Patent Issued for Mobile application authentication infrastructure (USPTO 11882103): United Services Automobile Association

2024 FEB 13 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- According to news reporting originating from Alexandria, Virginia, by NewsRx journalists, a patent by the inventors Bluntzer, Jared Anthony (San Antonio, TX, US), Jamison, Andrew P. (San Antonio, TX, US), Wilcox, Dallin Clarence (San Antonio, TX, US), filed on January 28, 2021, was published online on January 23, 2024.

The assignee for this patent, patent number 11882103, is United Services Automobile Association (San Antonio, Texas, United States).

Reporters obtained the following quote from the background information supplied by the inventors: “Organizations strive to ensure secure and convenient user access to services or accounts. With the proliferation of identity theft and the growing emphasis on convenience, organizations are forced to find a balance between gathering enough identifying information and making the services or accounts accessible to users. Regulations and business rules may also govern how much or the types of identifying information the user must provide depending upon the nature of the activity that is requested.

“Existing systems often sacrifice security for convenience or sacrifice convenience for security. For example, users may be required to provide a login, password, and answer a secret question simply to engage in a low risk activity (e.g., to view current interest rates). Thus, although the user may be engaging in a low-risk activity, the user may be required to provide an excessive amount of information thereby sacrificing convenience for security.

“The drawings are not to scale. For example, the dimensions of some of the elements in the figures may be expanded or reduced to help improve the understanding of the embodiments of the present technology. Similarly, some components and/or operations may be separated into different blocks or combined into a single block for the purposes of discussion of some of the embodiments of the present technology. Moreover, while the technology is amenable to various modifications and alternative forms, specific embodiments have been shown by way of example in the drawings and are described in detail below. The intention, however, is not to limit the technology to the particular embodiments described. On the contrary, the technology is intended to cover all modifications, equivalents, and alternatives falling within the scope of the technology as defined by the appended claims.”

In addition to obtaining background information on this patent, NewsRx editors also obtained the inventors’ summary information for this patent: “Various embodiments of the present technology generally relate to authentication. In particular, some embodiments relate to systems and methods for a mobile application infrastructure and framework. Many traditional authentication techniques may be characterized by one entity sending an authentication challenge (e.g., a request or query) to another entity (e.g., a person, client, server machine, device, or thing that can communicate over a network). In response to receiving the authentication challenge, the second entity must respond with the appropriate answer to be authenticated and granted access to a service or data. Authentication ensures that communications are being sent to the correct entity. Moreover, various communications between entities may be secured to protect from additional security risks.

“In password authentication, for example, the challenge may be a request from a server asking the client for a password to authenticate the client’s identity in order to serve the client. For instance, when a person desires to check their bank account balance using a mobile device or computer, the client sends a request over a network to the bank’s server. The bank’s server responds to the client with a question for the user’s name and password. If the user enters and sends the correct name and password to the server, the server will respond with the user’s account balance. If the user enters the incorrect name or password, the server will deny the request to access the user’s account balance.

“Another example of authentication is a biometric authentication. A user can request confidential information from a server. The server may respond with a request for the user’s fingerprint before sending the confidential information. The user can then send his or her fingerprint to the server. If the server verifies that the fingerprint belongs to the user, the server has authenticated the communication and may now send the user information. If the server cannot verify that the fingerprint belongs to the user, they server may deny the request for information.

“Password authentication and biometric authentication are examples of active authentication. However, there a variety of passive techniques that can be used as part of the authentication process. Passive techniques are typically noninvasive to the user and typically include requests the user does not see (e.g., for information from a user’s device). For example, a server may request a user’s location or software version of a user’s mobile device before sending information to the user. However, these requests are neither viewed by the user nor require a direct response form the user. Rather, the client and server handle the request and answer automatically and may only alert the user if there is a problem.

“The communications between two entities may contain requests for information or data that have varying levels of sensitivity. As a result, the communications may vary in the assurance level of authentication that is needed. Assurance level requirements of authentication in communications can range from little or no confidence in user authentication to a very high confidence level of authentication. For example, communications involving a user’s bank account balance may require a higher assurance level of authentication than a request for a new webpage. Still yet, a request to transfer money from one account to another may require an even higher assurance level than a request to display a user’s account balance. The varying levels of authentication assurance and numerous authentication challenges presented to the user can allow secure communications.”

