WO2023081589A1 - User access authentication utilizing non-persistent codes - Google Patents

User access authentication utilizing non-persistent codes Download PDF

Info

Publication number
WO2023081589A1
WO2023081589A1 PCT/US2022/078672 US2022078672W WO2023081589A1 WO 2023081589 A1 WO2023081589 A1 WO 2023081589A1 US 2022078672 W US2022078672 W US 2022078672W WO 2023081589 A1 WO2023081589 A1 WO 2023081589A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
mathematical model
electronic device
input
computing devices
Prior art date
Application number
PCT/US2022/078672
Other languages
French (fr)
Inventor
Carey D'SOUZA
Jason Mullings
Original Assignee
Iampass Technologies Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Iampass Technologies Inc. filed Critical Iampass Technologies Inc.
Publication of WO2023081589A1 publication Critical patent/WO2023081589A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/316User authentication by observing the pattern of computer usage, e.g. typical user behaviour
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards

Definitions

  • This application relates generally to user access authentication systems, and, more particularly, to user access authentication systems utilizing non-persistent codes.
  • Conventional user access authentication systems may generally include password or biometric based methods.
  • the passwords or biometric-based user access authentication systems may utilize persistent codes that are either created by a user or generated by a system and stored or memorized for subsequent authentication requests to gain access to a protected system.
  • persistent codes that are either created by a user or generated by a system and stored or memorized for subsequent authentication requests to gain access to a protected system.
  • such conventional techniques may pose the risk of the persistent code or password being misplaced, lost, stolen, or inadvertently shared, resulting in unauthorized access or loss of access to the protected system. It may be useful to provide techniques to improve user access authentication systems.
  • FIG. 1 illustrates an example embodiment of a user access authentication system utilizing non-persistent codes.
  • FIG. 2 illustrates another example embodiment of a user access authentication system utilizing non-persistent codes, including a generated mathematical model.
  • FIG. 3 illustrates another example of a user access authentication system utilizing non-persistent codes.
  • FIG. 4 illustrates a flow diagram of a method of providing a user access authentication system utilizing non-persistent codes.
  • FIGS. 5A-5L illustrate one or more example use cases for implementing a user access authentication system utilizing non-persistent codes.
  • FIG. 6 illustrates an example computing system associated with a user access authentication system utilizing non-persistent codes.
  • the present embodiments are directed toward a user access authentication systems including a learning model that utilizes various data inputs captured directly or indirectly via a personal user device (e.g., a mobile phone, a smartwatch, a wristband, augmented-reality (AR) glasses, virtual-reality (VR) goggles, and so forth).
  • a personal user device e.g., a mobile phone, a smartwatch, a wristband, augmented-reality (AR) glasses, virtual-reality (VR) goggles, and so forth.
  • the data e.g., user activity data, user behavioral data, user pattern data, user-to-user associations, and so forth
  • the personal electronic device may be utilized to generate one or more learning models (e.g., mathematical model, machine-learning model, and so forth) represented by a matrix of values that are non-persistent in nature and are unique for every access request based on certain criteria.
  • learning models e.g., mathematical model, machine-learning model, and so forth
  • the present embodiments may be provided to replace and overcome existing password, biometric, or two-factor authentication (2FA) systems for user identity and user authentication access by dynamically generating a mathematical model that is generated in real-time or near real-time and discarded after only a singular usage.
  • 2FA two-factor authentication
  • the present embodiments may not include passwords being created or stored in any way or form.
  • users may not have to repeatedly create, remember, or reset passwords or passcodes.
  • a mathematical model may be generated in real-time or near real-time and utilized for authentication with minimal manual involvement from the user.
  • each user authentication request may be assessed and analyzed for various risk factors and the non-persistent mathematical model may be generated utilizing data collected from the user and user activity. The data collected from the user and user activity may be then utilized for user authentication access.
  • the present embodiments may obviate users of various devices and applications having to create a password or passcode and/or rely only on stored biometrics data for user access authentication. For example, utilizing non-persistent data removes the risk of credentials and authentication data being compromised due to sharing, misplacement, security breaches, and so forth, and thereby increases user data security.
  • the present embodiments may prevent, for example, phishing attacks, credential-stuffing attacks, account takeover attacks, and so forth (e.g., because there is no password, passcode, or biometric-based authentication data that is stored or susceptible to being deciphered).
  • FIG. 1 illustrates an example embodiment of a user access authentication system 100 utilizing non-persistent codes, in accordance with the presently disclosed embodiments.
  • the “Client Application” means any online or offline systems that need access credentials to authenticate a user. This can include web browsers, websites, keypads, ATM machines, vending machines, electronic kiosks, access control hardware.
  • the Client application is the controlled and protected system that requires identity verification to grant access.
  • the “User” refers to an individual human user, an electronic device, another protected system, or any mechanical or electronic device that can receive and transmit data.
  • the “Authentication System” refers to the system that contains the algorithms, data processing, authentication decision process, authentication strategy computation, identity verification process, and the main decision process system.
  • the “Personal electronic device, Personal Device” refers to a smartphone, smartwatch or any other device that may have a camera, microphone, transmission and reception capabilities, sensors for measuring light, temperature, acceleration, velocity, distance, pitch (e.g., yaw, roll, acoustic, and optical signals).
  • the “User” initiates an authentication request, the “Client” receives such requests and transmits the request for identification to the “Authentication System”.
  • the “Authentication” system receives authentication requests from the client systems and calculates what data it needs to request from the user and transmits that request to the Mobile/Personal device.
  • the authentication system calculates what identity information needs to be requested from the user based on the client and the user's relative locations, the relative time zones, prior request for data, the time from when the user was first recorded in the system.
  • the personal electronic device generates a mathematical model to represent the identity signature for that access request based on data collected by requesting the user for biometric information and from recording patterns and sensor data at that moment and processing the data.
  • the personal electronic device transmits the identity information, represented by a mathematical model contained in an n*n . . . N array.
  • the personal electronic device may not store user data or information after transmitting the identity information to the authentication system, and instead discards after transmission.
  • the authentication system receives the identity information and makes a decision based on that. The decision can be a confirmed identity, need more information, cannot confirm identity. This decision is transmitted back to the client system that had requested the identity confirmation.
  • the Client system upon receiving the identity information from the authentication system, the Client system makes a decision on granting access or denying access to the user that initiated the access request.
  • FIG. 2 illustrates another example embodiments of a user access authentication system 200 utilizing non-persistent codes, including a generated mathematical model, in accordance with the presently disclosed embodiments.
  • ‘Input” refers to the various sensors, devices and environmental factors that generate data that can be used as inputs for the signature matrix.
  • Signature matrix refers to the identity information represented by a mathematical model contained in an n*n. . .N array.
  • “Facial” refers to facial features scan or visual scan of the user’s physical attributes using the mobile/ personal device camera.
  • “Voice” refers to the vocal, acoustic signal pattern of the user's voice, natural language patterns and other acoustic signals that are captured by the personal electronic device’s microphone.
  • “Location” refers to the geographical location of the mobile, personal device or the relative location of the personal electronic device in relation to other device(s) recorded using GPS capabilities of the personal electronic device OR/ AND the sensors present in the personal electronic device.
  • “Time” refers to the current local time as presented on the personal electronic device.
