Cryptographic security functions based on anticipated changes in dynamic minutiae

US 9,979,707 B2
Filed: 06/28/2017
Issued: 05/22/2018
Est. Priority Date: 02/03/2011
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a non-transitory memory storing information associated with one or more identities, wherein the information stored for an identity includes a plurality of identity validation objects comprising an attribute type, an attribute value associated with the attribute type, and information related to anticipated changes that modify the attribute value, wherein the plurality of identity validation objects includes objects representing at least two different non-static characteristics associated with the identity selected from the group of non-static characteristics comprising;

user added data, calling application data, software component data, network connection data, and geo-location data; and

one or more hardware processors in communication with the non-transitory memory and configured to execute instructions to cause the system to perform authentication operations comprising;

receiving, from a first device associated with a first identity over a network, a message based on a first data value and a second data value from the first device corresponding to a first attribute type and a second attribute type, respectively, wherein the first and second data values serves purposes for the first device other than a security purpose;

retrieving a first identity validation object that corresponds to the first identity and the first attribute type, the first identity validation object comprising a first attribute value and first information related to anticipated changes that modify the first attribute value;

retrieving a second identity validation object that corresponds to the first identity and the second attribute type, the second identity validation object comprising a second attribute value and second information related to anticipated changes that modify the second attribute value;

determining whether the first data value and the second data value used to create the message are acceptable for the first identity using the first attribute value and the first information stored in the first validation object, and the second attribute value and the second information stored in the second validation object;

in response to a determination that the first data value and the second data value are acceptable for the first identity, updating, for the first identity, the first identity validation object and the second identity validation object by incorporating the first data value and the second data value into the first identity validation object and the second identity validation object, respectively; and

performing a subsequent authentication process for the first identity using at least one of the updated first identity validation object or the updated second identity validation object.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Dynamic key cryptography validates mobile device users to cloud services by uniquely identifying the user'"'"'s electronic device using a very wide range of hardware, firmware, and software minutiae, user secrets, and user biometric values found in or collected by the device. Processes for uniquely identifying and validating the device include: selecting a subset of minutia from a plurality of minutia types; computing a challenge from which the user device can form a response based on the selected combination of minutia; computing a set of pre-processed responses that covers a range of all actual responses possible to be received from the device if the combination of the particular device with the device'"'"'s collected actual values of minutia is valid; receiving an actual response to the challenge from the device; determining whether the actual response matches any of the pre-processed responses; and providing validation, enabling authentication, data protection, and digital signatures.

108 Citations

View as Search Results

20 Claims

1. A system comprising:
- a non-transitory memory storing information associated with one or more identities, wherein the information stored for an identity includes a plurality of identity validation objects comprising an attribute type, an attribute value associated with the attribute type, and information related to anticipated changes that modify the attribute value, wherein the plurality of identity validation objects includes objects representing at least two different non-static characteristics associated with the identity selected from the group of non-static characteristics comprising;
  
  user added data, calling application data, software component data, network connection data, and geo-location data; and
  
  one or more hardware processors in communication with the non-transitory memory and configured to execute instructions to cause the system to perform authentication operations comprising;
  
  receiving, from a first device associated with a first identity over a network, a message based on a first data value and a second data value from the first device corresponding to a first attribute type and a second attribute type, respectively, wherein the first and second data values serves purposes for the first device other than a security purpose;
  
  retrieving a first identity validation object that corresponds to the first identity and the first attribute type, the first identity validation object comprising a first attribute value and first information related to anticipated changes that modify the first attribute value;
  
  retrieving a second identity validation object that corresponds to the first identity and the second attribute type, the second identity validation object comprising a second attribute value and second information related to anticipated changes that modify the second attribute value;
  
  determining whether the first data value and the second data value used to create the message are acceptable for the first identity using the first attribute value and the first information stored in the first validation object, and the second attribute value and the second information stored in the second validation object;
  
  in response to a determination that the first data value and the second data value are acceptable for the first identity, updating, for the first identity, the first identity validation object and the second identity validation object by incorporating the first data value and the second data value into the first identity validation object and the second identity validation object, respectively; and
  
