U.S. Patent Number: 10,110,585
Patent Title: Universal interaction platform for people, services, and devices
Issue Date: October 23, 2018
Inventors: Ghafourifar, et al.
Assignee: Entefy Inc.
Patent Abstract
A zero-trust network and methods of using same are disclosed. The network includes a plurality of nodes, some of which are user devices, such as mobile phones, some of which are computer servers. One or more of the nodes includes a directory system. When a server receives an access request by a user device or other node, the directory system is notified of the request. The directory system will contact a number of randomly selected nodes, and if any one of the nodes does not recognize the requesting device, the requesting device will be denied access. If every queried node is able to authenticate the requesting device, the directory system creates a session for the first device to access the server. The directory system can grant access by providing the server and device reciprocating keys. After the session ends, the accessed node is assigned a new identifier.
USPTO Technical Field
This disclosure relates generally to computer network security. More specifically, this disclosure relates to systems, methods, and computer readable media for multi-party authentication for access permissions in a distributed system without a central trusted authority.
Background
The vast majority of software-based systems rely heavily on the assumption that a server and any client application are designed to interact with a “trusted” resource and therefore, the information and directives which are sent to and from the server are assumed to be “trusted” by the client. In some systems, this could constitute all aspects of the product, whereas in other more secure systems that facilitate end-to-end encryption schemes or possess limited client-server communication, the trusted authority is expected to reliably connect one peer to another for an anonymous key exchange, thus maintaining the privacy of data shared between each peer. In both cases, the central, otherwise trusted authority is still vulnerable to compromise and therefore, the assumption of a “trusted” resource, while traditionally necessary, is an inherent point of vulnerability when designing for system integrity. Further, compromise can occur by exploiting such vulnerabilities via external and internal penetration. Internal compromise is exceptionally difficult to protect against because, it requires that a system or set of processes does not trust itself, a system admin, server, or other authorizing party. This could be made to be analogous to the challenges with a body detecting and fighting cancer since the primary difficult results in detection and containment of one’s own cells. In a server system, these internal parties can, through malice, compromise, or negligence, violate the integrity of the trusted server, having likely been put in a position to be a trusted resource within an otherwise secure network.
The subject matter of the present disclosure is directed at overcoming, or at least reducing, the effects of one or more of the problems set forth above.
Read the full patent here.
ABOUT ENTEFY
Entefy is an enterprise AI software company. Entefy’s patented, multisensory AI technology delivers on the promise of the intelligent enterprise, at unprecedented speed and scale.
Entefy products and services help organizations transform their legacy systems and business processes—everything from knowledge management to workflows, supply chain logistics, cybersecurity, data privacy, customer engagement, quality assurance, forecasting, and more. Entefy’s customers vary in size from SMEs to large global public companies across multiple industries including financial services, healthcare, retail, and manufacturing.
To leap ahead and future proof your business with Entefy’s breakthrough AI technologies, visit www.entefy.com or contact us at contact@entefy.com.