  • “date” refers to the current system date record on the personal electronic device.
  • “Device” refers to the classification and identification of the device, based on the device serial number, model number, or operating system specifications.
  • “Health data from 3rd party” refers to sensor data like heart rate, temperature, activity status that are collected and used by other applications present on the personal electronic device.
  • “Pattern” refers to repetitive and predictive actions that are captured by the various applications and sensors on the personal electronic device.
  • “Behavior” refers to the actions taken by the user in relation to the environment or in response to certain stimuli. The “Behavior” also refers to how the user engages with the personal electronic device or the applications being executed by the personal electronic device.
  • Risk profile refers to a score generated based on the value of the transaction, access request, location of the user in relation to previous recorded locations, external policies set by client systems, age of the user’s account, previous recorded access attempts, and the results.
  • N - other app data refers to other sensor data, information collected by other applications on the personal electronic device that is available.
  • Proximity refers to the distance between the client system and the personal electronic device.
  • “Federated” refers to data available from external sources including external websites, other authentication systems, other social systems and networks.
  • the inputs are collected and converted to mathematical models that are used to generate the n*n. . .N identity signature matrix.
  • FIG. 3 illustrates another example embodiment of a user access authentication system 300 utilizing non-persistent codes, in accordance with the presently disclosed embodiments.
  • “Account” in “Age of account refers to the unique user or device or system identification code.
  • “Age of account” refers to the length of time that has elapsed since the identification code was first created and recorded in a protected system that requires identity verification.
  • “Location” refers to the location from where the access request was initiated and the location of the user’s personal electronic device in relation to the access request location.
  • “Device” refers to the device identity of the access request initiating device and the user’s personal electronic device identification.
  • Previous attempts refers to the number of access attempts initiated by the user and the result of those attempts.
  • Transaction type refers to the value of the transaction in monetary terms or as defined by external policies that are in effect during the access request.
  • FIG. 4 illustrates a workflow diagram 400 of a method of providing a user access authentication system utilizing non-persistent codes, in accordance with the presently disclosed embodiments.
  • the workflow diagram 400 may be performed utilizing one or more processing devices that may include hardware (e.g., a general purpose processor, a graphic processing unit (GPU), an application- specific integrated circuit (ASIC), a system-on-chip (SoC), a microcontroller, a field-programmable gate array (FPGA), a central processing unit (CPU), an application processor (AP), a visual processing unit (VPU), a neural processing unit (NPU), a neural decision processor (NDP), or any other processing device(s) that may be suitable for processing financial data and transaction data), software (e.g., instructions running/executing on one or more processors), firmware (e.g., microcode), or some combination thereof.
  • hardware e.g., a general purpose processor, a graphic processing unit (GPU), an application- specific integrated circuit (ASIC), a system
  • the workflow diagram 400 may begin at a block with one or more processing devices (e.g., Device “A” and/or Device “B”) providing one or more notifications including Bluetooth low energy (BLE) service and characteristics identifiers.
  • the workflow diagram 400 may then continue at a block with one or more processing devices (e.g., Device “A” and/or Device “B”) advertise random BLE service and characteristic.
  • the workflow diagram 400 may then continue at a block with one or more processing devices (e.g., Device “A” and/or Device “B”) scanning for BLE service.
  • the workflow diagram 400 may then continue at a block with one or more processing devices (e.g., Device “A” and/or Device “B”) writing code to the characteristic.
  • the workflow diagram 400 may then continue at a block with one or more processing devices measuring BLE signal strength and warning the user if the devices (e.g., Device “A” and Device “B”) are too far apart.
  • the workflow diagram 400 may then continue at a block with one or more processing devices (e.g., Device “A” and/or Device “B”) sending code and BLE signal strength with other user authentication data to a user access authentication system.
  • the workflow diagram 400 may then continue at a block with one or more processing devices (e.g., user access authentication system) determining authentication decision.
  • the workflow diagram 400 may then continue at a block with one or more processing devices (e.g., Device “A” and/or Device “B”) monitoring BLE signal strength.
  • the workflow diagram 400 may then continue at a block with one or more processing devices (e.g., user access authentication system) determining if the BLE signal strength is too low or whether devices (e.g., Device “A” and/or Device “B”) have not connected to each other for a predetermined set time for the user authentication session is ended.
  • the workflow diagram 400 may then continue at a block with one or more processing devices (e.g., user access authentication system) determining whether the user authentication session has ended.
  • the workflow diagram 400 may then continue at a block with one or more processing devices (e.g., Device “A” and/or Device “B”) stop monitoring proximity to the other one of the devices (e.g., Device “A” and/or Device “B”).
  • FIGS. 5A-5L illustrate one or more example use cases for implementing a user access authentication system utilizing non-persistent codes, in accordance with the presently disclosed embodiments.
  • FIG. 6 illustrates a computer system 600 that may be associated with a user access authentication system utilizing non-persistent codes, in accordance with the presently disclosed embodiments.
  • one or more financial services computing system 600 perform one or more steps of one or more methods described or illustrated herein.
  • one or more financial services computing system 600 provide functionality described or illustrated herein.
  • software running on one or more financial services computing system 600 performs one or more steps of one or more methods described or illustrated herein or provides functionality described or illustrated herein.
  • Certain embodiments include one or more portions of one or more financial services computing system 600.
  • reference to a computer system may encompass a computing device, and vice versa, where appropriate.
  • reference to a computer system may encompass one or more computer systems, where appropriate.
  • This disclosure contemplates any suitable number of financial services computing systems 600.
  • This disclosure contemplates computer system 500 taking any suitable physical form.
  • computer system 500 may be an embedded computer system, a system-on-chip (SOC), a single-board computer system (SBC) (e.g., a computer-on-module (COM) or system-on-module (SOM)), a desktop computer system, a laptop or notebook computer system, an interactive kiosk, a mainframe, a mesh of computer systems, a mobile telephone, a personal digital assistant (PDA), a server, a tablet computer system, an augmented/virtual reality device, or a combination of two or more of these.
  • computer system 500 may include one or more financial services computing system 600; be unitary or distributed; span multiple locations; span multiple machines; span multiple data centers; or reside in a cloud, which may include one or more cloud components in one or more networks.
  • computing system 600 may perform without substantial spatial or temporal limitation one or more steps of one or more methods described or illustrated herein. As an example, and not by way of limitation, computing system 600 may perform in real time or in batch mode one or more steps of one or more methods described or illustrated herein. One or more computing system 600 may perform at different times or at different locations one or more steps of one or more methods described or illustrated herein, where appropriate.
  • computer system 500 includes a processor 602, memory 604, storage 606, an input/output (I/O) interface 608, a communication interface 510, and a bus 612.
  • processor 602 includes hardware for executing instructions, such as those making up a computer program.
  • processor 602 may retrieve (or fetch) the instructions from an internal register, an internal cache, memory 604, or storage 606; decode and execute them; and then write one or more results to an internal register, an internal cache, memory 604, or storage 606.
  • processor 602 may include one or more internal caches for data, instructions, or addresses. This disclosure contemplates processor 602 including any suitable number of any suitable internal caches, where appropriate.
  • processor 602 may include one or more instruction caches, one or more data caches, and one or more translation lookaside buffers (TLBs). Instructions in the instruction caches may be copies of instructions in memory 604 or storage 606, and the instruction caches may speed up retrieval of those instructions by processor 602.
