Systems and methods for creating fingerprints of encryption devices

US 9,355,374 B2
Filed: 01/07/2015
Issued: 05/31/2016
Est. Priority Date: 03/19/2014
Status: Active Grant

First Claim

Patent Images

1. A computer system for creating a fingerprint for a device, the computer system comprising the device operatively connected to a device management system, the device management system comprising at least one processor operatively coupled to at least one database, the at least one processor configured for:

receiving a first payload from the device, the first payload comprising data in a particular format, a device indicator comprising a unique identifier used for identifying the device, and an indication of a version of firmware running on the device;

creating the fingerprint for the device, the fingerprint comprising a section format for each of one or more distinct sections of the particular format in a particular order and the indication of the version of the firmware running on the device;

storing a record of the fingerprint for the device and the unique identifier at the at least one database;

parsing the particular format of the first payload into the one or more distinct sections of the particular format;

determining the section format of each of the one or more distinct sections;

creating a record of the section format of each of the one or more distinct sections in the particular order; and

comparing a format of each subsequent payload received from the device to the fingerprint for the device to determine whether the device has been compromised.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for creating fingerprints for encryption devices are described herein. In various embodiments, the system includes an encryption device operatively connected to a device management system. According to particular embodiments, the device management system: 1) receives a first payload from the encryption device, the first payload including data in a particular format; 2) creates a fingerprint for the encryption device, the fingerprint including a section format for each of one or more distinct sections of the particular format; 3) storing a record of the fingerprint for the encryption device and the unique identifier at the at least one database; and 4) comparing a format of each subsequent payload received from the encryption device to the fingerprint for the device to determine whether the device has been compromised.

Citations

18 Claims

1. A computer system for creating a fingerprint for a device, the computer system comprising the device operatively connected to a device management system, the device management system comprising at least one processor operatively coupled to at least one database, the at least one processor configured for:
- receiving a first payload from the device, the first payload comprising data in a particular format, a device indicator comprising a unique identifier used for identifying the device, and an indication of a version of firmware running on the device;
  
  creating the fingerprint for the device, the fingerprint comprising a section format for each of one or more distinct sections of the particular format in a particular order and the indication of the version of the firmware running on the device;
  
  storing a record of the fingerprint for the device and the unique identifier at the at least one database;
  
  parsing the particular format of the first payload into the one or more distinct sections of the particular format;
  
  determining the section format of each of the one or more distinct sections;
  
  creating a record of the section format of each of the one or more distinct sections in the particular order; and
  
  comparing a format of each subsequent payload received from the device to the fingerprint for the device to determine whether the device has been compromised.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer system of claim 1, wherein the at least one processor is further configured for, upon determining that the device has been compromised, changing a state of the device to indicate the device is compromised.
  - 3. The computer system of claim 2, wherein the at least one processor is further configured for only decrypting payloads of devices with states indicating they have not been compromised.
  - 4. The computer system of claim 1, wherein comparing the format of each subsequent payload received from the device to the fingerprint for the device to determine whether the device has been compromised comprises:
    - receiving a second payload from the device, the second payload comprising second data in a second particular format and a second device indicator, the second device indicator comprising a second unique identifier used for identifying the device;
      
      retrieving the fingerprint from the at least one database based on the second device indicator; and
      
      comparing the second particular format to the fingerprint to determine whether the device has been compromised.
  - 5. The computer system of claim 4, wherein comparing the second particular format to the fingerprint to determine whether the device has been compromised comprises comparing the second format of each of one or more distinct sections of the second particular format to the section format for each of one or more distinct sections of the fingerprint.
  - 6. The computer system of claim 5, wherein the at least one processor is further configured for, upon determining that the device has been compromised, transmitting a message to a user indicating that the device has been compromised.
  - 7. The computer system of claim 6, wherein the at least one processor is further configured for, upon determining that the device has been compromised, disregarding the second payload without decrypting any data.

8. A computer system for creating a fingerprint for a device, the computer system comprising the device operatively connected to a device management system, the device management system comprising at least one processor operatively coupled to at least one database, the at least one processor configured for:
- receiving payloads from a particular device, each payload comprising encrypted and unencrypted data in a format;
  
  the first payload from a particular device comprising a device indicator comprising a unique identifier used for identifying the device and an indication of a version of firmware running on the device;
  
  creating the fingerprint for the device, the fingerprint comprising a section format for each of one or more distinct sections of the particular format in a particular order and the indication of the version of the firmware running on the device, creating the fingerprint for the device comprising;
  
  parsing the particular format of the first payload into the one or more distinct sections of the particular format;
  
  determining the section format of each of the one or more distinct sections; and
  
  creating a record of the section format of each of the one or more distinct sections in the particular order;
  
  comparing the format of each payload from the particular device to the fingerprint associated with the particular device; and
  
