Device identification scoring

US 9,319,419 B2
Filed: 10/30/2013
Issued: 04/19/2016
Est. Priority Date: 09/26/2013
Status: Active Grant

First Claim

Patent Images

1. A data processing system configured to facilitate identification of a first device seeking to communicate with at least one third party service provider, the data processing system comprising:

a session handler configured to communicate with the first device to determine a multitude of unique identifiers associated with the first device, the session handler configured to request additional context verification from one or more of;

the first device, an operator of the first device, or one or more other devices;

a trust scoring engine, in communication with the session handler, configured to compute a trust score based on (i) the trustworthiness of the first device unique identifiers, and (ii) results from the additional context verification;

a communication interface in which the third party service provider receives the first device unique identifiers and the computed trust score of the first device;

wherein each unique identifier has a respective value indicative of a representative level of trust associated with that unique identifier, the respective value being configured for use as part of the trust score computation by the trust scoring engine; and

if the computing of the first device'"'"'s trust score satisfies a threshold, then the first device is granted access to certain restricted services of the third party service provider.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Device identification scoring systems and methods may be provided that can increase the reliability and security of communications between devices and service providers. Users may select and configure additional identification factors that are unique and convenient for them. These factors, along with additional environmental variables, feed into a trust score computation that weights the trustworthiness of the device context requesting communication with a service provider. Service providers rely on the trust score rather than enforce a specific identification routine themselves. A combination of identification factors selected by the user can be aggregated together to produce a trust score high enough to gain access to a given online service provider. A threshold of identification risk may be required to access a service or account provided by the online service provider.

133 Citations

View as Search Results

32 Claims

1. A data processing system configured to facilitate identification of a first device seeking to communicate with at least one third party service provider, the data processing system comprising:
- a session handler configured to communicate with the first device to determine a multitude of unique identifiers associated with the first device, the session handler configured to request additional context verification from one or more of;
  
  the first device, an operator of the first device, or one or more other devices;
  
  a trust scoring engine, in communication with the session handler, configured to compute a trust score based on (i) the trustworthiness of the first device unique identifiers, and (ii) results from the additional context verification;
  
  a communication interface in which the third party service provider receives the first device unique identifiers and the computed trust score of the first device;
  
  wherein each unique identifier has a respective value indicative of a representative level of trust associated with that unique identifier, the respective value being configured for use as part of the trust score computation by the trust scoring engine; and
  
  if the computing of the first device'"'"'s trust score satisfies a threshold, then the first device is granted access to certain restricted services of the third party service provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 2. A data processing system as in claim 1 wherein if the third party service provider responds to receipt of the device unique identifiers and computed trust score with a message indicating that the calculated trust score did not satisfy a trust score threshold, the trust scoring engine being configured to respond by executing a process that attempts to provide an increased trust score computation.
  - 3. A data processing system as in claim 2 wherein the process that attempts to provide an increased trust score computation includes iteratively processing further additional context verification tests.
  - 4. A data processing system as in claim 1 wherein the unique identifiers are hardware based or software based;
    - andthe trust scoring engine being configured to assign a greater respective value to a hardware based identifier relative to a respective value assigned to a software based identifier.
  - 5. A data processing system as in claim 4 wherein if one of the unique identifiers is a cryptographic key based identifier, the trust scoring engine being configured to assign a greater respective value to the cryptographic key based identifier.
  - 6. A data processing system as in claim 1 wherein if one of the unique identifiers is a browser cookie identifier, the trust scoring engine being configured to assign a lower respective value to the browser cookie identifier.
  - 7. A data processing system as in claim 1 wherein the additional context verification from the first device further includes one or more of the following environmental variables about the device:
    - presence of anti-virus software, whether the first device is a managed self-encrypting drive, whether the first device is operating from a well-known IP address, or an amount of time that the first device has been registered.
  - 8. A data processing system as in claim 7 wherein the amount of time that the first device has been registered is based on the amount of time that the first device has been registered with a device identity server.
  - 9. A data processing system as in claim 7 wherein the amount of time that the first device has been registered is based on the amount of time that at least one of the unique identifiers used in the trust score calculation has been assigned to the first device.
  - 10. A data processing system as in claim 7 further includes:
    - a device identity server, in communication with the first device, configured to execute at least portions of the trust scoring engine; and
      