  • TLBs translation lookaside buffers
  • Data in the data caches may be copies of data in memory 604 or storage 606 for instructions executing at processor 602 to operate on; the results of previous instructions executed at processor 602 for access by subsequent instructions executing at processor 602 or for writing to memory 604 or storage 606; or other suitable data.
  • the data caches may speed up read or write operations by processor 602.
  • the TLBs may speed up virtual-address translation for processor 602.
  • processor 602 may include one or more internal registers for data, instructions, or addresses. This disclosure contemplates processor 602 including any suitable number of any suitable internal registers, where appropriate. Where appropriate, processor 602 may include one or more arithmetic logic units (ALUs); be a multicore processor; or include one or more processors 802. Although this disclosure describes and illustrates a particular processor, this disclosure contemplates any suitable processor.
  • ALUs arithmetic logic units
  • memory 604 includes main memory for storing instructions for processor 602 to execute or data for processor 602 to operate on.
  • computer system 500 may load instructions from storage 606 or another source (such as, for example, another computer system 500) to memory 604.
  • Processor 602 may then load the instructions from memory 604 to an internal register or internal cache.
  • processor 602 may retrieve the instructions from the internal register or internal cache and decode them.
  • processor 602 may write one or more results (which may be intermediate or final results) to the internal register or internal cache.
  • Processor 602 may then write one or more of those results to memory 604.
  • processor 602 executes only instructions in one or more internal registers or internal caches or in memory 604 (as opposed to storage 606 or elsewhere) and operates only on data in one or more internal registers or internal caches or in memory 604 (as opposed to storage 606 or elsewhere).
  • One or more memory buses may couple processor 602 to memory 604.
  • Bus 612 may include one or more memory buses, as described below.
  • one or more memory management units reside between processor 602 and memory 604 and facilitate accesses to memory 604 requested by processor 602.
  • memory 604 includes random access memory (RAM).
  • RAM random access memory
  • This RAM may be volatile memory, where appropriate.
  • this RAM may be dynamic RAM (DRAM) or static RAM (SRAM).
  • this RAM may be single-ported or multi-ported RAM.
  • Memory 604 may include one or more memory devices 604, where appropriate.
  • storage 606 includes mass storage for data or instructions.
  • storage 606 may include a hard disk drive (HDD), a floppy disk drive, flash memory, an optical disc, a magneto-optical disc, magnetic tape, or a Universal Serial Bus (USB) drive or a combination of two or more of these.
  • Storage 606 may include removable or non-removable (or fixed) media, where appropriate.
  • Storage 606 may be internal or external to computer system 500, where appropriate.
  • storage 606 is non-volatile, solid-state memory.
  • storage 606 includes read-only memory (ROM).
  • this ROM may be mask-programmed ROM, programmable ROM (PROM), erasable PROM (EPROM), electrically erasable PROM (EEPROM), electrically alterable ROM (EAROM), or flash memory or a combination of two or more of these.
  • This disclosure contemplates mass storage 606 taking any suitable physical form.
  • Storage 606 may include one or more storage control units facilitating communication between processor 602 and storage 606, where appropriate.
  • storage 606 may include one or more storages 606.
  • this disclosure describes and illustrates particular storage, this disclosure contemplates any suitable storage.
  • I/O interface 608 includes hardware, software, or both, providing one or more interfaces for communication between computer system 500 and one or more I/O devices.
  • Computer system 500 may include one or more of these I/O devices, where appropriate.
  • One or more of these I/O devices may enable communication between a person and computer system 500.
  • an I/O device may include a keyboard, keypad, microphone, monitor, mouse, printer, scanner, speaker, still camera, stylus, tablet, touch screen, trackball, video camera, another suitable I/O device or a combination of two or more of these.
  • An I/O device may include one or more sensors. This disclosure contemplates any suitable I/O devices and any suitable I/O interfaces 606 for them.
  • I/O interface 608 may include one or more device or software drivers enabling processor 602 to drive one or more of these I/O devices.
  • I/O interface 608 may include one or more I/O interfaces 606, where appropriate. Although this disclosure describes and illustrates a particular I/O interface, this disclosure contemplates any suitable I/O interface.
  • communication interface 510 includes hardware, software, or both providing one or more interfaces for communication (such as, for example, packetbased communication) between computer system 500 and one or more other computer systems 600 or one or more networks.
  • communication interface 510 may include a network interface controller (NIC) or network adapter for communicating with an Ethernet or other wire-based network or a wireless NIC (WNIC) or wireless adapter for communicating with a wireless network, such as a WI-FI network.
  • NIC network interface controller
  • WNIC wireless NIC
  • This disclosure contemplates any suitable network and any suitable communication interface 510 for it.
  • computer system 500 may communicate with an ad hoc network, a personal area network (PAN), a local area network (LAN), a wide area network (WAN), a metropolitan area network (MAN), or one or more portions of the Internet or a combination of two or more of these.
  • PAN personal area network
  • LAN local area network
  • WAN wide area network
  • MAN metropolitan area network
  • One or more portions of one or more of these networks may be wired or wireless.
  • computer system 500 may communicate with a wireless PAN (WPAN) (such as, for example, a BLUETOOTH WPAN), a WI-FI network, a WLMAX network, a cellular telephone network (such as, for example, a Global System for Mobile Communications (GSM) network), or other suitable wireless network or a combination of two or more of these.
  • WPAN wireless PAN
  • WI-FI wireless personal area network
  • WLMAX wireless personal area network
  • a cellular telephone network such as, for example, a Global System for Mobile Communications (GSM) network
  • GSM Global System for Mobile Communications
  • Computer system 500 may include any suitable communication interface 510 for any of these networks, where appropriate.
  • Communication interface 510 may include one or more communication interfaces 510, where appropriate.
  • bus 612 includes hardware, software, or both coupling components of computer system 500 to each other.
  • bus 612 may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industry Standard Architecture (EISA) bus, a front-side bus (FSB), a HYPERTRANSPORT (HT) interconnect, an Industry Standard Architecture (ISA) bus, an INFINIBAND interconnect, a low-pin-count (LPC) bus, a memory bus, a Micro Channel Architecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCIe) bus, a serial advanced technology attachment (SATA) bus, a Video Electronics Standards Association local (VLB) bus, or another suitable bus or a combination of two or more of these.
  • AGP Accelerated Graphics Port
  • EISA Enhanced Industry Standard Architecture
  • FAB front-side bus
  • HT HYPERTRANSPORT
  • ISA Industry Standard Architecture
  • ISA Industry Standard Architecture
  • LPC low
  • Bus 612 may include one or more buses 612, where appropriate. Although this disclosure describes and illustrates a particular bus, this disclosure contemplates any suitable bus or interconnect.
  • a computer-readable non-transitory storage medium or media may include one or more semiconductor-based or other integrated circuits (ICs) (such, as for example, field- programmable gate arrays (FPGAs) or application- specific ICs (ASICs)), hard disk drives (HDDs), hybrid hard drives (HHDs), optical discs, optical disc drives (ODDs), magneto-optical discs, magneto-optical drives, floppy diskettes, floppy disk drives (FDDs), magnetic tapes, solid-state drives (SSDs), RAM-drives, SECURE DIGITAL cards or drives, any other suitable computer-readable non-transitory storage media, or any suitable combination of two or more of these, where appropriate.
  • ICs semiconductor-based or other integrated circuits
  • HDDs hard disk drives
  • HHDs hybrid hard drives
  • ODDs
  • any of these embodiments may include any combination or permutation of any of the components, elements, features, functions, operations, or steps described or illustrated anywhere herein that a person having ordinary skill in the art would comprehend.
  • reference in the appended claims to an apparatus or system or a component of an apparatus or system being adapted to, arranged to, capable of, configured to, enabled to, operable to, or operative to perform a particular function encompasses that apparatus, system, component, whether or not it or that particular function is activated, turned on, or unlocked, as long as that apparatus, system, or component is so adapted, arranged, capable, configured, enabled, operable, or operative.
  • this disclosure describes or illustrates certain embodiments as providing particular advantages, certain embodiments may provide none, some, or all of these advantages.

