This disclosure relates generally to information security. More specifically, this disclosure relates to user authentication using diverse media inputs and hash-based ledgers.
User authentication may be requested before a user is granted access to secure information and/or services. The purpose of user authentication is to determine that the user is an authorized individual who should be granted access to the secure information and/or services. For example, a user may be requested to provide a username and password to access a secure service. Additionally, biometric features—visual appearance, voice, fingerprint etc. —that are unique to a user may be used to authenticate a user's identity. When prompted, the user may record a video, submit a photo, or record an audio message for the computer to analyze and compare with the authentic user's features.
The use of many such authentication mechanisms is complicated by the rise of synthetic media (i.e., media that is artificially produced, manipulated, and/or modified). Synthetic media can be used to fool biometric authentication mechanisms by inputting a computer-generated media sample instead of actually recording information related to the individual trying to bypass the authentication mechanism. Synthetic media, often referred to as “deepfakes,” are generated using generative machine learning. The algorithms employed improve at a rapid pace, making it more difficult to distinguish deepfakes from authentic media.
According to one embodiment, a system for authenticating a user action comprises a memory and a hardware processor. The memory is configured to store a verification media sample and a hash function. The verification media sample comprises a media sample associated with an entity. The media sample comprises a portion that is designated as critical. A portion is critical if it is designated to be used as a unique identifier of the entity. The processor is configured to receive a login sample. The login sample comprises a media sample for determining whether a user is the entity it purports to be. The processor is further configured to decompose the login sample into a first and second layer. The first layer comprises a first separable code element of the login sample. The second layer comprises a second separable code element of the login sample. The processor is also configured to decompose the verification media sample into a first and second layer. The first layer comprises a first separable code element of the verification media sample. The second layer comprises a second separable code element of the verification media sample. The processor is then configured to determine that the first layer of the login sample does not match the first layer of the verification media sample, that the second layer of the login sample does not match the second layer of the verification media sample, or both. The processor is also configured to receive an indication designating a portion of the login sample as critical. The processor is further configured to extract a first and second critical portion from the first and second layers, respectively. The first and second critical portions comprise information associated with the portion of the login sample designated as critical. Additionally, the processor is configured to apply the hash function to the first critical portion to generate a first login hash value. The processor is configured to apply the hash function to the second critical portion to generate a second login hash value. Additionally, the processor is configured to retrieve a first ledger hash value associated with the first layer of the verification media sample and a second ledger hash values associated with the second layer of the verification media sample from a block in a blockchain ledger. The processor is then configured to determine that the first login hash does not match the first ledger hash, the second login hash does not match the ledger hash, or both. Finally, the processor is configured to flag the user as not the entity it purports to be.
Certain embodiments provide one or more technical advantages. As an example, an embodiment improves the accuracy of an authentication method by enabling multi-layer analysis of input media samples. Simple single-layer analysis of media samples is more likely to miss subtle differences between synthetic media and genuine samples that the synthetic media aims to replicate. Additionally, some embodiments generate a unique signature that can be stored in a blockchain ledger. The signature comprises selected portions of a media sample that are designated as critical, and authentication requires comparing the selected portions of the media to reference data that only matches those portions of the media sample. Thus, even if a synthetic media sample were to achieve perfect matching with reference media, the authentication sample would ferret out an entity submitting the synthetic media sample because the authentication system would require the entity to select a portion of their submitted media sample that correlates precisely with the reference media sample. As another example, an embodiment is capable of detecting differences between synthetic media and a reference media sample by comparing hash values generated from the two media samples. If any portion of the media samples deviate from each other, then the hash values will not match.
The system described in this disclosure may be integrated into a practical application of an identity verification tool to limit access to physical locations, electronic data, online user accounts, or individual internet transactions. For example, the disclosed system may be integrated into an authentication mechanism for logging into a user account for a mobile application. Additionally, the disclosed system may be deployed as a second authentication factor in a two-factor authentication scheme. The disclosed system and methods may further be deployed to verify individual internet data transfers by using camera and microphone inputs of a user device to observe who is making the transaction and confirm that synthetic media is not being submitted to circumvent the authentication measures.
