Researchers Submit Patent Application, “Fusion Template For User Authentication And Vault For Storing And Using The Same”, for Approval (USPTO 20210336951): Patent Application

2021 NOV 17 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- From Washington, D.C., NewsRx journalists report that a patent application by the inventors ECKEL, Robert (Andover, MA, US); LAZZOUNI, Mohamed (Northborough, MA, US), filed on April 19, 2021, was made available online on October 28, 2021.

No assignee for this patent application has been made.

News editors obtained the following quote from the background information supplied by the inventors: “The recent explosion of technological advancements has caused a drastic change in the methods and practices of authenticating and verifying digital information as well as governing the access thereto. To cope with the adjustments necessary in an evolving digital landscape, businesses, governmental agencies and academic institutions have begun to shift away from physical identify verification and have begun to use digital verification. Digital verification is often used to verify the identity of the individual before allowing the individual access to a service provider’s resources or other information.

“Often, the current digital authentication technology relies on a large disclosure of information upon first contact with the service provider or other entity, and additional information for authentication in any follow-up or continued use of the service. For example, many businesses may require an individual to input various forms of information, such as their social security number, street address, and name, among other types of information, when the individual first contacts the business.

“Once initial contact with the service provider or other entity has been established, the user may then be required to set up one or more forms of authentication to permit further use of the service. This authentication is typically conducted by prompting the user for a piece of information known to the user, and which is presumed to be unique or only known to the user. Digital verification can take place in a number of ways, such as with the use of a password, PIN, dual factor authentication or other form of access credentials input by the user to access services.

“Some services require additional authentication factors. For instance, some services may require the user to set up a multiple-factor authentication before accessing the services. The single-factor authentication may take the form of a single user verification, such as when the user enters a password or PIN to access their bank account. A multi-factor authentication may require additional authentication to obtain access to services, such as a user entering their password and additionally a one-time password that is sent to their email or text their phone by the business. Often, the additional authentication is another piece of information that the business has obtained from the user, and is prompting the user to re-enter to confirm the digital identity of the individual. The business may then compare the user’s input with information already stored at a central server in the business and, upon confirmation of the authentication information, permit the user access to their services or information.

“As previously mentioned, currently the service providers require the user to share their information with the service provider, and then re-enter that information later as a method of authentication to gain access or complete transactions with the service provider. The service provider usually takes large amounts of information from the individual, stores the information in a central server, and uses some or all of that data to verify the user whenever the user wishes to conduct a transaction. Moreover, the individual is left without alternatives to the current method for accessing services. The upfront disclosure of information is non-negotiable, and the individual is at the mercy of the service provider in terms of how much information is disclosed, and in many cases not relevant to the service requested and of no control of the user and what type(s) of information used to authenticate the user.

“While some service providers may need only a small amount of information to conduct transactions, other service providers require large upfront deposits of information to access their services. For example, signing up for a health insurance provider usually requires a thorough disclosure of the financial, behavioral, and medical history from an individual. This process provides the insurance company with a plethora of valuable personal information about the individual. While the user may determine that some of the personal information is not and/or should not be required for the transaction of services, the user must nonetheless offer up the information desired by the service provider in exchange for the service.

“Further, services providers often share the information obtained from the user with other corporations and/or data farms, with little regard to the individual, resulting in large quantities of personal information being stored at multiple sites across multiple digital landscapes, many of which are outside of the user’s control or the user can only acknowledge and must accept to continue the service.

“Currently, there is no method that allows the individual sovereign control over their data. Whether it is attempting to access their bank account or sign up for an online subscription, the individual must enter their personal data with little to no knowledge to what extent their data either in whole or part will be stored, shared, or mismanaged, or the security thereof.

“The widespread nature of the sharing of personal information and the storing thereof in central servers leaves individuals susceptible to data breaches. Hacking has become more sophisticated in the past two decades, and often corporations or central server management are unaware that they have been hacked and that the data of their users has been breached until it is too late. While the individual is not at fault for the data breach, the individual is nonetheless negatively impacted. Moreover, the user has no option but to provide their personal data to service providers in order to conduct transactions with or through the service provider. As can be appreciated, the lack of control over personal data can be frustrating and limiting.”

As a supplement to the background information on this patent application, NewsRx correspondents also obtained the inventors’ summary information for this patent application: “There is a need for a paradigm shift when it comes to user authentication.

“One exemplary non-limiting embodiment of the present disclosure may be an IntelliVault stored on a user device or device of the user’s choice. The IntelliVault may be designed to hold information associated with the user. The information may be biometric information, non-biometric information, combinations thereof or multiple combinations thereof.