Abstract

A method implemented by one or more computer devices includes receiving, from an electronic device associated with a user, a plurality of data inputs associated with the user, and generating a mathematical model based on the plurality of user data inputs. The mathematical model is configured to be utilized to establish a user authentication access for a singular instance. The method further includes generating, utilizing the mathematical model, a signature matrix to establish the user authentication access for the singular instance, and providing, by the one or more computing devices, the signature matrix to the electronic device.

Description

USER ACCESS AUTHENTICATION UTIEIZING NON-PERSISTENT CODES
CROSS-REFERENCE TO REEATED APPLICATION(S)
[0001] This application claims the benefit of U.S. Provisional Application No. 63/263,446, filed November 2, 2021, the entire contents of which are incorporated herein by reference in their entirety.
TECHNICAL FIELD
[0002] This application relates generally to user access authentication systems, and, more particularly, to user access authentication systems utilizing non-persistent codes.
BACKGROUND
[0003] Conventional user access authentication systems may generally include password or biometric based methods. For example, the passwords or biometric-based user access authentication systems may utilize persistent codes that are either created by a user or generated by a system and stored or memorized for subsequent authentication requests to gain access to a protected system. However, such conventional techniques may pose the risk of the persistent code or password being misplaced, lost, stolen, or inadvertently shared, resulting in unauthorized access or loss of access to the protected system. It may be useful to provide techniques to improve user access authentication systems.
BRIEF DESCRIPTION OF THE DRAWINGS
[0004] FIG. 1 illustrates an example embodiment of a user access authentication system utilizing non-persistent codes.
[0005] FIG. 2 illustrates another example embodiment of a user access authentication system utilizing non-persistent codes, including a generated mathematical model.
[0006] FIG. 3 illustrates another example of a user access authentication system utilizing non-persistent codes.
[0007] FIG. 4 illustrates a flow diagram of a method of providing a user access authentication system utilizing non-persistent codes.
[0008] FIGS. 5A-5L illustrate one or more example use cases for implementing a user access authentication system utilizing non-persistent codes.
[0009] FIG. 6 illustrates an example computing system associated with a user access authentication system utilizing non-persistent codes. DESCRIPTION OF EXAMPLE EMBODIMENTS
[0010] The present embodiments are directed toward a user access authentication systems including a learning model that utilizes various data inputs captured directly or indirectly via a personal user device (e.g., a mobile phone, a smartwatch, a wristband, augmented-reality (AR) glasses, virtual-reality (VR) goggles, and so forth). In certain embodiments, the data (e.g., user activity data, user behavioral data, user pattern data, user-to-user associations, and so forth) captured by the personal electronic device may be utilized to generate one or more learning models (e.g., mathematical model, machine-learning model, and so forth) represented by a matrix of values that are non-persistent in nature and are unique for every access request based on certain criteria. In certain embodiments, the present embodiments may be provided to replace and overcome existing password, biometric, or two-factor authentication (2FA) systems for user identity and user authentication access by dynamically generating a mathematical model that is generated in real-time or near real-time and discarded after only a singular usage.
[0011] In certain embodiments, the present embodiments may not include passwords being created or stored in any way or form. For example, users may not have to repeatedly create, remember, or reset passwords or passcodes. Indeed, instead of a persistent code that a user has to remember or repeatedly retrieve from storage for user access authentication, a mathematical model may be generated in real-time or near real-time and utilized for authentication with minimal manual involvement from the user. In certain embodiments, each user authentication request may be assessed and analyzed for various risk factors and the non-persistent mathematical model may be generated utilizing data collected from the user and user activity. The data collected from the user and user activity may be then utilized for user authentication access.
[0012] Thus, the present embodiments may obviate users of various devices and applications having to create a password or passcode and/or rely only on stored biometrics data for user access authentication. For example, utilizing non-persistent data removes the risk of credentials and authentication data being compromised due to sharing, misplacement, security breaches, and so forth, and thereby increases user data security. Indeed, by providing a non- persistent, time-sensitive mathematical model that is generated in real-time or near-time for only a singular usage, the present embodiments may prevent, for example, phishing attacks, credential-stuffing attacks, account takeover attacks, and so forth (e.g., because there is no password, passcode, or biometric-based authentication data that is stored or susceptible to being deciphered).
[0013] FIG. 1 illustrates an example embodiment of a user access authentication system 100 utilizing non-persistent codes, in accordance with the presently disclosed embodiments. The “Client Application” means any online or offline systems that need access credentials to authenticate a user. This can include web browsers, websites, keypads, ATM machines, vending machines, electronic kiosks, access control hardware. The Client application is the controlled and protected system that requires identity verification to grant access. The “User” refers to an individual human user, an electronic device, another protected system, or any mechanical or electronic device that can receive and transmit data. The “Authentication System” refers to the system that contains the algorithms, data processing, authentication decision process, authentication strategy computation, identity verification process, and the main decision process system. The “Personal electronic device, Personal Device” refers to a smartphone, smartwatch or any other device that may have a camera, microphone, transmission and reception capabilities, sensors for measuring light, temperature, acceleration, velocity, distance, pitch (e.g., yaw, roll, acoustic, and optical signals). The “User” initiates an authentication request, the “Client” receives such requests and transmits the request for identification to the “Authentication System”.
[0014] In certain embodiments, the “Authentication” system receives authentication requests from the client systems and calculates what data it needs to request from the user and transmits that request to the Mobile/Personal device. The authentication system calculates what identity information needs to be requested from the user based on the client and the user's relative locations, the relative time zones, prior request for data, the time from when the user was first recorded in the system. The personal electronic device generates a mathematical model to represent the identity signature for that access request based on data collected by requesting the user for biometric information and from recording patterns and sensor data at that moment and processing the data. The personal electronic device transmits the identity information, represented by a mathematical model contained in an n*n . . . N array. The personal electronic device may not store user data or information after transmitting the identity information to the authentication system, and instead discards after transmission. In certain embodiments, the authentication system receives the identity information and makes a decision based on that. The decision can be a confirmed identity, need more information, cannot confirm identity. This decision is transmitted back to the client system that had requested the identity confirmation. In certain embodiments, upon receiving the identity information from the authentication system, the Client system makes a decision on granting access or denying access to the user that initiated the access request.