Certain embodiments of this disclosure may include some, all, or none of these advantages. These advantages and other features will be more clearly understood from the following detailed description taken in conjunction with the accompanying drawings and claims.
For a more complete understanding of the present disclosure, reference is now made to the following description, taken in conjunction with the accompanying drawings, in which:
Embodiments of the present disclosure and its advantages are best understood by referring to
Multi-Media Identity Verification System Overview
In one embodiment, the multi-media identity verification system 100 comprises an authentication server 102, database 104, and user devices 106 and 108. The authentication server 102, database 104, and user devices 106 and 108 communicate through network 110. Network 110 facilitates communication between and amongst the various components of the system 100. This disclosure contemplates network 110 being any suitable network operable to facilitate communication between the components of the system 100. Network 110 may include any interconnecting system capable of transmitting audio, video, signals, data, messages, or any combination of the preceding. Network 110 may include all or a portion of a public switched telephone network (PSTN), a public or private data network, a local area network (LAN), a metropolitan area network (MAN), a wide area network (WAN), a local, regional, or global communication or computer network, such as the Internet, a wireline or wireless network, an enterprise intranet, or any other suitable communication link, including combinations thereof, operable to facilitate communication between the components.
Authentication Server
An example authentication server 102 includes processor 112, network interface 114, and memory 116. The processor 112 comprises one or more processors operably coupled to the memory 116. The processor 112 is any electronic circuitry including, but not limited to, state machines, one or more central processing unit (CPU) chips, logic units, cores (e.g. a multi-core processor), field-programmable gate array (FPGAs), application specific integrated circuits (ASICs), or digital signal processors (DSPs). The processor 112 may be a programmable logic device, a microcontroller, a microprocessor, or any suitable combination of the preceding. The one or more processors are configured to process data and may be implemented in hardware or software. For example, the processor 112 may be 8-bit, 16-bit, 32-bit, 64-bit or of any other suitable architecture. The processor 112 may include an arithmetic logic unit (ALU) for performing arithmetic and logic operations, processor registers that supply operands to the ALU and store the results of ALU operations, and a control unit that fetches instructions from memory and executes them by directing the coordinated operations of the ALU, registers and other components.
The one or more processors 112 are configured to implement various instructions 117. For example, the one or more processors 112 are configured to execute one or more sets of instructions 117 to implement a service application 118, a security module 120, an input verifier 122, one or more media handlers 124, and a validator module 132. In this way, processor 112 may be a special purpose computer designed to implement the functions disclosed herein. In an embodiment, the service application 118, a security module 120, an input verifier 122, one or more media handlers 124, and/or a validator module 132 are implemented using logic units, FPGAs, ASICs, DSPs, or any other suitable hardware. For example, the service application 118 may be configured to perform one or more steps of the operational flow 600 as described in
The network interface 114 is configured to enable wired and/or wireless communications. The network interface 114 is configured to communicate data between the authentication server 102 and other devices (e.g., database 104 and user devices 106 and 108), systems, or domains. For example, the network interface 114 may comprise a WIFI interface, a LAN interface, a WAN interface, a modem, a switch, or a router. The processor 112 is configured to send and receive data using the network interface 114. The network interface 114 may be configured to use any suitable type of communication protocol as would be appreciated by one of ordinary skill in the art.
Memory 116 comprises one or more disks, tape drives, or solid-state drives, and may be used as an over-flow data storage device, to store programs when such programs are selected for execution, and to store instructions and data that are read during program execution. The memory 116 may be volatile or non-volatile and may comprise read-only memory (ROM), random-access memory (RAM), ternary content-addressable memory (TCAM), dynamic random-access memory (DRAM), and static random-access memory (SRAM).
