Cryptographic security functions based on anticipated changes in dynamic minutiae
First Claim
1. A cryptography system comprising:
- a non-transitory memory storing information associated with one or more identities, wherein the information stored for an identity includes (a) data values associated with that identity; and
(b) information regarding anticipated changes to one or more of the stored data values associated with that identity, wherein at least one anticipated change to a stored data value associated with the identity is based on anticipated usage of a device, anticipated user customizations to a device, anticipated changes based on industry updates, anticipated biometric measurement changes, or anticipated changes to user secrets;
one or more hardware processors in communication with the memory and configured to execute instructions to cause the cryptography system to validate the use of an identity by the device by performing operations comprising;
generating a challenge to the device, wherein the challenge prompts the device to
1) build a cryptographic key based on two or more data values from the device that correspond to two or more of the stored data values associated with the identity, and
2) form a response to the challenge based on the cryptographic key and the challenge;
receiving, from the device, the response to the challenge;
using the stored information regarding anticipated changes to the stored data values associated with the identity to build one or more additional cryptographic keys;
determining whether the response is allowable according to whether any of the additional cryptographic keys correspond to the cryptographic key used by the device to form the response; and
validating the use of the identity by the device according to whether the device has provided an allowable response to the challenge.
1 Assignment
0 Petitions
Accused Products
Abstract
Dynamic key cryptography validates mobile device users to cloud services by uniquely identifying the user'"'"'s electronic device using a very wide range of hardware, firmware, and software minutiae, user secrets, and user biometric values found in or collected by the device. Processes for uniquely identifying and validating the device include: selecting a subset of minutia from a plurality of minutia types; computing a challenge from which the user device can form a response based on the selected combination of minutia; computing a set of pre-processed responses that covers a range of all actual responses possible to be received from the device if the combination of the particular device with the device'"'"'s collected actual values of minutia is valid; receiving an actual response to the challenge from the device; determining whether the actual response matches any of the pre-processed responses; and providing validation, enabling authentication, data protection, and digital signatures.
-
Citations
23 Claims
-
1. A cryptography system comprising:
-
a non-transitory memory storing information associated with one or more identities, wherein the information stored for an identity includes (a) data values associated with that identity; and
(b) information regarding anticipated changes to one or more of the stored data values associated with that identity, wherein at least one anticipated change to a stored data value associated with the identity is based on anticipated usage of a device, anticipated user customizations to a device, anticipated changes based on industry updates, anticipated biometric measurement changes, or anticipated changes to user secrets;one or more hardware processors in communication with the memory and configured to execute instructions to cause the cryptography system to validate the use of an identity by the device by performing operations comprising; generating a challenge to the device, wherein the challenge prompts the device to
1) build a cryptographic key based on two or more data values from the device that correspond to two or more of the stored data values associated with the identity, and
2) form a response to the challenge based on the cryptographic key and the challenge;receiving, from the device, the response to the challenge; using the stored information regarding anticipated changes to the stored data values associated with the identity to build one or more additional cryptographic keys; determining whether the response is allowable according to whether any of the additional cryptographic keys correspond to the cryptographic key used by the device to form the response; and validating the use of the identity by the device according to whether the device has provided an allowable response to the challenge. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A cryptography system comprising:
-
a non-transitory memory storing information associated with one or more identities, wherein the information stored for an identity includes (a) data values associated with that identity; and
(b) information regarding anticipated changes to one or more of the stored data values associated with that identity, wherein at least one anticipated change to a stored data value associated with the identity is based on anticipated usage of a device, anticipated user customizations to a device, anticipated changes based on industry updates, anticipated biometric measurement changes, or anticipated changes to user secrets;one or more hardware processors in communication with the memory and configured to execute instructions to cause the cryptography system to validate the use of an identity, by performing operations comprising; receiving, from the device, one or more communications comprising an identity validation request, wherein the identity validation request is formed based on a cryptographic key, and wherein the cryptographic key is based on two or more data values from the device that correspond to two or more of the stored data values associated with the identity; using the stored information regarding anticipated changes to the stored data values associated with the identity to build one or more additional cryptographic keys; and validating the identity according to whether any of the additional cryptographic keys correspond to the cryptographic key used by the device to form the identity validation request.
-
-
23. A cryptography system comprising:
-
a non-transitory memory storing information associated with one or more identities, wherein the information stored for an identity includes (a) data values associated with that identity; and
(b) information regarding anticipated changes to one or more of the stored data values associated with that identity, wherein at least one anticipated change to a stored data value associated with the identity is based on anticipated usage of a device, anticipated user customizations to a device, anticipated changes based on industry updates, anticipated biometric measurement changes, or anticipated changes to user secrets;one or more hardware processors in communication with the memory and configured to execute instructions to cause the cryptography system to recognize that the presentation of identity information is authentic by performing operations comprising; receiving, from the device, a communication comprising an identity claim comprising identity information, wherein the identity claim is based on two or more data values from the device, and wherein at least two of the data values upon which the communication is based
1) correspond to stored data values for the identity, and
2) are used to build a cryptographic key;using the stored information regarding anticipated changes to the stored data values associated with the identity to build one or more additional cryptographic keys; determining whether the communication received from the device is sufficient to recognize that the identity claim is allowable according to whether any of the additional cryptographic keys correspond to the cryptographic key used by the device to form the identity claim; and recognizing that the presentation of identity information by the device is authentic, according to whether the device has provided an allowable identity claim.
-
Specification