Patent Issued for Authentication for application downloads (USPTO 11140158): United Services Automobile Association
2021 OCT 25 (NewsRx) -- By a
The patent’s inventors are Adam, Patrick (
This patent was filed on
From the background information supplied by the inventors, news correspondents obtained the following quote: “Due in part to mass data breaches and phishing attacks exposing billions of email addresses, usernames and passwords in the past few years, account takeovers are prevalent. Many people use the same username/password combination across multiple accounts, which makes it easy for cybercriminals to sell stolen credentials. Fraudulent actors take over accounts for various types of services, including bank accounts, credit card accounts, and email accounts. Service providers attempt to curtail fraudulent activity by collecting and using information such as a username and password or device characteristics to authenticate the user. These techniques have limitations, particularly given the prevalence of stolen or breached data. Should a fraudster steal a device and have access to the stolen credentials, the stolen credentials can allow a fraudster to download an application, provide the user’s username and password, and obtain access to the user’s account. Most companies assume that the person downloading the application is in fact the owner of the device or account (or an authorized user of the device or account) and do not require credentials that are more difficult for fraudsters to obtain. That is, although an application is being downloaded to a user’s device, the application provider currently lacks technology to verify that the user himself or herself is the person responsible for downloading the application.
“The techniques introduced here may be better understood by referring to the following Detailed Description in conjunction with the accompanying drawings, in which like reference numerals indicate identical or functionally similar elements. Moreover, while the technology is amenable to various modifications and alternative forms, specific embodiments have been shown by way of example in the drawings and are described in detail below. The intention, however, is not to limit the technology to the particular embodiments described. On the contrary, the technology is intended to cover all modifications, equivalents, and alternatives falling within the scope of the technology as defined by the appended claims.”
Supplementing the background information on this patent, NewsRx reporters also obtained the inventors’ summary information for this patent: “When a company offers an application for download so that users can access their account, the company typically requests identifying information (e.g., email address) or identifying information (e.g., username) along with verification information (e.g., password, passcode, personal identification number). Noting or verifying the user’s identity using traditional methods is typically the extent of verification that companies perform before allowing the user to use the application and access their account information. That is, in prior systems, companies generally do nothing more than check a username/password combination or device characteristics to verify that the user associated with the account (and/or device) is in fact the person requesting the application download (“requestor”). Moreover, when users use more than one device when interacting with a company, device management can be challenging. Companies generally use device attributes to identify the device and install a token on the device to recognize the device. Thus, when sending messages to the user via an application, companies send the message to all devices associated with the user.
“To address the above-mentioned issues, the technology described herein provides a system and method that verifies that the person requesting the application download is authorized to do so and provides an improved system to manage devices using unique identifiers associated with application downloads. To verify that the person requesting the application download is authorized, first, the system can receive a request to download an application. In some implementations, the device is associated with the user (e.g., device characteristics are stored in a user profile), whereas in other implementations, the device is not associated with the user. In response to a first instance of the application being downloaded to the device, the issuer of the application can assign a unique identifier to the first instance of the application.
“After the application is downloaded, the system can ask the person requesting the application download to provide identification or identification/verification information and/or can identify the user via the device. Instead of stopping at verifying the user’s identity with typical methods (e.g., password, device fingerprint, evidence of secure browsing solution, secure token), the system can further request, via the first instance of the application, additional authentication information to verify the identity of the user. In one example of additional authentication information, the system can request an image of a government-issued identification card associated with the user identified by the username/password (or an authorized secondary user of the account) and a real-time image or video of the person requesting the download. Government-issued identification card can be any type of identification card with an image of the person (e.g., library card, driver’s license, learner’s permit, passport) issued by any government (e.g., state, federal, city). The system can verify the authenticity of the government-issued identification card and that the image of the person is in real-time (i.e., instantaneous or within minutes), or a third party can do so. After verifying the authenticity of the government-issued identification card and real-time nature of the image of the person, the system determines whether the image of a person on the government-issued identification card matches the real-time image of the person. If so, the system has verified that the person requesting the application download is authorized. The unique identifier can be associated with the device, user, and/or account. In another example of additional authentication information, a second device associated with the user (e.g., a device that has gone through the additional authentication process) can be used to verify the identity of the person downloading the application. In some embodiments, to obtain additional authentication information, the system can request that the user perform a face and/or voice biometric if the user has existing registered biometric information associated with the user’s profile. The characteristics of such information can be compared with the characteristics of the on-file biometric information.
