Cryptographic security functions based on anticipated changes in dynamic minutiae

US 9,559,852 B2
Filed: 03/18/2016
Issued: 01/31/2017
Est. Priority Date: 02/03/2011
Status: Active Grant

- Alert
- Pin

First Claim

Patent Images

1. An identity recognition system comprising:

a non-transitory memory storing information associated with one or more identities, wherein the information stored for an identity includes (a) data values associated with that identity; and

(b) information regarding anticipated changes to one or more of the stored data values associated with that identity;

one or more hardware processors in communication with the memory and configured to execute instructions to cause the identity recognition system to recognize that the presentation of identity information by a computer is authentic, by performing operations comprising;

generating a challenge to the computer, wherein the challenge prompts the computer to provide a response based on one or more data values from the computer that correspond to one or more of the stored data values associated with the identity;

receiving, from the computer, the response to the challenge;

determining whether the response is allowable, wherein such determining comprises using the stored information regarding anticipated changes to the stored data values associated with the identity to determine whether a data value used to form the response is based on an acceptable change to a corresponding stored data value; and

recognizing that the presentation of identity information by the computer is authentic, according to whether the computer has provided an allowable response to the challenge.

View all claims

1 Assignment

Timeline View

Assignment View

Litigations

1 Petition

Accused Products

Abstract

Dynamic key cryptography validates mobile device users to cloud services by uniquely identifying the user'"'"'s electronic device using a very wide range of hardware, firmware, and software minutiae, user secrets, and user biometric values found in or collected by the device. Processes for uniquely identifying and validating the device include: selecting a subset of minutia from a plurality of minutia types; computing a challenge from which the user device can form a response based on the selected combination of minutia; computing a set of pre-processed responses that covers a range of all actual responses possible to be received from the device if the combination of the particular device with the device'"'"'s collected actual values of minutia is valid; receiving an actual response to the challenge from the device; determining whether the actual response matches any of the pre-processed responses; and providing validation, enabling authentication, data protection, and digital signatures.

Citations

25 Claims

1. An identity recognition system comprising:
- a non-transitory memory storing information associated with one or more identities, wherein the information stored for an identity includes (a) data values associated with that identity; and
  
  (b) information regarding anticipated changes to one or more of the stored data values associated with that identity;
  
  one or more hardware processors in communication with the memory and configured to execute instructions to cause the identity recognition system to recognize that the presentation of identity information by a computer is authentic, by performing operations comprising;
  
  generating a challenge to the computer, wherein the challenge prompts the computer to provide a response based on one or more data values from the computer that correspond to one or more of the stored data values associated with the identity;
  
  receiving, from the computer, the response to the challenge;
  
  determining whether the response is allowable, wherein such determining comprises using the stored information regarding anticipated changes to the stored data values associated with the identity to determine whether a data value used to form the response is based on an acceptable change to a corresponding stored data value; and
  
  recognizing that the presentation of identity information by the computer is authentic, according to whether the computer has provided an allowable response to the challenge.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. The identity recognition system of claim 1, wherein the identity is associated with the computer and is a user identity or a device identity.
  - 3. The identity recognition system of claim 1, wherein the challenge prompts a response based on one or more user minutia data values.
  - 4. The identity recognition system of claim 3, wherein the operation of determining whether the response is allowable includes evaluating whether at least a portion of the response is based on one or more acceptable changes to a user minutia data value.
  - 5. The identity recognition system of claim 4, wherein the user minutia data values used to determine whether the response is allowable comprise user secrets, user customization, entertainment data, bio-metric data, or contacts.
  - 6. The identity recognition system of claim 4, wherein the user minutia data values used to determine whether the response is allowable comprise calling app data, geo-location data, frequently called phone numbers, email, or network connection data.
  - 7. The identity recognition system of claim 1, wherein a stored data value is used to generate at least a portion of the challenge, and wherein the determining operation comprises evaluating whether the data value used to form the response is the same as the stored data value.
  - 8. The identity recognition system of claim 1, wherein a change to the stored data value is acceptable when the data value used to form the response is within a set of acceptable values for the stored data value that are determined independently from receiving the response from the computer.
  - 9. The identity recognition system of claim 8, wherein the set of acceptable values includes one or more values based on anticipated changes to the data value.
  - 10. The identity recognition system of claim 8, wherein the set of acceptable values includes one or more values based on anticipated changes to the data value, based on industry updates to hardware, firmware, or software elements.
  - 11. The identity recognition system of claim 8, wherein the set of acceptable values includes one or more values based on an anticipated user customization of the computer.
  - 12. The identity recognition system of claim 8, wherein the set of acceptable values includes one or more values based on an anticipated usage of the computer by a user.
  - 13. The identity recognition system of claim 1, further comprising the operations of:
    - in response to determining that the response is based on an acceptable change to a data value associated with the identity, updating the memory to reflect the changed data value.
  - 14. The identity recognition system of claim 1, wherein the operation of determining whether the response is allowable further comprises comparing the received response to a member of a set of two or more allowable responses.
  - 15. The identity recognition system of claim 14, wherein the set of allowable responses is computed before the determining operation is performed.
  - 16. The identity recognition system of claim 14, wherein the set of allowable responses is computed concurrently with the determining operation being performed.
  - 17. The identity recognition system of claim 1, wherein the determining operation further comprises generating a rating of the allowability of the response, based on the stored data value and one or more changes to the stored data values.
  - 18. The identity recognition system of claim 17, wherein the rating of the allowability of the response is based on a comparison of a data value upon which the response is based to one or more anticipated changes to the stored data values associated with the identity to be recognized.
  - 19. The identity recognition system of claim 18, wherein the rating of the allowability of the response is varied based on whether the response is based at least in part on one or more anticipated changes to the stored data values.
  - 20. The identity recognition system of claim 1, wherein the operation of recognizing that the presentation of identity information by the computer is authentic provides a basis for one or more of:
    - authenticating a device, authenticating a user, validating a software program or an application, providing data protection of data transmitted to or from a device, or generating a digital signature of a message digest.
  - 21. The identity recognition system of claim 1, wherein the response does not contain any data values reflecting personally identifiable information.
  - 22. The system of claim 1, further comprising using information from the allowable response to update the stored information regarding anticipated changes to the stored data values associated with the identity.
  - 23. The system of claim 1, further comprising using information from the allowable response to update the corresponding stored data value and the stored information regarding anticipated changes to the stored data values associated with the identity.

