Methods of dynamically securing electronic devices and other communications through environmental and system measurements leveraging tailored trustworthy spaces and continuous authentication

US 10,185,835 B2
Filed: 07/31/2017
Issued: 01/22/2019
Est. Priority Date: 10/24/2013
Status: Active Grant

First Claim

Patent Images

1. A method performed by a first and second data processing apparatus that are communicatively coupled, the method comprising:

obtaining, by the first data processing apparatus, one or more signals from one or more sensors communicatively coupled to the first data processing apparatus;

determining, by the first data processing apparatus, a varying trust level in the operating security state of the first data processing apparatus by applying at least one of a scaling function, identity function, assignment function, step function, artificial neural network, and machine learning techniques to the one or more signals from the one or more sensors to determine a first TTS measurement;

determining, by the first data processing apparatus, at least two trust levels from the one or more signals, wherein each trust level is determined independently of any other trust level;

creating a third trust level by combining the at least two trust levels;

transmitting, by the first data processing apparatus to the second data processing apparatus, the first TTS measurement, wherein the second data processing apparatus is operating in a first operating security state; and

changing, by the second data processing apparatus after receiving the first TTS measurement, from the first operating security state of the second data processing apparatus to a second operating security state by at least one of control, direction, manipulation, limitation, activation, and deactivation of at least one of a plurality of operating security states of the second data processing apparatus;

wherein the first data processing apparatus and the second data processing apparatus are communicatively coupled by a first communication method;

wherein the changing from the first operating security state to the second operating security state by the second data processing apparatus comprises;

determining, by the second data processing apparatus, a TTS state using tailored trustworthy space rules (“

TTS rules”

) and the first TTS measurement received from the first data processing apparatus;

wherein the determining, by the first data processing apparatus, one of the at least two trust levels further comprises;

using data from at least one TTS rule, wherein the data comprises one or more of a historical trust level and a historical value for one of the one or more signals used in determining one of the at least two trust levels; and

wherein machine learning techniques are used to determine if the first data processing apparatus is currently operating in one of a typical way and an atypical way.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention is for a system capable of securing one or more fixed or mobile computing device and connected system. Each device is configured to change its operating posture by allowing, limiting, or disallowing access to applications, application features, devices features, data, and other information based on the current Tailored Trustworthy Space (TTS) definitions and rules which provided for various situationally dependent scenarios. Multiple TTS may be defined for a given deployment, each of which specifies one or more sensors and algorithms for combining sensor data from the device, other connected devices, and/or other data sources from which the current TTS is identified. The device further achieves security by loading digital credentials through a unidirectional multidimensional physical representation process which allows for the device to obtain said credentials without the risk of compromising the credential issuing system through the data transfer process. This secure system methodology may be used to create a Mobile Secure Compartmentalized Information Facility (M-SCIF), among other applications.

45 Citations

View as Search Results

18 Claims

1. A method performed by a first and second data processing apparatus that are communicatively coupled, the method comprising:
- obtaining, by the first data processing apparatus, one or more signals from one or more sensors communicatively coupled to the first data processing apparatus;
  
  determining, by the first data processing apparatus, a varying trust level in the operating security state of the first data processing apparatus by applying at least one of a scaling function, identity function, assignment function, step function, artificial neural network, and machine learning techniques to the one or more signals from the one or more sensors to determine a first TTS measurement;
  
  determining, by the first data processing apparatus, at least two trust levels from the one or more signals, wherein each trust level is determined independently of any other trust level;
  
  creating a third trust level by combining the at least two trust levels;
  
  transmitting, by the first data processing apparatus to the second data processing apparatus, the first TTS measurement, wherein the second data processing apparatus is operating in a first operating security state; and
  
  changing, by the second data processing apparatus after receiving the first TTS measurement, from the first operating security state of the second data processing apparatus to a second operating security state by at least one of control, direction, manipulation, limitation, activation, and deactivation of at least one of a plurality of operating security states of the second data processing apparatus;
  
  wherein the first data processing apparatus and the second data processing apparatus are communicatively coupled by a first communication method;
  
  wherein the changing from the first operating security state to the second operating security state by the second data processing apparatus comprises;
  
  determining, by the second data processing apparatus, a TTS state using tailored trustworthy space rules (“
  
  TTS rules”
  
  ) and the first TTS measurement received from the first data processing apparatus;
  
  wherein the determining, by the first data processing apparatus, one of the at least two trust levels further comprises;
  
  using data from at least one TTS rule, wherein the data comprises one or more of a historical trust level and a historical value for one of the one or more signals used in determining one of the at least two trust levels; and
  
  wherein machine learning techniques are used to determine if the first data processing apparatus is currently operating in one of a typical way and an atypical way.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein upon a change of the trust level, causing the second data processing apparatus to terminate a communication with the first data processing apparatus based on the TTS state.
  - 3. The method of claim 1, wherein the transmitting by the first data processing apparatus to the second data processing apparatus further comprises transmitting the at least one of:
    - the one or more signals from the one or more sensors, the TTS state, and the operating security state of the first data processing apparatus.
  - 4. The method of claim 1, wherein the TTS measurement corresponds to a numeric assessment of a security posture of a system comprising the first data processing apparatus and the second data processing apparatus, and represents at least one of the following:
    - that the system is being used compliant with a normal usage pattern;
      
