Secure management of a master encryption key in a split-key based distributed computing environment
US-9954680-B1 · Apr 24, 2018 · US
Systems and methods for user authentication based on multiple devices
US11240220B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11240220-B2 |
| Application number | US-201816007957-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 13, 2018 |
| Priority date | Jun 13, 2018 |
| Publication date | Feb 1, 2022 |
| Grant date | Feb 1, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A user may be authenticated using an authentication scheme based on user access to two or more selected electronic devices. A security key may be assigned to the user. The security key is divided into multiple parts that are distributed among electronic devices associated with the user. The security key can be reconstructed based on a distributed trust among the devices, where some devices may have a higher trust level than others. For example, each device can receive a number of key parts. In response to a request to authenticate the user, parts of the security key may be retrieved from two or more, but less than all, of the plurality of electronic devices associated with the user. The retrieved parts are used to reconstruct the security key, and the user is authenticated based on the reconstructed security key.
First claim
Opening claim text (preview).
What is claimed is: 1. A system for authenticating a user, comprising: a non-transitory memory; and one or more hardware processors coupled with the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising: receiving an authentication request for authenticating the user for accessing a user account via a user device, wherein the user account is associated with a security key that is divided into a plurality of parts distributed among a plurality of electronic devices associated with the user; determining, from a plurality of profiles associated with the user account, a particular profile based on a location of the user device, wherein the particular profile specifies a first subset of the plurality of electronic devices; selecting, from the first subset of the plurality of electronic devices, two or more electronic devices for authenticating the user; causing the user device to electronically connect to the two or more electronic devices; receiving, from the two or more electronic devices, (i) parts of the security key distributed to the two or more electronic devices and (ii) updated software configurations associated with the two or more electronic devices; reconstructing the security key based on the parts of the security key received from the two or more electronic devices; authenticating the user for accessing the user account based on the reconstructed security key; and re-distributing the plurality of parts of the security key at least a second subset of the plurality of electronic devices based on the updated software configurations associated with the two or more electronic devices. 2. The system of claim 1 , wherein the operations further comprise: determining a risk level for authenticating the user based at least in part on the authentication request; and selecting, from a plurality of security keys, the security key based on the determined risk level, wherein the security key requires at least a first number of parts corresponding to the determined risk level to be reconstructed. 3. The system of claim 2 , wherein the authentication request corresponds to a payment transaction request associated with an amount, and wherein the risk level is determined further based on the amount with respect to a predetermined threshold amount. 4. The system of claim 2 , wherein the authentication request corresponds to a purchase transaction request associated with a merchant, and wherein the risk level is determined further based on a merchant type associated with the merchant. 5. The system of claim 2 , wherein the risk level is determined further based on the location of the user device. 6. The system of claim 1 , wherein each one of the plurality of electronic devices includes an insufficient number of parts to reconstruct the security key, wherein the operations further comprise: determining a prerequisite number of parts of the security key for reconstructing the security key; and determining that the two or more electronic devices include at least the prerequisite number of parts. 7. The system of claim 1 , wherein the two or more electronic devices are randomly selected from the first subset of the plurality of electronic devices. 8. The system of claim 1 , wherein the causing the user device to electronically connect to the two or more electronic devices comprises: causing the user device to establish a first type of connection with a first electronic device from the two or more electronic devices; and causing the user device to establish a second type of connection with a second electronic device from the two or more electronic devices, wherein the first type of connection is different from the second type of connection, wherein the plurality of parts is re-distributed via the first type of connection and the second type of connection. 9. The system of claim 1 , wherein the two or more electronic devices includes less than the plurality of parts. 10. A method of authenticating a user, comprising receiving, by one or more hardware processors, an authentication request for authenticating the user for accessing a user account via a user device; determining, by the one or more hardware processors, a risk level associated with the request; selecting, by the one or more hardware processors from a plurality of security keys associated with the user account, a security key based on the risk level of the authentication request, wherein the security key is divided into a plurality of parts distributed among a plurality of electronic devices associated with the user, wherein the security key requires at least a prerequisite number of parts from the plurality of parts to be reconstructed; determining, by the one or more hardware processors from a plurality of profiles associated with the user account, a particular profile based on a location of the user device, wherein the particular profile specifies a first subset of the plurality of electronic devices; selecting, by the one or more hardware processors from the first subset of the plurality of electronic devices, two or more electronic devices for authenticating the user; causing, by the one or more hardware processors, the user device to electronically connect to the two or more electronic devices; retrieving, by the one or more hardware processors from the two or more electronic devices, parts of the security key distributed to the two or more electronic devices and (ii) updated device configurations associated with the two or more electronic devices; reconstructing, by the one or more hardware processors, the security key based on the retrieved parts of the security key; authenticating, by the one or more hardware processors, the user for accessing the user account based on the reconstructed security key; and re-distributing, by the one or more hardware processors, the plurality of parts of the security key to at least a second subset of the plurality of electronic devices based on the updated device configurations associated with the two or more electronic devices. 11. The method of claim 10 , wherein the two or more electronic devices comprise at least one of a vehicle, a smart appliance, or a wearable device. 12. The method of claim 10 , wherein the retrieving the parts of the security key from the two or more electronic devices comprises: retrieving a first number of parts from a first electronic device of the two or more electronic devices; and retrieving a second number of parts from a second electronic device of the two or more electronic devices, wherein the first number is different from the second number. 13. The method of claim 12 , wherein the first number is more than one. 14. The method of claim 10 , wherein a first part of the security key is retrieved from a first electronic device of the two or more electronic devices, and wherein the redistributing the plurality of parts of the security key comprises removing the first part of the security key from the first electronic device based on the updated software configurations. 15. The method of claim 10 , wherein a first part of the security key is received retrieved from a first electronic device of the two or more electronic devices, and wherein the redistributing the plurality of parts of the security key comprises storing a second part of the security key, in addition to the first part, in the first electronic device based on the updated software configurations. 16. The method of claim 10 , further comprising determining that the two or more electronic devices inclu
Assignees
Inventors
Classifications
Identity check for transactions · CPC title
- H04L9/085Primary
Secret sharing or secret splitting, e.g. threshold schemes · CPC title
Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage · CPC title
using wearable devices · CPC title
using the Internet of Things · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11240220B2 cover?
- A user may be authenticated using an authentication scheme based on user access to two or more selected electronic devices. A security key may be assigned to the user. The security key is divided into multiple parts that are distributed among electronic devices associated with the user. The security key can be reconstructed based on a distributed trust among the devices, where some devices may …
- Who is the assignee on this patent?
- Paypal Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/085. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Feb 01 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).