Patent Issued for Systems And Methods For Authentication Using Voice Biometrics And Device Verification (USPTO 10,424,303)

2019 OCT 09 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- According to news reporting originating from Alexandria, Virginia, by NewsRx journalists, a patent by the inventors Lester, Michael Wayne (Fair Oaks Ranch, TX); Casillas, Debra Randall (Helotes, TX); Rangarajan, Sudarshan (San Antonio, TX); Shelton, John (San Antonio, TX); Mortensen, Maland Keith (San Antonio, TX), filed on February 13, 2018, was published online on October 7, 2019.

The assignee for this patent, patent number 10,424,303, is United Services Automobile Association (San Antonio, Texas, United States).

Reporters obtained the following quote from the background information supplied by the inventors: “The protection and security of customer information is vital from an organization’s perspective, not only to comply with applicable laws, but to earn and keep customer’s trust. Enhanced security often comes at the cost of convenience for the user. For example, customers may be required to answer additional security questions.

“Security analysts have identified three authentication factors that can be used in making a positive identification: ownership (something only the user has), knowledge (something only the user knows), and inherence (something only the user is). Elements used to verify the first factor, ownership, may include a phone, a security token, or a software token. Elements used to verify the knowledge factor may include a password, username, personal identification number (PIN) or answers to security questions. Elements used to verify the inherence factor may include biometric data.”

In addition to obtaining background information on this patent, NewsRx editors also obtained the inventors’ summary information for this patent: “Methods and systems for authenticating a user are described. In some embodiments, a one-time token and a recording of the one-time token read aloud by the user are received at an authentication engine. The voice characteristics derived from the recording of the one-time token may be compared to the voice characteristics derived from samples of the user’s voice. The samples of the user’s voice may be derived from any vocal interaction with the user (e.g., speaking with a representative, speaking commands at an interactive voice response system, etc.). The user may be authenticated when the one-time token is verified and when a match of the voice characteristics derived from the recording of the one-time token and the voice characteristics derived from the previously recorded verbal samples of the user’s voice meet or exceed a threshold.

“In other embodiments, a biometric sample collected at a computing device that incorporates a dynamically generated token is received from a computing device. The biometric sample may be compared with a previously collected biometric sample. The user may be authenticated when the computing device is successfully verified and when the user is successfully verified though a match of the biometric sample and the previously collected biometric sample.

“In other embodiments, a method includes displaying a one-time token on a mobile computing device that is to be read aloud by the user. The method further includes generating a file including a recording of the one-time token read aloud by the user and transmitting the one-time token and the recording of the one-time token read aloud by the user to a server associated with an organization. A computing system of the organization may compare voice characteristics of the recording of the one-time token with voice characteristics of previously recorded samples of the user’s voice, and the user may be authenticated to the mobile application when the voice characteristics of the recording of the one-time token match the voice characteristics of the previously recorded samples of the user’s voice.

“Systems and apparatuses (e.g., non-transitory mediums embodying instructions that can be executed by one or more processors) that can accomplish the operations described above are also discussed in the disclosure.

“While multiple embodiments are disclosed, still other embodiments will become apparent to those skilled in the art from the following detailed description, which shows and describes illustrative embodiments. As will be realized, embodiments of the present disclosure are capable of modifications in various aspects, all without departing from the scope of the present disclosure. Accordingly, the drawings and detailed description are to be regarded as illustrative in nature and not restrictive.”

The claims supplied by the inventors are:

“What is claimed is:

“1. A method of authenticating a user, comprising: transmitting, from a first computing device to an authentication engine, user authentication information associated with a user of the first computing device; receiving, at the first computing device from the authentication engine, an activation code, wherein the activation code was retrieved by the authentication engine from a second computing device; in response to receiving the activation code, transmitting the activation code from the first computing device to the second computing device; receiving, at the first computing device from the second computing device, a token generator and an identifier of the token generator; in response to receiving the identifier of the token generator, transmitting the identifier of the token generator from the first computing device to the authentication engine; and authenticating the user, wherein authenticating the user comprises generating a one-time token using the token generator, wherein the authentication engine is implemented on at least one server computing device distinct from the first computing device and the second computing device.

“2. The method of claim 1, wherein the one-time token is generated based on the identifier of the token generator.

“3. The method of claim 2, wherein the identifier of the token generator is used as an input by the token generator to generate the one-time token.

“4. The method of claim 1, wherein the identifier of the token generator is a serial number of the token generator.

“5. The method of claim 1, wherein the token generator and the identifier of the token generator were transmitted from the second computing device to the first computing device in response to the first computing device transmitting the activation code to the second computing device.

“6. The method of claim 1, wherein authenticating the user comprises: displaying, on the first computing device, the one-time token to the user; and generating, on the first computing device, a recording of the one-time token read aloud by the user.