“Moreover, the user may be able to logically combine the information to form fusion templates of data. The fusion templates may contain various mixtures of biometric and/or non-biometric information. The fusion templates may have several advantages associated therewith. In addition to being a unique formulation of individual information, fusion templates may be highly flexible and provide the user with increased security for their individual information. As a non-limiting example of increased security, current statistics indicate that the user may share the same iris scan as every 1 person in 2,000,000 people. Moreover, the user may share the same face scan as every 1 person in 100,000 people. This low repetition of biometric modalities gives higher security to the user than if the user were to implement a non-biometric modality (e.g., a password) for security purposes. However, the user may still be susceptible having their data compromised. Exemplary aspects of the present disclosure may permit the user to combine both the iris scan and the face scan into a fusion template, creating a unique verification method that is greater than the sum of the security of the iris scan and the security of the face scan. Additionally, the fusion template can be compressed (to save, for example, storage space) and still provide improved security over singular modalities. The resulting combination of the digital information in the fusion template introduces additional security orders of magnitude higher than if the user were to individually implement an iris scan or a face scan, or if the user were to implement both as separate forms of digital authentication. However, the present disclosure is not limiting to fusion templates, and may permit the user to implement a single modality for security purposes if the user wishes to do so. Moreover, the fusion template is not limited to just the iris scan and the face scan, and additional or alternative modalities may be used. For instance, the fusion template may be a combination of any number of biometric and/or non-biometric modalities. The fusion templates may additionally increase the level of security with every additional biometric or non-biometric modality infused therein. This level of security and uniqueness in authentication may allow the user increased comfort in the security of their data and transactions therewith. For example, the user may determine that some transactions or verifications may be more valuable to bad actors or hackers (e.g., bank account information) than others (e.g., information obtained from a hacked service provider) and may provision his data to address this (e.g., requiring more information or a higher level of security to verify the user when accessing a bank account than when accessing a streaming service).

“Moreover, the fusion templates are flexible in their use. For instance, the user may be able to choose which transactions utilize which templates, allowing the user to determine the extent to which the user’s data is sent to third parties. For instance, the user may use more templates for transactions that the user deems more significant or valuable, and may use fewer templates for transactions that the user deems less significant or less valuable. This flexibility allows the user to determine just how much data is shared, and with which service provider. For example, the user may determine that opening a new email account does not require that the email service provider know the user’s home address, phone number, and date of birth. Accordingly, the user may choose to simply use a fingerprint and a password to verify the user’s identity, and may therefore keep personal information related to the user’s home address, phone number, and date of birth under their own domain. To verify the identity of the user, the user may send a fusion template containing digital information related to the user’s fingerprint and password to a third party as a means of authentication to verify the user and open the email account. It should be noted that the fusion template is not a set of serial modalities; rather, the fusion template may be a blending or fusing of various information related to the user’s fingerprint and password. Additionally, in some embodiments, only the user is aware of which types of information are included in the fusion template, which third parties from reverse engineering the exact digital information underlying the fusion template.

“Some non-limiting examples of fusion that can be used with any one or more of the embodiments disclosed herein are:

“1. J. P. Hube. Neyman-Pearson Biometric Score Fusion as an Extension of the Sum Rule, SPIE Biometric Technology for Human Identification IV, Orlando, Fla., 2007.

“2. J. P. Hube. Formulae for consistent biometric score level fusion, 2017 IEEE International Joint Conference on Biometrics (LTCB), Denver, Colo., 2017, pp. 329-334.

“Both of which are incorporated herein by reference in their entirety.

“As another non-limiting example and benefit of the current technology, the blending or fusing of the various information in a fusion template helps obfuscate the underlying information, providing an additional security benefit. For example, and as discussed herein, information (such as a fingerprint, birthdate and an image) can be combined for the fusion template. While this blended or fused information is nonsensical to a human, it provides a very unique and robust package of information that can be used, for example, for authentication to access a bank account.

“As another non-limiting example, the user may wish to share limited information when conducting various transactions. For instance, the user may prefer that information related to their street address and date of birth are not shared with a bank when they move money from their savings account to their checking account. In this instance, the user may choose to authenticate the transaction without using the street address and date of birth, but rather with some other form of authentication. Hence, the user has sovereign data management; the user chooses how much and in which forms information is disclosed to the service provider.

“One exemplary advantage of the current disclosure is the introduction of sovereign data management. In contrast to the current paradigm, where the user must fully disclose personal information that may be compromised in the future, the present disclosure may permit the user full control over their personal information. In other words, the user has complete freedom to utilize their data as they see fit and the service provider will provide access. This paradigm shift may now give the user the responsibility of personal data management, and allows the user to have complete control over their own identity and allows the user to decide how much security should be used for a specific transaction or class of transactions. The present disclosure does not force the user to any specific template for any particular transaction; in contrast, the user has the flexibility to choose how and in which forms they provision their data. This introduced flexibility and freedom are unprecedented, and provides full control to the user to determine how they use their personal data in any manner they deem satisfactory.

“Another exemplary advantage of the present disclosure is the protection of the individual identity of the user. By securing biometric data and provisioning the biometric data using fusion templates, the biometric data associated with the user is protected and, by extension, so is the user’s identity. In the event that a hacker were able to intercept a fusion template sent from the user, the hacker would have no way of re-forming the individual biometric information from the fusion template, since the blending or fusing of the modalities yields a sophisticated authentication that cannot be easily deconstructed into individual modalities. Moreover, by storing the biometric data in an IntelliVault, the user gains the advantage of securely protecting their biometric information while simultaneously reducing the risk that their data be compromised.

