US2020213349A1PendingUtilityA1

Anti-replay systems and methods

53
Assignee: TRUSONA INCPriority: Feb 25, 2016Filed: Feb 11, 2020Published: Jul 2, 2020
Est. expiryFeb 25, 2036(~9.6 yrs left)· nominal 20-yr term from priority
G06F 21/52H04L 63/0846G06F 11/3055G06F 11/302G06F 11/3058H04L 63/0876G06Q 20/4016G06F 11/3438G06F 11/3466G06F 11/3409G07F 7/0873G06F 11/3495H04L 63/1441
53
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Systems and methods for detecting replay attacks are provided. One or more sensors may be used to collect data about a state of a device. The device may be used to perform a transaction. The device may be used to authenticate or identify a user. The state of the device may pertain to a characteristic of the device position, movement, component, or may pertain to one or more environmental conditions around the device. The state of the device may be expected to change over time, and certain states are unlikely to be repeated. The detected repetition of a state of the device may be a cause for increasing the likelihood that a replay attack is taking place.

Claims

exact text as granted — not AI-modified
1 - 20 . (canceled) 
     
     
         21 . A method of performing anti-replay analysis using a user device, the method comprising:
 providing a user device configured to permit a user to perform a transaction via a display of the user device;   collecting a plurality types of data during the user performing the transaction, wherein the plurality types of data comprise: (i) device state data about a physical state of the user device that is unique to the user device at a moment in time during which the device state data is collected data, wherein the device state data is collected by different types of sensors on-board the user device, and (ii) operational data specific to a component of the user device,   adjusting a weight factor associated with the plurality types of data, wherein the weight factor is determined based at least in part on a property about variability of a given type of data at different moments in time;   comparing, with aid of one or more processors, the plurality types of data with previously collected corresponding the plurality types of data associated with the same identification information about the user device or the user; and   determining, with the aid of the one or more processors, a presence of a replay attack based on a match level between the weighted plurality types of data and the previously collected corresponding the plurality types of data.   
     
     
         22 . The method of  claim 21 , wherein the weight factor associated with the given type of data is increased when the given type of data has a higher variability. 
     
     
         23 . The method of  claim 21 , wherein the level of match for the plurality types of data is calculated based on an individual match of each of the plurality types of data weighted by the weight factor. 
     
     
         24 . The method of  claim 21 , further comprising encrypting the plurality types of data for form an encrypted nonce data that the plurality types of data are not accessible. 
     
     
         25 . The method of  claim 24 , further comprising determining the presence of the replay attack when the encrypted nonce data and a previously collected nonce data are identical. 
     
     
         26 . The method of  claim 21 , wherein the wherein the operational data specific to a component of the user device includes, a distribution of stored memory, or a level of fragmentation of data, at the moment in time during which the operational data is collected. 
     
     
         27 . The method of  claim 21 , wherein the operational data specific to a component of the user device includes a level of usage of the processor at the moment in time during which the operational data is collected. 
     
     
         28 . The method of  claim 21 , wherein the operational data specific to a component of the user device includes whether the sensors are on or off, whether they are collecting data, data collection frequency, direction of data collection, or sensitivity of data collection, at the moment in time during which the operational data is collected. 
     
     
         29 . The method of  claim 21 , wherein the transaction involves exchange of money, goods, services, or information. 
     
     
         30 . The method of  claim 21 , wherein the different types of sensors on-board the user device comprise inertial sensors including accelerometers, gyroscopes, magnetometers, or piezoelectric sensors. 
     
     
         31 . A system for performing anti-replay analysis, the system comprising:
 a server in communication with a user device configured to permit a user to perform a transaction via a display of the user device, wherein the server comprises (i) a memory for storing previously collected different types of data, previously collected encrypted nonce data, and a first set of software instructions, and (ii) one or more processors configured to execute the first set of software instructions to:   collect a plurality types of data during the user performing the transaction, wherein the plurality types of data comprise: (i) device state data about a physical state of the user device that is unique to the user device at a moment in time during which the device state data is collected data, wherein the device state data is collected by different types of sensors on-board the user device, and (ii) operational data specific to a component of the user device,   adjusting a weight factor associated with the plurality types of data, wherein the weight factor is determined based at least in part variability of a given type of data at different moments in time;   compare the plurality types of data with previously collected corresponding plurality types of data associated with the same identification information about the user device or the user; and   determine a presence of a replay attack based on a match level between the plurality types of data and the previously collected corresponding plurality types of data.   
     
     
         32 . The system of  claim 31 , wherein the weight factor associated with the plurality types of data is increased when the given type of data has higher variability. 
     
     
         33 . The system of  claim 31 , wherein the level of match for the plurality types of data is calculated based on an individual match of each of the plurality types of data weighted by the weight factor. 
     
     
         34 . The system of  claim 31 , wherein the plurality types of data are encrypted form an encrypted nonce data that the plurality types of data are not accessible. 
     
     
         35 . The system of  claim 34 , wherein the presence of the replay attack is determined when the encrypted nonce data and a previously collected nonce data are identical. 
     
     
         36 . The system of  claim 31 , wherein the operational data specific to a component of the user device includes, a distribution of stored memory, or a level of fragmentation of data, at the moment in time during which the operational data is collected. 
     
     
         37 . The system of  claim 31 , wherein the operational data specific to a component of the user device includes a level of usage of the processor at the moment in time during which the operational data is collected. 
     
     
         38 . The system of  claim 31 , wherein the operational data specific to a component of the user device includes whether the sensors are on or off, whether they are collecting data, data collection frequency, direction of data collection, or sensitivity of data collection, at the moment in time during which the operational data is collected. 
     
     
         39 . The system of  claim 31 , wherein the transaction involves exchange of money, goods, services, or information. 
     
     
         40 . The system of  claim 31 , wherein the different types of sensors on-board the user device comprise inertial sensors including accelerometers, gyroscopes, magnetometers, or piezoelectric sensors.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.