Systems and methods for creating fingerprints of encryption devices
First Claim
1. A computer system for creating a fingerprint for a device, the computer system comprising the device operatively connected to a device management system, the device management system comprising at least one processor operatively coupled to at least one database, the at least one processor configured for:
- receiving a first payload from the device, the first payload comprising data in a particular format, a device indicator comprising a unique identifier used for identifying the device, and an indication of a version of firmware running on the device;
creating the fingerprint for the device, the fingerprint comprising a section format for each of one or more distinct sections of the particular format in a particular order and the indication of the version of the firmware running on the device;
storing a record of the fingerprint for the device and the unique identifier at the at least one database;
parsing the particular format of the first payload into the one or more distinct sections of the particular format;
determining the section format of each of the one or more distinct sections;
creating a record of the section format of each of the one or more distinct sections in the particular order; and
comparing a format of each subsequent payload received from the device to the fingerprint for the device to determine whether the device has been compromised.
6 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for creating fingerprints for encryption devices are described herein. In various embodiments, the system includes an encryption device operatively connected to a device management system. According to particular embodiments, the device management system: 1) receives a first payload from the encryption device, the first payload including data in a particular format; 2) creates a fingerprint for the encryption device, the fingerprint including a section format for each of one or more distinct sections of the particular format; 3) storing a record of the fingerprint for the encryption device and the unique identifier at the at least one database; and 4) comparing a format of each subsequent payload received from the encryption device to the fingerprint for the device to determine whether the device has been compromised.
-
Citations
18 Claims
-
1. A computer system for creating a fingerprint for a device, the computer system comprising the device operatively connected to a device management system, the device management system comprising at least one processor operatively coupled to at least one database, the at least one processor configured for:
-
receiving a first payload from the device, the first payload comprising data in a particular format, a device indicator comprising a unique identifier used for identifying the device, and an indication of a version of firmware running on the device; creating the fingerprint for the device, the fingerprint comprising a section format for each of one or more distinct sections of the particular format in a particular order and the indication of the version of the firmware running on the device; storing a record of the fingerprint for the device and the unique identifier at the at least one database; parsing the particular format of the first payload into the one or more distinct sections of the particular format; determining the section format of each of the one or more distinct sections; creating a record of the section format of each of the one or more distinct sections in the particular order; and comparing a format of each subsequent payload received from the device to the fingerprint for the device to determine whether the device has been compromised. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer system for creating a fingerprint for a device, the computer system comprising the device operatively connected to a device management system, the device management system comprising at least one processor operatively coupled to at least one database, the at least one processor configured for:
-
receiving payloads from a particular device, each payload comprising encrypted and unencrypted data in a format; the first payload from a particular device comprising a device indicator comprising a unique identifier used for identifying the device and an indication of a version of firmware running on the device; creating the fingerprint for the device, the fingerprint comprising a section format for each of one or more distinct sections of the particular format in a particular order and the indication of the version of the firmware running on the device, creating the fingerprint for the device comprising; parsing the particular format of the first payload into the one or more distinct sections of the particular format; determining the section format of each of the one or more distinct sections; and creating a record of the section format of each of the one or more distinct sections in the particular order; comparing the format of each payload from the particular device to the fingerprint associated with the particular device; and upon determining that the format of a particular payload of the payloads received from the particular device does not match the fingerprint associated with the particular device, declining to decrypt the encrypted data of the particular payload and transmitting a notification of declining to decrypt the encrypted data to a user computing system associated with a user. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer-implemented method for creating a fingerprint for a device, the method comprising:
-
providing a device capable of encrypting data; providing a computer system operatively coupled to the device, the computer system comprising; a decrypting means for decrypting data received from the device; a fingerprint creation means for creating a fingerprint associated with the device; at least one database; and at least one processor operatively coupled to the decrypting means, the fingerprint creation means, and the at least one database; receiving, by the at least one processor, a first payload from the device, the first payload comprising data in a particular format, a device indicator comprising a unique identifier used for identifying the device, an indication of the version of the firmware running on the device, and encrypted data; creating, by the fingerprint creation means, a fingerprint for the device, the fingerprint comprising a section format for each of one or more distinct sections of the particular format in a particular order and the indication of the version of the firmware running on the device; creating the fingerprint for the device further comprising parsing the particular format of the first payload into the one or more distinct sections of the particular format, determining the section format of each of the one or more distinct sections, and creating a record of the section format of each of the one or more distinct sections in the particular order; storing a record of the fingerprint for the device and the unique identifier at the at least one database and changing a state of the device to active by the at least one processor; comparing, by the at least one processor, a second particular format of a subsequent payload received from the device to the fingerprint for the device to determine whether the device has been compromised; and upon determining that the device has not been compromised, decrypting, by the decrypting means, encrypted data of the subsequent payload. - View Dependent Claims (17, 18)
-
Specification