Dynamic executable

US 7,836,121 B2
Filed: 04/14/2005
Issued: 11/16/2010
Est. Priority Date: 04/14/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A system comprising:

one or more processorsa server-side executable by one or more processors and configured to gather information about an execution environment of a client-side machine; and

execute on a server to generate a first hardware signature including information identifying devices of the client-side machine;

a client-side executable by one or more processors and configured to execute on the client-side machine, to generate a second hardware signature identifying on devices associated with the client-side machine, the client-side executable being dynamically generated on the server and securely downloaded to the client-side machine, the client-side executable being associated with the server-side executable and configured to operate in the execution environment of the client-side machine, and configured to execute a subset of instructions from the server; and

an authenticator to configured to compare the first hardware signature and the second hardware signature based on a threshold level of matching to identity of the client-side machine.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system to identify and/or authenticate an entity includes a. client-side executable and an associated server-side executable, each of which may be dynamically generated. The server-side executable may be executed on a server to generate a first result. The client-side executable may be executed on an entity to generate a second result. The first result and the second result are compared to identify and/or to authenticate the entity.

53 Citations

View as Search Results

24 Claims

1. A system comprising:
- one or more processorsa server-side executable by one or more processors and configured to gather information about an execution environment of a client-side machine; and
  
  execute on a server to generate a first hardware signature including information identifying devices of the client-side machine;
  
  a client-side executable by one or more processors and configured to execute on the client-side machine, to generate a second hardware signature identifying on devices associated with the client-side machine, the client-side executable being dynamically generated on the server and securely downloaded to the client-side machine, the client-side executable being associated with the server-side executable and configured to operate in the execution environment of the client-side machine, and configured to execute a subset of instructions from the server; and
  
  an authenticator to configured to compare the first hardware signature and the second hardware signature based on a threshold level of matching to identity of the client-side machine.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1 wherein the server includes the authenticator.
  - 3. The system of claim 1 wherein the server and the authenticator are separate.
  - 4. The system of claim 1 further comprising a server-side database accessible by the server-side executable, wherein the server-side database includes the information identifying devices of the client-side machine.
  - 5. The system of claim 4 wherein the server-side executable is to collect the information identifying devices of the client-side machine from the database.
  - 6. The system of claim 1 wherein the information about an execution environment includes one or more of information about an operating system of the client-side machine, information about a central processing unit of the client-side machine, and information about security settings of the client-side machine.
  - 7. The system of claim 1 wherein the authenticator is further configured to render the client-side machine as not identified if the second hardware signature is not received by the authenticator during a limited time frame.
  - 8. The system of claim 1 wherein the client-side machine includes a device, wherein the device has an associated authentication score to be added towards the threshold level.
  - 9. The system of claim 8 wherein the authentication score is higher for associated devices that are less likely to be replaced or adjusted.
  - 10. The system of claim 1 wherein the threshold level of matching indicates a number of devices identified in the second hardware signature that must also be identified in the first hardware signature.

11. A method comprising:
- identifying, by a server, components of an execution environment of a client-side machine, wherein the components include an operating system and a central processing unit;
  
  dynamically generating, on the server, a client-side executable suitable for operation in the execution environment of the client-side machine, and a corresponding server-side executable;
  
  securely downloading the client-side executable from the server to the client-side machine, the client-side executable being associated with the server-side executable, and being configured to execute a subset of instructions from the server;
  
  executing the server-side executable on the server to generate a first hardware signature, wherein the first hardware signature includes information identifying a first group of devices associated with the client-side machine;
  
  executing the client-side executable on the client-side machine to generate a second hardware signature based on a second group of devices associated with the client-side machine; and
  
  comparing, based on a threshold level of matching, the first hardware signature and the second hardware signature to authenticate the client-side machine, wherein the threshold level of matching indicates a number of devices that must be in the first and second groups for the client-side device to be authenticated.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11 further comprising collecting information, selected from a group including a dynamic information type of the client-side machine, a dynamic information order of the client-side machine and a dynamic amount of information of the client-side machine, for the client-side executable.
  - 13. The method of claim 11 , wherein the client-side executable includes at least one dynamic encryption instruction.
  - 14. The method of claim 11 further comprising collecting information identifying the first group of hardware components associated with the client-side machine, and obfuscating the information collected.
  - 15. The method of claim 11 further comprising collecting, from a server database, the first hardware signature for the server-side executable.
  - 16. The method of claim 11 wherein the comparing is performed by an authenticator residing on the server.
  - 17. The method of claim 16 further comprising imposing a time limit on receipt of the second result by the authenticator, wherein upon expiration of the time limit, the client-side machine is considered as not authenticated.
  - 18. The method of claim 11 further comprising generating a plurality of instructions on the server;
    - and dynamically selecting a subset of the plurality of instructions as the client-side executable.
  - 19. The method of claim 11 further comprising:
    - updating the first hardware signature to identify a new device associated with the client-side machine.

20. A method for distributing executable software modules and granting access to resources based on operations performed by the executable software modules, the method comprising:
- performing the following operations at a server,collecting environment information about an execution environment of a client-side machine;
  
  determining hardware information to be collected from the client-side machine;
  
  creating a client-side software module configured to execute in the execution environment of the client-side machine, to collect the hardware information from the client-side machine, and to generate a first hardware signature based on the hardware information;
  
  transmitting the client-side software module to the client-side machine;
  
  receiving, from the client-side software module, the first hardware signature;
  
  comparing the first hardware signature to a second hardware signature associated with the client-side machine;
  
  granting the client-side device access to resources, wherein the granting is based on the comparison of the first and second hardware signatures.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The method of claim 20, wherein first hardware signature identifies a first group of devices of the client-side machine, and wherein the second hardware signature identifies a second group of devices, and wherein the comparing includes:
    - determining a number of the devices identified in both the first and second groups; and
      
      determining the number meets an authentication threshold value.
  - 22. The method of claim 21 further comprising:
    - updating the second hardware signature to identify new devices of the client machine.
  - 23. The method of claim 20, wherein the environment information identifies one or more of an operating system, security privileges, access rights, and a central processing unit.
  - 24. The method of claim 20, wherein the hardware information includes information about devices of the client-side machine, wherein the devices include one or more of a hard disk drive, a Compact Disk Read Only Memory device, devices connected to the client side machine via a small computer system interface, and devices connected to the client side machine via a desktop management interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Channel IP BV
Original Assignee
Ipass Incorporated (Pareteum Corp.)
Inventors
Bob, Kenneth, Elgressy, Moshe
Primary Examiner(s)
Flynn; Nathan
Assistant Examiner(s)
Patel; Chirag R

Application Number

US10/547,484
Publication Number

US 20060265446A1
Time in Patent Office

2,042 Days
Field of Search

709/225, 709/203, 709/229, 709/219, 713/168, 726/27, 726/3, 726/4, 717/111
US Class Current

709/203
CPC Class Codes

G06F 21/445 by mutual authentication, e...

Dynamic executable

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

53 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic executable

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links