating a digital fingerprint comprised of one or more user verification signals, each of the one or more user verification signals derived from out-of-band data stored on a client device, the digital fingerprint configured to be utilized for user authentication, the method comprising:
 receiving an authorization request, at a digital fingerprint engine that is a separate functional component integrated into a software application that is executed on a device and designed to connect to a business server via a network, from the software application that is executed on a device, the authorization request including user identification data associated with the user;   for each of the one or more user verification signals,
 retrieving, from memory of the client device, out-of-band data, the out-of-band data being locally stored on the memory of the client device; and 
 mapping, by the client device, the user identification data and the out-of-band data into an alternate encoding using a one-way encoding algorithm, the one-way encoding algorithm having been previously utilized to map the user identification data and previously retrieved out-of-band data into a previous alternate encoding such that each of the plurality of user verification signals are able to be compared to previously generated user verification signals; and 
   generating, by the client device, the digital fingerprint including the one or more user verifications signals and data indicative of a time difference to the previously generated user verification signals; and   causing transmission of the digital fingerprint, via the network, to a digital fingerprint verification service, located remotely.   
     
     
         23 . The method of  claim 22 , wherein the time difference enables the digital fingerprint verification service to identify a number of changes between any of the one or more f user verification signals and the previously generated user verification signals, and in accordance with a time-dependent threshold value, the time-dependent threshold value being dependent on the time difference, approve the authentication request. 
     
     
         24 . The method of  claim 22 , further comprising:
 previous to receiving the authorization request, generating the previous digital fingerprint; and   causing transmission of the previous digital fingerprint, via the network, to the digital fingerprint verification service.   
     
     
         25 . The method of  claim 22 , wherein the one or more user verification signals include at least one of a contact list, a calendar, a set of digital photos, information indicative of user musical selections, and data related to how the user connects the client device 
     
     
         26 . The method of  claim 22 , wherein the one-way encoding algorithm is a hash function, and wherein each alternate encoding is a hash calculated using the hash function. 
     
     
         27 . The method of  claim 22 , further comprising:
 storing the digital fingerprint; and   upon reception of a subsequent authentication request, accessing the stored digital fingerprint.   
     
     
         28 . The method of  claim 22 , wherein at least one user verification signal is representative of a contact list, and wherein the mapping into the alternate encoding comprises:
 for a portion of data indicative of contacts in the contact list,   extracting contact attribute data from each of a pre-defined set of contact fields; and   for the contact attribute data in each of the set of contact fields,   calculating a hash using the hash function.   
     
     
         29 . A computer program product for generating a digital fingerprint comprised of one or more user verification signals, each of the one or more user verification signals derived from out-of-band data stored on a client device, the digital fingerprint configured to be utilized for user authentication, the computer program product comprising at least one non-transitory computer-readable storage medium having computer-executable program code instructions stored therein, the computer-executable program code instructions comprising program code instructions for:
 receiving an authorization request, at a digital fingerprint engine that is a separate functional component integrated into a software application that is executed on a device and designed to connect to a business server via a network, from the software application that is executed on a device, the authorization request including user identification data associated with the user;   for each of the one or more user verification signals,
 retrieving, from memory of the client device, out-of-band data, the out-of-band data being locally stored on the memory of the client device; and 
 mapping, by the client device, the user identification data and the out-of-band data into an alternate encoding using a one-way encoding algorithm, the one-way encoding algorithm having been previously utilized to map the user identification data and previously retrieved out-of-band data into a previous alternate encoding such that each of the plurality of user verification signals are able to be compared to previously generated user verification signals; and 
   generating, by the client device, the digital fingerprint including the one or more user verifications signals and data indicative of a time difference to the previously generated user verification signals; and   causing transmission of the digital fingerprint, via the network, to a digital fingerprint verification service, located remotely.   
     
     
         30 . The computer program product of  claim 29 , wherein the time difference enables the digital fingerprint verification service to identify a number of changes between any of the one or more f user verification signals and the previously generated user verification signals, and in accordance with a time-dependent threshold value, the time-dependent threshold value being dependent on the time difference, approve the authentication request. 
     
