System and method for extensible positive client identification

US 6,442,696 B1
Filed: 10/05/1999
Issued: 08/27/2002
Est. Priority Date: 10/05/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method for positively identifying a valid client terminal communicating with a host machine, comprising the steps of:

creating a system signature for the valid client terminal, the system signature including configuration information sufficiently detailed to be unique to that valid client terminal;

generating a first client identification key containing the system signature and storing the first client identification key;

re-evaluating the system signature each time a communication is sent to the host machine requesting information and represented as being from the valid client terminal by creating a new system signature unique to a sending client terminal and comparing it with the system signature stored with the first client identification key, re-evaluating the system signature comprising using pseudo identifiers to request information from the host machine, wherein the host machine treats the pseudo identifiers not as addresses but as lists of tasks to be performed; and

generating a second client identification key containing an indicator that informs the host machine whether the sending client terminal is the same as the valid client terminal.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method that provides electronic security over a network through an extensible positive client identifier (EPCI), working with a positive information profiling system (PIPS), pseudo uniform resource locators (PURLs) to assist in providing data integrity, a virtual page publication system (VPPS), and an active security responder, (ASR). The extensible positive client identifier (EPCI) creates a unique client identification key and continually self-evaluates the key based on unique system signature data. The positive information profiling system implements account profiles for all content and clients so that pages of information can be generated and matched to the data requested as well as the requester. The virtual page publication system VPPS of the invention does not store pages permanently in the root directory of the site but instead creates temporary web pages dynamically containing the level of information resulting from the client identification, PIPS, and PURL evaluations. The virtual page is sent, (in encrypted form if this option has been selected or if this option is required by the PIPS profile), to the requestor and exists only for the time necessary to send it. The active security responder (ASR) controls the overall operation of the present invention.

Citations

34 Claims

1. A method for positively identifying a valid client terminal communicating with a host machine, comprising the steps of:
- creating a system signature for the valid client terminal, the system signature including configuration information sufficiently detailed to be unique to that valid client terminal;
  
  generating a first client identification key containing the system signature and storing the first client identification key;
  
  re-evaluating the system signature each time a communication is sent to the host machine requesting information and represented as being from the valid client terminal by creating a new system signature unique to a sending client terminal and comparing it with the system signature stored with the first client identification key, re-evaluating the system signature comprising using pseudo identifiers to request information from the host machine, wherein the host machine treats the pseudo identifiers not as addresses but as lists of tasks to be performed; and
  
  generating a second client identification key containing an indicator that informs the host machine whether the sending client terminal is the same as the valid client terminal.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein the step of generating a first client identification key further comprises the step of combining an authorized personalization key from the host machine with the system signature.
  - 3. The method of claim 1, wherein the step of reevaluating the system signature further comprises the step of recognizing and responding to a request from the host machine to send the first client identification key.
  - 4. The method of claim 3, wherein the step of generating a second client identification key further comprises the step of verifying that the client terminal has a relationship with the host machine.
  - 5. The method of claim 4, wherein the step of verifying that the client terminal has a relationship with the host machine further comprises the step of carrying out any instructions sent by the host machine along with the host machine'"'"'s request to send an identification key.
  - 6. The method of claim 5 wherein the step of carrying out any instructions sent by the host machine along with the host machine'"'"'s request to send an identification key further comprises the step of executing specified software.
  - 7. The method of claim 5 wherein the step of carrying out any instructions sent by the host machine along with the host machine'"'"'s request to send an identification key further comprises the step of registering and/or installing new software.
  - 8. The method of claim 7, wherein the step of registering and/or installing new software includes protecting software from illegal copying and/or distribution.
  - 9. The method of claim 5 wherein the step of carrying out any instructions sent by the host machine along with the host machine'"'"'s request to send an identification key further comprises the step of disabling, crippling and/or deleting one or more of data and applications.
  - 10. The method of claim 5 wherein the step of carrying out any instructions sent by the host machine along with the host machine'"'"'s request to send an identification key further comprises the step of sending data as directed by the host machine.
  - 11. The method of claim 1, wherein the step of re-evaluating the system signature further comprises the step of sending only non-protected information from the host machine until the sending client terminal is positively identified as a valid client.
  - 12. The method of claim 1, wherein the step of generating a first client identification key includes using the system signature to attain user anonymity.
  - 13. The method of claim 1, wherein the step of generating a first client identification key includes using a digital certificate with the system signature.
  - 14. The method of claim 1, wherein the step of creating a system signature includes using a hashing and/or encryption routine to secure the system signature.
  - 15. The method of claim 14, wherein using a bashing and/or encryption routine includes allowing the hardware configuration to be sufficiently altered without compromising the integrity of the system signature.
  - 16. The method of claim 1, wherein the system signature includes hardware and/or software configuration information.
  - 17. The method of claim 1, wherein the step of storing the first client identification key includes storing the first client identification key at the valid client terminal and/or the host machine.
  - 18. The method of claim 17, wherein the step of re-evaluating the system signature includes re-evaluating the system signature at the sending client terminal and/or the host machine.
  - 19. The method of claim 18, wherein generating a second client identification key includes generating a second client identification key at the sending client terminal.

