Cryptographic security functions based on anticipated changes in dynamic minutiae

US 9,722,804 B2
Filed: 03/21/2016
Issued: 08/01/2017
Est. Priority Date: 02/03/2011
Status: Active Grant

First Claim

Patent Images

1. A cryptography system comprising:

a non-transitory memory storing information associated with one or more identities, wherein the information stored for an identity includes (a) data values associated with that identity; and

(b) information regarding anticipated changes to one or more of the stored data values associated with that identity, wherein at least one anticipated change to a stored data value associated with the identity is based on anticipated usage of a device, anticipated user customizations to a device, anticipated changes based on industry updates, anticipated biometric measurement changes, or anticipated changes to user secrets;

one or more hardware processors in communication with the memory and configured to execute instructions to cause the cryptography system to validate the use of an identity by the device by performing operations comprising;

generating a challenge to the device, wherein the challenge prompts the device to

1) build a cryptographic key based on two or more data values from the device that correspond to two or more of the stored data values associated with the identity, and

2) form a response to the challenge based on the cryptographic key and the challenge;

receiving, from the device, the response to the challenge;

using the stored information regarding anticipated changes to the stored data values associated with the identity to build one or more additional cryptographic keys;

determining whether the response is allowable according to whether any of the additional cryptographic keys correspond to the cryptographic key used by the device to form the response; and

validating the use of the identity by the device according to whether the device has provided an allowable response to the challenge.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Dynamic key cryptography validates mobile device users to cloud services by uniquely identifying the user'"'"'s electronic device using a very wide range of hardware, firmware, and software minutiae, user secrets, and user biometric values found in or collected by the device. Processes for uniquely identifying and validating the device include: selecting a subset of minutia from a plurality of minutia types; computing a challenge from which the user device can form a response based on the selected combination of minutia; computing a set of pre-processed responses that covers a range of all actual responses possible to be received from the device if the combination of the particular device with the device'"'"'s collected actual values of minutia is valid; receiving an actual response to the challenge from the device; determining whether the actual response matches any of the pre-processed responses; and providing validation, enabling authentication, data protection, and digital signatures.

Citations

23 Claims

1. A cryptography system comprising:
- a non-transitory memory storing information associated with one or more identities, wherein the information stored for an identity includes (a) data values associated with that identity; and
  
  (b) information regarding anticipated changes to one or more of the stored data values associated with that identity, wherein at least one anticipated change to a stored data value associated with the identity is based on anticipated usage of a device, anticipated user customizations to a device, anticipated changes based on industry updates, anticipated biometric measurement changes, or anticipated changes to user secrets;
  
  one or more hardware processors in communication with the memory and configured to execute instructions to cause the cryptography system to validate the use of an identity by the device by performing operations comprising;
  
  generating a challenge to the device, wherein the challenge prompts the device to
  
  1) build a cryptographic key based on two or more data values from the device that correspond to two or more of the stored data values associated with the identity, and
  
  2) form a response to the challenge based on the cryptographic key and the challenge;
  
  receiving, from the device, the response to the challenge;
  
  using the stored information regarding anticipated changes to the stored data values associated with the identity to build one or more additional cryptographic keys;
  
  determining whether the response is allowable according to whether any of the additional cryptographic keys correspond to the cryptographic key used by the device to form the response; and
  
  validating the use of the identity by the device according to whether the device has provided an allowable response to the challenge.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The system of claim 1, wherein validating the use of the identity further comprises identifying the device.
  - 3. The system of claim 1, wherein validating the use of the identity further comprises:
    - identifying the device; and
      