      that conditions are both typical and meet control requirements;
      
      that an authorized user or users of the first data processing apparatus are within some specified range of the first data processing apparatus;
      
      that unauthorized users are not within some specified range of the first data processing apparatus; and
      
      that only a specified number of persons are viewing a screen of the first data processing apparatus.
  - 5. The method of claim 1, wherein the first data processing apparatus is a mobile device comprising at least one of:
    - a cell phone, tablet, and watch.
  - 6. The method of claim 1, wherein the first data processing apparatus is a non-mobile device comprising at least one of:
    - a desktop computer, server, and stationary electrical equipment.
  - 7. The method of claim 1, wherein the TTS rules specify an action to at least one of:
    - unlock a keystore on the second data processing apparatus, unlock the second data processing apparatus, unlock a first feature of the second data processing apparatus, and unlock a second feature of an application on the second data processing apparatus.
  - 8. The method of claim 1, wherein the first communication method comprises at least one of:
    - a cellular voice call, a VoIP voice call, voice data, video data, a text, a SMS, an email, and any combination thereof, whereby data is transferred via the first communication method using one of;
      
      a real time method, a store-and-retrieve method, and a store-and-forward method; and
      
      wherein information corresponding to at least one of;
      
      the first TTS measurement, the operating security state, the TTS state, the TTS rules, and configuration, is stored within at least one of;
      
      a body of a communication message, a header of the communication message, messaging protocol of the communication message, and a separate message transmitted independently of the communication message over a same or different data transport mechanism to one or more communicating data processing apparatuses.
  - 9. The method of claim 1, wherein a first sensor of the one or more sensors is a remote sensor located externally to the first data processing apparatus, wherein the remote sensor transmits one or more of a signal and the first TTS measurement.
  - 10. The method of claim 1, wherein a first sensor of the one or more sensors is located on the first data processing apparatus and communicatively coupled to a processor and a memory inside the first data processing apparatus.
  - 11. The method of claim 1, further comprising:
    - generating, by the first data processing apparatus, a plurality of alerts and notifications transmitted to at least one of;
      
      an externally located system and the second data processing apparatus.

12. A system for facilitating communication between devices comprising:
- a first data processing apparatus comprising a first processor, a first memory, and one or more first sensors;
  
  a second data processing apparatus comprising a second processor, a second memory, and communicatively coupled to the first data processing apparatus by a first communication method; and
  
  an intermediate device comprising one or more second sensors, the intermediate device communicatively coupled between the first data processing apparatus and the second data processing apparatus;
  
  wherein the second memory stores computer-executable instructions that, when executed by the second processor, cause the second data processing apparatus to;
  
  receive one or more external TTS measurements from a transmitting apparatus comprising at least one of the first data processing apparatus and the intermediate device, wherein the transmitting apparatus is configured to determine the one or more external TTS measurements by applying at least one of a scaling function, identity function, assignment function, step function, artificial neural network, and machine learning techniques to the one or more signals received by the transmitting apparatus from the at least one of the one or more first sensors and the one or more second sensors;
  
  perform a first check comparing the one or more external TTS measurements against at least one value defined by at least one TTS rule;
  
  pass the first check to obtain a first TTS state; and
  
  after passing the first check, adjust, by the second processor, the operating security state of the second data processing apparatus to implement the first TTS state by performing at least one of;
  
  loading a communication method configuration,enabling a keystore access,enabling an incoming communication,enabling an outgoing communication,enabling a communication request notification,establishing a communication with an endpoint,causing hardware actions on the second data processing apparatus,causing first application specific behavior actions,enabling a first feature of the second data processing apparatus, andenabling a second feature of an application on the second data processing apparatus;
  
  wherein the transmitting apparatus is configured to determine at least two TTS measurements from the one or more signals, wherein each TTS measurements is determined independently of any other TTS measurement;
  
  wherein the transmitting apparatus is further configured to determine a third TTS measurements by combining the at least two TTS measurements;
  
  wherein the transmitting apparatus is further configured to determine one of the at least two TTS measurements using data from at least one TTS rule, wherein the data comprises one or more of a historical TTS measurement and a historical value for one of the one or more signals used in determining one of the at least two TTS measurements; and
  
  wherein machine learning techniques are used to determine if the transmitting apparatus is currently operating in one of a typical way and an atypical way.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The system of claim 12, wherein the communication request notification comprises at least one of a ringer and haptic feedback.
  - 14. The system of claim 12, wherein the hardware actions caused on the second data processing apparatus comprise at least one of:
    - a screen lock, shutdown, device wipe, vibration, graphical, visual screen notification, visual indicator light, and noise notification.
  - 15. The system of claim 12, wherein at least one of the one or more first sensors and the one or more of second sensors further comprise a remote sensor located externally to the transmitting apparatus and located on the second data processing apparatus.
  - 16. The system of claim 12, wherein the one or more first sensors comprises at least one of:
    - an accelerometer;
      
      gyroscope;
      
      ambient light sensor;
      
      device screen backlight level sensor;
      
      audio sensor;
      
      audio sensor with microphone;
      