[0015] FIG. 2 illustrates another example embodiments of a user access authentication system 200 utilizing non-persistent codes, including a generated mathematical model, in accordance with the presently disclosed embodiments. In certain embodiments, ‘Input” refers to the various sensors, devices and environmental factors that generate data that can be used as inputs for the signature matrix. In certain embodiments, “Signature matrix” refers to the identity information represented by a mathematical model contained in an n*n. . .N array. In certain embodiments, “Facial” refers to facial features scan or visual scan of the user’s physical attributes using the mobile/ personal device camera. In certain embodiments, “Voice” refers to the vocal, acoustic signal pattern of the user's voice, natural language patterns and other acoustic signals that are captured by the personal electronic device’s microphone. In certain embodiments, “Location” refers to the geographical location of the mobile, personal device or the relative location of the personal electronic device in relation to other device(s) recorded using GPS capabilities of the personal electronic device OR/ AND the sensors present in the personal electronic device. In certain embodiments, “Time” refers to the current local time as presented on the personal electronic device. In certain embodiments, “date” refers to the current system date record on the personal electronic device.
[0016] In certain embodiments, “Device” refers to the classification and identification of the device, based on the device serial number, model number, or operating system specifications. In certain embodiments, “Health data from 3rd party” refers to sensor data like heart rate, temperature, activity status that are collected and used by other applications present on the personal electronic device. In certain embodiments, “Pattern” refers to repetitive and predictive actions that are captured by the various applications and sensors on the personal electronic device. In certain embodiments, “Behavior” refers to the actions taken by the user in relation to the environment or in response to certain stimuli. The “Behavior” also refers to how the user engages with the personal electronic device or the applications being executed by the personal electronic device.
[0017] In certain embodiments, “ Risk profile” refers to a score generated based on the value of the transaction, access request, location of the user in relation to previous recorded locations, external policies set by client systems, age of the user’s account, previous recorded access attempts, and the results. In certain embodiments, “N - other app data” refers to other sensor data, information collected by other applications on the personal electronic device that is available. In certain embodiments, “Proximity” refers to the distance between the client system and the personal electronic device. In certain embodiments, “Federated” refers to data available from external sources including external websites, other authentication systems, other social systems and networks. In certain embodiments, the inputs are collected and converted to mathematical models that are used to generate the n*n. . .N identity signature matrix.
[0018] FIG. 3 illustrates another example embodiment of a user access authentication system 300 utilizing non-persistent codes, in accordance with the presently disclosed embodiments. In certain embodiments, “Account” in “Age of account “refers to the unique user or device or system identification code. In certain embodiments, “Age of account “ refers to the length of time that has elapsed since the identification code was first created and recorded in a protected system that requires identity verification. In certain embodiments, “Location” refers to the location from where the access request was initiated and the location of the user’s personal electronic device in relation to the access request location. In certain embodiments, “Device” refers to the device identity of the access request initiating device and the user’s personal electronic device identification. In certain embodiments, “Previous attempts” refers to the number of access attempts initiated by the user and the result of those attempts. In certain embodiments, “Transaction type” refers to the value of the transaction in monetary terms or as defined by external policies that are in effect during the access request.
[0019] FIG. 4 illustrates a workflow diagram 400 of a method of providing a user access authentication system utilizing non-persistent codes, in accordance with the presently disclosed embodiments. The workflow diagram 400 may be performed utilizing one or more processing devices that may include hardware (e.g., a general purpose processor, a graphic processing unit (GPU), an application- specific integrated circuit (ASIC), a system-on-chip (SoC), a microcontroller, a field-programmable gate array (FPGA), a central processing unit (CPU), an application processor (AP), a visual processing unit (VPU), a neural processing unit (NPU), a neural decision processor (NDP), or any other processing device(s) that may be suitable for processing financial data and transaction data), software (e.g., instructions running/executing on one or more processors), firmware (e.g., microcode), or some combination thereof.
[0020] The workflow diagram 400 may begin at a block with one or more processing devices (e.g., Device “A” and/or Device “B”) providing one or more notifications including Bluetooth low energy (BLE) service and characteristics identifiers. The workflow diagram 400 may then continue at a block with one or more processing devices (e.g., Device “A” and/or Device “B”) advertise random BLE service and characteristic. The workflow diagram 400 may then continue at a block with one or more processing devices (e.g., Device “A” and/or Device “B”) scanning for BLE service. The workflow diagram 400 may then continue at a block with one or more processing devices (e.g., Device “A” and/or Device “B”) writing code to the characteristic. The workflow diagram 400 may then continue at a block with one or more processing devices measuring BLE signal strength and warning the user if the devices (e.g., Device “A” and Device “B”) are too far apart. The workflow diagram 400 may then continue at a block with one or more processing devices (e.g., Device “A” and/or Device “B”) sending code and BLE signal strength with other user authentication data to a user access authentication system.
[0021] The workflow diagram 400 may then continue at a block with one or more processing devices (e.g., user access authentication system) determining authentication decision. The workflow diagram 400 may then continue at a block with one or more processing devices (e.g., Device “A” and/or Device “B”) monitoring BLE signal strength. The workflow diagram 400 may then continue at a block with one or more processing devices (e.g., user access authentication system) determining if the BLE signal strength is too low or whether devices (e.g., Device “A” and/or Device “B”) have not connected to each other for a predetermined set time for the user authentication session is ended. The workflow diagram 400 may then continue at a block with one or more processing devices (e.g., user access authentication system) determining whether the user authentication session has ended. The workflow diagram 400 may then continue at a block with one or more processing devices (e.g., Device “A” and/or Device “B”) stop monitoring proximity to the other one of the devices (e.g., Device “A” and/or Device “B”).
[0022] FIGS. 5A-5L illustrate one or more example use cases for implementing a user access authentication system utilizing non-persistent codes, in accordance with the presently disclosed embodiments.
