Access control system based on a hardware and software signature of a requesting device

US 20070113090A1
Filed: 11/02/2006
Published: 05/17/2007
Est. Priority Date: 03/10/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method for identifying devices and controlling access to a service, comprising the steps of:

collecting data related to software and hardware configurations from a device through a software agent;

generating a digital signature for the device by hashing the software and hardware configuration data; and

sending the digital signature of the device to an authentication server.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for the authorization of access to a service by a computational device or devices, which may include a wireless device such as a cell phone or a smart phone. A software agent generates a digital signature for the device each time it attempts to access the service and send it to an authentication server, which compares the digital signature sent with one or more digital signatures on file to determine whether access to the service is permitted. The digital signature is generated by using hashes based on software and hardware configuration data collected from the device. The system may be used in conjunction with other authorization methods and devices.

Citations

21 Claims

1. A method for identifying devices and controlling access to a service, comprising the steps of:
- collecting data related to software and hardware configurations from a device through a software agent;
  
  generating a digital signature for the device by hashing the software and hardware configuration data; and
  
  sending the digital signature of the device to an authentication server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the digital signature sent to the authentication server is encrypted.
  - 3. The method of claim 1, wherein the software agent is installed on the device as part of the process of using the device to access a service.
  - 4. The method of claim 1, wherein the hashes used to generate the digital signature are changed with every attempt to access a service, and the hashes cannot be reversed.
  - 5. The method of claim 1, wherein the digital signature is one of several stages of a framework of authorization and authentication processes governing access to the service by the device.
  - 6. The method of claim 1, wherein the authentication server compares the digital signature sent with one or more previously-stored digital signatures.
  - 7. The method of claim 6, wherein the authentication server determines whether the device has been excluded from accessing or enrolling in the service by determining whether the device is on a list or in a group of devices not allowed to access the service, or is included within a group of devices allowed to access the service.
  - 8. The method of claim 6, wherein the authentication server allows a maximum number of enrollments for a particular device.
  - 9. The method of claim 8, wherein the maximum number of enrollments is zero.
  - 10. The method of claim 6, wherein the authentication server allows minor modifications to the software or hardware configurations of a previously-enrolled device so as to preserve access or denial of access for the device.
  - 11. The method of claim 10, wherein the previously-stored digital signature of the device is updated to reflect the modifications.
  - 12. The method of claim 1, wherein the authentication server logs all accesses or attempted accesses by a device to the service.
  - 13. The method of claim 1, wherein multiple devices can be registered for a single user with the authentication server to create a registration hierarchy.
  - 14. The method of claim 13, wherein a user can unregister a device only through the device itself, or another device within the registration hierarchy registered earlier than the device to be unregistered.
  - 15. The method of claim 1, wherein the device is a wireless device.
  - 16. The method of claim 1, wherein the device is a cellular or smart phone.

17. A method for identifying devices and controlling access to a service, comprising the steps of:
- registering a device with an authentication server for access to the service; and
  
  verifying the identity of the device each time it subsequently attempts to access the service.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, wherein the step of registering a device comprises the steps of:
    - collecting data related to software and hardware configurations from the device through a software agent;
      
      generating a digital signature for the device by hashing the software and hardware configuration data;
      
      sending the digital signature of the device to the authentication server;
      
      verifying that the device is not on a list or in a group of devices not allowed to access the service, or is not a device with a maximum number of enrollments set to zero;
      
      and registering the device as authorized to access the service.
  - 19. The method of claim 17, wherein the step of verifying the identity of the device comprises the steps of:
    - collecting data related to current software and hardware configurations from the device through a software agent;
      
      generating a digital signature for the device by hashing the software and hardware configuration data;
      
      sending the digital signature of the device to the authentication server; and
      
      comparing the digital signature sent with one or more previously-stored digital signatures for the device.
  - 20. The method of claim 17, wherein the step of verifying the identity of the device comprises the steps of:
    - collecting data related to current software and hardware configurations from the device through a software agent;
      
      generating a digital signature for the device by hashing the software and hardware configuration data;
      
      sending the digital signature of the device to the authentication server; and
      
      verifying that the device is not on a list or in a group of devices not allowed to access the service, or is not a device with a maximum number of enrollments set to zero.

21. A system for identifying devices and controlling access to a service, comprising the steps of:
- a software agent installed on a device, adapted to collect data related to software and hardware configuration of the device;
  
  a digital signature for the device, generated by the software agent by hashing the software and hardware configuration data; and
  
  an authentication server that determines whether the device can access the service based upon the digital signature of the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dnabolt Incorporated
Original Assignee
Dnabolt Incorporated
Inventors
Villela, Agostinho De Arruda

Application Number

US11/591,885
Publication Number

US 20070113090A1
Time in Patent Office

Days
Field of Search
US Class Current

713/170
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless

H04L 9/3247   involving digital signatures

Access control system based on a hardware and software signature of a requesting device

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Access control system based on a hardware and software signature of a requesting device

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links