Patent Issued for Authenticating user identity based on data stored in different locations (USPTO 11531739): United Services Automobile Association

2023 JAN 06 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- United Services Automobile Association (San Antonio, Texas, United States) has been issued patent number 11531739, according to news reporting originating out of Alexandria, Virginia, by NewsRx editors.

The patent’s inventors are Billman, Bradly Jay (Celina, TX, US), Erickson, Jennifer Hunt (San Antonio, TX, US).

This patent was filed on June 30, 2020 and was published online on December 20, 2022.

From the background information supplied by the inventors, news correspondents obtained the following quote: “The present disclosure relates generally to authentication systems. More specifically, the present disclosure relates to providing vendors a way to authenticate a user’s identity by way of a trusted network that utilizes a multi-point authentication technique.

“As more vendors use digital authentication methods for verifying a user’s identity, account information, and other details concerning a user to facilitate a financial transaction, data concerning the user may be stored on various databases for different vendors. This distribution of personal and private data may increase the chances that the data may be compromised by hackers or other entities attempting to obtain the secure information. As such, improved systems for storing personal or sensitive data concerning a user, while maintaining the ability to securely authenticate a user and facilitate a transaction are desirable.

“This section is intended to introduce the reader to various aspects of art that may be related to various aspects of the present disclosure, which are described and/or claimed below. This discussion is believed to be helpful in providing the reader with background information to facilitate a better understanding of the various aspects of the present disclosure. Accordingly, it may be understood that these statements are to be read in this light, and not as admissions of prior art.”

Supplementing the background information on this patent, NewsRx reporters also obtained the inventors’ summary information for this patent: “One or more specific embodiments will be described below. In an effort to provide a concise description of these embodiments, not all features of an actual implementation are described in the specification. It should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers’ specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another. Moreover, it should be appreciated that such a development effort might be complex and time consuming, but would nevertheless be a routine undertaking of design, fabrication, and manufacture for those of ordinary skill having the benefit of this disclosure.

“When introducing elements of various embodiments of the present disclosure, the articles “a,” “an,” and “the” are intended to mean that there are one or more of the elements. The terms “comprising,” “including,” and “having” are intended to be inclusive and mean that there may be additional elements other than the listed elements. Additionally, it should be understood that references to “one embodiment” or “an embodiment” of the present disclosure are not intended to be interpreted as excluding the existence of additional embodiments that also incorporate the recited features.

“As mentioned above, vendors may desire a secure system to digitally authenticate user identities when facilitating financial transactions such as purchases. To better ensure that data related to users’ identities and other sensitive information (e.g., financial data, demographic data) are securely stored while remaining useful to vendors, the presently disclosed embodiments detail certain systems and methods for authenticating identification data that may be distributed across multiple data storage components. For example, in one embodiment, a point of sale device may receive a request to purchase an item using a user’s digital account and a user’s digital identification data. Using the identification data, the point of sale device may query a trusted authentication system to authenticate the identification data. The point of sale device may have an established relationship with the trusted authentication system, such that the vendor trusts the authentication results of the trusted authentication system. In some embodiments, the authentication data used to authenticate the identification data may be located in multiple databases with each database having a non-overlapping part of the authentication data, such that no database has the same portion of authentication data in another database. The trusted authentication system may query a first database for a part of authentication data based on the information provided to the point of sale device related to the identification data. The trusted authentication system may receive a first portion of the authentication data from the first database. The trusted authentication system may then determine whether the authentication data includes an additional part based on the retrieved portion of the authentication data. That is, each portion of the authentication data may provide an indication with regard to a storage location of another portion of the authentication data. As such, the trusted authentication system may continue to identify additional parts of authentication data from the previously retrieved parts, such that the trusted authentication system collects each part of the authentication data from different databases until no additional parts remain. After collecting each of the parts of the authentication data, the trusted authentication system may combine the parts of the authentication data based on an algorithm that may be identified from one or more of the parts of authentication data. The trusted authentication system may then determine if the identification data received from the point of sale device is authenticated based on the combined parts of the authentication data. The results of the authentication process may then be sent to the point of sale device. In this way, a user’s data may be stored in different locations, thereby making each individual part of the authentication data useless without the collection of all of the parts. Indeed, the user’s data may be partially exposed if one of the data locations is compromised, but the data is useless without acquiring each portion of the data. Additional details with regard to authenticating data in this manner will be provided below with reference to FIGS. 1-4.

“By way of introduction, FIG. 1 illustrates an authentication system 10 that includes certain components, electronic devices, and a collection of electronic devices that may enable different computing systems to perform the methods described herein. As shown in FIG. 1, the authentication system 10 may include a point of sale device 12, a trusted authentication system 14, a first database 16, a second database 18, and a third database 20 that may be communicatively coupled to a network 22. Although three databases are shown in the current embodiment, any number of databases may be appropriate to carry out the functions of the authentication system 10. The point of sale device 12 may receive a request to authenticate a user identity (e.g., identification data) and query the trusted authentication system 14 to authenticate the user identity. In some embodiments, the point of sale device 12 may include a laptop computer, a personal computer, tablet, server, smart phone, a virtual machine, cloud-based computing system, and the like. The point of sale device 12 may be associated with a vendor of goods or services, such that the vendor may employ the point of sale device 12 to assist in a transaction.