“7. The method of claim 6, wherein authenticating the user comprises transmitting, from the first computing device to the authentication engine, the one-time token and the recording of the one-time token read aloud by the user, wherein the authentication engine verifies the one-time token and compares voice characteristics derived from the recording of the one-time token with voice characteristics derived from one or more vocal interactions with the user.

“8. A non-transitory computer-readable storage medium comprising instructions stored therein, which when executed by one or more processors, cause the one or more processors to perform operations comprising: transmitting, from a first computing device to an authentication engine, user authentication information associated with a user of the first computing device; receiving, at the first computing device from the authentication engine, an activation code, wherein the activation code was retrieved by the authentication engine from a second computing device; in response to receiving the activation code, transmitting the activation code from the first computing device to the second computing device; receiving, at the first computing device from the second computing device, a token generator and an identifier of the token generator; in response to receiving the identifier of the token generator, transmitting the identifier of the token generator from the first computing device to the authentication engine; and authenticating the user, wherein authenticating the user comprises generating a one-time token using the token generator, wherein the authentication engine is implemented on at least one server computing device distinct from the first computing device and the second computing device.

“9. The non-transitory computer-readable storage medium of claim 8, wherein the one-time token is generated based on the identifier of the token generator.

“10. The non-transitory computer-readable storage medium of claim 9, wherein the identifier of the token generator is used as an input by the token generator to generate the one-time token.

“11. The non-transitory computer-readable storage medium of claim 8, wherein the identifier of the token generator is a serial number of the token generator.

“12. The non-transitory computer-readable storage medium of claim 8, wherein the token generator and the identifier of the token generator were transmitted from the second computing device to the first computing device in response to the first computing device transmitting the activation code to the second computing device.

“13. The non-transitory computer-readable storage medium of claim 8, wherein authenticating the user comprises: displaying, on the first computing device, the one-time token to the user; and generating, on the first computing device, a recording of the one-time token read aloud by the user.

“14. The non-transitory computer-readable storage medium of claim 13, wherein authenticating the user comprises transmitting, from the first computing device to the authentication engine, the one-time token and the recording of the one-time token read aloud by the user, wherein the authentication engine verifies the one-time token and compares voice characteristics derived from the recording of the one-time token with voice characteristics derived from one or more vocal interactions with the user.

“15. A system comprising: one or more processors; and a computer-readable medium comprising instructions stored therein, which when executed by the one or more processors, cause the one or more processors to perform operations comprising: transmitting, from a first computing device to an authentication engine, user authentication information associated with a user of the first computing device; receiving, at the first computing device from the authentication engine, an activation code, wherein the activation code was retrieved by the authentication engine from a second computing device; in response to receiving the activation code, transmitting the activation code from the first computing device to the second computing device; receiving, at the first computing device from the second computing device, a token generator and an identifier of the token generator; in response to receiving the identifier of the token generator, transmitting the identifier of the token generator from the first computing device to the authentication engine; and authenticating the user, wherein authenticating the user comprises generating a one-time token using the token generator, wherein the authentication engine is implemented on at least one server computing device distinct from the first computing device and the second computing device.

“16. The non-system of claim 15, wherein the one-time token is generated based on the identifier of the token generator.

“17. The system of claim 16, wherein the identifier of the token generator is used as an input by the token generator to generate the one-time token.

“18. The system of claim 15, wherein the identifier of the token generator is a serial number of the token generator.

“19. The system of claim 15, wherein the token generator and the identifier of the token generator were transmitted from the second computing device to the first computing device in response to the first computing device transmitting the activation code to the second computing device.

“20. The system of claim 15, wherein authenticating the user comprises: displaying, on the first computing device, the one-time token to the user; and generating, on the first computing device, a recording of the one-time token read aloud by the user.

“21. The system of claim 20, wherein authenticating the user comprises transmitting, from the first computing device to the authentication engine, the one-time token and the recording of the one-time token read aloud by the user, wherein the authentication engine verifies the one-time token and compares voice characteristics derived from the recording of the one-time token with voice characteristics derived from one or more vocal interactions with the user.”

For more information, see this patent: Lester, Michael Wayne; Casillas, Debra Randall; Rangarajan, Sudarshan; Shelton, John; Mortensen, Maland Keith. Systems And Methods For Authentication Using Voice Biometrics And Device Verification. U.S. Patent Number 10,424,303, filed February 13, 2018, and published online on October 7, 2019. Patent URL: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.htm&r=1&f=G&l=50&s1=10,424,303.PN.&OS=PN/10,424,303RS=PN/10,424,303

(Our reports deliver fact-based news of research and discoveries from around the world.)