Verifying a user based on digital fingerprint signals derived from out-of-band data
Abstract
In general, embodiments of the present invention provide systems, methods and computer readable media for providing a user verification service based on analyzing digital fingerprint signals derived from out-of-band data (i.e., data not directly supplied by the user). In some embodiments, a digital fingerprint engine embedded in an app hosted on a client device being accessed by a user reads various device or user data and then creates a set of encoded user verification data representing out-of-band data stored locally on that device. In some embodiments, the user verification data are encoded as hashes generated by a hash function. In some embodiments, the app is configured to contact a business server via the cloud, and the set of digital fingerprints are included in an authorization request transmitted from the client device to the business server. In some embodiments, a digital fingerprint verification service verifies the set of digital fingerprints by determining whether they match any of a stored set of digital fingerprints representing a group of previously verified users.
Claims
exact text as granted — not AI-modified1 .- 21 . (canceled)
22 . A computer-implemented method for generating a digital fingerprint comprised of one or more user verification signals, each of the one or more user verification signals derived from out-of-band data stored on a client device, the digital fingerprint configured to be utilized for user authentication, the method comprising:
receiving an authorization request, at a digital fingerprint engine that is a separate functional component integrated into a software application that is executed on a device and designed to connect to a business server via a network, from the software application that is executed on a device, the authorization request including user identification data associated with the user; for each of the one or more user verification signals,
retrieving, from memory of the client device, out-of-band data, the out-of-band data being locally stored on the memory of the client device; and
mapping, by the client device, the user identification data and the out-of-band data into an alternate encoding using a one-way encoding algorithm, the one-way encoding algorithm having been previously utilized to map the user identification data and previously retrieved out-of-band data into a previous alternate encoding such that each of the plurality of user verification signals are able to be compared to previously generated user verification signals; and
generating, by the client device, the digital fingerprint including the one or more user verifications signals and data indicative of a time difference to the previously generated user verification signals; and causing transmission of the digital fingerprint, via the network, to a digital fingerprint verification service, located remotely.
23 . The method of claim 22 , wherein the time difference enables the digital fingerprint verification service to identify a number of changes between any of the one or more f user verification signals and the previously generated user verification signals, and in accordance with a time-dependent threshold value, the time-dependent threshold value being dependent on the time difference, approve the authentication request.
24 . The method of claim 22 , further comprising:
previous to receiving the authorization request, generating the previous digital fingerprint; and causing transmission of the previous digital fingerprint, via the network, to the digital fingerprint verification service.
25 . The method of claim 22 , wherein the one or more user verification signals include at least one of a contact list, a calendar, a set of digital photos, information indicative of user musical selections, and data related to how the user connects the client device
26 . The method of claim 22 , wherein the one-way encoding algorithm is a hash function, and wherein each alternate encoding is a hash calculated using the hash function.
27 . The method of claim 22 , further comprising:
storing the digital fingerprint; and upon reception of a subsequent authentication request, accessing the stored digital fingerprint.
28 . The method of claim 22 , wherein at least one user verification signal is representative of a contact list, and wherein the mapping into the alternate encoding comprises:
for a portion of data indicative of contacts in the contact list, extracting contact attribute data from each of a pre-defined set of contact fields; and for the contact attribute data in each of the set of contact fields, calculating a hash using the hash function.
29 . A computer program product for generating a digital fingerprint comprised of one or more user verification signals, each of the one or more user verification signals derived from out-of-band data stored on a client device, the digital fingerprint configured to be utilized for user authentication, the computer program product comprising at least one non-transitory computer-readable storage medium having computer-executable program code instructions stored therein, the computer-executable program code instructions comprising program code instructions for:
receiving an authorization request, at a digital fingerprint engine that is a separate functional component integrated into a software application that is executed on a device and designed to connect to a business server via a network, from the software application that is executed on a device, the authorization request including user identification data associated with the user; for each of the one or more user verification signals,
retrieving, from memory of the client device, out-of-band data, the out-of-band data being locally stored on the memory of the client device; and
mapping, by the client device, the user identification data and the out-of-band data into an alternate encoding using a one-way encoding algorithm, the one-way encoding algorithm having been previously utilized to map the user identification data and previously retrieved out-of-band data into a previous alternate encoding such that each of the plurality of user verification signals are able to be compared to previously generated user verification signals; and
generating, by the client device, the digital fingerprint including the one or more user verifications signals and data indicative of a time difference to the previously generated user verification signals; and causing transmission of the digital fingerprint, via the network, to a digital fingerprint verification service, located remotely.