      GPS unit;
      
      a location providing sensor;
      
      a position providing sensor;
      
      a camera;
      
      WiFi;
      
      cellular;
      
      packet radio;
      
      data radio;
      
      voice radio;
      
      Bluetooth;
      
      thermometer;
      
      barometer;
      
      biometric input;
      
      Near Field Communication (NFC) sensor;
      
      camera;
      
      proximity sensor;
      
      radiation, chemical, or biological detector;
      
      biomechanics sensor;
      
      biomedical sensor;
      
      electric or magnetic field sensor;
      
      electromagnetic spectrum analyzer;
      
      electromagnetic signal detector;
      
      infrared sensor;
      
      infrared camera;
      
      sonar imaging;
      
      sonar range finder;
      
      laser range finder;
      
      software sensors including values provided by device hardware, operating system, and other sensors regarding a current operational state and configuration of a device; and
      
      wherein the one or more second sensors comprises at least one of;
      
      an accelerometer;
      
      gyroscope;
      
      ambient light sensor;
      
      device screen backlight level sensor;
      
      audio sensor;
      
      audio sensor with microphone;
      
      GPS unit;
      
      a location providing sensor;
      
      a position providing sensor;
      
      a camera;
      
      WiFi;
      
      cellular;
      
      packet radio;
      
      data radio;
      
      voice radio;
      
      Bluetooth;
      
      thermometer;
      
      barometer;
      
      biometric input;
      
      Near Field Communication (NFC) sensor;
      
      camera;
      
      proximity sensor;
      
      radiation, chemical, or biological detector;
      
      biomechanics sensor;
      
      biomedical sensor;
      
      electric or magnetic field sensor;
      
      electromagnetic spectrum analyzer;
      
      electromagnetic signal detector;
      
      infrared sensor;
      
      infrared camera;
      
      sonar imaging;
      
      sonar range finder;
      
      laser range finder;
      
      software sensors including values provided by device hardware, operating system, and other sensors regarding a current operational state and configuration of a device.

17. A computer-readable medium storing computer instructions that, when executed by a processor, cause a first data processing apparatus to perform steps comprising:
- receiving one or more signals from one or more sensors;
  
  determining varying levels of trust, security, and access by applying at least one of a scaling function, identity function, assignment function, step function, artificial neural network, and machine learning techniques to the one or more signals from the one or more sensors to determine a TTS measurement;
  
  determining, by the first data processing apparatus, at least two trust levels from the one or more signals, wherein each trust level is determined independently of any other trust level;
  
  determining, by the first data processing apparatus, a third trust level by combining the at least two trust levels;
  
  changing a first operating security state of the first data processing apparatus to a second operating security state by at least one of control, direction, manipulation, limitation, activation, and deactivation of at least one of a plurality of operating security states of the first data processing apparatus; and
  
  transmitting the TTS measurement to a second data processing apparatus;
  
  wherein the changing from the first operating security state to the second operating security state occurs using first tailored trustworthy space rules (“
  
  TTS rules”
  
  ) and the TTS measurement;
  
  wherein determining, by the first data processing apparatus, one of the at least two trust levels further comprises;
  
  using data from at least one TTS rule, wherein the data comprises one or more of a historical trust level and a historical value for one of the one or more signals used in determining one of the at least two trust levels;
  
  wherein machine learning techniques are used to determine if the first data processing apparatus is currently operating in one of a typical way and an atypical way; and
  
  wherein the second data processing apparatus is configured to change its operating security state using both the TTS measurement received from the first data processing apparatus and a second TTS rules tailored for the second data processing apparatus, wherein the second data processing apparatus changing its operating security states comprises at least one;
  
  termination of communication with the first data processing apparatus,screen lock of the second data processing apparatus,shutdown of the second data processing apparatus,device wipe of the second data processing apparatus,vibration of the second data processing apparatus,graphical screen notification on the second data processing apparatus,flashing of a visual indicator light of the second data processing apparatus, andnoise notification on the second data processing apparatus.
- View Dependent Claims (18)
- - 18. The computer-readable medium of claim 17, wherein a first sensor of the one or more sensors is at least one of:
    - a remote sensor located externally to the first data processing apparatus, an output of the TTS measurement, and an electromagnetic spectrum sensor configured to detect a presence of unauthorized electronic devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Internet Infrastructure Services Corporation
Original Assignee
Internet Infrastructure Services Corporation
Inventors
Cavanaugh, Steven
Primary Examiner(s)
Kim, Tae K

Application Number

US15/664,091
Publication Number

US 20180032744A1
Time in Patent Office

540 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

Methods of dynamically securing electronic devices and other communications through environmental and system measurements leveraging tailored trustworthy spaces and continuous authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

45 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Methods of dynamically securing electronic devices and other communications through environmental and system measurements leveraging tailored trustworthy spaces and continuous authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links