Cryptographic security functions based on anticipated changes in dynamic minutiae
First Claim
1. A system comprising:
- a non-transitory memory storing information associated with one or more identities, wherein the information stored for an identity includes a plurality of identity validation objects comprising an attribute type, an attribute value associated with the attribute type, and information related to anticipated changes that modify the attribute value, wherein the plurality of identity validation objects includes objects representing at least two different non-static characteristics associated with the identity selected from the group of non-static characteristics comprising;
user added data, calling application data, software component data, network connection data, and geo-location data; and
one or more hardware processors in communication with the non-transitory memory and configured to execute instructions to cause the system to perform authentication operations comprising;
receiving, from a first device associated with a first identity over a network, a message based on a first data value and a second data value from the first device corresponding to a first attribute type and a second attribute type, respectively, wherein the first and second data values serves purposes for the first device other than a security purpose;
retrieving a first identity validation object that corresponds to the first identity and the first attribute type, the first identity validation object comprising a first attribute value and first information related to anticipated changes that modify the first attribute value;
retrieving a second identity validation object that corresponds to the first identity and the second attribute type, the second identity validation object comprising a second attribute value and second information related to anticipated changes that modify the second attribute value;
determining whether the first data value and the second data value used to create the message are acceptable for the first identity using the first attribute value and the first information stored in the first validation object, and the second attribute value and the second information stored in the second validation object;
in response to a determination that the first data value and the second data value are acceptable for the first identity, updating, for the first identity, the first identity validation object and the second identity validation object by incorporating the first data value and the second data value into the first identity validation object and the second identity validation object, respectively; and
performing a subsequent authentication process for the first identity using at least one of the updated first identity validation object or the updated second identity validation object.
1 Assignment
0 Petitions
Accused Products
Abstract
Dynamic key cryptography validates mobile device users to cloud services by uniquely identifying the user'"'"'s electronic device using a very wide range of hardware, firmware, and software minutiae, user secrets, and user biometric values found in or collected by the device. Processes for uniquely identifying and validating the device include: selecting a subset of minutia from a plurality of minutia types; computing a challenge from which the user device can form a response based on the selected combination of minutia; computing a set of pre-processed responses that covers a range of all actual responses possible to be received from the device if the combination of the particular device with the device'"'"'s collected actual values of minutia is valid; receiving an actual response to the challenge from the device; determining whether the actual response matches any of the pre-processed responses; and providing validation, enabling authentication, data protection, and digital signatures.
108 Citations
20 Claims
-
1. A system comprising:
-
a non-transitory memory storing information associated with one or more identities, wherein the information stored for an identity includes a plurality of identity validation objects comprising an attribute type, an attribute value associated with the attribute type, and information related to anticipated changes that modify the attribute value, wherein the plurality of identity validation objects includes objects representing at least two different non-static characteristics associated with the identity selected from the group of non-static characteristics comprising;
user added data, calling application data, software component data, network connection data, and geo-location data; andone or more hardware processors in communication with the non-transitory memory and configured to execute instructions to cause the system to perform authentication operations comprising; receiving, from a first device associated with a first identity over a network, a message based on a first data value and a second data value from the first device corresponding to a first attribute type and a second attribute type, respectively, wherein the first and second data values serves purposes for the first device other than a security purpose; retrieving a first identity validation object that corresponds to the first identity and the first attribute type, the first identity validation object comprising a first attribute value and first information related to anticipated changes that modify the first attribute value; retrieving a second identity validation object that corresponds to the first identity and the second attribute type, the second identity validation object comprising a second attribute value and second information related to anticipated changes that modify the second attribute value; determining whether the first data value and the second data value used to create the message are acceptable for the first identity using the first attribute value and the first information stored in the first validation object, and the second attribute value and the second information stored in the second validation object; in response to a determination that the first data value and the second data value are acceptable for the first identity, updating, for the first identity, the first identity validation object and the second identity validation object by incorporating the first data value and the second data value into the first identity validation object and the second identity validation object, respectively; and performing a subsequent authentication process for the first identity using at least one of the updated first identity validation object or the updated second identity validation object. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
-
a non-transitory memory storing information associated with one or more identities, wherein the information stored for an identity includes a plurality of identity validation objects comprising an attribute type, an attribute value associated with the attribute type, and information related to anticipated changes that modify the attribute value, wherein the plurality of identity validation objects includes objects representing at least two different non-static characteristics associated with the identity selected from the group of non-static characteristics comprising;
user added data, entertainment data, user contact data, calling application data, software component data, email data, network connection data, frequently called phone numbers, and geo-location data; andone or more hardware processors in communication with the non-transitory memory and configured to execute instructions to cause the system to perform operations comprising; receiving, from an external source over a network, information related to potential changes to the at least two different non-static characteristics associated with a first identity; retrieving a first identity validation object and a second identity validation object corresponding to the at least two different non-static characteristics, respectively, the first identity validation object comprising a first attribute type, a first attribute value, and first information related to anticipated changes that modify the first attribute value, the second identity validation object comprising a second attribute type, a second attribute value, and second information related to anticipated changes that modify the second attribute value; deriving, based on the received information from the external source and the first attribute value of the first identity validation object, new information related to an anticipated change that modifies the first attribute value; deriving, based on the received information from the external source and the second attribute value of the second identity validation object, new information related to an anticipated change that modifies the second attribute value; updating the first identity validation object and the second identity validation object by incorporating the derived new information related to anticipated change that modifies the first attribute value into the first identity validation object and incorporating the derived new information related to an anticipated change that modifies the second attribute value into the second identity validation object; and performing a subsequent authentication process for the first identity using at least one of the updated first identity validation object or the updated second identity validation object. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A method, comprising:
-
storing information associated with one or more identities, wherein the information stored for an identity includes a plurality of identity validation objects comprising an attribute type, an attribute value associated with the attribute type, and information related to one or more anticipated changes that modify the attribute value, wherein the plurality of identity validation objects includes objects representing at least two different non-static characteristics associated with the identity selected from the group of non-static characteristics comprising;
user added data, entertainment data, user contact data, calling application data, software component data, email data, network connection data, frequently called phone numbers, and geo-location data;receiving, from a first device associated with a first identity over a network, a message based on a first data value and a second data value from the first device corresponding to a first attribute type and a second attribute type, respectively, wherein the first and second data values serve purposes for the first device other than a security purpose; retrieving a first identity validation object that corresponds to the first identity and the first attribute type, the first identity validation object comprising a first attribute value and first information related to anticipated changes that modify the first attribute value; retrieving a second identity validation object that corresponds to the first identity and the second attribute type, the second identity validation object comprising a second attribute value and second information related to anticipated changes that modify the second attribute value; determining whether the first data value and the second data value used to create the message are acceptable for the first identity using the first attribute value and the first information stored in the first validation object, and the second attribute value and the second information stored in the second validation object; in response to a determination that the first data value and the second data value are acceptable for the first identity, updating, for the first identity, the first identity validation object and the second identity validation object by incorporating the first data value and the second data value into the first identity validation object and the second identity validation object, respectively; and performing a subsequent authentication process for the first identity using at least one of the updated first identity validation object or the updated second identity validation object. - View Dependent Claims (17, 18, 19, 20)
-
Specification