     
         31 . The computer program product of  claim 29 , wherein the computer-executable program code instructions further comprise program code instructions for:
 previous to receiving the authorization request, generating the previous digital fingerprint; and   causing transmission of the previous digital fingerprint, via the network, to the digital fingerprint verification service.   
     
     
         32 . The computer program product of  claim 29 , wherein the one or more user verification signals include at least one of a contact list, a calendar, a set of digital photos, information indicative of user musical selections, and data related to how the user connects the client device 
     
     
         33 . The computer program product of  claim 29 , wherein the one-way encoding algorithm is a hash function, and wherein each alternate encoding is a hash calculated using the hash function. 
     
     
         34 . The computer program product of  claim 29 , wherein the computer-executable program code instructions further comprise program code instructions for:
 storing the digital fingerprint; and   upon reception of a subsequent authentication request, accessing the stored digital fingerprint.   
     
     
         35 . The computer program product of  claim 29 , wherein at least one user verification signal is representative of a contact list, and wherein the mapping into the alternate encoding comprises:
 for a portion of data indicative of contacts in the contact list,   extracting contact attribute data from each of a pre-defined set of contact fields; and   for the contact attribute data in each of the set of contact fields,   calculating a hash using the hash function.   
     
     
         36 . An apparatus for generating a digital fingerprint comprised of one or more user verification signals, each of the one or more user verification signals derived from out-of-band data stored on a client device, the digital fingerprint configured to be utilized for user authentication, the apparatus comprising at least one processor and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the processor, cause the apparatus to at least:
 receive an authorization request, at a digital fingerprint engine that is a separate functional component integrated into a software application that is executed on a device and designed to connect to a business server via a network, from the software application that is executed on a device, the authorization request including user identification data associated with the user;   for each of the one or more user verification signals,
 retrieve, from memory of the client device, out-of-band data, the out-of-band data being locally stored on the memory of the client device; and 
 map, by the client device, the user identification data and the out-of-band data into an alternate encoding using a one-way encoding algorithm, the one-way encoding algorithm having been previously utilized to map the user identification data and previously retrieved out-of-band data into a previous alternate encoding such that each of the plurality of user verification signals are able to be compared to previously generated user verification signals; and 
   generate, by the client device, the digital fingerprint including the one or more user verifications signals and data indicative of a time difference to the previously generated user verification signals; and   cause transmission of the digital fingerprint, via the network, to a digital fingerprint verification service, located remotely.   
     
     
         37 . The apparatus of  claim 36 , wherein the time difference enables the digital fingerprint verification service to identify a number of changes between any of the one or more f user verification signals and the previously generated user verification signals, and in accordance with a time-dependent threshold value, the time-dependent threshold value being dependent on the time difference, approve the authentication request. 
     
     
         38 . The apparatus of  claim 36 , wherein the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to:
 previous to receiving the authorization request, generate the previous digital fingerprint; and   cause transmission of the previous digital fingerprint, via the network, to the digital fingerprint verification service.   
     
     
         39 . The apparatus of  claim 36 , wherein the one or more user verification signals include at least one of a contact list, a calendar, a set of digital photos, information indicative of user musical selections, and data related to how the user connects the client device 
     
     
         40 . The apparatus of  claim 36 , wherein the one-way encoding algorithm is a hash function, and wherein each alternate encoding is a hash calculated using the hash function. 
     
     
         41 . The apparatus of  claim 36 , wherein the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to:
 store the digital fingerprint; and   upon reception of a subsequent authentication request, access the stored digital fingerprint.   
     
     
         42 . The apparatus of  claim 36 , wherein at least one user verification signal is representative of a contact list, and wherein the mapping into the alternate encoding comprises:
 for a portion of data indicative of contacts in the contact list,   extracting contact attribute data from each of a pre-defined set of contact fields; and   for the contact attribute data in each of the set of contact fields,   calculating a hash using the hash function.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.