Cryptographic security functions based on anticipated changes in dynamic minutiae

US 10,178,076 B2
Filed: 04/23/2018
Issued: 01/08/2019
Est. Priority Date: 02/03/2011
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a non-transitory memory storing information associated with one or more identities, wherein the information stored for a first identity includes a plurality of identity validation objects comprising an attribute type, an attribute value associated with the attribute type, and information related to one or more anticipated changes for modifying the attribute value, wherein the attribute value is obtained based on user customization data generated from user activities on a first device associated with the first identity; and

one or more hardware processors in communication with the non-transitory memory and configured to execute instructions to cause the system to perform operations comprising;

receiving, from a second device not associated with the first identity, a request to use a service associated with the first identity, wherein the request comprises a message generated based on a data value from the second device corresponding to a first attribute type;

retrieving a first identity validation object that corresponds to the first identity and the first attribute type, the first identity validation object comprising a first attribute value and first information related to one or more anticipated changes for modifying the first attribute value;

generating a set of possible attribute values corresponding to the first identity and the first attribute type by applying the first information to the first attribute value;

determining whether the data value used to create the message corresponds to at least one possible attribute value from the set of possible attribute values; and

granting the second device access to use the service based on the determining.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Dynamic key cryptography validates mobile device users to cloud services by uniquely identifying the user'"'"'s electronic device using a very wide range of hardware, firmware, and software minutiae, user secrets, and user biometric values found in or collected by the device. Processes for uniquely identifying and validating the device include: selecting a subset of minutia from a plurality of minutia types; computing a challenge from which the user device can form a response based on the selected combination of minutia; computing a set of pre-processed responses that covers a range of all actual responses possible to be received from the device if the combination of the particular device with the device'"'"'s collected actual values of minutia is valid; receiving an actual response to the challenge from the device; determining whether the actual response matches any of the pre-processed responses; and providing validation, enabling authentication, data protection, and digital signatures.

Citations

20 Claims

1. A system comprising:
- a non-transitory memory storing information associated with one or more identities, wherein the information stored for a first identity includes a plurality of identity validation objects comprising an attribute type, an attribute value associated with the attribute type, and information related to one or more anticipated changes for modifying the attribute value, wherein the attribute value is obtained based on user customization data generated from user activities on a first device associated with the first identity; and
  
  one or more hardware processors in communication with the non-transitory memory and configured to execute instructions to cause the system to perform operations comprising;
  
  receiving, from a second device not associated with the first identity, a request to use a service associated with the first identity, wherein the request comprises a message generated based on a data value from the second device corresponding to a first attribute type;
  
  retrieving a first identity validation object that corresponds to the first identity and the first attribute type, the first identity validation object comprising a first attribute value and first information related to one or more anticipated changes for modifying the first attribute value;
  
  generating a set of possible attribute values corresponding to the first identity and the first attribute type by applying the first information to the first attribute value;
  
  determining whether the data value used to create the message corresponds to at least one possible attribute value from the set of possible attribute values; and
  
  granting the second device access to use the service based on the determining.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, wherein the requested service comprises registering the second device to be associated with the first identity.
  - 3. The system of claim 2, wherein the operations further comprise in response to granting the second device access to use the service:
    - receiving biometric data of a user from the second device; and
      
      associating the received biometric data of the user with the first identity.
  - 4. The system of claim 1, wherein the requested service comprises accessing a user account associated with the first identity.
  - 5. The system of claim 4, wherein the user account is an account with a website.
  - 6. The system of claim 1, wherein the operations further comprise disassociating the first device from the first identity in response to the request.
  - 7. The system of claim 1, wherein the determining comprises:
    - computing a score indicating a likelihood that the data value from the second device corresponds to the first identity based at least in part on comparing the at least one possible attribute value against other possible attribute values in the set of possible attribute values; and
      
      determining whether the computed score passes a predetermined threshold.
  - 8. The system of claim 1, wherein the plurality of identity validation objects includes objects representing at least three non-static characteristics associated with the first identity selected from the group of non-static characteristics comprising:
    - user added data, calling application data, software component data, network connection data, and geo-location data.
  - 9. The system of claim 1, wherein the data value from the second device serves a purpose for the second device other than a security purpose.
  - 10. The system of claim 1, wherein the operations further comprise:
    - generating the first information related to the one or more anticipated changes for modifying the first attribute value; and
      
      incorporating the generated first information into the first identity validation object.
  - 11. The system of claim 10, wherein generating the first information comprises:
    - retrieving, from an external source over a network, data related to one or more potential changes to a non-static characteristic of the first identity corresponding to the first attribute type; and
      
      deriving the first information related to the one or more anticipated changes based on the retrieved data and the first attribute value.

12. A method comprising:
- storing information associated with one or more identities, wherein the information stored for a first identity includes a plurality of identity validation objects comprising an attribute type, an attribute value associated with the attribute type and obtained based on user customization data generated from user activities on a first device associated with the first identity, and information related to one or more anticipated changes for modifying the attribute value;
  
  receiving, from a second device not associated with the first identity, a request to use a service associated with the first identity, wherein the request comprises a message generated based on a data value from the second device corresponding to a first attribute type;
  
  retrieving a first identity validation object that corresponds to the first identity and the first attribute type, the first identity validation object comprising a first attribute value and first information related to one or more anticipated changes for modifying the first attribute value;
  
  generating a set of anticipated attribute values corresponding to the first identity and the first attribute type by applying the first information to the first attribute value;
  
  determining whether the data value used to create the message corresponds to at least one anticipated attribute value from the set of anticipated attribute values; and
  
  granting the second device access to use the service based on the determining.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The method of claim 12, wherein the requested service comprises registering the second device to be associated with the first identity.
  - 14. The method of claim 13, further comprisingin response to granting the second device access to use the service, receiving biometric data of a user from the second device;
    - andassociating the received biometric data of the user with the first identity.
  - 15. The method of claim 12, wherein the requested service comprises accessing a user account associated with the first identity.
  - 16. The method of claim 15, wherein the user account is an account with a website.
  - 17. The method of claim 12, further comprising disassociating the first device from the first identity in response to the request.
  - 18. The method of claim 12, wherein the determining comprises:
    - computing a score indicating a likelihood that the data value from the second device corresponds the first identity based at least in part on comparing the at least one anticipated attribute value against other anticipated attribute values in the set of anticipated attribute values; and
      
      determining whether the computed score passes a predetermined threshold.
  - 19. The method of claim 12, wherein the plurality of identity validation objects includes objects representing at least three non-static characteristics associated with the first identity selected from the group of non-static characteristics comprising:
    - user added data, calling application data, software component data, network connection data, and geo-location data.
  - 20. The method of claim 12, wherein the data value from the second device serves a purpose for the second device other than a security purpose.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
mSIGNIA, Inc.
Original Assignee
mSIGNIA, Inc.
Inventors
Miller, Paul Timothy, Tuvell, George Allen
Primary Examiner(s)
Ho, Dao Q

Application Number

US15/960,294
Publication Number

US 20180248856A1
Time in Patent Office

260 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0457   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/0876   based on the identity of th...

H04L 9/0861   Generation of secret inform...

H04L 9/0866   involving user or device id...

H04L 9/0872   using geo-location informat...

H04L 9/16   the keys or algorithms bein...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

Cryptographic security functions based on anticipated changes in dynamic minutiae

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic security functions based on anticipated changes in dynamic minutiae

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links