US-12627656-B2 - Secure authorization for access to private data in virtual reality

Abstract

Techniques for secure authentication in virtual reality are provided. A virtual reality application executing on a virtual reality device can provide virtual reality environment. The virtual reality application may communicate with a server that provides a plurality of objects for display in the VR environment. The environment can include an object that, once selected, may initiate an authentication process. Once initiated, an authentication application may be launched on the VR device, so that a private authentication environment may be provided to the user. The user may be prompted to provide a biometric sample using one or more input devices coupled to the VR device. The biometric sample can then be sent to the authentication server, so that an authentication result may be determined from a comparison of the sample to a biometric template established during registration.

Inventors

• Christopher Szafranski
• Lance Weber

Assignees

• VISA INTERNATIONAL SERVICE ASSOCIATION

Dates

Publication Date

20260512

Application Date

20230202

Claims (19)

1. 1 . A method comprising: launching, by a virtual reality device, a first virtual reality environment provided by a virtual reality application executing on the virtual reality device, the virtual reality application comprising a user identifier for a first user of the virtual reality device, wherein the virtual reality application communicates with a first environment server that provides a plurality of first objects to the virtual reality application; displaying, by the virtual reality device, the plurality of first objects, wherein at least one of the plurality of first objects is selectable by the first user; receiving, by the virtual reality device, a selection of a first object of the plurality of first objects in the first virtual reality environment by the first user using one or more input devices coupled to the virtual reality application, the first object associated with object data; in response to a communication from the first environment server as a result of the selection of the first object, launching, by the virtual reality device, an authentication application that provides a private authentication environment received from an authentication server, and wherein the private authentication environment is a second virtual reality environment that is separate from the first virtual reality environment and includes one or more second objects; retrieving, by the authentication application, information relating to a registered biometric template of the first user, the retrieving using the user identifier; prompting, by the virtual reality device, the first user to provide a biometric sample using the one or more input devices based on the information relating to the registered biometric template of the first user; receiving, by the virtual reality device, the biometric sample from the first user via the one or more input devices; sending, by the virtual reality device, the biometric sample to the authentication server to determine an authentication result for accessing private data; and receiving, by the virtual reality device, the authentication result.
2. 2 . The method of claim 1 , wherein the launching the private authentication environment comprises: sending the user identifier and the object data to the authentication application; decoupling the one or more input devices from the virtual reality application; and coupling the one or more input devices to the authentication application.
3. 3 . The method of claim 2 , wherein the communication from the first environment server includes the first object that is selected, wherein the first object includes instructional metadata, and wherein the virtual reality application processes the instructional metadata in response to the selection of the first object.
4. 4 . The method of claim 3 , wherein the instructional metadata comprises an executable function, and wherein the executable function includes sending data to the authentication application.
5. 5 . The method of claim 4 , wherein the executable function initiates the launching of the private authentication environment provided by the authentication application.
6. 6 . The method of claim 4 , wherein the executable function initiates a display of a second object of the plurality of first objects, and wherein selecting the second object includes instructional metadata associated with a second executable function that initiates the launching of the private authentication environment provided by the authentication application.
7. 7 . The method of claim 1 , wherein the first virtual reality environment comprises other users of other virtual reality devices, and wherein data generated by the first user using the one or more input devices is sent to the other virtual reality devices when the one or more input devices is coupled to the virtual reality application.
8. 8 . The method of claim 7 , wherein the registered biometric template of the first user comprises audio data of a voice of the first user.
9. 9 . The method of claim 1 , wherein accessing the private data comprises: retrieving encrypted private data from a memory of the virtual reality device; deriving an encryption key; and decrypting the encrypted private data using the encryption key.
10. 10 . The method of claim 9 , further comprising: sending the private data to the first environment server to conduct a transaction.
11. 11 . The method of claim 1 , wherein re-launching the first virtual reality environment comprises: sending the user identifier and new object data to the virtual reality application; decoupling the one or more input devices from the authentication application; and coupling the one or more input devices to the virtual reality application.
12. 12 . The method of claim 1 , wherein the registered biometric template is linked to a validation profile identifier during a registration process, and wherein the authentication result is determined by: receiving the biometric sample from the virtual reality device; generating a second biometric template from the received biometric sample; determining the validation profile identifier based on the user identifier of the first user; querying a database for the registered biometric template linked to the validation profile identifier; and comparing the registered biometric template to the second biometric template; determining a match score based on the comparing; and generating the authentication result based on the match score.
13. 13 . The method of claim 12 , wherein the authentication server determines the authentication result, and wherein generating the authentication result based on the match score comprises: determining the match score is above a first threshold; generating a positive indicator to indicate a successful match; and including the positive indicator in the authentication result.
14. 14 . The method of claim 12 , wherein generating the authentication result based on the match score comprises: determining the match score is below a first threshold; determining the match score is above a second threshold; determining user information associated with the user identifier; sending a confirmation code based on the user information; receiving the confirmation code; generating a positive indicator to indicate a successful match; and including the positive indicator in the authentication result.
15. 15 . The method of claim 1 , further comprising: receiving a unique session identifier from the authentication server; and sending the unique session identifier to the first environment server.
16. 16 . A system comprising: a non-transitory computer readable medium storing instructions; and one or more processors configured to execute the instructions stored on the computer readable medium to perform: launching, by a virtual reality device, a first virtual reality environment provided by a virtual reality application executing on the virtual reality device, the virtual reality application comprising a user identifier for a first user of the virtual reality device, wherein the virtual reality application communicates with a first environment server that provides a plurality of first objects to the virtual reality application; displaying, by the virtual reality device, the plurality of first objects, wherein at least one of the plurality of first objects is selectable by the first user; receiving, by the virtual reality device, a selection of a first object of the plurality of first objects in the first virtual reality environment by the first user using one or more input devices coupled to the virtual reality application, the first object associated with object data; in response to a communication from the first environment server as a result of the selection of the first object, launching, by the virtual reality device, an authentication application that provides a private authentication environment received from an authentication server, wherein the private authentication environment is a second virtual reality environment that is separate from the first virtual reality environment and includes one or more second objects; retrieving, by the authentication application, information relating to a registered biometric template of the first user, the retrieving using the user identifier; prompting, by the virtual reality device, the first user to provide a biometric sample using the one or more input devices based on the information relating to the registered biometric template of the first user; receiving, by the virtual reality device, the biometric sample from the first user via the one or more input devices; sending, by the virtual reality device, the biometric sample to the authentication server to determine an authentication result for accessing private data; and receiving, by the virtual reality device, the authentication result.
17. 17 . The system of claim 16 , wherein the launching the private authentication environment comprises: sending the user identifier and the object data to the authentication application; decoupling the one or more input devices from the virtual reality application; and coupling the one or more input devices to the authentication application.
18. 18 . The system of claim 16 , wherein accessing the private data comprises: retrieving encrypted private data from a memory of the virtual reality device; deriving an encryption key; and decrypting the encrypted private data using the encryption key.
19. 19 . The system of claim 16 , wherein the registered biometric template is linked to a validation profile identifier during a registration process, and wherein the authentication result is determined by: receiving the biometric sample from the virtual reality device; generating a second biometric template from the received biometric sample; determining the validation profile identifier based on the user identifier of the first user; querying a database for the registered biometric template linked to the validation profile identifier; and comparing the registered biometric template to the second biometric template; determining a match score based on the comparing; and generating the authentication result based on the match score.