20. An apparatus for positively identifying a valid client terminal communicating with a host machine, comprising:
- client software for creating a system signature for the valid client terminal, the system signature including configuration information sufficiently detailed to be unique to that valid client terminal;
  
  the host machine for generating a first client identification key containing the system signature, the first client identification key being stored; and
  
  a sending client terminal for re-evaluating the system signature each time a communication is sent to the host machine requesting information and represented as being from the valid client terminal by creating a new system signature unique to the sending client terminal and comparing it with the system signature stored with the first client identification key, wherein the sending client terminal uses pseudo identifiers to request information from the host machine, wherein the host machine treats the pseudo identifiers not as addresses but as lists of tasks to be performed;
  
  wherein the host machine and the sending client terminal cooperate to generate a second client identification key at the sending client terminal containing an indicator that informs the host machine whether the sending terminal is the same as the valid client terminal.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 21. The apparatus of claim 20, wherein the host machine combines an authorized personalization key with the system signature.
  - 22. The apparatus of claim 20, wherein the sending client terminal recognizes and responds to a request from the host machine to send the first client identification key.
  - 23. The apparatus of claim 22, wherein the host machine and the sending client terminal cooperate to verify that the sending client terminal has a relationship with the host machine.
  - 24. The apparatus of claim 23, wherein the host machine and the sending client terminal cooperate to carry out any instructions sent by the host machine along with the host machine'"'"'s request to send an identification key.
  - 25. The apparatus of claim 23 wherein the host machine and the sending client terminal cooperate to execute specified software.
  - 26. The apparatus of claim 23 wherein the host machine and the sending client terminal cooperate to install new software.
  - 27. The apparatus of claim 23 wherein the host machine and the sending client terminal cooperate to delete data.
  - 28. The apparatus of claim 23 wherein the host machine and the sending client terminal cooperate to send data as directed by the host machine.
  - 29. The apparatus of claim 20, wherein the sending client terminal sends public versions of information from the host machine until the sending client terminal is positively identified as a valid client.
  - 30. The apparatus of claim 20, wherein the host machine for generating a first client identification key containing the system signature includes means for combining an authorized product license key with the system signature.
  - 31. The apparatus of claim 20, wherein the sending client terminal for re-evaluating the system signature includes means for sending non-activation information for software installed on the valid client terminal until the sending client terminal is positively identified as a valid client.
  - 32. The apparatus of claim 20, wherein the system signature includes hardware and/or software configuration information.

33. A method for positively identifying a valid client terminal communicating with a host machine, comprising the steps of:
- creating a system signature for the valid client terminal, the system signature including configuration information sufficiently detailed to be unique to that valid client terminal;
  
  generating a first client identification key containing the system signature and storing the first client identification key;
  
  re-evaluating the system signature each time a communication is sent to the host machine requesting information and represented as being from the valid client terminal by creating a new system signature unique to a sending client terminal and comparing it with the system signature stored with the first client identification key, re-evaluating the system signature comprising creating information profiles for the user at a client terminal and protected information stored at the host machine, so that only the appropriate levels of access are provided, and creating virtual pages at the host machine to provide substitute information if the profiles indicate the sending terminal is not authorized to receive the protected information stored at the host machine; and
  
  generating a second client identification key containing an indicator that informs the host machine whether the sending client terminal is the same as the valid client terminal.

34. An apparatus for positively identifying a valid client terminal communicating with a host machine, comprising:
- client software for creating a system signature for the valid client terminal, the system signature including configuration information sufficiently detailed to be unique to that valid client terminal;
  
  the host machine for generating a first client identification key containing the system signature, the first client identification key being stored; and
  
  a sending client terminal for re-evaluating the system signature each time a communication is sent to the host machine requesting information and represented as being from the valid client terminal by creating a new system signature unique to the sending client terminal and comparing it with the system signature stored with the first client identification key, wherein the sending client terminal creates information profiles for the user and protected information stored at the host machine, so that only the appropriate levels of access are provided;
  
  wherein the host machine and the sending client terminal cooperate to generate a second client identification key at the sending client terminal containing an indicator that informs the host machine whether the sending terminal is the same as the valid client terminal, wherein the host machine creates virtual pages to provide substitute information if the profiles indicate the sending client terminal is not authorized to receive the protected information stored at the host machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Authoriszor Incorporated
Original Assignee
Authoriszor Incorporated
Inventors
Wray, David Robert, Blanchfield, David John
Primary Examiner(s)
Hayes, Gail
Assistant Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US09/412,242
Time in Patent Office

1,057 Days
Field of Search

713/200, 713/201, 713/155, 713/156, 713/159, 713/191, 713/180, 705/56, 709/226, 709/228, 709/225, 709/227, 709/229
US Class Current

726/5
CPC Class Codes

G06F 21/31   User authentication

G06F 21/554   involving event detection a...

G06F 21/62   Protecting access to data v...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2127   Bluffing

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 63/105   Multiple levels of security

H04L 63/1441   Countermeasures against mal...

H04L 63/1491   using deception as counterm...

System and method for extensible positive client identification

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for extensible positive client identification

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links