초록 ▼

Dynamic key cryptography validates mobile device users to cloud services by uniquely identifying the user's electronic device using a very wide range of hardware, firmware, and software minutiae, user secrets, and user biometric values found in or collected by the device. Processes for uniquely iden

Dynamic key cryptography validates mobile device users to cloud services by uniquely identifying the user's electronic device using a very wide range of hardware, firmware, and software minutiae, user secrets, and user biometric values found in or collected by the device. Processes for uniquely identifying and validating the device include: selecting a subset of minutia from a plurality of minutia types; computing a challenge from which the user device can form a response based on the selected combination of minutia; computing a set of pre-processed responses that covers a range of all actual responses possible to be received from the device if the combination of the particular device with the device's collected actual values of minutia is valid; receiving an actual response to the challenge from the device; determining whether the actual response matches any of the pre-processed responses; and providing validation, enabling authentication, data protection, and digital signatures.

대표청구항 ▼

1. A cryptography system comprising: a non-transitory memory storing information associated with one or more identities, wherein the information stored for an identity includes (a) data values associated with that identity; and (b) information regarding anticipated changes to one or more of the stor

1. A cryptography system comprising: a non-transitory memory storing information associated with one or more identities, wherein the information stored for an identity includes (a) data values associated with that identity; and (b) information regarding anticipated changes to one or more of the stored data values associated with that identity, wherein at least one anticipated change to a stored data value associated with the identity is based on anticipated usage of a device, anticipated user customizations to a device, anticipated changes based on industry updates, anticipated biometric measurement changes, or anticipated changes to user secrets;one or more hardware processors in communication with the memory and configured to execute instructions to cause the cryptography system to validate the use of an identity by the device by performing operations comprising:generating a challenge to the device, wherein the challenge prompts the device to 1) build a cryptographic key based on two or more data values from the device that correspond to two or more of the stored data values associated with the identity, and 2) form a response to the challenge based on the cryptographic key and the challenge;receiving, from the device, the response to the challenge;using the stored information regarding anticipated changes to the stored data values associated with the identity to build one or more additional cryptographic keys;determining whether the response is allowable according to whether any of the additional cryptographic keys correspond to the cryptographic key used by the device to form the response; andvalidating the use of the identity by the device according to whether the device has provided an allowable response to the challenge. 2. The system of claim 1, wherein validating the use of the identity further comprises identifying the device. 3. The system of claim 1, wherein validating the use of the identity further comprises: identifying the device; andvalidating that an appropriate user is using the identified device based on the operation of determining whether the response is allowable. 4. The system of claim 1, wherein: the stored information regarding anticipated changes to the stored data values associated with the identity includes information regarding anticipated changes to one or more user minutia data values. 5. The system of claim 4, wherein the user minutia data values used to determine whether the response is allowable comprise values from software sources of the device, user secrets input to the device, user customization, entertainment data, biometric data, or contacts data stored on the device. 6. The system of claim 4, wherein the user minutia data values used to determine whether the response is allowable comprise calling app data, geo-location data, frequently called phone numbers, email, or network connection data. 7. The system of claim 1, wherein: the challenge prompts the device to build the cryptographic key based on one or more data values from the device that correspond to one or more data values stored in a key minutia selections database. 8. The system of claim 7, further comprising an operation of: verifying a digital signature of the device by using the challenge and the response received from the device. 9. The system of claim 7, wherein the cryptographic key is used to decrypt information that is stored on the device. 10. The system of claim 7, wherein the cryptographic key is used to encrypt information that is stored on the device. 11. The system of claim 1, further comprising using information from the allowable response to update the stored information regarding anticipated changes to the stored data values associated with the identity. 12. The system of claim 1, further comprising using information from the allowable response to update the corresponding stored data value and the stored information regarding anticipated changes to the stored data values associated with the identity. 13. The system of claim 1, wherein the operation of validating the identity-provides a basis for one or more of: authenticating a device, authenticating a user, validating a software program or an application, providing data protection of data transmitted to or from a device, or generating a digital signature of a message digest. 14. The system of claim 1, wherein the response does not contain any data values reflecting personally identifiable information. 15. The system of claim 1, wherein the challenge is originated from the device. 16. The system of claim 1, wherein the challenge is stored at the device. 17. The system of claim 1, wherein the cryptographic key used by the device to form the response is the same as a corresponding additional cryptographic key. 18. The system of claim 1, wherein the cryptographic key used by the device to form the response is different than a corresponding additional cryptographic key. 19. The system of claim 1, wherein the additional cryptographic keys are built using information associated with the challenge. 20. The system of claim 1, wherein the additional cryptographic keys are built without using any information from the response. 21. The system of claim 1, wherein the cryptographic key built by the device comprises two or more data values from the device that correspond to information stored for that identity. 22. A cryptography system comprising: a non-transitory memory storing information associated with one or more identities, wherein the information stored for an identity includes (a) data values associated with that identity; and (b) information regarding anticipated changes to one or more of the stored data values associated with that identity, wherein at least one anticipated change to a stored data value associated with the identity is based on anticipated usage of a device, anticipated user customizations to a device, anticipated changes based on industry updates, anticipated biometric measurement changes, or anticipated changes to user secrets;one or more hardware processors in communication with the memory and configured to execute instructions to cause the cryptography system to validate the use of an identity, by performing operations comprising:receiving, from the device, one or more communications comprising an identity validation request, wherein the identity validation request is formed based on a cryptographic key, and wherein the cryptographic key is based on two or more data values from the device that correspond to two or more of the stored data values associated with the identity;using the stored information regarding anticipated changes to the stored data values associated with the identity to build one or more additional cryptographic keys; andvalidating the identity according to whether any of the additional cryptographic keys correspond to the cryptographic key used by the device to form the identity validation request. 23. A cryptography system comprising: a non-transitory memory storing information associated with one or more identities, wherein the information stored for an identity includes (a) data values associated with that identity; and (b) information regarding anticipated changes to one or more of the stored data values associated with that identity, wherein at least one anticipated change to a stored data value associated with the identity is based on anticipated usage of a device, anticipated user customizations to a device, anticipated changes based on industry updates, anticipated biometric measurement changes, or anticipated changes to user secrets;one or more hardware processors in communication with the memory and configured to execute instructions to cause the cryptography system to recognize that the presentation of identity information is authentic by performing operations comprising:receiving, from the device, a communication comprising an identity claim comprising identity information, wherein the identity claim is based on two or more data values from the device, and wherein at least two of the data values upon which the communication is based 1) correspond to stored data values for the identity, and 2) are used to build a cryptographic key;using the stored information regarding anticipated changes to the stored data values associated with the identity to build one or more additional cryptographic keys;determining whether the communication received from the device is sufficient to recognize that the identity claim is allowable according to whether any of the additional cryptographic keys correspond to the cryptographic key used by the device to form the identity claim; andrecognizing that the presentation of identity information by the device is authentic, according to whether the device has provided an allowable identity claim.