ACTIVE HIP

US 20100082998A1
Filed: 09/30/2008
Published: 04/01/2010
Est. Priority Date: 09/30/2008
Status: Active Grant

First Claim

Patent Images

1. A method for implementing an Active HIP for protecting a computing service from unwarranted access, the method comprising:

identifying a HIP challenge;

randomly selecting a set quantity of Active HIP key codelets from a collection of two or more Active HIP key codelets, wherein the set quantity of Active HIP key codelets, when executed, generates an Active HIP key;

selecting a set quantity of Active HIP characteristic codelets from a collection of one or more Active HIP characteristic codelets, wherein the set quantity of Active HIP characteristic codelets, when executed, collects information about a computing device;

conflating the set quantity of Active HIP key codelets and the set quantity of Active HIP characteristic codelets with the HIP challenge in Active HIP software to be executed by a computing device that requested the computing service;

providing the Active HIP software to the computing device that requested the computing service;

receiving a response to the Active HIP software;

allowing access to the computing service when the response to the Active HIP software comprises a correct solution for the HIP challenge, a correct Active HIP key, and information about the computing device that indicates the computing device is not attempting an unwarranted access to the computing service;

denying access to the computing service when the response to the Active HIP software does not comprise a correct solution for the HIP challenge;

denying access to the computing service when the response to the Active HIP software does not comprise a correct Active HIP key; and

denying access to the computing service when the response to the Active HIP software comprises information about the computing device that indicates that the computing device is attempting an unwarranted access to the computing service.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Computing services that unwanted entities may wish to access for improper, and potentially illegal, use can be more effectively protected by using Active HIP systems and methodologies. An Active HIP involves dynamically swapping one random HIP challenge, e.g., but not limited to, image, for a second random HIP challenge, e.g., but not limited to, image. An Active HIP can also, or otherwise, involve stitching together, or otherwise collecting and including, within Active HIP software, i.e., a HIP web page, to be executed by a computing device of a user seeking access to a HIP-protected computing service x number of software executables randomly selected from a pool of y number of software executables. The x number of software executables, when run, generates a random Active HIP key. If the generated Active HIP key accompanies a correct user response to the valid HIP challenge the system and/or methodology can assume with a degree of certainty that the current user is a legitimate human user and allow the current user access to the requested computing service.

83 Citations

View as Search Results

20 Claims

1. A method for implementing an Active HIP for protecting a computing service from unwarranted access, the method comprising:
- identifying a HIP challenge;
  
  randomly selecting a set quantity of Active HIP key codelets from a collection of two or more Active HIP key codelets, wherein the set quantity of Active HIP key codelets, when executed, generates an Active HIP key;
  
  selecting a set quantity of Active HIP characteristic codelets from a collection of one or more Active HIP characteristic codelets, wherein the set quantity of Active HIP characteristic codelets, when executed, collects information about a computing device;
  
  conflating the set quantity of Active HIP key codelets and the set quantity of Active HIP characteristic codelets with the HIP challenge in Active HIP software to be executed by a computing device that requested the computing service;
  
  providing the Active HIP software to the computing device that requested the computing service;
  
  receiving a response to the Active HIP software;
  
  allowing access to the computing service when the response to the Active HIP software comprises a correct solution for the HIP challenge, a correct Active HIP key, and information about the computing device that indicates the computing device is not attempting an unwarranted access to the computing service;
  
  denying access to the computing service when the response to the Active HIP software does not comprise a correct solution for the HIP challenge;
  
  denying access to the computing service when the response to the Active HIP software does not comprise a correct Active HIP key; and
  
  denying access to the computing service when the response to the Active HIP software comprises information about the computing device that indicates that the computing device is attempting an unwarranted access to the computing service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method for implementing an Active HIP for protecting a computing service from unwarranted access of claim 1, wherein a HIP web page comprises the Active HIP software.
  - 3. The method for implementing an Active HIP for protecting a computing service from unwarranted access of claim 1, wherein identifying the HIP challenge comprises randomly selecting the HIP challenge from a pool of HIP challenges.
  - 4. The method for implementing an Active HIP for protecting a computing service from unwarranted access of claim 1, wherein identifying the HIP challenge comprises contemporaneously generating the HIP challenge.
  - 5. The method for implementing an Active HIP for protecting a computing service from unwarranted access of claim 1, wherein each one of the set quantity of Active HIP key codelets, when executed, generates a bit with a value of zero or a bit with a value of one.
  - 6. The method for implementing an Active HIP for protecting a computing service from unwarranted access of claim 1, wherein half of the collection of two or more Active HIP key codelets, when executed, each generates a bit with a value of zero and the other half of the collection of two or more Active HIP key codelets, when executed, each generates a bit with a value of one.
  - 7. The method for implementing an Active HIP for protecting a computing service from unwarranted access of claim 1, wherein the response to the Active HIP software comprises an Active HIP key and information about the computing device collected by the Active HIP software when the set quantity of Active HIP characteristic codelets are executed by the computing device.
  - 8. The method for implementing an Active HIP for protecting a computing service from unwarranted access of claim 7, wherein information about the computing device collected by the Active HIP software when the set quantity of Active HIP characteristic codelets are executed by the computing device comprises an IP address for the computing device.
  - 9. The method for implementing an Active HIP for protecting a computing service from unwarranted access of claim 1, wherein the set quantity of Active HIP key codelets is a set of forty Active HIP key codelets and the collection of Active HIP key codelets is a collection of eighty Active HIP key codelets.
  - 10. The method for implementing an Active HIP for protecting a computing service from unwarranted access of claim 9, wherein forty Active HIP key codelets of the collection of Active HIP key codelets, when executed, each generates a bit with a value of zero and forty other Active HIP key codelets of the collection of Active HIP key codelets, when executed, each generates a bit with a value of one.
  - 11. The method for implementing an Active HIP for protecting a computing service from unwarranted access of claim 1, wherein the HIP challenge is a first HIP challenge, the method further comprising:
    - identifying a second HIP challenge;
      