[0023] FIG. 6 illustrates a computer system 600 that may be associated with a user access authentication system utilizing non-persistent codes, in accordance with the presently disclosed embodiments. In certain embodiments, one or more financial services computing system 600 perform one or more steps of one or more methods described or illustrated herein. In certain embodiments, one or more financial services computing system 600 provide functionality described or illustrated herein. In certain embodiments, software running on one or more financial services computing system 600 performs one or more steps of one or more methods described or illustrated herein or provides functionality described or illustrated herein. Certain embodiments include one or more portions of one or more financial services computing system 600. Herein, reference to a computer system may encompass a computing device, and vice versa, where appropriate. Moreover, reference to a computer system may encompass one or more computer systems, where appropriate.
[0024] This disclosure contemplates any suitable number of financial services computing systems 600. This disclosure contemplates computer system 500 taking any suitable physical form. As example and not by way of limitation, computer system 500 may be an embedded computer system, a system-on-chip (SOC), a single-board computer system (SBC) (e.g., a computer-on-module (COM) or system-on-module (SOM)), a desktop computer system, a laptop or notebook computer system, an interactive kiosk, a mainframe, a mesh of computer systems, a mobile telephone, a personal digital assistant (PDA), a server, a tablet computer system, an augmented/virtual reality device, or a combination of two or more of these. Where appropriate, computer system 500 may include one or more financial services computing system 600; be unitary or distributed; span multiple locations; span multiple machines; span multiple data centers; or reside in a cloud, which may include one or more cloud components in one or more networks.
[0025] Where appropriate, computing system 600 may perform without substantial spatial or temporal limitation one or more steps of one or more methods described or illustrated herein. As an example, and not by way of limitation, computing system 600 may perform in real time or in batch mode one or more steps of one or more methods described or illustrated herein. One or more computing system 600 may perform at different times or at different locations one or more steps of one or more methods described or illustrated herein, where appropriate.
[0026] In certain embodiments, computer system 500 includes a processor 602, memory 604, storage 606, an input/output (I/O) interface 608, a communication interface 510, and a bus 612. Although this disclosure describes and illustrates a particular computer system having a particular number of particular components in a particular arrangement, this disclosure contemplates any suitable computer system having any suitable number of any suitable components in any suitable arrangement. In certain embodiments, processor 602 includes hardware for executing instructions, such as those making up a computer program. As an example, and not by way of limitation, to execute instructions, processor 602 may retrieve (or fetch) the instructions from an internal register, an internal cache, memory 604, or storage 606; decode and execute them; and then write one or more results to an internal register, an internal cache, memory 604, or storage 606. In certain embodiments, processor 602 may include one or more internal caches for data, instructions, or addresses. This disclosure contemplates processor 602 including any suitable number of any suitable internal caches, where appropriate. As an example, and not by way of limitation, processor 602 may include one or more instruction caches, one or more data caches, and one or more translation lookaside buffers (TLBs). Instructions in the instruction caches may be copies of instructions in memory 604 or storage 606, and the instruction caches may speed up retrieval of those instructions by processor 602.
[0027] Data in the data caches may be copies of data in memory 604 or storage 606 for instructions executing at processor 602 to operate on; the results of previous instructions executed at processor 602 for access by subsequent instructions executing at processor 602 or for writing to memory 604 or storage 606; or other suitable data. The data caches may speed up read or write operations by processor 602. The TLBs may speed up virtual-address translation for processor 602. In certain embodiments, processor 602 may include one or more internal registers for data, instructions, or addresses. This disclosure contemplates processor 602 including any suitable number of any suitable internal registers, where appropriate. Where appropriate, processor 602 may include one or more arithmetic logic units (ALUs); be a multicore processor; or include one or more processors 802. Although this disclosure describes and illustrates a particular processor, this disclosure contemplates any suitable processor.
[0028] In certain embodiments, memory 604 includes main memory for storing instructions for processor 602 to execute or data for processor 602 to operate on. As an example, and not by way of limitation, computer system 500 may load instructions from storage 606 or another source (such as, for example, another computer system 500) to memory 604. Processor 602 may then load the instructions from memory 604 to an internal register or internal cache. To execute the instructions, processor 602 may retrieve the instructions from the internal register or internal cache and decode them. During or after execution of the instructions, processor 602 may write one or more results (which may be intermediate or final results) to the internal register or internal cache. Processor 602 may then write one or more of those results to memory 604. In certain embodiments, processor 602 executes only instructions in one or more internal registers or internal caches or in memory 604 (as opposed to storage 606 or elsewhere) and operates only on data in one or more internal registers or internal caches or in memory 604 (as opposed to storage 606 or elsewhere).
[0029] One or more memory buses (which may each include an address bus and a data bus) may couple processor 602 to memory 604. Bus 612 may include one or more memory buses, as described below. In certain embodiments, one or more memory management units (MMUs) reside between processor 602 and memory 604 and facilitate accesses to memory 604 requested by processor 602. In certain embodiments, memory 604 includes random access memory (RAM). This RAM may be volatile memory, where appropriate. Where appropriate, this RAM may be dynamic RAM (DRAM) or static RAM (SRAM). Moreover, where appropriate, this RAM may be single-ported or multi-ported RAM. This disclosure contemplates any suitable RAM. Memory 604 may include one or more memory devices 604, where appropriate. Although this disclosure describes and illustrates particular memory, this disclosure contemplates any suitable memory.
[0030] In certain embodiments, storage 606 includes mass storage for data or instructions. As an example, and not by way of limitation, storage 606 may include a hard disk drive (HDD), a floppy disk drive, flash memory, an optical disc, a magneto-optical disc, magnetic tape, or a Universal Serial Bus (USB) drive or a combination of two or more of these. Storage 606 may include removable or non-removable (or fixed) media, where appropriate. Storage 606 may be internal or external to computer system 500, where appropriate. In certain embodiments, storage 606 is non-volatile, solid-state memory. In certain embodiments, storage 606 includes read-only memory (ROM). Where appropriate, this ROM may be mask-programmed ROM, programmable ROM (PROM), erasable PROM (EPROM), electrically erasable PROM (EEPROM), electrically alterable ROM (EAROM), or flash memory or a combination of two or more of these. This disclosure contemplates mass storage 606 taking any suitable physical form. Storage 606 may include one or more storage control units facilitating communication between processor 602 and storage 606, where appropriate. Where appropriate, storage 606 may include one or more storages 606. Although this disclosure describes and illustrates particular storage, this disclosure contemplates any suitable storage.