  performing a subsequent authentication process for the first identity using at least one of the updated first identity validation object or the updated second identity validation object.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein incorporating the first data value into the first identity validation object comprises replacing the first attribute value in the first identity validation object with the first data value.
  - 3. The system of claim 1, wherein updating the first identity validation object further comprises:
    - generating information related to anticipated changes that modify the first data value; and
      
      incorporating the generated information into the first identity validation object.
  - 4. The system of claim 3, wherein generating the information comprises:
    - retrieving, from an external source over a network, information related to one or more potential changes to a non-static characteristic of the first identity corresponding to the first attribute type; and
      
      deriving the information related to the anticipated changes based on the retrieved information and the first data value.
  - 5. The system of claim 4, wherein the external source comprises at least one of a second device that is associated with the first identity or a third device that is not associated with the first identity.
  - 6. The system of claim 1, wherein determining whether the first data value from the first device is acceptable for the first identity comprises:
    - generating, for the first identity, a set of possible attribute values corresponding to the first variable type by applying the first information to the first attribute value;
      
      determining at least one anticipated change from the first information that generates a possible attribute value corresponding to the first data value from the first device; and
      
      computing, for the first data value from the first device, a score indicating a likelihood that the first data value from the first device is associated with the first identity based on the one anticipated change; and
      
      determining whether the computed score passes a predetermined threshold.
  - 7. The system of claim 1, wherein the group of non-static characteristics further comprise entertainment data, user contact data, email data, sensor data, and frequently called phone numbers, and wherein the plurality of identity validation objects includes objects representing at least three different non-static characteristics associated with the identity selected from the group of non-static characteristics.
  - 8. The system of claim 1, wherein updating the first identity validation object further comprises:
    - determining that at least one anticipated change from the anticipated changes stored in the first identity validation object is no longer applicable to the first identity based on the first data value of the first device; and
      
      designating information related to the at least one anticipated change in the first identity validation object as obsolete.

9. A system comprising:
- a non-transitory memory storing information associated with one or more identities, wherein the information stored for an identity includes a plurality of identity validation objects comprising an attribute type, an attribute value associated with the attribute type, and information related to anticipated changes that modify the attribute value, wherein the plurality of identity validation objects includes objects representing at least two different non-static characteristics associated with the identity selected from the group of non-static characteristics comprising;
  
  user added data, entertainment data, user contact data, calling application data, software component data, email data, network connection data, frequently called phone numbers, and geo-location data; and
  
  one or more hardware processors in communication with the non-transitory memory and configured to execute instructions to cause the system to perform operations comprising;
  
  receiving, from an external source over a network, information related to potential changes to the at least two different non-static characteristics associated with a first identity;
  
  retrieving a first identity validation object and a second identity validation object corresponding to the at least two different non-static characteristics, respectively, the first identity validation object comprising a first attribute type, a first attribute value, and first information related to anticipated changes that modify the first attribute value, the second identity validation object comprising a second attribute type, a second attribute value, and second information related to anticipated changes that modify the second attribute value;
  
  deriving, based on the received information from the external source and the first attribute value of the first identity validation object, new information related to an anticipated change that modifies the first attribute value;
  
  deriving, based on the received information from the external source and the second attribute value of the second identity validation object, new information related to an anticipated change that modifies the second attribute value;
  
  updating the first identity validation object and the second identity validation object by incorporating the derived new information related to anticipated change that modifies the first attribute value into the first identity validation object and incorporating the derived new information related to an anticipated change that modifies the second attribute value into the second identity validation object; and
  
