Adding entropy to key generation on a mobile device

US 9,407,441 B1
Filed: 06/26/2013
Issued: 08/02/2016
Est. Priority Date: 06/26/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

generating a prompt via a computing device interface in connection with an authentication request to access a protected resource associated with the computing device;

processing input cryptographic information entered via the computing device interface in response to the prompt against a pre-determined set of cryptographic information, wherein said pre-determined set of cryptographic information comprises (i) two or more input elements and (ii) two or more qualitative and/or quantitative interface manipulation measures associated with the action of entering the two or more input elements via the computing device interface, wherein the two or more qualitative and/or quantitative interface manipulation measures comprise at least (a) pace of input and (b) directionality of the manipulation of the computing device interface, and wherein said processing comprises;

re-ordering the two or more input elements after being entered via the computing device interface by mapping the two or more input elements to a unique user via a mapping table stored locally on the computing device so as to identify a re-ordered version of the two or more input elements to be used in combination with the two or more qualitative and/or quantitative interface manipulation measures for granting access to the protected resource associated with the computing device; and

resolving the authentication request based on said processing, wherein said resolving comprises granting access to the protected resource upon a determination that the input cryptographic information matches (i) the two or more input elements of the pre-determined set of cryptographic information and (ii) the two or more qualitative and/or quantitative interface manipulation measures of the pre-determined set of cryptographic information.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatus and articles of manufacture for adding entropy to key generation on a mobile device are provided herein. A method includes generating a prompt via a computing device interface in connection with an authentication request to access a protected resource associated with the computing device; processing input cryptographic information entered via the computing device interface in response to the prompt against a pre-determined set of cryptographic information, wherein said pre-determined set of cryptographic information comprises one or more input elements and one or more interface manipulation measures associated with the one or more input elements; and resolving the authentication request based on said processing.

14 Citations

View as Search Results

24 Claims

1. A method comprising:
- generating a prompt via a computing device interface in connection with an authentication request to access a protected resource associated with the computing device;
  
  processing input cryptographic information entered via the computing device interface in response to the prompt against a pre-determined set of cryptographic information, wherein said pre-determined set of cryptographic information comprises (i) two or more input elements and (ii) two or more qualitative and/or quantitative interface manipulation measures associated with the action of entering the two or more input elements via the computing device interface, wherein the two or more qualitative and/or quantitative interface manipulation measures comprise at least (a) pace of input and (b) directionality of the manipulation of the computing device interface, and wherein said processing comprises;
  
  re-ordering the two or more input elements after being entered via the computing device interface by mapping the two or more input elements to a unique user via a mapping table stored locally on the computing device so as to identify a re-ordered version of the two or more input elements to be used in combination with the two or more qualitative and/or quantitative interface manipulation measures for granting access to the protected resource associated with the computing device; and
  
  resolving the authentication request based on said processing, wherein said resolving comprises granting access to the protected resource upon a determination that the input cryptographic information matches (i) the two or more input elements of the pre-determined set of cryptographic information and (ii) the two or more qualitative and/or quantitative interface manipulation measures of the pre-determined set of cryptographic information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein said input cryptographic information comprises one or more items of authentication information.
  - 3. The method of claim 1, wherein said pre-determined set of cryptographic information comprises a set of authentication information.
  - 4. The method of claim 1, wherein said computing device comprises a mobile device.
  - 5. The method of claim 1, wherein said two or more input elements comprises at least one of a number, a letter, a character, a symbol, an image, and a color.
  - 6. The method of claim 1, wherein said directionality of a manipulation of the computing device interface comprises swiping of a finger via the interface in at least one of a clockwise direction, a counter-clockwise direction, an upward direction, a downward direction, a leftward direction, and a rightward direction.
  - 7. The method of claim 1, wherein said two or more qualitative and/or quantitative interface manipulation measures associated with the action of entering the two or more input elements via the computing device interface further comprises a distinct number of iterations of an action in connection with a manipulation of the computing device interface.
  - 8. The method of claim 7, wherein said a distinct number of iterations of an action comprises a number of rotations of an element of the computing device interface.
  - 9. The method of claim 1, wherein said two or more qualitative and/or quantitative interface manipulation measures associated with the action of entering the two or more input elements via the computing device interface further comprises velocity of a manipulation of the computing device interface.
  - 10. The method of claim 1, wherein said resolving further comprises denying access to the protected resource associated with the computing device upon a determination that the input cryptographic information does not match (i) the two or more input elements of the pre-determined set of cryptographic information and (ii) the two or more qualitative and/or quantitative interface manipulation measures of the pre-determined set of cryptographic information.
  - 11. The method of claim 1, comprising:
    - hashing a combination of the two or more input elements to utilize data contained therein to introduce additional entropy to said authentication request.
  - 12. The method of claim 1, comprising:
    - converting the two or more input elements to a second version of the two or more input elements for granting access to the protected resource associated with the computing device, wherein said converting comprises mapping the two or more input elements to a unique user via a mapping table, and wherein the second version of the two or more input elements introduces at least one additional aspect of complexity.
  - 13. The method of claim 1, wherein said two or more input elements in said pre-determined set of cryptographic information comprises multiple elements of varying type.

