Creating and verifying globally unique device-specific identifiers

US 8,751,815 B2
Filed: 10/24/2007
Issued: 06/10/2014
Est. Priority Date: 10/25/2006
Status: Active Grant

First Claim

Patent Images

1. A method performed by a computing system comprising a key pair, the method comprising:

receiving a plurality of first identifiers associated with a client device;

generating a plurality of encoding values based on the plurality of first identifiers;

encrypting the plurality of encoding values using a first key of the key pair;

generating a token uniquely identifying the client device, the token comprising the encrypted plurality of encoding values;

after the token has been generated, receiving a plurality of second identifiers associated with the client device, and the token uniquely identifying the client device;

attempting to decrypt the encrypted plurality of encoding values of the token with a second key of the key pair to obtain a decrypted plurality of encoding values;

when the attempt to decrypt the encrypted plurality of encoding values of the token is successful, decoding the decrypted plurality of encoding values to obtain a decloded plurality of first identifiers, and comparing ones of the decloded plurality of first identifiers with corresponding ones of the plurality of second identifiers to identify any inconsistencies therebetween; and

determining token verification has failed when the attempt to decrypt the encrypted plurality of encoding values is unsuccessful, or inconsistencies between the ones of the decloded plurality of first identifiers and corresponding ones of the second plurality of identifiers are identified.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatuses, and articles for receiving, by a server, a plurality of identifiers associated with a client device are described herein. The server may also encrypt a plurality of encoding values associated with the plurality of identifiers using a first key of a key pair of the server, and generate a token uniquely identifying the client device, a body of the token including the encrypted plurality of encoding values. In other embodiments, the server may receive a token along with the plurality of identifiers. In such embodiments, the server may further verify the validity of the received token, including attempting to decrypt a body of the received token with a key associated with a second server, the second server having generated the received token, and, if decryption succeeds, comparing ones of the plurality of identifiers with second identifiers found in the decrypted body to check for inconsistencies.

141 Citations

21 Claims

1. A method performed by a computing system comprising a key pair, the method comprising:
- receiving a plurality of first identifiers associated with a client device;
  
  generating a plurality of encoding values based on the plurality of first identifiers;
  
  encrypting the plurality of encoding values using a first key of the key pair;
  
  generating a token uniquely identifying the client device, the token comprising the encrypted plurality of encoding values;
  
  after the token has been generated, receiving a plurality of second identifiers associated with the client device, and the token uniquely identifying the client device;
  
  attempting to decrypt the encrypted plurality of encoding values of the token with a second key of the key pair to obtain a decrypted plurality of encoding values;
  
  when the attempt to decrypt the encrypted plurality of encoding values of the token is successful, decoding the decrypted plurality of encoding values to obtain a decloded plurality of first identifiers, and comparing ones of the decloded plurality of first identifiers with corresponding ones of the plurality of second identifiers to identify any inconsistencies therebetween; and
  
  determining token verification has failed when the attempt to decrypt the encrypted plurality of encoding values is unsuccessful, or inconsistencies between the ones of the decloded plurality of first identifiers and corresponding ones of the second plurality of identifiers are identified.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 17)
- - 2. The method of claim 1, wherein before the token has been generated, the plurality of first identifiers are received from a web server of a subscriber to services provided by the computing system, andthe method further comprises transmitting the token to the web server before the plurality of second identifiers associated with the client device, and the token uniquely identifying the client device are received, the web server providing the token to the client device.
  - 3. The method of claim 1, further comprising before the plurality of second identifiers associated with the client device, and the token uniquely identifying the client device are received, transmitting the token to the client device.
  - 4. The method of claim 1, wherein the plurality of first identifiers, and the plurality of second identifiers include at least one of a device serial number, a media access control (“
    - MAC”
      
      ) address, an operating system (“
      
      OS”
      
      ) type, an OS version, a time code, a country code, or a region code.
  - 5. The method of claim 1, wherein generating the plurality of encoding values based on the plurality of first identifiers comprises performing a hash function on the plurality of first identifiers.
  - 6. The method of claim 1 for use with the computing system comprising a server associated with a server identifier, wherein the token is generated by the server, and the token further includes the server identifier identifying the server as a generator of the token.
  - 7. The method of claim 1, further comprising requesting the plurality of first identifiers from the client device.
  - 8. The method of claim 1, wherein the first key of the key pair is a private key.
  - 9. The method of claim 8, wherein the second key of the key pair is a public key.
  - 17. The method of claim 9, further comprising periodically reissuing the token regardless of whether it is determined that the token verification has failed.