[0031] In certain embodiments, I/O interface 608 includes hardware, software, or both, providing one or more interfaces for communication between computer system 500 and one or more I/O devices. Computer system 500 may include one or more of these I/O devices, where appropriate. One or more of these I/O devices may enable communication between a person and computer system 500. As an example, and not by way of limitation, an I/O device may include a keyboard, keypad, microphone, monitor, mouse, printer, scanner, speaker, still camera, stylus, tablet, touch screen, trackball, video camera, another suitable I/O device or a combination of two or more of these. An I/O device may include one or more sensors. This disclosure contemplates any suitable I/O devices and any suitable I/O interfaces 606 for them. Where appropriate, I/O interface 608 may include one or more device or software drivers enabling processor 602 to drive one or more of these I/O devices. I/O interface 608 may include one or more I/O interfaces 606, where appropriate. Although this disclosure describes and illustrates a particular I/O interface, this disclosure contemplates any suitable I/O interface. [0032] In certain embodiments, communication interface 510 includes hardware, software, or both providing one or more interfaces for communication (such as, for example, packetbased communication) between computer system 500 and one or more other computer systems 600 or one or more networks. As an example, and not by way of limitation, communication interface 510 may include a network interface controller (NIC) or network adapter for communicating with an Ethernet or other wire-based network or a wireless NIC (WNIC) or wireless adapter for communicating with a wireless network, such as a WI-FI network. This disclosure contemplates any suitable network and any suitable communication interface 510 for it.
[0033] As an example, and not by way of limitation, computer system 500 may communicate with an ad hoc network, a personal area network (PAN), a local area network (LAN), a wide area network (WAN), a metropolitan area network (MAN), or one or more portions of the Internet or a combination of two or more of these. One or more portions of one or more of these networks may be wired or wireless. As an example, computer system 500 may communicate with a wireless PAN (WPAN) (such as, for example, a BLUETOOTH WPAN), a WI-FI network, a WLMAX network, a cellular telephone network (such as, for example, a Global System for Mobile Communications (GSM) network), or other suitable wireless network or a combination of two or more of these. Computer system 500 may include any suitable communication interface 510 for any of these networks, where appropriate. Communication interface 510 may include one or more communication interfaces 510, where appropriate. Although this disclosure describes and illustrates a particular communication interface, this disclosure contemplates any suitable communication interface.
[0034] In certain embodiments, bus 612 includes hardware, software, or both coupling components of computer system 500 to each other. As an example, and not by way of limitation, bus 612 may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industry Standard Architecture (EISA) bus, a front-side bus (FSB), a HYPERTRANSPORT (HT) interconnect, an Industry Standard Architecture (ISA) bus, an INFINIBAND interconnect, a low-pin-count (LPC) bus, a memory bus, a Micro Channel Architecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCIe) bus, a serial advanced technology attachment (SATA) bus, a Video Electronics Standards Association local (VLB) bus, or another suitable bus or a combination of two or more of these. Bus 612 may include one or more buses 612, where appropriate. Although this disclosure describes and illustrates a particular bus, this disclosure contemplates any suitable bus or interconnect. [0035] Herein, a computer-readable non-transitory storage medium or media may include one or more semiconductor-based or other integrated circuits (ICs) (such, as for example, field- programmable gate arrays (FPGAs) or application- specific ICs (ASICs)), hard disk drives (HDDs), hybrid hard drives (HHDs), optical discs, optical disc drives (ODDs), magneto-optical discs, magneto-optical drives, floppy diskettes, floppy disk drives (FDDs), magnetic tapes, solid-state drives (SSDs), RAM-drives, SECURE DIGITAL cards or drives, any other suitable computer-readable non-transitory storage media, or any suitable combination of two or more of these, where appropriate. A computer-readable non-transitory storage medium may be volatile, non-volatile, or a combination of volatile and non-volatile, where appropriate.
[0036] Herein, “or” is inclusive and not exclusive, unless expressly indicated otherwise or indicated otherwise by context. Therefore, herein, “A or B” means “A, B, or both,” unless expressly indicated otherwise or indicated otherwise by context. Moreover, “and” is both joint and several, unless expressly indicated otherwise or indicated otherwise by context. Therefore, herein, “A and B” means “A and B, jointly or severally,” unless expressly indicated otherwise or indicated otherwise by context.
[0037] Herein, “automatically” and its derivatives means “without human intervention,” unless expressly indicated otherwise or indicated otherwise by context.
[0038] The embodiments disclosed herein are only examples, and the scope of this disclosure is not limited to them. Embodiments according to this disclosure are in particular disclosed in the attached claims directed to a method, a storage medium, a system and a computer program product, wherein any feature mentioned in one claim category, e.g. method, can be claimed in another claim category, e.g. system, as well. The dependencies or references back in the attached claims are chosen for formal reasons only. However, any subject matter resulting from a deliberate reference back to any previous claims (in particular multiple dependencies) can be claimed as well, so that any combination of claims and the features thereof are disclosed and can be claimed regardless of the dependencies chosen in the attached claims. The subject-matter which can be claimed comprises not only the combinations of features as set out in the attached claims but also any other combination of features in the claims, wherein each feature mentioned in the claims can be combined with any other feature or combination of other features in the claims. Furthermore, any of the embodiments and features described or depicted herein can be claimed in a separate claim and/or in any combination with any embodiment or feature described or depicted herein or with any of the features of the attached claims. [0039] The scope of this disclosure encompasses all changes, substitutions, variations, alterations, and modifications to the example embodiments described or illustrated herein that a person having ordinary skill in the art would comprehend. The scope of this disclosure is not limited to the example embodiments described or illustrated herein. Moreover, although this disclosure describes and illustrates respective embodiments herein as including particular components, elements, feature, functions, operations, or steps, any of these embodiments may include any combination or permutation of any of the components, elements, features, functions, operations, or steps described or illustrated anywhere herein that a person having ordinary skill in the art would comprehend. Furthermore, reference in the appended claims to an apparatus or system or a component of an apparatus or system being adapted to, arranged to, capable of, configured to, enabled to, operable to, or operative to perform a particular function encompasses that apparatus, system, component, whether or not it or that particular function is activated, turned on, or unlocked, as long as that apparatus, system, or component is so adapted, arranged, capable, configured, enabled, operable, or operative. Additionally, although this disclosure describes or illustrates certain embodiments as providing particular advantages, certain embodiments may provide none, some, or all of these advantages.