14. An article of manufacture comprising a non-transitory processor-readable storage medium having processor-readable instructions tangibly embodied thereon which, when implemented, cause a processor to:
- generate a prompt via a computing device interface in connection with an authentication request to access a protected resource associated with the computing device;
  
  process input cryptographic information entered via the computing device interface in response to the prompt against a pre-determined set of cryptographic information, wherein said pre-determined set of cryptographic information comprises (i) two or more input elements and (ii) two or more qualitative and/or quantitative interface manipulation measures associated with theaction of entering the two or more input elements via the computing device interface, wherein the two or more qualitative and/or quantitative interface manipulation measures comprise at least (a) pace of input and (b) directionality of the manipulation of the computing device interface, and wherein said processing comprises;
  
  re-ordering the two or more input elements after being entered via the computing device interface by mapping the two or more input elements to a unique user via a mapping table stored locally on the computing device so as to identify a re-ordered version of the two or more input elements to be used in combination with the two or more qualitative and/or quantitative interface manipulation measures for granting access to the protected resource associated with the computing device; and
  
  resolve the authentication request based on said processing, wherein said resolving comprises granting access to the protected resource upon a determination that the input cryptographic information matches (i) the two or more input elements of the pre-determined set of cryptographic information and (ii) the two or more qualitative and/or quantitative interface manipulation measures of the pre-determined set of cryptographic information.

15. An apparatus comprising:
- a memory; and
  
  at least one processor coupled to the memory and configured to;
  
  generate a prompt via a computing device interface in connection with an authentication request to access a protected resource associated with the computing device;
  
  process input cryptographic information entered via the computing device interface in response to the prompt against a pre-determined set of cryptographic information, wherein said pre-determined set of cryptographic information comprises (i) two or more input elements and (ii) two or more qualitative and/or quantitative interface manipulation measures associated with the action of entering the two or more input elements via the computing device interface, wherein the two or more qualitative and/or quantitative interface manipulation measures comprise at least (a) pace of input and (b) directionality of the manipulation of the computing device interface, and wherein said processing comprises;
  
  re-ordering the two or more input elements after being entered via the computing device interface by mapping the two or more input elements to a unique user via a mapping table stored locally on the computing device so as to identify a re-ordered version of the two or more input elements to be used in combination with the two or more qualitative and/or quantitative interface manipulation measures for granting access to the protected resource associated with the computing device; and
  
  resolve the authentication request based on said processing, wherein said resolving comprises granting access to the protected resource upon a determination that the input cryptographic information matches (i) the two or more input elements of the pre-determined set of cryptographic information and (ii) the two or more qualitative and/or quantitative interface manipulation measures of the pre-determined set of cryptographic information.

16. A method comprising:
- generating a prompt via a computing device interface in connection with an authentication request to access a protected resource associated with the computing device;
  
  processing input cryptographic information entered via the computing device interface in response to the prompt against a pre-determined set of cryptographic information, wherein said pre-determined set of cryptographic information comprises (i) two or more input elements and (ii) two or more qualitative and/or quantitative interface manipulation measures associated with the action of entering the two or more input elements via the computing device interface, wherein the two or more qualitative and/or quantitative interface manipulation measures comprise at least (a) pace of input and (b) directionality of the manipulation of the computing device interface, and wherein said processing comprises;
  
  re-ordering the two or more input elements after being entered via the computing device interface by mapping the two or more input elements to a unique user via a mapping table stored locally on the computing device so as to identify a re-ordered version of the two or more input elements to be used in combination with the two or more qualitative and/or quantitative interface manipulation measures for granting access to the protected resource associated with the computing device;
  
  learning a pattern associated with manipulation of the computing device interface in connection with the two or more qualitative and/or quantitative interface manipulation measures over multiple iterations of said processing step to establish two or more updated qualitative and/or quantitative interface manipulation measures associated with the action of entering the two or more input elements via the computing device interface; and
  
  updating the pre-determined set of cryptographic information based on the two or more updated interface manipulation measures.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
- - 17. The method of claim 16, wherein said input cryptographic information comprises one or more items of authentication information.
  - 18. The method of claim 16, wherein said pre-determined set of cryptographic information comprises a set of authentication information.
  - 19. The method of claim 16, wherein said two or more qualitative and/or quantitative interface manipulation measures associated with the action of entering the two or more input elements via the computing device interface further comprises a distinct number of iterations of an action in connection with a manipulation of the computing device interface.
  - 20. The method of claim 16, wherein said two or more qualitative and/or quantitative interface manipulation measures associated with the action of entering the two or more input elements via the computing device interface further comprises velocity of a manipulation of the computing device interface.
  - 21. The method of claim 16, comprising:
    - hashing a combination of the two or more input elements to utilize data contained therein to introduce additional entropy to said authentication request.
  - 22. The method of claim 16, wherein said two or more input elements comprises at least one of a number, a letter, a character, a symbol, an image, and a color.
  - 23. The method of claim 16, wherein said directionality of a manipulation of the computing device interface comprises swiping of a finger via the interface in at least one of a clockwise direction, a counter-clockwise direction, an upward direction, a downward direction, a leftward direction, and a rightward direction.
  - 24. The method of claim 16, wherein said computing device comprises a mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RSA Security LLC (Symphony Technology Group LLC)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Dotan, Yedidya, Friedman, Lawrence N., Bailey, Daniel V., Brainard, John, Duane, William M.
Primary Examiner(s)
Waliullah, Mohammed

Application Number

US13/927,386
Time in Patent Office

1,133 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/35   communicating wirelessly

H04L 63/083   using passwords cryptograph...

H04L 9/3226   using a predetermined code,...

H04W 12/06   Authentication

Adding entropy to key generation on a mobile device

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Adding entropy to key generation on a mobile device

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links