Description

CROSS REFERENCE TO RELATED APPLICATIONS This application is a continuation application of U.S. patent application Ser. No. 16/627,206, filed Dec. 27, 2019 which is a 35 U.S.C. 371 patent application of PCT Application No. PCT/US2017/048283, filed on Aug. 23, 2017, which are herein incorporated by reference in their entirety BACKGROUND In today's technological environment, a user can use a virtual reality (VR) device to interact with various 3D objects. Such an interaction may occur in a multi-user environment or otherwise involve network communications. In some instances, a 3D object may serve as a virtual representation of an object in the real world, and the user may want to access private data associated with the 3D object via an authentication process. However, performing an authentication process in virtual reality can be difficult as there are limited input mechanisms (e.g., no keyboard). Further, the authentication process should occur in a manner that does not expose the user's authentication credentials, particularly in a multi-user VR environment. Additionally, other users should not interfere with the authentication process, and vice versa. Embodiments of the invention address this and other problems, individually and collectively. BRIEF SUMMARY Systems and methods for securely authenticating a user in virtual reality are described herein. A virtual reality (VR) device can be used to simulate a real environment or “scene” for a user. The virtual reality device may present to the user images, sounds, and other stimuli that can be perceived as real or close to reality. This may include providing an environment that can react to the user's actions (i.e. inputs) via sensors. For example, image data for an environment may be displayed to the user, and the images may change as the user moves his or her head as if observing a real environment. As another example, the user may be shown virtual objects, which may react to sensed movements by the user as if he or she is affecting real objects around him or her. In addition, the simulated environment, can also be a multi-user environment, wherein a plurality of users can interact with objects simultaneously and with each other. In some instances, the virtual reality experience may involve accessing private data by the user. For example, the VR experience may involve accessing a protected virtual home or account records, e.g., in a virtual office, or accessing secret data about a player in an online multi-user game. Thus, the user may wish to access private records in the virtual reality environment, or view other content that requires identification. As such, a secure authentication process in virtual reality may be required, as described herein. Embodiments of the invention can provide a method for secure authentication in virtual reality. The method may comprise launching a virtual reality environment provided by a virtual reality application executing on a virtual reality device. The virtual reality application may comprise a user identifier for the user of the VR device, which can be established during a registration process. The virtual reality application may communicate with a server that provides a plurality of objects for display in the VR environment. The plurality of objects may be selectable by the user using one or more input devices, such that the virtual reality device may receive the object selections and associated object data. Selected objects may include a resource that the user wishes to access, and the objects may be associated with object data. The environment can also include an object that, once selected, may initiate an authentication process. Once initiated, an authentication application may be launched on the VR device, so that a private authentication environment may be provided to the user. Information relating to a registered biometric template of the user can be retrieved by an authentication server using a user identifier stored on the VR device. This can include specific instructions that the user may be required to perform in order to be successfully authenticated. The user may be prompted to provide a biometric sample using one or more input devices coupled to the VR device. In one embodiment, the biometric sample may be a voice sample of the user. For example, the user may be prompted to speak and record a registered phrase from which the user's unique voice characteristics can be extracted. The biometric sample can then be sent to the authentication server, so that an authentication result may be determined from a comparison of the sample to a biometric template established during registration. For example, a recording of the user speaking the registered phrase may be analyzed, and may be compared to a voice signature generated from a previous recording of the user's voice recorded during registration into the authentication program. After the comparison has been performed, an authentication result can then be sent to th