  upon determining that the format of a particular payload of the payloads received from the particular device does not match the fingerprint associated with the particular device, declining to decrypt the encrypted data of the particular payload and transmitting a notification of declining to decrypt the encrypted data to a user computing system associated with a user.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The computer system of claim 8, wherein the at least one processor is further configured for, upon determining that the format of the particular payload of the payloads received from the particular device does not match the fingerprint associated with the particular device, changing a status associated with the particular device from active to tampered.
  - 10. The computer system of claim 8, wherein each payload from the particular device includes one or more segments of data in a particular order.
  - 11. The computer system of claim 10, wherein each of the one or more segments of data included in the payload from the particular device is in a particular format.
  - 12. The computer system of claim 11, wherein the particular format for a particular segment of the one or more segments is a character format.
  - 13. The computer system of claim 12, wherein the particular format for a second particular segment of the one or more segments is a hexadecimal format.
  - 14. The computer system of claim 8, wherein the at least one processor is further configured for:
    - receiving payloads from a second particular device, each payload comprising encrypted and unencrypted data in a second format;
      
      comparing the second format of each payload from the second particular device to a second fingerprint associated with the second particular device; and
      
      upon determining that the format of a second particular payload of the payloads received from the second particular device does not match the second fingerprint associated with the second particular device, declining to decrypt the encrypted data of the second particular payload and transmitting a notification of declining to decrypt the encrypted data to a second computing system associated with a second user.
  - 15. The computer system of claim 14, wherein the fingerprint and the second fingerprint are not the same fingerprint.

16. A computer-implemented method for creating a fingerprint for a device, the method comprising:
- providing a device capable of encrypting data;
  
  providing a computer system operatively coupled to the device, the computer system comprising;
  
  a decrypting means for decrypting data received from the device;
  
  a fingerprint creation means for creating a fingerprint associated with the device;
  
  at least one database; and
  
  at least one processor operatively coupled to the decrypting means, the fingerprint creation means, and the at least one database;
  
  receiving, by the at least one processor, a first payload from the device, the first payload comprising data in a particular format, a device indicator comprising a unique identifier used for identifying the device, an indication of the version of the firmware running on the device, and encrypted data;
  
  creating, by the fingerprint creation means, a fingerprint for the device, the fingerprint comprising a section format for each of one or more distinct sections of the particular format in a particular order and the indication of the version of the firmware running on the device;
  
  creating the fingerprint for the device further comprising parsing the particular format of the first payload into the one or more distinct sections of the particular format, determining the section format of each of the one or more distinct sections, and creating a record of the section format of each of the one or more distinct sections in the particular order;
  
  storing a record of the fingerprint for the device and the unique identifier at the at least one database and changing a state of the device to active by the at least one processor;
  
  comparing, by the at least one processor, a second particular format of a subsequent payload received from the device to the fingerprint for the device to determine whether the device has been compromised; and
  
  upon determining that the device has not been compromised, decrypting, by the decrypting means, encrypted data of the subsequent payload.
- View Dependent Claims (17, 18)
- - 17. The computer-implemented method of claim 16, the method further comprising the steps of:
    - receiving, by the at least one processor, the subsequent payload from the device, the subsequent payload comprising data in the second particular format and the device indicator; and
      
      retrieving, by the at least one processor, the fingerprint from the at least one database for comparing the second particular format to the fingerprint.
  - 18. The computer-implemented method of claim 17, the method further comprising the steps of, upon determining that the device has been compromised, declining, by the at least one processor, to decrypt the encrypted data of the subsequent payload.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bluefin Payment Systems LLC
Original Assignee
Bluefin Payment Systems LLC
Inventors
Barnett, Timothy William, Kasatkin, Alexander I., Miyata, Christopher Hozumi
Primary Examiner(s)
Patel, Haresh N

Application Number

US14/591,223
Publication Number

US 20150270961A1
Time in Patent Office

510 Days
Field of Search

713/168, 713/171, 713/189
US Class Current

1/1
CPC Class Codes

G06F 11/0766   Error or fault reporting or...

G06F 16/23   Updating

G06F 16/2379   Updates performed during on...

G06F 16/955   using information identifie...

G06F 21/44   Program or device authentic...

G06F 21/602   Providing cryptographic fac...

G06F 21/6227   where protection concerns t...

G06F 21/6245   Protecting personal data, e...

G06F 21/73   by creating or determining ...

G06F 21/77   in smart cards

G06Q 10/00   Administration; Management

G06Q 10/10   Office automation; Time man...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/223   based on the use of peer-to...

G06Q 20/382   insuring higher security of...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/401   Transaction verification

G06Q 20/4014   Identity check for transact...

G06Q 20/409   Device specific authenticat...

G06Q 2220/00   Business processing using c...

G06Q 2220/10 : Usage protection of distrib...

G16H 10/60 : for patient-specific data, ...

H04L 2209/24 : Key scheduling, i.e. genera...

H04L 2209/56 : Financial cryptography, e.g...

H04L 2209/60 : Digital content management,...

H04L 2209/80 : Wireless

H04L 63/0428 : wherein the data content is...

H04L 63/0435 : wherein the sending and rec...

H04L 63/061 : for key exchange, e.g. in p...

H04L 63/08 : for authentication of entit...

H04L 63/0876 : based on the identity of th...

H04L 63/12 : Applying verification of th...

H04L 63/123 : received data contents, e.g...

H04L 63/20 : for managing network securi...

H04L 9/0861 : Generation of secret inform...

H04L 9/0877 : using additional device, e....

H04L 9/14 : using a plurality of keys o...

H04L 9/3226 : using a predetermined code,...

H04L 9/3234 : involving additional secure...

View All

Systems and methods for creating fingerprints of encryption devices

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for creating fingerprints of encryption devices

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links