24. An identity recognition system comprising:
- a non-transitory memory storing information associated with one or more identities, wherein the information stored for an identity includes (a) data values associated with that identity;
  
  one or more hardware processors in communication with the memory and configured to execute instructions to cause the identity recognition system to recognize that the presentation of identity information by a computer is authentic, by performing operations comprising;
  
  generating a challenge, wherein the challenge originates at the computer and prompts the computer to transmit an identity claim comprising identity information;
  
  receiving, from the computer, one or more communications comprising the identity claim comprising identity information, wherein at least a portion of the identity claim is formed based on one or more data values from the computer, and wherein at least one of the data values used to form the identity claim corresponds to a stored data value;
  
  determining whether the one or more communications received from the computer are sufficient to recognize that the identity claim is allowable, wherein such determining comprises using the stored information regarding anticipated changes to the stored data values to determine whether a data value used to form the identity claim is based on an acceptable change to a corresponding stored data value associated with the identity; and
  
  recognizing that the presentation of identity information by the computer is authentic, according to whether the computer has provided an allowable identity claim in response to the challenge.

25. An identity recognition system comprising:
- a non-transitory memory storing information associated with one or more identities, wherein the information stored for an identity includes (a) data values associated with that identity; and
  
  (b) information regarding anticipated changes to one or more of the stored data values associated with that identity;
  
  one or more hardware processors in communication with the memory and configured to execute instructions to cause the identity recognition system to recognize that the presentation by a first computer of an identity claim is authentic, by performing operations comprising;
  
  generating a challenge, wherein the challenge originates at a second computer distinct from the first computer and prompts the first computer to transmit an identity claim comprising identity information;
  
  receiving, from the first computer, a communication comprising the identity claim comprising identity information, wherein the identity claim is based on one or more data values from the first computer, and wherein at least one of the data values upon which the communication is based corresponds to a stored data value for the identity;
  
  determining whether the communication received from the first computer is sufficient to recognize that the identity claim is allowable, wherein such determining comprises using the stored information regarding anticipated changes to the stored data values to determine whether a data value upon which the communication is based reflects an acceptable change to a corresponding stored data value associated with the identity; and
  
  recognizing that the presentation of identity information by the first computer is authentic, according to whether the first computer has provided an allowable identity claim in response to the challenge.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
mSIGNIA, Inc.
Original Assignee
mSIGNIA, Inc.
Inventors
Miller, Paul Timothy, Tuvell, George Allen
Primary Examiner(s)
HO, DAO Q

Application Number

US15/075,066
Publication Number

US 20160261416A1
Time in Patent Office

319 Days
Field of Search

380/255
US Class Current

1/1
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0457   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/0876   based on the identity of th...

H04L 9/0861   Generation of secret inform...

H04L 9/0866   involving user or device id...

H04L 9/0872   using geo-location informat...

H04L 9/16   the keys or algorithms bein...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

Cryptographic security functions based on anticipated changes in dynamic minutiae

First Claim

1 Assignment

Litigations

1 Petition

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic security functions based on anticipated changes in dynamic minutiae

First Claim

1 Assignment

Subscription Required

Subscription Required

Litigations

1 Petition

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links