The claims supplied by the inventors are:

“1. A computer-implemented method comprising: receiving information regarding a user requested activity; determining, by an authentication coordinator, whether the user requested activity requires an authentication based on where the information regarding the user requested activity is stored; in response to a determination that the user requested activity requires the authentication, determining multiple authentication challenges for a user based on the user requested activity; requesting the user to provide authentication information in a single response to the authentication challenges, wherein the authentication information associated with the single response satisfies a level of authentication; selecting one or more of the authentication challenges having at most the level of authentication; and authenticating the user based on the single response for actions associated with the selected one or more of the authentication challenges.

“2. The computer-implemented method of claim 1, further comprising: receiving a request from the user, wherein the request indicates a type of information to be accessed by the user; and prioritizing the multiple authentication challenges for the user based on the type of the information.

“3. The computer-implemented method of claim 2, further comprising enabling access, for the user, to the information, wherein the enabling is based on a result of the authenticating the user.

“4. The computer-implemented method of claim 1, further comprising prioritizing the multiple authentication challenges for the user based on a protocol, wherein the protocol includes a device preference, a user preference, and/or a desired response time.

“5. The computer-implemented method of claim 1, further comprising: determining that available authentication information, for the selected one or more of the authentication challenges, is insufficient; and prompting the user for additional authentication information; wherein the authenticating the user is further based on the additional authentication information.

“6. The computer-implemented method of claim 1, further comprising: receiving a request from the user, wherein the request indicates a type of information to be accessed by the user; and determining the level of authentication based on the type of the information.

“7. The computer-implemented method of claim 6, wherein the information to be accessed by the user includes information regarding a number of shares owned by the user.

“8. The computer-implemented method of claim 6, wherein the information to be accessed by the user includes personal information of the user.

“9. The computer-implemented method of claim 6, wherein the information to be accessed by the user includes an account balance of the user.

“10. The computer-implemented method of claim 1, wherein the single response to the authentication challenges includes a voiceprint.

“11. The computer-implemented method of claim 1, wherein the single response to the authentication challenges includes a fingerprint.

“12. A non-transitory machine-readable memory having stored thereon machine-executable instructions that, when executed by one or more processors, cause the one or more processors to perform a process comprising: receive information regarding a user requested activity; determine, by an authentication coordinator, whether the user requested activity requires an authentication based on where the information regarding the user requested activity is stored; in response to a determination that the user requested activity requires the authentication, determine multiple authentication challenges for a user based on the user requested activity; request the user to provide authentication information in a single response to the authentication challenges, wherein the authentication information associated with the single response satisfies a level of authentication; select one or more of the authentication challenges having at most the level of authentication; and authenticate the user based on the single response for actions associated with the selected one or more of the authentication challenges.

“13. The non-transitory machine-readable memory of claim 12, wherein the process further comprises: receiving a request from the user, wherein the request indicates a type of information to be accessed by the user; and determining the level of authentication based on the type of the information.

“14. The non-transitory machine-readable memory of claim 12, wherein the single response to the authentication challenges includes a voiceprint.

“15. The non-transitory machine-readable memory of claim 12, wherein the single response to the authentication challenges includes a fingerprint.

“16. The non-transitory machine-readable memory of claim 12, wherein the process further comprises: receiving a request from the user, wherein the request indicates a type of information to be accessed by the user; and prioritizing the multiple authentication challenges for the user based on the type of the information.

“17. The non-transitory machine-readable memory of claim 16, wherein the process further comprises: enabling access, for the user, to the information, wherein the enabling is based on a result of the authenticating the user.

“18. A computing system comprising: one or more processors; and one or more memories, storing instructions that, when executed by the one or more processors, cause the computing system to perform a process comprising: receiving information regarding a user requested activity; determining, by an authentication coordinator, whether the user requested activity requires an authentication based on where the information regarding the user requested activity is stored; in response to a determination that the user requested activity requires the authentication, determining multiple authentication challenges for a user based on the user requested activity; requesting the user to provide authentication information in a single response to the authentication challenges, wherein the authentication information associated with the single response satisfies a level of authentication; selecting one or more of the authentication challenges having at most the level of authentication; and authenticating the user based on the single response for actions associated with the selected one or more of the authentication challenges.

“19. The computing system of claim 18, wherein the process further comprises: receiving a request from the user, wherein the request indicates a type of information to be accessed by the user; and determining the level of authentication based on the information.

“20. The computing system of claim 19, wherein the process further comprises prioritizing the multiple authentication challenges for the user based on the type of the information.”

For more information, see this patent: Bluntzer, Jared Anthony. Mobile application authentication infrastructure. U.S. Patent Number 11882103, filed January 28, 2021, and published online on January 23, 2024. Patent URL (for desktop use only): https://ppubs.uspto.gov/pubwebapp/external.html?q=(11882103)&db=USPAT&type=ids

(Our reports deliver fact-based news of research and discoveries from around the world.)