      including software in the Active HIP software that, when executed, modifies the second HIP challenge so that a correct response to the modified second HIP challenge is the correct response to the first HIP challenge;
      
      allowing access to the computing service when the response to the Active HIP software comprises a correct solution for the first HIP challenge; and
      
      denying access to the computing service when the response to the Active HIP software comprises an incorrect solution for the first HIP challenge.

12. A system for implementing an Active HIP for protecting a computing service from unwarranted access, the system comprising:
- a HIP challenge generator that identifies a HIP challenge;
  
  a collection of Active HIP key codelets from which collection a set quantity of Active HIP key codelets can be randomly selected that, when executed, generates an Active HIP key; and
  
  a determinator that resolves whether a response from a computing device comprises a correct solution for the HIP challenge and further determines that the response from the computing device comprises a correct Active HIP key.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The system for implementing an Active HIP for protecting a computing service from unwarranted access of claim 12, wherein the HIP challenge generator randomly obtains a HIP challenge from a pool of two or more HIP challenges.
  - 14. The system for implementing an Active HIP for protecting a computing service from unwarranted access of claim 12, wherein each of the collection of Active HIP key codelets, when executed, generates a bit with a value of zero or a bit with a value of one.
  - 15. The system for implementing an Active HIP for protecting a computing service from unwarranted access of claim 14, wherein the collection of Active HIP key codelets is a collection of eighty codelets, forty of which Active HIP key codelets, when executed, generates a value of zero and the other forty of which Active HIP key codelets, when executed, generates a value of one, and wherein the set quantity of Active HIP key codelets is a set of forty Active HIP codelets randomly selected from the collection of eighty Active HIP codelets that, when executed, generates an Active HIP key of forty bits.
  - 16. The system for implementing an Active HIP for protecting a computing service from unwarranted access of claim 12, further comprising a collection of one or more Active HIP characteristic codelets from which collection a quantity of Active HIP characteristic codelets are randomly selected and, when executed, collect characteristics about a computing device.

17. A method for implementing an Active HIP, the method comprising:
- randomly obtaining a HIP challenge;
  
  randomly selecting a set quantity of Active HIP key codelets from a collection of Active HIP key codelets, wherein each one of the set quantity of Active HIP key codelets, when executed, generates a bit with a value of zero or a bit with a value of one and a result of the execution of the set quantity of Active HIP key codelets is an Active HIP key;
  
  conflating the HIP challenge with the set quantity of Active HIP key codelets in Active HIP software to be executed by a computing device;
  
  providing the Active HIP software to the computing device;
  
  receiving a response to the Active HIP software;
  
  allowing access to the computing service when the response to the Active HIP software comprises a correct identification of the HIP challenge and a correct Active HIP key;
  
  denying access to the computing service when the response to the Active HIP software does not comprise a correct identification of the HIP challenge;
  
  denying access to the computing service when the response to the Active HIP software does not comprise an Active HIP key; and
  
  denying access to the computing service when the response to the Active HIP software does not comprise a correct Active HIP key.
- View Dependent Claims (18, 19, 20)
- - 18. The method for implementing an Active HIP of claim 17, wherein randomly obtaining a HIP challenge comprises generating a HIP challenge on the fly.
  - 19. The method for implementing an Active HIP of claim 17, further comprising:
    - selecting a set quantity of Active HIP characteristic codelets from a collection of one or more Active HIP characteristic codelets, wherein the set quantity of Active HIP characteristic codelets, when executed, collects information about the computing device;
      
      conflating the set quantity of Active HIP characteristic codelets with the set quantity of Active HIP key codelets of the Active HIP software; and
      
      receiving a response to the Active HIP software that comprises information collected by the Active HIP software when the set quantity of Active HIP characteristic codelets are executed, wherein the information collected by the Active HIP software comprises an IP address for the computing device.
  - 20. The method for implementing an Active HIP of claim 17, wherein the HIP challenge is a first HIP challenge, the method further comprising:
    - randomly obtaining a second HIP challenge; and
      
      including software in the Active HIP software that, when executed, replaces the second HIP challenge with the first HIP challenge.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Kohavi, Ron

Granted Patent

US 8,433,916 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G06F 21/36   by graphic or iconic repres...

G06F 2221/2103   Challenge-response

H04L 9/3271   using challenge-response

ACTIVE HIP

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

83 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ACTIVE HIP

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

83 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links