The memory 116 is operable to store instructions 117, a service application 118, a security module 120, an input verifier 122, one or more media handlers 124, a validator module 132, and a hash function 133. The service application 118 is generally any mobile or web-based application or other website that users may access to communicate, transfer digital information, or conduct electronic transactions. Examples of service application 118 are discussed in more detail in
Database 104 is generally any database (i.e., including hardware and/or software) operable to store information used by the authentication server 102. While database 104 is depicted as remote from authentication server 102, alternate embodiments may incorporate database 104 into memory 116 of authentication server 102. The database 104 stores user profiles 136. Each user of a service application 118 has an associated user profile 136. Each user profile 136 comprises a password 138, a verification media sample 140, and a user identifier 141. The password 138 may be comprised of any number of characters or symbols. The verification media sample 140 may be an audio file, a video file, an image file, a text file, or any hybrid media format. The verification media sample 140 is selected by the user when they create a user profile 136. Generally, the verification media sample 140 is used as part of an authentication mechanism for the user. The user identifier 141 is any string of characters or symbols that uniquely associates the user profile 136 with a specific user of a service application 118. Database 104 and the information stored within are discussed in more detail in
User Devices
User devices 106 and 108 are generally any computing devices operable to run a service application 118 and receive login and verification information from users 142 and 150, respectively. As such, a user device generally includes a user interface operable to display login prompts and media samples used to authenticate the user's identity. The user devices 106 and 108 also include mechanisms for the user to input media samples and to interact with the media sample on a visual display. The user devices 106 and 108 transmit authentication data 143 and 151, respectively, to the authentication server 102 through network 110. Authentication data 143 and 151 may include a user identifier and a password used to log into a user account. The authentication data 143 and 151 may also include data related to a media sample submitted by the user 142 or 150 to authenticate its identity. In the example of
User device 108 serves the same general function as user device 106 but is illustrated to show that the authentication methods described in this disclosure can be implemented on any computing device that can access software applications or websites that require authentication over a communications network. The user device 108 represents a personal computer. The user device 108 includes a display 152 that is configured to display a login sample 154. The login sample 154 is presented to user 150 to authenticate that the user 150 is indeed user 150. Cursor 156 may be used to select a portion of the login sample 154 for use in the authentication process. The role of user devices 106 and 108 are described in more detail along with the authentication process in
Blockchain ledger 134 is an open, decentralized and distributed digital ledger consisting of records called blocks that are used to record transactions across many nodes (e.g., authentication server 102, user devices 106 and 108, and any other computing device capable of communicating through network 110). Each node of a blockchain network (e.g., authentication server 102, user devices 106 and 108, and any other computing device capable of communicating through network 110) may store and maintain a copy of the blockchain ledger 134. Logically, a blockchain ledger 134 is a chain of blocks which contains specific information. Once recorded, the data in any given block cannot be altered retroactively without alteration of all subsequent blocks, which requires consensus of the network majority. Each node within the network maintains, approves, and updates new entries. The system is controlled not only by separate individuals, but by everyone within the blockchain network. Each member ensures that all records and procedures are in order, which results in data validity and security. By design, a blockchain is resistant to modification of the data. For use as a distributed ledger, a blockchain is typically managed by a peer-to-peer network collectively adhering to a protocol for inter-node communication and validating new blocks. Each block of the blockchain ledger 134 includes a user profile 158. The user profile 158 includes a user identifier 141 that links the block to a specific user such as user 150. The user profile 158 also includes a media layer hash 162 and a media layer hash 164. The media layer hashes 162 and 164 are generated from a verification media sample 140 that the user submits upon registration with a service application 118. While only two media hashes are depicted, some embodiments will have more while some will have fewer. Further explanation of the blockchain ledger 134 and its contents is provided in
Generating a User Security Profile
The user 150 may select any portion of the media sample 154 that is less than the whole sample. For example, in the case of an audio sample the critical portion may comprise a time span that is less than the full time-span of the audio track. When the media sample 154 is an image file, the critical portion may comprise a subset of the pixels of the image that is less than the total number of pixels in the image. When the media sample 154 is a video file, the critical portion may comprise a location in the video frame, the location comprising a defined subset of the pixels of the frame less than the total number of pixels, and a time span that is less than the full time-span of the video. When the media sample 154 is a text file, the critical portion may be a specific word or phrase.
