Search

US-12627657-B2 - Computerized system and method for device-based identity management

US12627657B2US 12627657 B2US12627657 B2US 12627657B2US-12627657-B2

Abstract

Disclosed are systems and methods that provide a novel cross-session authentication framework that enables secure local and/or network sessions to be effectuated via biometric tracking via a wearable device (e.g., smart ring). In some implementations, when a user wearing a smart ring is authenticated with a first secure resource (e.g., a computer system such as a smart phone application associated with the smart ring), such authentication can be maintained and leveraged to access other resources that are separately being securely held. The smart ring, when properly worn, can monitor biometrics (e.g., vital signs) of a user, and based therefrom, determine if and/or when the smart ring is removed/manipulated from the user's finder. Until the smart ring is removed, the smart ring's confirmation of being worn by the user can be leveraged as an identification token that can enable the user access to other securely held information.

Inventors

  • Charles KRING
  • Austen MARTIN

Assignees

  • PLUME DESIGN, INC.

Dates

Publication Date
20260512
Application Date
20230727

Claims (20)

  1. 1 . A method comprising: providing a session token to a device of a user, the session token corresponding to an authenticated session of the user with a first system, the session token stored in association with the device and configured to provide authentication credentials for accessing a plurality of systems; collecting biometric data related to the user, the biometric data comprising data captured by one or more sensors of the device and providing an indication of a status of the user, the status indicating whether the user maintains an authenticated relationship with the device; receiving a request for access to a second system, the second system being a distinct system from the first system and requiring separate authentication; analyzing the collected biometric data based on the request, the analyzing comprising evaluating whether the biometric data is consistent with continued presence of an authenticated user with the device; determining, based on the analysis, whether to authenticate the user for the second system, the determination comprising: comparing the collected biometric data against reference biometric data associated with the authenticated session to identify whether the user associated with the session token remains the current user of the device; and granting authentication when the comparison indicates continuity of the authenticated user; and electronically communicating the session token to the second system along with information to the device based on the determination, the communicated session token enabling the second system to grant access without requiring the user to provide additional authentication credentials.
  2. 2 . The method of claim 1 , wherein the communicated information comprises an indication of an access denial.
  3. 3 . The method of claim 2 , further comprising: determining, based on the analysis, that the status is not consistent with a manner corresponding to the authentication of the session with the first system.
  4. 4 . The method of claim 1 , further comprising: determining, based on the analysis, that the status is consistent with a manner corresponding to the authentication of the session with the first system; and communicating, via the device, the session token to the second system.
  5. 5 . The method of claim 4 , further comprising: authenticating the user on the second system via the communicated session token.
  6. 6 . The method of claim 4 , wherein the communicated information comprises an indication of access to the second system.
  7. 7 . The method of claim 1 , further comprising: monitoring, via the device, the biometric data; and analyzing the biometric data to determine events corresponding to manners in which the user maintains the status, wherein the monitoring and analysis of the biometric data is based on the collection of the biometric data.
  8. 8 . The method of claim 1 , further comprising: providing login credentials to the first system; receiving, in response to the provided login credentials, an indication of authentication with the first system, the authentication comprising access to an account with the first system; and communicating the session token to the device.
  9. 9 . The method of claim 1 , wherein the session token is stored in association with the device.
  10. 10 . The method of claim 1 , wherein the device is a user device.
  11. 11 . A system comprising: a processor configured to: provide a session token to a device of a user, the session token corresponding to an authenticated session of the user with a first system, the session token stored in association with the device and configured to provide authentication credentials for accessing a plurality of systems; collect biometric data related to the user, the biometric data comprising data captured by one or more sensors of the device and providing an indication of a status of the user, the status indicating whether the user maintains an authenticated relationship with the device; receive a request for access to a second system, the second system being a distinct system from the first system and requiring separate authentication; analyze the collected biometric data based on the request, the analyzing comprising evaluating whether the biometric data is consistent with continued presence of an authenticated user with the device; determine, based on the analysis, whether to authenticate the user for the second system by: comparing the collected biometric data against reference biometric data associated with the authenticated session to identify whether the user associated with the session token remains the current user of the device; and granting authentication when the comparison indicates continuity of the authenticated user; and electronically communicate the session token to the second system along with information to the device based on the determination, the communicated session token enabling the second system to grant access without requiring the user to provide additional authentication credentials.
  12. 12 . The system of claim 11 , wherein the processor is further configured to: determine, based on the analysis, that the status is not consistent with a manner corresponding to the authentication of the session with the first system, wherein the communicated information comprises an indication of an access denial.
  13. 13 . The system of claim 11 , wherein the processor is further configured to: determine, based on the analysis, that the status is consistent with a manner corresponding to the authentication of the session with the first system; communicate the session token to the second system; authenticate the user on the second system via the communicated session token, wherein the communicated information comprises an indication of access to the second system.
  14. 14 . The system of claim 11 , wherein the processor is further configured to: monitor the biometric data; and analyze the biometric data to determine events corresponding to manners in which the user maintains the status, wherein the monitoring and analysis of the biometric data is based on the collection of the biometric data.
  15. 15 . The system of claim 11 , wherein the device is a user device.
  16. 16 . A non-transitory computer-readable storage medium tangibly encoded with computer-executable instructions that when executed by a processor, perform a method comprising: providing a session token to a device of a user, the session token corresponding to an authenticated session of the user with a first system, the session token stored in association with the device and configured to provide authentication credentials for accessing a plurality of systems; collecting biometric data related to the user, the biometric data comprising data captured by one or more sensors of the device and providing an indication of a status of the user, the status indicating whether the user maintains an authenticated relationship with the device; receiving a request for access to a second system, the second system being a distinct system from the first system and requiring separate authentication; analyzing the collected biometric data based on the request, the analyzing comprising evaluating whether the biometric data is consistent with continued presence of an authenticated user with the device; determining, based on the analysis, whether to authenticate the user for the second system, the determination comprising: comparing the collected biometric data against reference biometric data associated with the authenticated session to identify whether the user associated with the session token remains the current user of the device; and granting authentication when the comparison indicates continuity of the authenticated user; and electronically communicating the session token to the second system along with information to the device based on the determination, the communicated session token enabling the second system to grant access without requiring the user to provide additional authentication credentials.
  17. 17 . The non-transitory computer-readable storage medium of claim 16 , further comprising: determining, based on the analysis, that the status is not consistent with a manner corresponding to the authentication of the session with the first system, wherein the communicated information comprises an indication of an access denial.
  18. 18 . The non-transitory computer-readable storage medium of claim 16 , further comprising: determining, based on the analysis, that the status is consistent with a manner corresponding to the authentication of the session with the first system; communicating the session token to the second system; authenticating the user on the second system via the communicated session token, wherein the communicated information comprises an indication of access to the second system.
  19. 19 . The non-transitory computer-readable storage medium of claim 16 , further comprising: monitoring the biometric data; and analyzing the biometric data to determine events corresponding to manners in which the user maintains the status, wherein the monitoring and analysis of the biometric data is based on the collection of the biometric data.
  20. 20 . The non-transitory computer-readable storage medium of claim 16 , wherein the device is a user device.