30 . The computer program product of claim 29 , wherein the time difference enables the digital fingerprint verification service to identify a number of changes between any of the one or more f user verification signals and the previously generated user verification signals, and in accordance with a time-dependent threshold value, the time-dependent threshold value being dependent on the time difference, approve the authentication request.
31 . The computer program product of claim 29 , wherein the computer-executable program code instructions further comprise program code instructions for:
previous to receiving the authorization request, generating the previous digital fingerprint; and causing transmission of the previous digital fingerprint, via the network, to the digital fingerprint verification service.
32 . The computer program product of claim 29 , wherein the one or more user verification signals include at least one of a contact list, a calendar, a set of digital photos, information indicative of user musical selections, and data related to how the user connects the client device
33 . The computer program product of claim 29 , wherein the one-way encoding algorithm is a hash function, and wherein each alternate encoding is a hash calculated using the hash function.
34 . The computer program product of claim 29 , wherein the computer-executable program code instructions further comprise program code instructions for:
storing the digital fingerprint; and upon reception of a subsequent authentication request, accessing the stored digital fingerprint.
35 . The computer program product of claim 29 , wherein at least one user verification signal is representative of a contact list, and wherein the mapping into the alternate encoding comprises:
for a portion of data indicative of contacts in the contact list, extracting contact attribute data from each of a pre-defined set of contact fields; and for the contact attribute data in each of the set of contact fields, calculating a hash using the hash function.
36 . An apparatus for generating a digital fingerprint comprised of one or more user verification signals, each of the one or more user verification signals derived from out-of-band data stored on a client device, the digital fingerprint configured to be utilized for user authentication, the apparatus comprising at least one processor and at least one memory including computer program code, the at least one memory and the computer program code configured to, with the processor, cause the apparatus to at least:
receive an authorization request, at a digital fingerprint engine that is a separate functional component integrated into a software application that is executed on a device and designed to connect to a business server via a network, from the software application that is executed on a device, the authorization request including user identification data associated with the user; for each of the one or more user verification signals,
retrieve, from memory of the client device, out-of-band data, the out-of-band data being locally stored on the memory of the client device; and
map, by the client device, the user identification data and the out-of-band data into an alternate encoding using a one-way encoding algorithm, the one-way encoding algorithm having been previously utilized to map the user identification data and previously retrieved out-of-band data into a previous alternate encoding such that each of the plurality of user verification signals are able to be compared to previously generated user verification signals; and
generate, by the client device, the digital fingerprint including the one or more user verifications signals and data indicative of a time difference to the previously generated user verification signals; and cause transmission of the digital fingerprint, via the network, to a digital fingerprint verification service, located remotely.
37 . The apparatus of claim 36 , wherein the time difference enables the digital fingerprint verification service to identify a number of changes between any of the one or more f user verification signals and the previously generated user verification signals, and in accordance with a time-dependent threshold value, the time-dependent threshold value being dependent on the time difference, approve the authentication request.
38 . The apparatus of claim 36 , wherein the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to:
previous to receiving the authorization request, generate the previous digital fingerprint; and cause transmission of the previous digital fingerprint, via the network, to the digital fingerprint verification service.
39 . The apparatus of claim 36 , wherein the one or more user verification signals include at least one of a contact list, a calendar, a set of digital photos, information indicative of user musical selections, and data related to how the user connects the client device
40 . The apparatus of claim 36 , wherein the one-way encoding algorithm is a hash function, and wherein each alternate encoding is a hash calculated using the hash function.
41 . The apparatus of claim 36 , wherein the at least one memory and the computer program code are further configured to, with the processor, cause the apparatus to:
store the digital fingerprint; and upon reception of a subsequent authentication request, access the stored digital fingerprint.
42 . The apparatus of claim 36 , wherein at least one user verification signal is representative of a contact list, and wherein the mapping into the alternate encoding comprises:
for a portion of data indicative of contacts in the contact list, extracting contact attribute data from each of a pre-defined set of contact fields; and for the contact attribute data in each of the set of contact fields, calculating a hash using the hash function.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.