Systems and methods for authenticating a device by a centralized data server

US 20080120707A1
Filed: 11/22/2006
Published: 05/22/2008
Est. Priority Date: 11/22/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method for authenticating a query device using a centralized data server comprising:

(a) associating and storing, on the centralized data server, for each respective device in a plurality of devices, a device identifier, a user identifier, and a synthesized security identifier that collectively authenticate the respective user device;

(b) receiving, at the centralized data server, an authentication request from an intermediary gateway server that seeks verification of an identity of the query device, wherein the authentication request comprises a query device identifier or a query synthesized security identifier;

(c) attempting to verify, at the centralized data server, the query device by searching for a match between the query device identifier and a stored device identifier or by searching for a match between the query synthesized security identifier and a stored synthesized security identifier, whereinwhen a first match is made between (i) one of the query device identifier and the query synthesized security identifier and (ii) a corresponding device identifier or synthesized security identifier stored on the centralized server and associated with a target device in the plurality of devices, the identity of the query device is verified provided that a second match is made between (i) the other of the query device identifier and the query synthesized security identifier and (ii) a corresponding device identifier or synthesized security identifier stored on the centralized server and associated with the target device; and

(d) communicating, from the centralized data server, whether the identity of the query device is verified to the intermediary gateway server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods and apparatus for authenticating a query device using a centralized data server include associating and storing, on the server, for each respective device in a plurality of devices, a device identifier, a user identifier, and a synthesized security identifier that collectively authenticate the respective user device. An authentication request is received, at the centralized server, from an intermediary gateway server seeking verification of the query device. The request has a query device identifier or a query synthesized security identifier. Verification, at the centralized data server, of the query device is done by searching for a match between the query device identifier and a stored device identifier and a match between the query synthesized security identifier and a stored synthesized security identifier. The centralized data server communicates to the intermediary gateway server whether the identity of the query device is verified.

Citations

51 Claims

1. A method for authenticating a query device using a centralized data server comprising:
- (a) associating and storing, on the centralized data server, for each respective device in a plurality of devices, a device identifier, a user identifier, and a synthesized security identifier that collectively authenticate the respective user device;
  
  (b) receiving, at the centralized data server, an authentication request from an intermediary gateway server that seeks verification of an identity of the query device, wherein the authentication request comprises a query device identifier or a query synthesized security identifier;
  
  (c) attempting to verify, at the centralized data server, the query device by searching for a match between the query device identifier and a stored device identifier or by searching for a match between the query synthesized security identifier and a stored synthesized security identifier, whereinwhen a first match is made between (i) one of the query device identifier and the query synthesized security identifier and (ii) a corresponding device identifier or synthesized security identifier stored on the centralized server and associated with a target device in the plurality of devices, the identity of the query device is verified provided that a second match is made between (i) the other of the query device identifier and the query synthesized security identifier and (ii) a corresponding device identifier or synthesized security identifier stored on the centralized server and associated with the target device; and
  
