Creating fingerprints of encryption devices for compromise mitigation

US 9,953,316 B2
Filed: 04/26/2016
Issued: 04/24/2018
Est. Priority Date: 03/19/2014
Status: Active Grant

First Claim

Patent Images

1. A computer system comprising at least one processor operatively coupled to memory, the at least one processor configured for:

receiving a first payload from a device, the first payload comprising data in a particular format, a device indicator comprising a unique identifier used for identifying the device, and an indication of a version of firmware running on the device;

creating a fingerprint for the device, the fingerprint comprising a section format for each of one or more distinct sections of the particular format in a particular order;

parsing the particular format of the first payload into the one or more distinct sections of the particular format;

determining the section format of each of the one or more distinct sections; and

creating a record of the section format of each of the one or more distinct sections; and

comparing a format of each subsequent payload received from the device to the fingerprint for the device to determine whether the device has been compromised.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for creating fingerprints for encryption devices are described herein. In various embodiments, the system includes an encryption device operatively connected to a device management system. According to particular embodiments, the device management system: 1) receives a first payload from the encryption device, the first payload including data in a particular format; 2) creates a fingerprint for the encryption device, the fingerprint including a section format for each of one or more distinct sections of the particular format; 3) storing a record of the fingerprint for the encryption device and the unique identifier at the at least one database; and 4) comparing a format of each subsequent payload received from the encryption device to the fingerprint for the device to determine whether the device has been compromised.

75 Citations

View as Search Results

18 Claims

1. A computer system comprising at least one processor operatively coupled to memory, the at least one processor configured for:
- receiving a first payload from a device, the first payload comprising data in a particular format, a device indicator comprising a unique identifier used for identifying the device, and an indication of a version of firmware running on the device;
  
  creating a fingerprint for the device, the fingerprint comprising a section format for each of one or more distinct sections of the particular format in a particular order;
  
  parsing the particular format of the first payload into the one or more distinct sections of the particular format;
  
  determining the section format of each of the one or more distinct sections; and
  
  creating a record of the section format of each of the one or more distinct sections; and
  
  comparing a format of each subsequent payload received from the device to the fingerprint for the device to determine whether the device has been compromised.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer system of claim 1, wherein the at least one processor is further configured for, upon determining that the device has been compromised, changing a state of the device to indicate the device is compromised.
  - 3. The computer system of claim 2, wherein the at least one processor is further configured for only decrypting payloads of devices with states indicating they have not been compromised.
  - 4. The computer system of claim 1, wherein comparing the format of each subsequent payload received from the device to the fingerprint for the device to determine whether the device has been compromised comprises:
    - receiving a second payload from the device, the second payload comprising second data in a second particular format and a second device indicator, the second device indicator comprising a second unique identifier used for identifying the device;
      
      retrieving the fingerprint from the at least one database based on the second device indicator; and
      
      comparing the second particular format to the fingerprint to determine whether the device has been compromised.
  - 5. The computer system of claim 4, wherein comparing the second particular format to the fingerprint to determine whether the device has been compromised comprises comparing the second format of each of one or more distinct sections of the second particular format to the section format for each of one or more distinct sections of the fingerprint.
  - 6. The computer system of claim 5, wherein the at least one processor is further configured for, upon determining that the device has been compromised, transmitting a message to a user indicating that the device has been compromised.
  - 7. The computer system of claim 6, wherein the at least one processor is further configured for, upon determining that the device has been compromised, disregarding the second payload without decrypting any data.

8. A computer system for creating a fingerprint for a device, the computer system comprising at least one processor operatively coupled to memory, the at least one processor configured for:
- receiving payloads from a particular device, each payload comprising encrypted and unencrypted data in a format, wherein a first payload received from the particular device comprises a device indicator comprising a unique identifier used for identifying the particular device and an indication of a version of firmware running on the particular device;
  
  creating a fingerprint associated with the particular device by;
  
  parsing a particular format of the first payload into one or more distinct sections of the particular format;
  
  determining a section format of each of the one or more distinct sections; and
  
  creating a record of the section format of each of the one or more distinct sections in a particular order;
  
  comparing the format of each subsequent payload from the particular device to the fingerprint associated with the particular device; and
  