“By assigning a unique identifier to the application and to the user or account, device management can be simplified. By verifying the specific download of the application on a device, messages can be sent to a specific device with confidence that the correct user is receiving the communication. Additionally, device characteristics do not need to be known; rather communication with the user can occur via the application. For example, if the user downloads a second instance of the application to a second device, the second instance of the application will receive a new and separate unique identifier. After the requestor of the application download verifies that he or she is authorized to download the second instance of the application to the second device, the system can communicate with the user via the first instance of the application or the second instance of the application. This is helpful in tracking devices in which to interact with because some users download the application on two or more devices (e.g., tablet, mobile device). Tracking the application downloads using the unique identifiers is also helpful in tracking whether a user has replaced a device and whether the unique identifier should be retired such that the unique identifier and that instance of the application will never be used again. In an example, if the user downloads the second instance of the application to the second device and the first instance of the application has not been used in a threshold period of time (e.g., 6 months), the system can ask the user via the second instance of the application whether the first instance of the application should be removed from the first device. The user can grant or deny permission in which case the unique identifier of the first application is either retired or not retired, respectively. In some implementations, the application is removed from the device after the unique identifier is retired. If the user does not provide an answer, the system can determine the period of time in which there has been activity via the first instance of the application and determine whether the unique identifier should be retired. Should the user wish to redownload the application, the user will need to re-prove that he or she is authorized to download the application. One benefit of tracking unique identifiers is that push notifications or other communications via the application can be sent to a specific device associated with a user instead of broadcasted to all devices associated with the user with the application.
“This disclosure describes systems and processes designed to authenticate the person downloading an application and to provide improved device management solutions using unqiue identifiers for an application. Various embodiments may provide one or more of the following technological improvements: (1) increase security by authenticating the person downloading the application; (2) increase efficiency of device management by tracking application downloads via unique identifier rather than device characteristics; and (3) reduce account takeovers by requiring real-time information for application downloads and re-downloads.”
The claims supplied by the inventors are:
“1. A computerized method of verifying authorization of an application download, the method comprising: receiving, from a device associated with a user, a request to download an application; in response to a first instance of the application being downloaded to the device, assigning a unique identifier to the first instance of the application; after the application is downloaded and prior to granting access to the first instance of the application, requesting, by the first instance of the application, authentication information to verify that a requestor of the download of the application is the user, wherein the authentication information comprises: an image of a government-issued identification card, and a real-time image of the requestor; in response to verifying, by the first instance of the application, that the requestor is the user, associating the unique identifier with the device and the user to result in a verified download of the first instance of the application; receiving, from a second device associated with the user, a request to download the application on the second device associated with the user; requesting, from the user via a second instance of the application on the second device, permission to remove the first instance of the application from the device; and in response to receiving permission or not receiving a response after a period of time, removing the first instance of the application from the device.
“2. The method of claim 1, further comprising: verifying an authenticity of the government-issued identification card; and comparing a picture of the user on the image of the government-issued identification card received from the device with the real-time image of the requestor received from the device to confirm that the requestor is the user.
“3. The method of claim 1, the method further comprising: sending the image of the government-issued identification card and the real-time image to a third party to: verify an authenticity of the government-issued identification card, and verify that a picture of the user on the image of the government-issued identification card and the real-time image of the requestor match.
“4. The method of claim 1, the method further comprising: prior to requesting the image of the government-issued identification card and the real-time image of the requestor: requesting identification information from the requestor, wherein the government-issued identification card is associated with an identity identified by the identification information, wherein the identification information comprises a username and a password or personal identification number.
“5. The method of claim 1, the method further comprising: in response to the second device downloading a second instance of the application, assigning a second unique identifier to the second instance of the application; and after verifying that the requestor is the user, associating the second unique identifier with the second device and the user.
“6. The method of claim 1, the method further comprising: in response to having the download of the first instance of the application verified, communicating to the user via the first instance of the application based only on the unique identifier rather than device characteristics.
