Device notarization

US 9,560,046 B2
Filed: 11/07/2014
Issued: 01/31/2017
Est. Priority Date: 11/07/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

generating a first concatenated value at a client device, during notarization of the client device to use an application, wherein the generating comprises concatenating a first device tamper (DT) value and a first application tamper (AT) value; and

generating a first transaction data signature (TDS) at the client device, wherein the generating of the first TDS comprises applying the first concatenated value to an authentication generation (AG) module, wherein the first DT value is generated by running a DT check on the client device and the first AT value is generated by running an AT check on the application, and the first DT value and the first AT value each comprise a hash value.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for device notarization and verification are provided. In one implementation, various integrity values are concatenated to generate a concatenated value that is used to generate a transaction data signature (TDS). In one implementation, the concatenated value is a concatenation of a device value, an application value, an application encryption (AE) module value, and an authentication generation (AG) module value. The TDS or notarization code is generated by applying the concatenated value to the AG module. In one implementation, subsequent use of the application on the device involves generation of a new TDS, which is compared against the notarization code to determine whether use of the application on the device is authorized. In one implementation, the AE module and the AG module are seeded with a seed value which includes a device value, an application value, a user specific value, and a pseudo random number.

32 Citations

View as Search Results

18 Claims

1. A method comprising:
- generating a first concatenated value at a client device, during notarization of the client device to use an application, wherein the generating comprises concatenating a first device tamper (DT) value and a first application tamper (AT) value; and
  
  generating a first transaction data signature (TDS) at the client device, wherein the generating of the first TDS comprises applying the first concatenated value to an authentication generation (AG) module, wherein the first DT value is generated by running a DT check on the client device and the first AT value is generated by running an AT check on the application, and the first DT value and the first AT value each comprise a hash value.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the generating of the first concatenated value further comprises concatenating an application encryption (AE) value and an AG value with the first DT value and the first AT value.
  - 3. The method of claim 2, wherein the AE value is for an AE module that is seeded with the DT value, the AT value, a user specific value, and a pseudo random number, further wherein the AG value is for the AG module, wherein the AG module is seeded with the DT value, the AT value, the user specific value, and the pseudo random number.
  - 4. The method of claim 3, wherein the AG module is a two factor authentication generation module.
  - 5. The method of claim 1 further comprising:
    - providing the first TDS and the first concatenated value to a notarization server.
  - 6. The method of claim 1 further comprising:
    - generating a second concatenated value at a client device, wherein the generating comprises concatenating a second DT value and a second AT value; and
      
      generating a second TDS at the client device, wherein the generating the second TDS comprises applying the second concatenated value to the AG module.
  - 7. The method of claim 6 further comprising:
    - providing the second TDS and the second concatenated value to a notarization server.

8. A method comprising:
- receiving a first transaction data signature (TDS) at a server, wherein the first TDS is generated during notarization of a client device to use an application at the client device by applying a first concatenated value to an authentication generation (AG) module, wherein the first concatenated value comprises a first device tamper (DT) value, a first application tamper (AT) value, a first application encryption (AE) value and a first AG value, wherein the DT and AT values each comprise a hash value;
  
  receiving the first concatenated value at the server;
  
  generating, at the server, a second TDS by using the first concatenated value; and
  
  comparing the first TDS and the second TDS.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8 further comprising:
    - if the first TDS matches the second TDS, indicating that the client device is notarized; and
      
      if the first TDS does not match the second TDS, indicating that the client device is not notarized.
  - 10. The method of claim 8 further comprising:
    - receiving a third TDS at the server, wherein the third TDS is generated at the client device by applying a second concatenated value to the AG module, wherein the second concatenated value comprises a second DT value, a second AT value, a second AE value, and a second AG value;
      
      comparing the first TDS and the third TDS; and
      
      if the first TDS matches the third TDS, indicating that the client device is verified; and
      
      if the first TDS does not match the third TDS, indicating that the client device is not verified.
  - 11. The method of claim 10 further comprising:
    - receiving the second concatenated value at the server;
      
      generating, at the server, a fourth TDS by using the second concatenated value;
      
      comparing the first TDS and the fourth TDS; and
      
      if the first TDS matches the fourth TDS, indicating that the client device is verified; and
      
      if the first TDS does not match the fourth TDS, indicating that the client device is not verified.
  - 12. The method of claim 8 further comprising:
    - issuing a seeded AE module to the client device, wherein the seeded AE module is seeded with the first DT value, the first AT value, a user specific value, and a pseudo random number; and
      
      registering the seeded AE module to the client device and user.
  - 13. The method of claim 8 further comprising:
    - issuing a seeded AG module to the client device, wherein the seeded AG module is seeded with the first DT value, the first AT value, a user specific value, and a pseudo random number; and
      
      registering the seeded AG module to the client device and user.
  - 14. The method of claim 13, wherein the generating the second TDS comprises applying the first concatenation value to the seeded AG module.

15. A non-transitory computer readable medium including computer executable code, which, when executed on a computer, cause the computer to perform a method comprising:
- generating a first concatenated value at a client device during notarization of the client device to use an application, wherein the generating comprises concatenating a first device tamper (DT) value generated by running a DT check on the client device with a first application tamper (AT) value generated by running an AT check on the application, wherein the first DT value and the first AT value comprise hash values; and
  
  generating a first transaction data signature (TDS) at the client device, wherein the generating of the first TDS comprises applying the first concatenated value to an authentication generation (AG) module.
- View Dependent Claims (16, 17, 18)
- - 16. The non-transitory computer readable medium of claim 15, wherein the generating of the first concatenated value further comprises concatenating an application encryption (AE) value and an AG value with the first DT value and the first AT value.
  - 17. The non-transitory computer readable medium of claim 15, wherein the AE value is for an AE module that is seeded with the DT value, the AT value, a user specific value, and a pseudo random number, further wherein the AG value is for the AG module, wherein the AG module is seeded with the DT value, the AT value, the user specific value, and the pseudo random number.
  - 18. The non-transitory computer readable medium of claim 17, wherein the AG module is a two factor AG module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kaiser Foundation Hospitals (Kaiser Permanente Inc.)
Original Assignee
Kaiser Foundation Hospitals (Kaiser Permanente Inc.)
Inventors
Hughes, Alexander Z.
Primary Examiner(s)
LEE, JASON T

Application Number

US14/536,353
Publication Number

US 20160134626A1
Time in Patent Office

816 Days
Field of Search

713/168, 713/171, 726/7
US Class Current

1/1
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

H04L 63/0435   wherein the sending and rec...

H04L 63/08   for authentication of entit...

H04L 63/0869   for achieving mutual authen...

H04L 63/126   the source of the received ...

Device notarization

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

32 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Device notarization

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links