Method 300 then proceeds to step 306 where the security module 120 splits the media sample into a verification sample comprising the critical portion of the media sample. In this example, the security module 120 would isolate the data in the selfie that is related to the encircled region around the left eye. At step 308, the security module 120 decomposes the verification sample into one or more component layers. For example, an audio file that is in stereo format may be decomposed into a first layer that comprises the left channel of the stereo track and into a second layer that comprises the right channel of the stereo track. An image file may be decomposed into a first layer comprising data generated using edge detection, a second layer comprising data generated using blob detection, and a third layer comprising data obtained using ridge detection. A video file may be decomposed into a first layer that comprises audio data of the video file and the second layer may comprise pixels from the video file. Layers may be generated by using any of a number of media analysis methods that can isolate features of a media sample. In this example, the security module 308 would decompose the verification sample into a layer that represents the pixel density and a layer that represents the color contrast. Then, at step 310, the security module 120 generates a hash value from the layers generated at step 308. In the present example the security module 120 would apply the hash function 133 to the pixel density data to generate a media layer hash 162, and it would apply the hash function 133 to the color contrast data to generate a media layer hash 164. At step 312 the security module 120 generates a blockchain transaction for the user profile 158 associated with user 150. The user profile 150 includes the media layer hashes 162 and 164 along with a user identifier 141. The blockchain transaction is stored as a block in a blockchain ledger 134. The block (i.e., the user profile 158) may be located in the blockchain by searching for the user identifier 141.
Multi-Media Identity Verification Process
After the appropriate media handler module 124 extracts the relevant data from the login sample 154, the extracted data is analyzed by validator module 132. The validator module 132 uses deep learning techniques at operation 208 to compare the layers isolated from the login sample 154 to the corresponding layers in the verification media sample 140 in the user profile 136 associated with user 150. Then, at operation 210, the validator module 132 generates hash values from the isolated layers and compares these hash values to the media layer hash values 162 and 164 stored in the user profile 158 of blockchain ledger 134. An exact match between the hashes indicates that the login sample 154 is unaltered from the verification media sample 140. Accordingly, the authentication attempt will be approved. If the hashes do not match, then that indicates that login sample 154 has been altered or is a synthetic sample trying to replicate verification media sample 140. In such cases the authentication attempt will be denied and any action user 150 was trying to make will be denied. For example, if the user 150 is trying to make a data transfer through the service application 118 and the hashes do not match, the data transfer may be terminated.
Next, the validator module 132 decomposes the login sample 154 into a first and second layer at step 504. The first layer includes a first separable code element of the login sample 154. The second layer includes a second separable code element of the login sample 154. Separable code element refers to those portions of the code for the login sample 154 that may be isolated for specific features. As discussed above, there are numerous methods of decomposing a media sample into various layers (e.g., splitting stereo audio into left and right tracks, data generated from an edge detection algorithm, etc.). Continuing with the example from
Using the same decomposition methods, the validator module 132 then decomposes the verification media sample 140, located based on the user identifier 141 associated with user 150, into a first and second layer. The first layer includes a first separable code element of the verification media sample 140. The second layer includes a second separable code element of the verification media sample 140.
At step 506 the validator module 132 compares the layers of the login sample 154 with the corresponding layers of the verification media sample 140. If the layers match at decision 508, then the user 150 is considered authenticated at step 510 and may complete its intended task. However, if either the first layer of the login sample 154 does not match the first layer of the verification media sample 140, the second layer of the login sample 154 does not match the second layer of the verification media sample 140, or both at decision 508, then further analysis is necessary.
When there is deviation between one or both layers, the method 500 proceeds to step 512 where the validator module 132 receives an indication designating a portion of the login sample as critical. As discussed above, this may be in the form of user 150 selecting a portion of the login sample 154. In the example of
Then, at step 514, the validator module 132 will extract the critical portion from the first layer (pixel density) and second layer (color contrast) of the login sample 154 generated at step 504. The extracted critical portions comprise the information associated with the portion of the login sample 154 designated as critical (e.g., left eye of selfie).
At step 516 the validator module 132 will apply hash function 133 to the extracted first and second critical portions to generate a first and a second hash value. Thus, using the example of
At step 518 the validator module 132 retrieves from a block in a blockchain ledger 134 hash values that correspond to the layers of the login sample 154. The validator module 132 locates the appropriate block in the blockchain ledger 134 by searching for the user identifier 141 in the block that matches the user identifier 141 in the user profile 136 stored in database 104. In this case the validator module 132 would retrieve media layer hash 162 and media layer hash 164 that represent hashes derived from the first and second layers, respectively, of the verification media sample 140.