  upon determining that the format of a particular subsequent payload of the subsequent payloads received from the particular device does not match the fingerprint associated with the particular device, declining to decrypt the encrypted data of the particular subsequent payload and transmitting a notification of declining to decrypt the encrypted data to a user computing system associated with a user.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The computer system of claim 8, wherein the at least one processor is further configured for, upon determining that the format of the particular subsequent payload of the payloads received from the particular device does not match the fingerprint associated with the particular device, changing a status associated with the particular device from active to tampered.
  - 10. The computer system of claim 8, wherein the section format for a particular section of the one or more distinct sections is a character format.
  - 11. The computer system of claim 10, wherein the section format for a second particular section of the one or more distinct sections is a hexadecimal format.
  - 12. The computer system of claim 8, wherein the at least one processor is further configured for:
    - receiving payloads from a second particular device, each payload comprising encrypted and unencrypted data in a second format;
      
      comparing the second format of each payload from the second particular device to a second fingerprint associated with the second particular device; and
      
      upon determining that the format of a second particular payload of the payloads received from the second particular device does not match the second fingerprint associated with the second particular device, declining to decrypt the encrypted data of the second particular payload and transmitting a notification of declining to decrypt the encrypted data to a second computing system associated with a second user.
  - 13. The computer system of claim 12, wherein the fingerprint and the second fingerprint are not the same fingerprint.

14. A computer-implemented method for creating a fingerprint for a device, the method comprising:
- receiving, via at least one processor operatively coupled to memory, a first payload from a device, the first payload comprising data in a particular format, a device indicator comprising a unique identifier used for identifying the device, and an indication of a version of firmware running on the device;
  
  creating, via the at least one processor, a fingerprint for the device by;
  
  parsing the particular format of the first payload into one or more distinct sections of the particular format;
  
  determining a section format of each of the one or more distinct sections; and
  
  creating a record of the section format of each of the one or more distinct sections; and
  
  comparing, via the at least one processor, a subsequent payload received from the device to the fingerprint for the device to determine whether the device has been compromised.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The computer-implemented method of claim 14, the method further comprising the steps of:
    - receiving, by the at least one processor, the subsequent payload from the device, the subsequent payload comprising data in a second particular format and the device indicator; and
      
      retrieving, by the at least one processor, the fingerprint from at least one database for comparing the second particular format to the fingerprint.
  - 16. The computer-implemented method of claim 15, the method further comprising the step of, upon determining that the device has been compromised, declining, by the at least one processor, to decrypt encrypted data of the subsequent payload.
  - 17. The computer-implemented method of claim 14, wherein the section format for a particular section of the one or more distinct sections is a character format.
  - 18. The computer-implemented method of claim 17, wherein the section format for a second particular section of the one or more distinct sections is a hexadecimal format.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bluefin Payment Systems LLC
Original Assignee
Bluefin Payment Systems LLC
Inventors
Barnett, Timothy William, Kasatkin, Alexander I., Miyata, Christopher Hozumi
Primary Examiner(s)
Patel, Haresh N

Application Number

US15/139,034
Publication Number

US 20160314461A1
Time in Patent Office

728 Days
Field of Search

713189
US Class Current
CPC Class Codes

G06F 11/0766   Error or fault reporting or...

G06F 16/23   Updating

G06F 16/2379   Updates performed during on...

G06F 16/955   using information identifie...

G06F 21/44   Program or device authentic...

G06F 21/602   Providing cryptographic fac...

G06F 21/6227   where protection concerns t...

G06F 21/6245   Protecting personal data, e...

G06F 21/73   by creating or determining ...

G06F 21/77   in smart cards

G06Q 10/00   Administration; Management

G06Q 10/10   Office automation; Time man...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/223   based on the use of peer-to...

G06Q 20/382   insuring higher security of...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/401   Transaction verification

G06Q 20/4014   Identity check for transact...

G06Q 20/409   Device specific authenticat...

G06Q 2220/00   Business processing using c...

G06Q 2220/10 : Usage protection of distrib...

G16H 10/60 : for patient-specific data, ...

H04L 2209/24 : Key scheduling, i.e. genera...

H04L 2209/56 : Financial cryptography, e.g...

H04L 2209/60 : Digital content management,...

H04L 2209/80 : Wireless network architectu...

H04L 63/0428 : wherein the data content is...

H04L 63/0435 : wherein the sending and rec...

H04L 63/061 : for key exchange, e.g. in p...

H04L 63/08 : for authentication of entit...

H04L 63/0876 : based on the identity of th...

H04L 63/12 : Applying verification of th...

H04L 63/123 : received data contents, e.g...

H04L 63/20 : for managing network securi...

H04L 9/0861 : Generation of secret inform...

H04L 9/0877 : using additional device, e....

H04L 9/14 : using a plurality of keys o...

H04L 9/3226 : using a predetermined code,...

H04L 9/3234 : involving additional secure...

View All

Creating fingerprints of encryption devices for compromise mitigation

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

75 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Creating fingerprints of encryption devices for compromise mitigation

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links