“7. A computing system for verifying authorization of an application download, the computing system comprising: one or more processors; and one or more non-transitory memories storing instructions that, when executed by the one or more processors, cause the computing system to perform a process comprising: receiving, from a device associated with a user, a request to download an application, in response to a first instance of the application being downloaded to the device, assigning a unique identifier to the first instance of the application, in response to receiving confirmation from the application that the requestor is the user, associating the unique identifier with the device and the user, requesting, from the user, authentication information by: requesting an image of a government-issued identification card, and requesting a real-time image of the requestor, receiving, from a second device associated with the user, a request to download the application on the second device associated with the user, requesting, from the user via a second instance of the application on the second device, permission to remove the first instance of the application from the device, and in response to receiving permission, removing the first instance of the application from the device.
“8. The system of claim 7, wherein the process further comprises: verifying an authenticity of the government-issued identification card; and comparing a picture of the user on the image of the government-issued identification card received from the device with the real-time image of the requestor received from the device to confirm that the requestor is the user.
“9. The system of claim 7, wherein the process further comprises: requesting biometric information from the user; and comparing characteristics generated from the biometric information with characteristics generated from biometric information previously provided by the user.
“10. The system of claim 7, wherein the process further comprises: prior to requesting the image of the government-issued identification card and the real-time image of the requestor, requesting first authentication information from the requestor, wherein the first authentication information comprises a username and a password or personal identification number.
“11. The system of claim 7, wherein the process further comprises: in response to the second device downloading a second instance of the application, assigning a second unique identifier to the second instance of the application, and after verifying that the requestor is the user, associating the second unique identifier with the second device and the user.
“12. The system of claim 7, wherein the process further comprises: in response to verifying the download of the first instance of the application, communicating to the user via the first instance of the application based on the unique identifier rather than device characteristics.
“13. The system of claim 7, wherein the authentication information is a code sent to a device associated with the user.
“14. A mobile device comprising: one or more processors; and a non-transitory computer-readable storage medium having instructions stored thereon, which when executed by the one or more processors cause the mobile device to: in response to a request by a requestor, download a first instance of an application, wherein the first instance of the application is assigned a unique identifier, wherein the mobile device is associated with a user, after the application is downloaded and prior to allowing the user to access the first instance of the application, request first information to identify the user, after identifying the user, request an image of a government-issued identification card and capture a real-time image of the requestor, wherein the captured real-time image of the requestor is a live image of the requestor, compare a picture on the image of the government-issued identification card with the real-time, live image of the requestor captured by the mobile device to verify that the requestor is the user, and allow the user to access the first instance of the application in response to verifying that the requestor is the user.
“15. The mobile device of claim 14, wherein the unique identifier is associated with the mobile device and the user in response to verifying that the requestor is the user.
“16. The mobile device of claim 14, wherein the instructions, when executed by the one or more processors, further cause the mobile device to verify an authenticity of the government-issued identification card.
“17. The mobile device of claim 14, wherein the first information comprises a username and a password or personal identification number.
“18. The mobile device of claim 14, wherein the first instance of the application is removed from the mobile device in response to the user sending permission via a second instance of the application on a second mobile device.”
For the URL and additional information on this patent, see: Adam, Patrick. Authentication for application downloads.
(Our reports deliver fact-based news of research and discoveries from around the world.)
Patent Application Titled “Compliance Hub” Published Online (USPTO 20210312581): Aspen Ventures Limited
Murdaugh's ex-law firm reaches settlement with dead housekeeper's heirs, attorney says [The State (Columbia, S.C.)]
Advisor News
- SEC panel reviews mandatory arbitration clause in investment advisory agreements
- Financial shocks, caregiving, inflation and technology are top retirement concerns
- Proposal to raise Social Security age under fire
- UnitedHealth Group agrees to $69 million settlement in 401(k) suit
- Ohio, Oklahoma push back on ESG investing
More Advisor NewsAnnuity News
Health/Employee Benefits News
- Arkansas lawmakers debate dispensing fees for pharmacy benefit managers
- Vanderbilt Poll: Tennesseans support Medicare expansion, gun reform, reproductive healthcare
- 9 states, including Virginia, poised to end coverage for millions if Trump cuts Medicaid funding
- Ask the Medicare Specialist
- Comment: Anger, discord over health care a chronic condition
More Health/Employee Benefits NewsLife Insurance News