  performing a subsequent authentication process for the first identity using at least one of the updated first identity validation object or the updated second identity validation object.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein the external source is associated with an entity different than the first identity.
  - 11. The system of claim 10, wherein the received information comprises update information related to at least one software component running on a first device associated with the first identity, wherein the new information related to the anticipated change that modifies the first attribute value is derived by installing a new version of the at least one software component on a second device not associated with the first identity and retrieving a data value corresponding to the first attribute type from the second device after the installation.
  - 12. The system of claim 9, wherein the external source comprises a device associated with the first identity, wherein the received information comprises usage information of the device, and wherein the operations further comprise:
    - deriving a usage trend for the first identity based on the usage information of the device, wherein updating the second identity validation object comprises incorporating the derived usage trend into the second information of the second identity validation object.
  - 13. The system of claim 9, wherein updating incorporating the derived new information related to anticipated change that modifies the first attribute value into the first identity validation object comprises adding the derived new information related to the anticipated change that modifies that first attribute value to the first information of the first identity validation object.
  - 14. The system of claim 9, wherein the plurality of identity validation objects includes objects representing at least three different non-static characteristics associated with the identity selected from the group of non-static characteristics.
  - 15. The system of claim 9, wherein updating the first identity validation object further comprises assigning a score to the derived new information related to the anticipated change that modifies the first attribute value, wherein the assigned score indicates a likelihood that a data value of the first attribute type found on a device associated with the first identity corresponds to an attribute value generated by applying the derived new information to the first attribute value.

16. A method, comprising:
- storing information associated with one or more identities, wherein the information stored for an identity includes a plurality of identity validation objects comprising an attribute type, an attribute value associated with the attribute type, and information related to one or more anticipated changes that modify the attribute value, wherein the plurality of identity validation objects includes objects representing at least two different non-static characteristics associated with the identity selected from the group of non-static characteristics comprising;
  
  user added data, entertainment data, user contact data, calling application data, software component data, email data, network connection data, frequently called phone numbers, and geo-location data;
  
  receiving, from a first device associated with a first identity over a network, a message based on a first data value and a second data value from the first device corresponding to a first attribute type and a second attribute type, respectively, wherein the first and second data values serve purposes for the first device other than a security purpose;
  
  retrieving a first identity validation object that corresponds to the first identity and the first attribute type, the first identity validation object comprising a first attribute value and first information related to anticipated changes that modify the first attribute value;
  
  retrieving a second identity validation object that corresponds to the first identity and the second attribute type, the second identity validation object comprising a second attribute value and second information related to anticipated changes that modify the second attribute value;
  
  determining whether the first data value and the second data value used to create the message are acceptable for the first identity using the first attribute value and the first information stored in the first validation object, and the second attribute value and the second information stored in the second validation object;
  
  in response to a determination that the first data value and the second data value are acceptable for the first identity, updating, for the first identity, the first identity validation object and the second identity validation object by incorporating the first data value and the second data value into the first identity validation object and the second identity validation object, respectively; and
  
  performing a subsequent authentication process for the first identity using at least one of the updated first identity validation object or the updated second identity validation object.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein incorporating the first data value into the first identity validation object comprises updating the first attribute value in the first identity validation object with the first data value.
  - 18. The method of claim 16, wherein updating the first identity validation object further comprises:
    - generating information related to anticipated changes to the first data value; and
      
      incorporating the generated information into the first information of the first identity validation object.
  - 19. The method of claim 16, wherein the plurality of identity validation objects includes objects representing at least three different non-static characteristics associated with the identity selected from the group of non-static characteristics.
  - 20. The system of claim 16, wherein the first identity validation object and the second identity validation object represent the at least two different non-static characteristic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
mSIGNIA, Inc.
Original Assignee
mSIGNIA, Inc.
Inventors
Miller, Paul Timothy, Tuvell, George Allen
Primary Examiner(s)
Ho, Dao Q

Application Number

US15/635,969
Publication Number

US 20170302634A1
Time in Patent Office

328 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0457   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/0876   based on the identity of th...

H04L 9/0861   Generation of secret inform...

H04L 9/0866   involving user or device id...

H04L 9/0872   using geo-location informat...

H04L 9/16   the keys or algorithms bein...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

Cryptographic security functions based on anticipated changes in dynamic minutiae

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

108 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic security functions based on anticipated changes in dynamic minutiae

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

108 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links