      the first device identity server configured to communicate with the third party service provider via the communication interface.
  - 11. A data processing system as in claim 1 wherein the additional context verification from the first device further includes satisfaction of a geographic test;
    - andthe trust scoring engine configured to assign a greater confidence value in response to satisfying the geographical test when a determined geographical location from which the first device is operating matches a trusted geographic location associated with the first device.
  - 12. A data processing system as in claim 1 wherein the additional context verification from an operator of the device further includes satisfaction of biometrics test configured to determine whether matching biometrics information is received.
  - 13. A data processing system as in claim 1 wherein the additional context verification from an operator of the device further includes satisfaction of a facial recognition test configured to determine whether an input facial image matches a trusted facial image.
  - 14. A data processing system as in claim 1 wherein the additional context verification from an operator of the device further includes satisfaction of a voice recognition test configured to determine whether an input voice sample satisfies a trusted voice sample.
  - 15. A data processing system as in claim 1 wherein the additional context verification from an operator of the device further includes determining whether an object in an input image matches a trusted object.
  - 16. A data processing system as in claim 1 wherein the additional context verification from an operator of the device further includes successful confirmation of receipt of a URL code embedded in a message.
  - 17. A data processing system as in claim 1 wherein the additional context verification from an operator of the device further includes successful confirmation of receipt of a onetime password.
  - 18. A data processing system as in claim 1 wherein the additional context verification from an operator of the device further includes successful confirmation of a knowledge-based identification challenge.
  - 19. A data processing system as in claim 1 wherein the additional context verification from one or more other devices further includes one or more of:
    - a successful pairing with a trusted device;
      
      successful SMS confirmation via a trusted device;
      
      successful IVR confirmation via a trusted device;
      
      successful HID Global NFC Access Control verification;
      
      or successful verification via trusted wearable computing.
  - 20. A data processing system as in claim 1 wherein the trust scoring engine is configured to decrease the first device'"'"'s computed trust score if there have been changes to the BIOS of the first device.
  - 21. A data processing system as in claim 1 wherein the trust scoring engine is configured to decrease the first device'"'"'s computed trust score if the first device is not operating from a known trusted location.
  - 22. A data processing system as in claim 1 wherein the trust scoring engine is configured to decrease the first device'"'"'s computed trust score if the first device has been reported lost or stolen.
  - 23. A data processing system as in claim 1 wherein the computing of the first device'"'"'s trust score satisfies a threshold when the first device'"'"'s trust score computation is compared against a threshold trust score to determine whether the first device should be granted access to certain restricted services provided by the third party service provider, and if the first device'"'"'s trust score meets or exceeds the threshold, then the first device is granted access to the certain restricted services.
  - 24. A data processing system as in claim 23 wherein trust score threshold is met without requiring any input from an operator of the first device.
  - 25. A data processing system as in claim 1 wherein the trust scoring engine is a device identity agent operating on the first device.
  - 26. A data processing system as in claim 1 wherein the third party service provider responds to the receipt of the first unique identifier and the computed trust score of the first device by requesting additional information about the first device to make additional risk assessments about the first device'"'"'s purported identity.
  - 27. A data processing system as in claim 26 wherein the additional information requested about the first device includes information regarding the trustworthiness of the first unique identifier including (i) a length of time the first unique identifier has been associated with the first device;
    - and (ii) whether the first unique identifier is software or hardware based.
  - 28. A data processing system as in claim 26 wherein the additional information requested about the first device includes a length of time the first device has been known by a device identity server.