“Moreover, in some embodiments the trusted authentication system 14 may include a laptop computer, a personal computer, tablet, server, smart phone, a virtual machine, cloud-based computing system, and the like, and is discussed in further detail with reference to FIG. 2. The trusted authentication system 14 may be affiliated with a bank, insurance company, government entity, third-party identification verification, and the like, such that a vendor may associate the trusted authentication system 14 with trusted and reliable source of information associated with the identification of a person. The trusted authentication system 14 may query a single one of, any combination of, or any additional database in addition to the first database 16, the second database 18, and a third database 20 for one or more parts of authentication data that is based on the identification data. In some embodiments, the databases may include data associated with the identity of a user (e.g., identification data) such as name, phone number, work address, home address, school history, social security number, and the like. In addition, the databases may include biometric data (e.g., facial image, fingerprint data) that may be used to authenticate identification data of a user. The first database 16, the second database 18, and the third database 20 may be associated with the trusted authentication system 14 or a part of an outside data source and are configured such that each database is at a different location and may contain non-overlapping information.”

The claims supplied by the inventors are:

“1. A system, comprising: a first computing device configured to receive identification data associated with a user and an identifying parameter associated with the user; and a second computing device configured to: receive a request from the first computing device to authenticate the user based on the identification data; query a first database for a first portion of authentication data based on the identifying parameter, wherein the authentication data is configured to authenticate an identify of the user based on the identification data; determine whether a second portion of the authentication data exists based on the first portion of the authentication data, wherein the first portion of the of the authentication data comprises a pointer configured to identify a second database comprising the second portion of the authentication data; query the second database for the second portion of the authentication data in response to determining that the second portion of the authentication data exists; identify an algorithm for combining the first portion and the second portion, wherein the first portion, the second portion, or both comprise the algorithm; combine the first portion of the authentication data and the second portion of the authentication data to form a combined authentication data based on the algorithm; compare the identification data and the combined authentication data; and send a result of the comparison to the first computing device.

“2. The system of claim 1, wherein the second portion of the authentication data is encrypted and the pointer comprises a decryption key for decrypting the second portion of the authentication data.

“3. The system of claim 1, wherein the identification data comprises fingerprint data, facial image data, retinal data, voice data, or any combination thereof.

“4. The system of claim 1, wherein the second computing device is configured to generate a scaled score associated with the comparison of the identification data and the combined authentication data.

“5. The system of claim 4, wherein the first computing system is configured to perform a transaction in response to the scaled score exceeding a threshold.

“6. The system of claim 1, comprises an unmanned aerial vehicle (UAV) configured to gather the identification data from the user.

“7. The system of claim 6, wherein the UAV comprises a camera configured to capture image data, wherein the identification data comprises the image data.

“8. The system of claim 6, wherein the UAV is configured to gather biometric data, wherein the identification data from the user comprises the biometric data.

“9. The system of claim 6, wherein the UAV comprises a fingerprint scanner configured to capture fingerprint data from the user, wherein the identification data from the user comprises the fingerprint data.

“10. The system of claim 1, wherein the pointer is indicative of the first portion of the authentication data being part of an ordered series of parts.

“11. The system of claim 1, wherein the first database is a first enclave server associated with the second computing device and the second database is a second enclave server associated with the second computing device.

“12. A non-transitory computer-readable medium comprising computer-executable instructions that, when executed, cause a processor to perform operations comprising: receiving a request to authenticate identification data associated with a user from an electronic device; querying a first database for a part of the authentication data based on an identifying parameter associated with the user; retrieving the part of the authentication data from the first database, wherein the part of the authentication data comprises a pointer configured to identify a second database comprising an additional part of authentication data; retrieving the additional part of the authentication data from the second database; identifying an algorithm for combining two or more parts of the authentication data from the part of the authentication data, the additional part of the authentication data, or both; combining the part of the authentication data and the additional part of the authentication data to form a combined authentication data based on the algorithm; comparing the combined authentication data and the identification; authenticating an identity of the user based on the comparison of the combined authentication data and the identification data; and sending a notification representative of a result of the authentication to the electronic device.

“13. The non-transitory computer-readable medium of claim 12, wherein the processor is further configured to perform the operations comprising combining the part of the authentication data and the additional part of the authentication data to form the combined authentication data based on the algorithm.

“14. The non-transitory computer-readable medium of claim 12, wherein the pointer comprises a decryption key for decrypting the additional part of the authentication data.

“15. A method, comprising: receiving, via a processor, a request from an electronic device to authenticate identification data associated with a user; querying, via the processor, a first server for a first portion of the authentication data based on one or more identifying parameters associated with the user; retrieving, via the processor, the first portion of the authentication data from the first server, wherein the first portion of the authentication data comprises a pointer configured to indicate that a second portion of authentication data exists; retrieving, via the processor, the second portion of the authentication data from a second server; identifying an algorithm for combining two or more portions of the authentication data from the first portion of the authentication data, the second portion of the authentication data, or both; combining, via the processor, the first portion of the authentication data and the second portion of the authentication data to form a combined authentication data based on the algorithm; comparing, via the processor, the combined authentication data and the identification; generating, via the processor, an authentication result based on the comparison of the combined authentication data and the identification data; and sending, via the processor, the authentication result to the electronic device.

“16. The method of claim 15, wherein the pointer is configured to identify the second server comprising the second portion of authentication data.

“17. The method of claim 16, comprising determining that a third portion of the authentication data does not exist before combining the first portion of the authentication data and the second portion of the authentication data.

“18. The method of claim 15, comprising: decrypting, via the processor, the first portion of the authentication data using a first decryption key; and decrypting, via the processor, the second portion of the authentication data using a second decryption key.”

For the URL and additional information on this patent, see: Billman, Bradly Jay. Authenticating user identity based on data stored in different locations. U.S. Patent Number 11531739, filed June 30, 2020, and published online on December 20, 2022. Patent URL (for desktop use only): https://ppubs.uspto.gov/pubwebapp/external.html?q=(11531739)&db=USPAT&type=ids

(Our reports deliver fact-based news of research and discoveries from around the world.)