At step 520, the validator module 132 then compares the media layer hash 162 to the first hash value generated at step 512. Validator module 132 also compares media layer hash 164 to the second hash value generated at step 514.
If the hash pairs match at decision 522, then at step 524 the identity of user 150 is considered authenticated and the user 150 may be granted access to all or a portion of the service application 118 or user 150 may be permitted to complete a data transfer through the service application 118.
If, however, one or both pairs of hash values do not match at decision 522, that indicates the login sample 154 does not match verification media sample 140. This indicates a likelihood that the received login sample 154 is not genuine. At step 526 the validator module 132 assigns a confidence interval to its determination that the media layer hash 162 does not match the first hash value generated at step 516, that the media layer hash 164 does not match the second hash value generated at step 516, or that both pairs don't match.
If the confidence interval calculated at step 526 exceeds a threshold at decision 528, then the identity of user 150 is not authenticated and the user 150 will be flagged at step 530 as not the entity it purports to be at step 524. Once flagged, any action user 150 was attempting to make using service application 118 will be denied. If the confidence interval calculated at step 520 does not exceed the threshold at decision 528, then the authentication attempt is flagged for further review at step 526. The system administrator may then conduct manual review of the login attempt or apply other machine learning methods to do the same.
Implementation in an Internet Transaction
While several embodiments have been provided in the present disclosure, it should be understood that the disclosed systems and methods might be embodied in many other specific forms without departing from the spirit or scope of the present disclosure. The present examples are to be considered as illustrative and not restrictive, and the intention is not to be limited to the details given herein. For example, the various elements or components may be combined or integrated in another system or certain features may be omitted, or not implemented.
In addition, techniques, systems, subsystems, and methods described and illustrated in the various embodiments as discrete or separate may be combined or integrated with other systems, modules, techniques, or methods without departing from the scope of the present disclosure. Other items shown or discussed as coupled or directly coupled or communicating with each other may be indirectly coupled or communicating through some interface, device, or intermediate component whether electrically, mechanically, or otherwise. Other examples of changes, substitutions, and alterations are ascertainable by one skilled in the art and could be made without departing from the spirit and scope disclosed herein.
To aid the Patent Office, and any readers of any patent issued on this application in interpreting the claims appended hereto, applicants note that they do not intend any of the appended claims to invoke 35 U.S.C. § 112(f) as it exists on the date of filing hereof unless the words “means for” or “step for” are explicitly used in the particular claim.
Number | Name | Date | Kind |
---|---|---|---|
6640145 | Hoffberg et al. | Oct 2003 | B2 |
7571471 | Sandhu et al. | Aug 2009 | B2 |
7734045 | Sandhu et al. | Jun 2010 | B2 |
7756348 | Mukherjee et al. | Jul 2010 | B2 |
7949186 | Grauman et al. | May 2011 | B2 |