  (d) communicating, from the centralized data server, whether the identity of the query device is verified to the intermediary gateway server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
- - 2. The method of claim 1, wherein the intermediary gateway server is an Internet service provider, a cellular service provider, a bank computer server, a hospital computer server, a school computer server, a desktop computer, an Internet site, a vending machine, a credit card reader, or a proximity card reader.
  - 3. The method of claim 1, wherein the intermediary gateway server is pre-authorized or pre-registered with the centralized data server.
  - 4. The method of claim 1, wherein the intermediary gateway server is temporarily authorized or registered with the centralized data server in order to receive said authentication request and wherein when the query device is verified said intermediary gateway server is permanently authorized or registered with the centralized data server.
  - 5. The method of claim 1, wherein the query device is a cell phone, a personal digital assistant (PDA), an iPod, a credit card, a mobile device equipped with a fingerprint scanner, a desktop computer, a laptop computer, or a networked device.
  - 6. The method of claim 1, wherein the query device is a credit card accessed by a network device.
  - 7. The method of claim 1, wherein the query device is connected to a network through an external network module.
  - 8. The method of claim 1, wherein the intermediary gateway server grants the query device access to an Internet session or network-based transaction when the identity of the query device is verified by the centralized data server.
  - 9. The method of claim 1, wherein the query device identifier comprises an IPv6 address of the query device.
  - 10. The method of claim 1, wherein the query device identifier comprises an IPv4 address, a public key infrastructure (PKI) key, a virtual private network (VPN) key, a radio frequency identification (RFID) tag number, a public key cryptography number, a credit card number, or a machine serial number.
  - 11. The method of claim 1, wherein a user identifier associated with a device in the plurality of devices comprises a biometric key.
  - 12. The method of claim 11, wherein the biometric key is extracted from biometric data from a user of the query device.
  - 13. The method of claim 12, wherein the biometric data comprises a measurement of a physical trait of the user of the query device selected from the group consisting of a facial thermogram, a finger print, an iris scan, and a hand geometry measurement.
  - 14. The method of claim 12, wherein the biometric data comprises a measurement of a physical trait of the user selected from the group consisting of a vein pattern, an ear shape, an analysis of a body odor, and an analysis of nucleic acid material obtained from the user.
  - 15. The method of claim 12, wherein the biometric data comprises a behavioral characteristic of the user selected from the group consisting of a hand signature pattern, a keystroke dynamic and a gait pattern.
  - 16. The method of claim 12, wherein the biometric data comprises a voice pattern of the user.
  - 17. The method of claim 1, wherein a user identifier associated with a device in the plurality of devices comprises a user password.
  - 18. The method of claim 1, wherein a synthesized security identifier associated with a device in the plurality of devices is derived from a user identifier associated with the device.
  - 19. The method of claim 1, wherein a synthesized security identifier associated with a device in the plurality of devices is derived from a biometric key associated with the device.
  - 20. The method of claim 1, wherein a synthesized security identifier associated with a device in the plurality of devices is derived from a device identifier.
  - 21. The method of claim 1, wherein a device identifier associated with a device in the plurality of devices is at least 32 bits in length.
  - 22. The method of claim 1, wherein a device identifier associated with a device in the plurality of devices is at least 64 bits in length.
  - 23. The method of claim 1, wherein a device identifier associated with a device in the plurality of devices is at least 128 bits in length.
  - 24. The method of claim 1, wherein a device identifier associated with a device in the plurality of devices is at least 256 bits in length.
  - 25. The method of claim 1, wherein a device identifier associated with a device in the plurality of devices is at least 512 bits in length.
  - 26. The method of claim 1, wherein a synthesized security identifier associated with a device in the plurality of devices is between 128 bits and 512 bits in length.
  - 27. The method of claim 1, wherein a synthesized security identifier associated with a device in the plurality of devices is up to 128 bits in length.
  - 28. The method of claim 1, wherein a synthesized security identifier associated with a device in the plurality of devices is up to 1024 bits in length.
  - 29. The method of claim 1, wherein a synthesized security identifier associated with a device in the plurality of devices is up to 2048 bits in length.
  - 30. The method of claim 1, wherein a user identifier associated with a device in the plurality of devices is at least 16 bits in length.
  - 31. The method of claim 1, wherein a device identifier associated with a device in the plurality of devices is at least 32 bits in length.
  - 32. The method of claim 1, wherein a device identifier associated with a device in the plurality of devices is at least 96 bits in length.
  - 33. The method of claim 1, wherein a device identifier associated with a device in the plurality of devices is at least 128 bits in length.
  - 34. The method of claim 1, wherein a device identifier associated with a device in the plurality of devices is at least 256 bits in length.
  - 35. The method of claim 1, wherein the authentication request of step (b) comprises both the query device identifier and the query synthesized security identifier.
  - 36. The method of claim 1, wherein the attempting step (c) further comprisesobtaining the query synthesized security identifier from the intermediary gateway server once a match between the query device identifier and the device identifier stored on the centralized server is made.
  - 37. The method of claim 1, wherein the attempting step (c) further comprisesobtaining the query device identifier from the intermediary gateway server once a match between the query synthesized security identifier and the stored synthesized security identifier is made.
  - 38. The method of claim 1 whereinthe authentication request further comprises a query user identifier;
    - andthe attempting step (c) further requires a match between the query user identifier and a user identifier that is both (i) stored on the centralized data server and (ii) associated with the target device in order to verify the identity of the query device.
  - 39. The method of claim 38, wherein the query user identifier is biometric data collected by the query device.
  - 40. The method of claim 38, wherein the query user identifier is biometric data collected by a device that is external to the query device.
  - 41. The method of claim 38, further comprising(e) transmitting a request for a user identifier to a networked device associated with the query device when the query device does not have network capacity.
  - 42. The method of claim 44, wherein the transmitting step (e) is conducted on the centralized data server.
  - 43. The method of claim 44, wherein the transmitting step (e) is conducted on the intermediary gateway server.
  - 44. The method of claim 1, wherein the synthesized security identifier associated with the target device is derived by the centralized data server from both the device identifier and a user identifier associated with the target device.
  - 45. The method of claim 1, wherein the synthesized security identifier associated with the target device is derived by the centralized data server from a time of activation associated with the target device.
  - 46. The method of claim 1, wherein a device identifier associated with a device in the plurality of devices is derived using an encoding algorithm or encryption algorithm.
  - 47. The method of claim 1, wherein a synthesized security identifier associated with a device in the plurality of devices is derived using an encoding algorithm or an encryption algorithm.
  - 48. The method of claim 1, wherein a user identifier associated with a device in the plurality of devices is derived using an encoding algorithm or an encryption algorithm.
  - 49. The method of claim 1, wherein a synthesized security identifier associated with a device in the plurality of devices is modified to reflect a change in an association between the synthesized security identifier and a device identifier or a user identifier.
  - 50. A computer system comprising,a central processing unit;
    - a memory coupled to the central processing unit, the memory storing instructions for carrying out the method of claim 1.
  - 51. A computer program product for use in conjunction with a computer system, the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism for authenticating a query device using a centralized data server, the computer program mechanism comprising instructions for carrying out the method of claim 1.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Goldstar Global Minerals Corp.
Original Assignee
Goldstar Global Minerals Corp.
Inventors
Ramia, Alexander

Application Number

US11/603,446
Publication Number

US 20080120707A1
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 2463/102   applying security measure f...

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

H04L 9/3231   Biological data, e.g. finge...

Systems and methods for authenticating a device by a centralized data server

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

51 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for authenticating a device by a centralized data server

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

51 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links