Claims

CLAIMS: What is claimed is:
1. A method, comprising, by one or more computing devices: receiving, by the one or more computing devices, and from an electronic device associated with a user, a plurality of data inputs associated with the user; generating, by the one or more computing devices, a mathematical model based on the plurality of user data inputs, the mathematical model configured to be utilized to establish a user authentication access for a singular instance; generating, by the one or more computing devices, and utilizing the mathematical model, a signature matrix to establish the user authentication access for the singular instance; and providing, by the one or more computing devices, the signature matrix to the electronic device.
2. The method of Claim 1, wherein the electronic device associated with the user comprises a mobile electronic device or a wearable electronic device.
3. The method of Claim 1, wherein the plurality of data inputs comprises one or more of a facial image input, a location data input, a voice data input, a time input, a date input, a device data input, a health data input, a user pattern input, a user behavior input, a risk profile input, a proximity input, an application sensor input, or a federated data input.
4. The method of Claim 1, wherein the mathematical model comprises a non-persistent mathematical model.
5. The method of Claim 1, wherein the signature matrix comprises user authentication access data represented by the mathematical model.
6. The method of Claim 1, further comprising: subsequent to generating the signature matrix, discarding the mathematical model.
7. The method of Claim 1, wherein generating the mathematical model comprises generating the mathematical model in real-time or near real-time.
8. The method of Claim 1, further comprising: receiving, by the one or more computing devices, and from the electronic device associated with the user, a second plurality of data inputs associated with the user; generating, by the one or more computing devices, a second mathematical model based on the second plurality of user data inputs, the second mathematical model configured to be utilized to establish a user authentication access for a subsequent instance.
9. The method of Claim 8, further comprising: generating, by the one or more computing devices, and utilizing the second mathematical model, a second signature matrix to establish the user authentication access for the subsequent instance; and providing, by the one or more computing devices, the second signature matrix to the electronic device.
10. One or more computer-readable non-transitory storage media embodying software that is operable when executed by one or more processors to perform the steps of any of Claims 1 to 9.
11. A system comprising: one or more processors; and a non-transitory memory coupled to the processors comprising instructions executable by the one or more processors, the one or more processors operable when executing the instructions to perform the steps of any of Claims 1 to 9.
PCT/US2022/078672 2021-11-02 2022-10-25 User access authentication utilizing non-persistent codes WO2023081589A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US202163263446P 2021-11-02 2021-11-02
US63/263,446 2021-11-02

Publications (1)

Publication Number Publication Date
WO2023081589A1 true WO2023081589A1 (en) 2023-05-11

Family

ID=84362663

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2022/078672 WO2023081589A1 (en) 2021-11-02 2022-10-25 User access authentication utilizing non-persistent codes

Country Status (1)

Country Link
WO (1) WO2023081589A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130117832A1 (en) * 2011-11-07 2013-05-09 Shaheen Ashok Gandhi Identity Verification and Authentication
US8752146B1 (en) * 2012-03-29 2014-06-10 Emc Corporation Providing authentication codes which include token codes and biometric factors
US20140189808A1 (en) * 2012-12-28 2014-07-03 Lookout, Inc. Multi-factor authentication and comprehensive login system for client-server networks
US20210173914A1 (en) * 2019-12-10 2021-06-10 Winkk, Inc Device handoff identification proofing using behavioral analytics

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130117832A1 (en) * 2011-11-07 2013-05-09 Shaheen Ashok Gandhi Identity Verification and Authentication
US8752146B1 (en) * 2012-03-29 2014-06-10 Emc Corporation Providing authentication codes which include token codes and biometric factors
US20140189808A1 (en) * 2012-12-28 2014-07-03 Lookout, Inc. Multi-factor authentication and comprehensive login system for client-server networks
US20210173914A1 (en) * 2019-12-10 2021-06-10 Winkk, Inc Device handoff identification proofing using behavioral analytics

Similar Documents

Publication Publication Date Title
US11010803B2 (en) Identity verification and authentication
US11882118B2 (en) Identity verification and management system
US10110384B2 (en) Providing user authentication
US10248815B2 (en) Contemporaneous gesture and keyboard for different levels of entry authentication
JP6239808B1 (en) Method and system for using behavior analysis for efficient continuous authentication
US9628475B2 (en) User authentication of applications on third-party devices via user devices
JP6691955B2 (en) Biological detection method, device, system and storage medium
US9407633B2 (en) System and method for cross-channel authentication
US20160269411A1 (en) System and Method for Anonymous Biometric Access Control
JP6644781B2 (en) Reliability of user authentication based on multiple devices
US9697365B2 (en) World-driven access control using trusted certificates
US11102648B2 (en) System, method, and apparatus for enhanced personal identification
WO2018147908A1 (en) Voice signature for user authentication to electronic device
US20130176437A1 (en) Video Passcode
WO2017172239A1 (en) Secure archival and recovery of multifactor authentication templates
US20190158496A1 (en) System, Method, and Apparatus for Personal Identification
WO2023081589A1 (en) User access authentication utilizing non-persistent codes
US9674185B2 (en) Authentication using individual's inherent expression as secondary signature
US11074328B2 (en) User authentication using passphrase emotional tone
US20240007293A1 (en) Systems and methods for user identification and/or retrieval of user-related data at a local auxiliary system
US10887317B2 (en) Progressive authentication security adapter

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22813041

Country of ref document: EP

Kind code of ref document: A1