      validating that an appropriate user is using the identified device based on the operation of determining whether the response is allowable.
  - 4. The system of claim 1, wherein:
    - the stored information regarding anticipated changes to the stored data values associated with the identity includes information regarding anticipated changes to one or more user minutia data values.
  - 5. The system of claim 4, wherein the user minutia data values used to determine whether the response is allowable comprise values from software sources of the device, user secrets input to the device, user customization, entertainment data, biometric data, or contacts data stored on the device.
  - 6. The system of claim 4, wherein the user minutia data values used to determine whether the response is allowable comprise calling app data, geo-location data, frequently called phone numbers, email, or network connection data.
  - 7. The system of claim 1, wherein:
    - the challenge prompts the device to build the cryptographic key based on one or more data values from the device that correspond to one or more data values stored in a key minutia selections database.
  - 8. The system of claim 7, further comprising an operation of:
    - verifying a digital signature of the device by using the challenge and the response received from the device.
  - 9. The system of claim 7, wherein the cryptographic key is used to decrypt information that is stored on the device.
  - 10. The system of claim 7, wherein the cryptographic key is used to encrypt information that is stored on the device.
  - 11. The system of claim 1, further comprising using information from the allowable response to update the stored information regarding anticipated changes to the stored data values associated with the identity.
  - 12. The system of claim 1, further comprising using information from the allowable response to update the corresponding stored data value and the stored information regarding anticipated changes to the stored data values associated with the identity.
  - 13. The system of claim 1, wherein the operation of validating the identity-provides a basis for one or more of:
    - authenticating a device, authenticating a user, validating a software program or an application, providing data protection of data transmitted to or from a device, or generating a digital signature of a message digest.
  - 14. The system of claim 1, wherein the response does not contain any data values reflecting personally identifiable information.
  - 15. The system of claim 1, wherein the challenge is originated from the device.
  - 16. The system of claim 1, wherein the challenge is stored at the device.
  - 17. The system of claim 1, wherein the cryptographic key used by the device to form the response is the same as a corresponding additional cryptographic key.
  - 18. The system of claim 1, wherein the cryptographic key used by the device to form the response is different than a corresponding additional cryptographic key.
  - 19. The system of claim 1, wherein the additional cryptographic keys are built using information associated with the challenge.
  - 20. The system of claim 1, wherein the additional cryptographic keys are built without using any information from the response.
  - 21. The system of claim 1, wherein the cryptographic key built by the device comprises two or more data values from the device that correspond to information stored for that identity.

22. A cryptography system comprising:
- a non-transitory memory storing information associated with one or more identities, wherein the information stored for an identity includes (a) data values associated with that identity; and
  
  (b) information regarding anticipated changes to one or more of the stored data values associated with that identity, wherein at least one anticipated change to a stored data value associated with the identity is based on anticipated usage of a device, anticipated user customizations to a device, anticipated changes based on industry updates, anticipated biometric measurement changes, or anticipated changes to user secrets;
  
  one or more hardware processors in communication with the memory and configured to execute instructions to cause the cryptography system to validate the use of an identity, by performing operations comprising;
  
  receiving, from the device, one or more communications comprising an identity validation request, wherein the identity validation request is formed based on a cryptographic key, and wherein the cryptographic key is based on two or more data values from the device that correspond to two or more of the stored data values associated with the identity;
  
  using the stored information regarding anticipated changes to the stored data values associated with the identity to build one or more additional cryptographic keys; and
  
  validating the identity according to whether any of the additional cryptographic keys correspond to the cryptographic key used by the device to form the identity validation request.

23. A cryptography system comprising:
- a non-transitory memory storing information associated with one or more identities, wherein the information stored for an identity includes (a) data values associated with that identity; and
  
  (b) information regarding anticipated changes to one or more of the stored data values associated with that identity, wherein at least one anticipated change to a stored data value associated with the identity is based on anticipated usage of a device, anticipated user customizations to a device, anticipated changes based on industry updates, anticipated biometric measurement changes, or anticipated changes to user secrets;
  
  one or more hardware processors in communication with the memory and configured to execute instructions to cause the cryptography system to recognize that the presentation of identity information is authentic by performing operations comprising;
  
  receiving, from the device, a communication comprising an identity claim comprising identity information, wherein the identity claim is based on two or more data values from the device, and wherein at least two of the data values upon which the communication is based
  
  1) correspond to stored data values for the identity, and
  
  2) are used to build a cryptographic key;
  
  using the stored information regarding anticipated changes to the stored data values associated with the identity to build one or more additional cryptographic keys;
  
  determining whether the communication received from the device is sufficient to recognize that the identity claim is allowable according to whether any of the additional cryptographic keys correspond to the cryptographic key used by the device to form the identity claim; and
  
  recognizing that the presentation of identity information by the device is authentic, according to whether the device has provided an allowable identity claim.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
mSIGNIA, Inc.
Original Assignee
mSIGNIA, Inc.
Inventors
Miller, Paul Timothy, Tuvell, George Allen
Primary Examiner(s)
HO, DAO Q

Application Number

US15/076,543
Publication Number

US 20160204948A1
Time in Patent Office

498 Days
Field of Search

380255
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0457   wherein the sending and rec...

H04L 63/06   for supporting key manageme...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/0876   based on the identity of th...

H04L 9/0861   Generation of secret inform...

H04L 9/0866   involving user or device id...

H04L 9/0872   using geo-location informat...

H04L 9/16   the keys or algorithms bein...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

Cryptographic security functions based on anticipated changes in dynamic minutiae

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic security functions based on anticipated changes in dynamic minutiae

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links