IDENTITY BASED BEHAVIOR MEASUREMENT ARCHITECTURE

US 20190312902A1
Filed: 06/07/2019
Published: 10/10/2019
Est. Priority Date: 04/07/2016
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

generating a behavioral state for an endpoint device based on actor identities and corresponding subject identities for a plurality of operations wherein for each operation, a respective actor represented by a respective actor identity performs the operation upon a respective subject represented by a respective subject identity;

recording performance of a later operation by an actor having an actor identity upon a subject having a subject identity; and

using the actor identity and the subject identity to determine that the performance of the later operation does not match the behavioral state and indicates a security risk.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes generating a behavioral state for an endpoint device based on actor identities and corresponding subject identities for a plurality of operations wherein for each operation, a respective actor represented by a respective actor identity performs the operation upon a respective subject represented by a respective subject identity. Performance of a later operation by an actor with an actor identity upon a subject with a subject identity is recorded and the actor identity and the subject identity are used to determine that the performance of the later operation does not match the behavioral state and indicates a security risk.

Citations

20 Claims

1. A method comprising:
- generating a behavioral state for an endpoint device based on actor identities and corresponding subject identities for a plurality of operations wherein for each operation, a respective actor represented by a respective actor identity performs the operation upon a respective subject represented by a respective subject identity;
  
  recording performance of a later operation by an actor having an actor identity upon a subject having a subject identity; and
  
  using the actor identity and the subject identity to determine that the performance of the later operation does not match the behavioral state and indicates a security risk.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein generating the behavioral state comprises for each of the plurality of requested operations projecting a contour point based on the actor identity and the subject identity into a unique identity of the endpoint device and combining the projected contour points to form the behavioral state.
  - 3. The method of claim 2 wherein the projected contour points are combined in a time-invariant manner.
  - 4. The method of claim 2 wherein the actor identity is given by the following equation A_M=H_M(FA₁. . . FA_N), where A_Mis the actor identity, FA is an actor identity dimension, and H_Mis a hash function with a digest size M.
  - 5. The method of claim 4 wherein the subject identity is given by the following equation S_M=H_M(FS₁. . . FS_N), where S_Mis the subject identity, and FS is subject identity dimensions.
  - 6. The method of claim 5 wherein each contour point for a given actor identity operating on a subject identity is given by the following equation C_M=H_M(A_M∥
    - S_M), where C_Mis a contour point.
  - 7. The method of claim 6, wherein each contour point C_Mis projected into the unique identity for the endpoint device through the following equation P_M=H_M(D_M∥
    - C_M), where D_Mis the unique identity for the endpoint device, C_Mis the contour point, and ∥
      
      is a concatenation.
  - 8. The method of claim 7, further comprising generating the unique identity for the endpoint device according to the following equation:
    - D_M=H_M(R_M∥
      
      H_M(C)), where D_Mis the unique identity, R_Mis a range value of size M, C is the credential, ∥
      
      is a concatenation, and H_Mis the hash function with digest size M.
  - 9. The method of claim 7, wherein the endpoint device belongs to an organization provisioning devices, and the method further comprises generating the unique identity for the endpoint device according to the following equation:
    - D_M=H_M(O_M∥
      
      H_M(D_C)), where D_Mis the unique identity, O_Mis an identity of an associated organization, D_Cis a credential of the endpoint device, ∥
      
      is a concatenation, and H_Mis the hash function with digest size M.

10. An endpoint device, comprising:
- memory; and
  
  a processor executing instructions to perform steps comprising;
  
  generating a behavior value based the identities of actors and subjects that were involved in operations performed at least in part on the endpoint device;
  
  receiving an identity of an actor and an identity of a subject involved in a later operation; and
  
  using the identity of the actor and the identity of the subject and the behavior value to determine that the later operation is suspect.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The endpoint device of claim 10 wherein generating the behavior value comprises for each of the plurality of requested operations projecting a contour point based on the identity of the actor performing the operation and the identity of the subject upon which the operation is being performed into a unique identity of the endpoint device and combining the projected contour points for the plurality of requested operations to form the behavior value.
  - 12. The endpoint device of claim 11 wherein the projected contour points are combined in a time-invariant manner.
  - 13. The endpoint device of claim 11 wherein the identity of each actor is given by the following equation A_M=H_M(FA₁. . . FA_N), where A_Mis the identity of the actor, each FA is an actor identity dimension, and H_Mis a hash function with a digest size M.
  - 14. The endpoint device of claim 13 wherein the identity of each subject is given by the following equation S_M=H_M(FS₁. . . FS_N), where S_Mis the identity of the subject, and each FS is a subject identity dimension.
  - 15. The endpoint device of claim 14 wherein each contour point is given by the following equation C_M=H_M(A_M∥
    - S_M), where C_Mis the contour point.
  - 16. The endpoint device of claim 15, wherein each contour point C_Mis projected into the unique identity for the endpoint device through the following equation P_M=H_M(D_M∥
    - C_M), where D_Mis the unique identity for the endpoint device, C_Mis the contour point, and ∥
      
      is a concatenation.
  - 17. The endpoint device of claim 16, further comprising generating the unique identity for the endpoint device according to the following equation:
    - D_M=H_M(R_M∥
      
      H_M(C)), where D_Mis the unique identity, R_Mis a range value of size M, C is the credential, ∥
      
      is a concatenation, and H_Mis the hash function with digest size M.
  - 18. The endpoint device of claim 16, wherein the endpoint device belongs to an organization provisioning devices, and the method further comprises generating the unique identity for the endpoint device according to the following equation:
    - D_M=H_M(O_M∥
      
      H_M(D_C)), where D_Mis the unique identity, O_Mis an identity of an associated organization, D_Cis a credential of the endpoint device, ∥
      
      is a concatenation, and H_Mis the hash function with digest size M.

19. An endpoint device comprising:
- a memory; and
  
  a processor executing a security supervisor that provides a single value indicative of a plurality of past actor-subject operations and that detects a security violation in the endpoint device on a further actor-subject operation and the single value.
- View Dependent Claims (20)
- - 20. The endpoint device of claim 19 wherein the single value comprises a sum of contour points projected into an identity for the endpoint device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
IDfusion, LLC
Original Assignee
IDfusion, LLC
Inventors
Wettstein, Gregory Henry, Stofferahn, Scott Byron, Engen, Richard William, Grosen, Johannes Christian

Granted Patent

US 10,958,678 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/572   Secure firmware programming...

G06F 21/575   Secure boot

G06F 21/72   in cryptographic circuits

H04L 2209/127   Trusted platform modules [TPM]

H04L 63/0823   using certificates cryptogr...

H04L 63/12   Applying verification of th...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 9/085   Secret sharing or secret sp...

H04L 9/0877   using additional device, e....

H04L 9/0897   involving additional device...

H04L 9/3234   involving additional secure...

H04L 9/3239   involving non-keyed hash fu...

H04W 12/106   Packet or message integrity

H04W 12/108   Source integrity

IDENTITY BASED BEHAVIOR MEASUREMENT ARCHITECTURE

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

IDENTITY BASED BEHAVIOR MEASUREMENT ARCHITECTURE

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links