29. A computer implemented method of facilitating identification of a first device seeking to communicate with at least one third party service provider, the method comprising:
- receiving a third party service provider request for a unique identifier and trust score computation for the first device;
  
  responding to the third party service provider request by;
  
  communicating with the first device to determine a multitude of unique identifiers associated with the first device;
  
  requesting additional context verification from one or more of;
  
  the first device, an operator of the first device, or one or more other devices;
  
  computing a trust score based on (i) the trustworthiness of the first device unique identifier, and (ii) results from the additional context verification; and
  
  sending the first device unique identifier and computed trust score to the third party service provider; and
  
  wherein each unique identifier has a respective value indicative of a representative level of trust associated with that unique identifier, the respective value being configured for use as part of the trust score computation;
  
  if the computed trust score satisfies a threshold, then the first device is granted access to certain restricted services of the third party service provider.
- View Dependent Claims (30)
- - 30. A computer implemented method as in claim 29 wherein if the third party service provider responds to receipt of the first device unique identifier and computed trust score with a message indicating that the calculated trust score did not satisfy a trust score threshold, responding by executing a process that attempts to provide an increased trust score computation.

31. A computer program product stored on a non-transitory computer readable medium configured to facilitate identification of a first device seeking to communicate with at least one third party service providers, the computer program product having computer readable code that is configured to respond to a request from a third party service provider for a unique identifier and a trust score computation associated with the first device by:
- communicating with the first device to determine a multitude of unique identifiers associated with the first device;
  
  requesting additional context verification from one or more of;
  
  the first device, an operator of the first device, or one or more other devices;
  
  computing a trust score based on (i) the trustworthiness of the first device unique identifier, and (ii) results from the additional context verification;
  
  sending the first device unique identifiers and computed trust score to the third party service provider;
  
  wherein each unique identifier has a respective value indicative of a representative level of trust associated with that unique identifier, the respective value being configured for use as part of the trust score computation; and
  
  if the computing of the first device'"'"'s trust score substantially satisfies a threshold, then the first device is granted access to certain restricted services of the third party service provider.

32. A data processing system configured to facilitate configuration of a device identity verification process, the data processing system comprising:
- a device identity server configured to facilitate computation of a trust score for a first device in response to a request from a third party service provider, the device identity service configured to execute, on one or more computer processors, a device identity verification process responsive to the third party service provider request, where the device identity verification process is configured to;
  
  determine a multitude of unique identifiers associated with the first device, the plurality of unique identifiers being configured for use in the computation process of the trust score for the first device;
  
  send the computed trust score to the third party service provider at which a determination is made as to whether the first trust score computation satisfies a trust score threshold; and
  
  respond to an indication from the third party service provider that the trust score threshold has not been satisfied by executing a multitude of additional verification tests and, iteratively computing respective iterations of a further trust score for the first device based on the satisfaction of the additional verification tests, where each further computed trust score is passed to the third party service provider for determination as to whether the further computed trust score satisfies the trust score threshold;
  
  the additional verification tests being based on data obtained from the first device, an operator of the first device, or one or more other devices;
  
  wherein each unique identifier has a respective value indicative of a representative level of trust associated with that unique identifier, the respective value being configured for use as part of the trust score computation; and
  
  if the computation of the first device'"'"'s trust score satisfies a threshold, then the third party service provider grants access to certain restricted services of the third party service provider.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ESW Holdings, Inc. (ESW Capital, LLC)
Original Assignee
Wave Systems Corporation
Inventors
Sprague, Michael, Sprague, Steven, Thibadeau, Robert
Primary Examiner(s)
Poltorak, Peter

Application Number

US14/066,870
Publication Number

US 20150089568A1
Time in Patent Office

902 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 2221/2103   Challenge-response

H04L 2463/082   applying multi-factor authe...

H04L 63/06   for supporting key manageme...

H04L 63/0838   using one-time-passwords

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

H04L 63/0876   based on the identity of th...

H04L 63/107   wherein the security polici...

H04L 63/126   the source of the received ...

Device identification scoring

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

133 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Device identification scoring

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

133 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links