10. A method performed by a computing system comprising a first server and a second server, the second server being associated with a key, the method comprising:
- receiving, at the second server, a plurality of second identifiers associated with a client device;
  
  generating, by the second server, a token comprising an encrypted body comprising the plurality of second identifiers, the plurality of second identifiers being encrypted in the encrypted body, the token acting as a unique identifier of the client device;
  
  receiving, at the fist server, a plurality of first identifiers associated with the client device, and the token associated with the client device;
  
  attempting, by the first server, to decrypt the encrypted body of the token with the key associated with the second server to thereby decrypt the plurality of second identifiers;
  
  when the attempt to decrypt the encrypted body of the token is successful, comparing, by the first server, ones of the plurality of first identifiers with corresponding ones of the plurality of second identifiers to identify any inconsistencies therebetween; and
  
  determining, by the first server, token verification has failed when the attempt to decrypt the encrypted body of the token is unsuccessful, or inconsistencies between the ones of the plurality of first identifiers and the corresponding ones of the second plurality of identifiers are identified.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method of claim 10, wherein the token and the plurality of first identifiers are received at the first server from a web server of a subscriber to services provided by the first server.
  - 12. The method of claim 10, wherein the plurality of first identifiers or the plurality of second identifiers include at least one of a device serial number, a media access control (“
    - MAC”
      
      ) address, an operating system (“
      
      OS”
      
      ) type, an OS version, a time code, a country code, or a region code.
  - 13. The method of claim 10, wherein the key associated with the second server is a public key of the second server.
  - 14. The method of claim 10, wherein the plurality of second identifiers are identical to the plurality of first identifiers.
  - 15. The method of claim 10, further comprising, when it is determined that the token verification has failed, determining, by the first server, a likelihood of fraud based on one or more predetermined factors, and reissuing the token if the likelihood of fraud is acceptable.
  - 16. The method of claim 15, wherein the one or more predetermined factors include at least one of inconsistencies between the ones of the plurality of first identifiers and the corresponding ones of the second plurality of identifiers, presence of a device identifier of the client device on a list of suspect devices, a count of a number of times the token has been received by the first server, association of the client device with evidence of fraud, or a level of risk associated with the client device.

18. A method performed by a computing system associated with a key, the method comprising:
- receiving a plurality of second identifiers associated with a client device;
  
  generating a token comprising an encrypted body comprising the plurality of second identifiers, the plurality of second identifiers being encrypted in the encrypted body, the token acting as a unique identifier of the client device;
  
  receiving a plurality of first identifiers associated with the client device, and the token associated with the client device;
  
  attempting to decrypt the encrypted body of the token with the key to thereby decrypt the plurality of second identifiers;
  
  when the attempt to decrypt the encrypted body of the token is successful, comparing ones of the plurality of first identifiers with corresponding ones of the plurality of second identifiers to identify any inconsistencies therebetween; and
  
  determining token verification has failed when the attempt to decrypt the encrypted body of the token is unsuccessful, or inconsistencies between the ones of the plurality of first identifiers and the corresponding ones of the second plurality of identifiers are identified.
- View Dependent Claims (19, 20, 21)
- - 19. The method of claim 18, further comprising:
    - when it is determined that the token verification has failed, determining a likelihood of fraud based on one or more rules or policies, and reissuing the token when the likelihood of fraud is acceptable.
  - 20. The method of claim 19, wherein the one or more rules or policies include at least one of inconsistencies between the ones of the plurality of first identifiers and the corresponding ones of the second plurality of identifiers, presence of a device identifier of the client device on a list of suspect devices, a count of a number of times the token has been received, association of the client device with evidence of fraud, or a level of risk associated with the client device.
  - 21. The method of claim 18, wherein the plurality of first identifiers, and the plurality of second identifiers include at least one of a device serial number, a media access control (“
    - MAC”
      
      ) address, an operating system (“
      
      OS”
      
      ) type, an OS version, a time code, a country code, or a region code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
iovation Incorporated
Original Assignee
iovation Incorporated
Inventors
Lunde, Ron, Lulich, Daniel, Pierson, Greg
Primary Examiner(s)
Hailu, Teshome

Application Number

US11/923,572
Publication Number

US 20080104684A1
Time in Patent Office

2,421 Days
Field of Search

726 2- 5, 726 27- 30, 713/166, 713/168, 713/178, 713/182, 713/185, 713/172, 713/159, 705/3, 705/26, 705/36, 705/42, 705 64- 67, 705 71- 76
US Class Current

713/185
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0442   wherein the sending and rec...

H04L 63/0876   based on the identity of th...

H04L 63/126   the source of the received ...

H04L 9/3213   using tickets or tokens, e....

Creating and verifying globally unique device-specific identifiers

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

141 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Creating and verifying globally unique device-specific identifiers

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

141 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links