“Another exemplary advantage is the reduction of individual data being compromised. As previously noted, the centralized identification paradigm provides large amounts of personal information for a huge number of users at a centralized location. One sophisticated and successful hack could potentially compromise information for millions of individuals (and has). The current disclosure is directed toward individual data management; in order to comprise the same amount of data, a hacker would have successfully hack millions of devices. This data movement would severely discourage and limit the hacking of personal information.

“Another exemplary advantage of the present disclosure is user comfort in the security of their personal information. While current digital authentication spreads large amounts of user data across multiple platforms, the present disclosure is directed toward allowing users to determine the extent to which they share information. For instance, the user may deem it unnecessary to send large amounts of personal information to a service provider in exchange for their service, and may therefore provision a small amount of data for authentication to the service provider to access the service. This may limit the amount of personal information the user discloses, which limits the amount of personal information that may be compromised.”

There is additional summary information. Please visit full patent to read further.”

The claims supplied by the inventors are:

“1. A method comprising: receiving, from a user, an identification of a first biometric modality; receiving, from the user, an identification of a second biometric modality; constructing, by logically combining the first biometric modality with the second biometric modality, one or more fusion templates; establishing one or more usage rules for the one or more fusion templates; and transmitting, based on the one or more usage rules, a digital verification package over a network for information access.

“2. The method of claim 1, wherein the one or more usage rules are changed based on a security value.

“3. The method of claim 2, wherein the security value is a dial.

“4. The method of claim 1, wherein the one or more usage rules are changed based on a usability value.

“5. The method of claim 4, wherein the usability value is a dial.

“6. The method of claim 1, further comprising: conducting a first transaction with a third party, comprising: determining that the user is conducting the first transaction; determining that a first transaction rule of the one or more usage rules is associated with the first transaction; determining that a first fusion template of the one or more fusion templates is required for the first transaction; determining that a plurality of data from the first fusion template is required for the first transaction; retrieving the plurality of data from a database; and sending, over the network, the plurality of data to the third party.

“7. The method of claim 6, wherein the conducting the first transaction further comprises: accessing a secret token associated with the user device; and signing, using the secret token, the plurality of data before sending the plurality of data to the third party.

“8. The method of claim 1, wherein the first biometric modality comprises one or more of a facial scan, a fingerprint scan, a palm scan, an iris scan, a voice scan, and a pulse rate scan.

“9. The method of claim 1, wherein the second biometric modality comprises one or more of a facial scan, a fingerprint scan, a palm scan, an iris scan, a voice scan, and a pulse rate scan.

“10. A system comprising: a processor; and a memory storing instructions for execution by the processor that, when executed by the processor, cause the processor to: receive, from a user, a first biometric modality; receive, from the user, a second biometric modality; construct, by logically combining the first biometric modality with the second biometric modality, one or more fusion templates; establish one or more usage rules for the one or more fusion templates; and transmit, based on the one or more usage rules, a digital verification package over a network.

“11. The system of claim 10, wherein the one or more usage rules are changed based on a security value.

“12. The system of claim 11, wherein the security value is adjusted based on a dial.

“13. The system of claim 12, wherein the security value changes from a low security level to a high security level, at least one usage rule of the one or more usage rules becomes available for use.

“14. The system of claim 10, wherein the one or more usage rules are changed based on a usability value.

“15. The system of claim 14, wherein the usability value is adjusted based on a dial.

“16. The system of claim 15, wherein the usability value changes from a high usability level to a low usability level, at least one usage rule of the one or more usage rules becomes available for use.

“17. The system of claim 10, wherein the instructions further cause the processor to: determine that the user is conducting the first transaction; determine that the first transaction rule of the one or more usage rules is associated with a first transaction; determine that a first fusion template of the one or more fusion templates is required for the first transaction; determine that a plurality of data from the first fusion template is require for the first transaction; extract the plurality of data from a database; and send, over the network, the plurality of data to the third party.

“18. The system of claim 17, wherein the instructions further cause the processor to: access a secret token associated with a user device; and sign, using the secret token, the plurality of data before sending the plurality of data to the third party.

“19. A non-transitory computer-readable medium comprising a set of instructions stored therein which, when executed by the processor, cause the processor to: receive, from a user, a first biometric modality; receive, from the user, a second biometric modality; construct, by logically combining the first biometric modality with the second biometric modality, one or more fusion templates; establish one or more usage rules for the one or more fusion templates; and transmit, based on the one or more usage rules, a digital verification package over a network.

“20. The non-transitory medium of claim 19, wherein the one or more usage rules are adjusted with at least one of a security dial and a usability dial.”

For additional information on this patent application, see: ECKEL, Robert; LAZZOUNI, Mohamed. Fusion Template For User Authentication And Vault For Storing And Using The Same. Filed April 19, 2021 and posted October 28, 2021. Patent URL: https://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220210336951%22.PGNR.&OS=DN/20210336951&RS=DN/20210336951

(Our reports deliver fact-based news of research and discoveries from around the world.)