7958063 | Long et al. | Jun 2011 | B2 |
8578508 | Takashima | Nov 2013 | B2 |
8958566 | Hellmuth et al. | Feb 2015 | B2 |
9037867 | Ueda et al. | May 2015 | B2 |
9082165 | Guissin | Jul 2015 | B2 |
9495591 | Visser et al. | Nov 2016 | B2 |
9805726 | Adami et al. | Oct 2017 | B2 |
9852737 | Kim et al. | Dec 2017 | B2 |
9870508 | Hodgson et al. | Jan 2018 | B1 |
9961316 | Tan et al. | May 2018 | B2 |
9967261 | Liebl, III et al. | May 2018 | B2 |
10261846 | Patton | Apr 2019 | B1 |
10348505 | Crawforth | Jul 2019 | B1 |
10396985 | Nagelberg | Aug 2019 | B1 |
10475272 | Campcro et al. | Nov 2019 | B2 |
10476675 | Narendra et al. | Nov 2019 | B2 |
10530577 | Pazhoor | Jan 2020 | B1 |
10554414 | Winarski | Feb 2020 | B1 |
10602202 | Taylor | Mar 2020 | B1 |
10681377 | Adams et al. | Jun 2020 | B2 |
10692054 | Chow et al. | Jun 2020 | B2 |
10715329 | Wellman | Jul 2020 | B1 |
10735193 | Knas | Aug 2020 | B1 |
10880089 | Brown | Dec 2020 | B2 |
10972475 | Zaki | Apr 2021 | B1 |
11025646 | Ford | Jun 2021 | B2 |
11074650 | Madisetti | Jul 2021 | B1 |
11101995 | Oliver | Aug 2021 | B1 |
11128442 | Deshpande | Sep 2021 | B1 |
20040208493 | Kashiwa et al. | Oct 2004 | A1 |
20080039140 | Morris et al. | Feb 2008 | A1 |
20120323717 | Kirsch | Dec 2012 | A1 |
20130014248 | McLaughlin | Jan 2013 | A1 |
20140372754 | Aissi | Dec 2014 | A1 |
20150005032 | Fletcher et al. | Jan 2015 | A1 |
20160261411 | Yau et al. | Sep 2016 | A1 |
20160283941 | Andrade | Sep 2016 | A1 |
20170099149 | Eber et al. | Apr 2017 | A1 |
20170134162 | Code | May 2017 | A1 |
20170206523 | Goeringer et al. | Jul 2017 | A1 |
20170257358 | Ebrahimi | Sep 2017 | A1 |
20180115416 | Diehl | Apr 2018 | A1 |
20180121635 | Tormasov | May 2018 | A1 |
20180152297 | Fielding et al. | May 2018 | A1 |
20180198630 | Androulaki et al. | Jul 2018 | A1 |
20180218358 | Mardikar | Aug 2018 | A1 |
20180232526 | Reid | Aug 2018 | A1 |
20180270065 | Brown et al. | Sep 2018 | A1 |
20180294957 | O'Brien et al. | Oct 2018 | A1 |
20180343120 | Andrade | Nov 2018 | A1 |
20190005154 | Tripathi | Jan 2019 | A1 |
20190058709 | Kempf | Feb 2019 | A1 |
20190092279 | Jarvis et al. | Mar 2019 | A1 |
20190140844 | Brown et al. | May 2019 | A1 |
20190158274 | Tormasov | May 2019 | A1 |
20190158481 | Ronda et al. | May 2019 | A1 |
20190182042 | Ebrahimi | Jun 2019 | A1 |
20190236598 | Padmanabhan | Aug 2019 | A1 |
20190253406 | Johri | Aug 2019 | A1 |
20190273617 | Maher | Sep 2019 | A1 |
20190281028 | Gillan et al. | Sep 2019 | A1 |
20190311148 | Andrade | Oct 2019 | A1 |
20190312863 | Chow | Oct 2019 | A1 |
20190325432 | Ow | Oct 2019 | A1 |
20190333058 | Hong | Oct 2019 | A1 |
20190342344 | Anton et al. | Nov 2019 | A1 |
20190363889 | Wang | Nov 2019 | A1 |
20190370479 | Uhr et al. | Dec 2019 | A1 |
20190378142 | Darnell et al. | Dec 2019 | A1 |
20200012806 | Bates et al. | Jan 2020 | A1 |
20200026834 | Vimadalal et al. | Jan 2020 | A1 |
20200036707 | Callahan et al. | Jan 2020 | A1 |
20200051232 | McGregor | Feb 2020 | A1 |
20200074059 | Beckett, Jr. | Mar 2020 | A1 |
20200074111 | Mitchell | Mar 2020 | A1 |
20200092301 | Coffing | Mar 2020 | A1 |
20200106708 | Sleevi | Apr 2020 | A1 |
20200162236 | Miller et al. | May 2020 | A1 |
20200175136 | Chen | Jun 2020 | A1 |
20200204557 | Singh | Jun 2020 | A1 |
20200210956 | De Malzac de Sengla et al. | Jul 2020 | A1 |
20200374129 | Dilles | Nov 2020 | A1 |
20210176054 | Zabar | Jun 2021 | A1 |
20210342967 | Popov | Nov 2021 | A1 |
Entry |
---|
U.S. Appl. No. 17/018,918, filed Sep. 11, 2020, Chauhan et al. |
Number | Date | Country | |
---|---|---|---|
20220086004 A1 | Mar 2022 | US |