US 11,929,997 B2
Advanced authentication techniques and applications
Marc Briceno, San Francisco, CA (US); Brendon Wilson, San Jose, CA (US); Ramesh Kesanupalli, San Jose, CA (US); Davit Baghdasaryan, San Francisco, CA (US); Rajiv Dholakia, Palo Alto, CA (US); William J. Blanke, White Salmon, WA (US); Rolf Lindemann, Steele (DE); Igor Polivanyi, Palo Alto, CA (US); and Avinash Umap, Cupertino, CA (US)
Assigned to Nok Nok Labs, Inc., San Jose, CA (US)
Filed by Nok Nok Labs, Inc., San Jose, CA (US)
Filed on Apr. 23, 2019, as Appl. No. 16/392,301.
Application 16/392,301 is a division of application No. 14/218,504, filed on Mar. 18, 2014, granted, now 10,270,748.
Application 14/218,504 is a continuation in part of application No. 14/145,607, filed on Dec. 31, 2013, granted, now 9,367,676, issued on Jun. 14, 2016.
Application 14/145,607 is a continuation in part of application No. 14/145,533, filed on Dec. 31, 2013, granted, now 9,305,298, issued on Apr. 5, 2016.
Application 14/145,533 is a continuation in part of application No. 14/145,439, filed on Dec. 31, 2013, granted, now 9,396,320, issued on Jul. 19, 2016.
Application 14/145,439 is a continuation in part of application No. 14/145,466, filed on Dec. 31, 2013, granted, now 10,706,132.
Application 14/145,466 is a continuation in part of application No. 14/066,384, filed on Oct. 29, 2013, granted, now 9,887,983, issued on Feb. 6, 2018.
Claims priority of provisional application 61/804,568, filed on Mar. 22, 2013.
Prior Publication US 2019/0253404 A1, Aug. 15, 2019
Int. Cl. G06Q 20/38 (2012.01); G06F 21/31 (2013.01); H04L 9/00 (2022.01); H04L 9/40 (2022.01); H04W 12/06 (2021.01); H04W 12/63 (2021.01); H04W 12/67 (2021.01); H04W 88/02 (2009.01)
CPC H04L 63/08 (2013.01) [G06F 21/31 (2013.01); H04L 9/006 (2013.01); H04L 63/205 (2013.01); H04W 12/06 (2013.01); G06F 2221/2105 (2013.01); H04L 63/0861 (2013.01); H04W 12/63 (2021.01); H04W 12/67 (2021.01); H04W 88/02 (2013.01)] 13 Claims
OG exemplary drawing
 
1. A method comprising:
receiving, at a client device, a request from a user of the client device to perform a particular transaction with a local transaction device;
performing, via client risk assessment logic of the client device, an assessment of client device configuration data to determine a risk level associated with the client device;
identifying, via an adaptive authentication policy module, a transaction class for the particular transaction based on variables associated with the particular transaction;
determining, via an assurance level calculation module of the client device, a required assurance level based on the risk level and the transaction class;
receiving, via one or more user authentication devices of the client device or otherwise coupled thereto, biometric input from a user on the client device and comparing the received biometric input with user biometric reference data previously received and stored at the client device to generate a similarity score;
presenting, via a display of the client device or otherwise coupled thereto, one or more screen layouts to the user;
capturing, via one or more cameras of the client device or otherwise coupled thereto, a sequence of images which include the user's eyes as the one or more screen layouts are displayed;
performing, via an eye tracking module of the client device, eye movement detection across the sequence of images to identify a first correlation between motion of the user's eyes as the one or more screen layouts are presented and an expected motion of the user's eyes as the one or more screen layouts are presented;
generating, via the assurance level calculation module of the client device, a current assurance level by combining the similarity score with a first score associated with the first correlation;
comparing, via the assurance level calculation module of the client device, the current assurance level with the required assurance level to generate an authentication result;
transmitting, via secure communication logic of the client device, the authentication result, but not data related to the biometric input, from the client device to a remote secure transaction service;
and
the remote secure transaction service transmitting a signal to the local transaction device to perform one or more operations of the particular transaction if the authentication result is sufficient to complete the particular transaction.