Description

FIELD OF THE DISCLOSURE The present disclosure is generally related to identity monitoring and management, and more particularly, to a decision intelligence (DI)-based computerized framework for automatically and dynamically managing the identity and authenticated activities of a user via a wearable device associated with the user. BACKGROUND Currently, mechanisms for accessing securely held resources are limited to user provided input, which can include, for example, a username/password, PINs, facial recognition, fingerprints, and the like. Indeed, at most, two-factor authentication (2FA) or multi-factor authentication (MFA) can involve a combination of authentication types which can provide added layers of protection. SUMMARY OF THE DISCLOSURE However, such techniques are still susceptible to malicious activity. That is, for example, passwords can be hacked, facial recognition systems can be spoofed, and regardless of the number of MFA layers, each layer can be readily exposed via a data breach. To that end, according to some embodiments, as discussed herein, the disclosed systems and methods provide a cross-session authentication framework that enables secure local and/or network sessions to be effectuated via biometric tracking via a wearable device. According to some embodiments, when a user wearing a smart ring is authenticated with a first secure resource (e.g., a computer system such as a smart phone application associated with the smart ring, for example), such authentication can be maintained and leveraged to access other (or third party) resources that are separately being securely held. According to some embodiments, a smart ring, when properly worn, can monitor biometrics (e.g., vital signs) of a user, and based therefrom, determine if and/or when the smart ring is removed from the user's finder (e.g., or manipulated out of place from being worn correctly). Until the smart ring is removed (and/or according to other related criteria, for example, a time period, type of gesture, requested resource, type of user, and the like), the smart ring's confirmation of being worn by the user can be leveraged as an identification token that can enable the user access to other securely held information. According to some embodiments, as discussed herein, the disclosed framework can operate by enabling a user to leverage authentication with a first secure system to access other securely held systems. In some embodiments, upon a user accessing a first system, a user's device (e.g., smart ring) is provided a secure session token, which can be stored in association with the device (e.g., in storage on the device and/or in a network accessible repository). In some embodiments, the token is capable of being provided to other securely held systems while the device is determined to have maintained association with the user. For example, upon receiving the token, the token remains valid as long as the user's smart ring remains worn by the user (e.g., on the same finger and hand as was established upon receiving the token). Thus, this effectively acts as an “open” session for the user device, for which confirmation of the user's identity can be proactively provided when requesting access to such systems. According to some embodiments, a method is disclosed for a DI-based computerized framework for automatically and dynamically managing the identity and authenticated activities of a user via a wearable device associated with the user. In accordance with some embodiments, the present disclosure provides a non-transitory computer-readable storage medium for carrying out the above-mentioned technical steps of the framework's functionality. The non-transitory computer-readable storage medium has tangibly stored thereon, or tangibly encoded thereon, computer readable instructions that when executed by a device cause at least one processor to perform a method for automatically and dynamically managing the identity and authenticated activities of a user via a wearable device associated with the user. In accordance with one or more embodiments, a system is provided that includes one or more processors and/or computing devices configured to provide functionality in accordance with such embodiments. In accordance with one or more embodiments, functionality is embodied in steps of a method performed by at least one computing device. In accordance with one or more embodiments, program code (or program logic) executed by a processor(s) of a computing device to implement functionality in accordance with one or more such embodiments is embodied in, by and/or on a non-transitory computer-readable medium. DESCRIPTIONS OF THE DRAWINGS The features, and advantages of the disclosure will be apparent from the following description of embodiments as illustrated in the accompanying drawings, in which reference characters refer to the same parts throughout the various views. The drawings are not necessarily to scale, emphasis instead being pl