Cryptographic security functions based on anticipated changes in dynamic minutiae
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-029/06
H04L-009/16
H04L-009/32
H04L-009/08
출원번호
US-0635969
(2017-06-28)
등록번호
US-9979707
(2018-05-22)
발명자
/ 주소
Miller, Paul Timothy
Tuvell, George Allen
출원인 / 주소
mSignia, Inc.
대리인 / 주소
Haynes and Boone, LLP
인용정보
피인용 횟수 :
0인용 특허 :
43
초록▼
Dynamic key cryptography validates mobile device users to cloud services by uniquely identifying the user's electronic device using a very wide range of hardware, firmware, and software minutiae, user secrets, and user biometric values found in or collected by the device. Processes for uniquely iden
Dynamic key cryptography validates mobile device users to cloud services by uniquely identifying the user's electronic device using a very wide range of hardware, firmware, and software minutiae, user secrets, and user biometric values found in or collected by the device. Processes for uniquely identifying and validating the device include: selecting a subset of minutia from a plurality of minutia types; computing a challenge from which the user device can form a response based on the selected combination of minutia; computing a set of pre-processed responses that covers a range of all actual responses possible to be received from the device if the combination of the particular device with the device's collected actual values of minutia is valid; receiving an actual response to the challenge from the device; determining whether the actual response matches any of the pre-processed responses; and providing validation, enabling authentication, data protection, and digital signatures.
대표청구항▼
1. A system comprising: a non-transitory memory storing information associated with one or more identities, wherein the information stored for an identity includes a plurality of identity validation objects comprising an attribute type, an attribute value associated with the attribute type, and info
1. A system comprising: a non-transitory memory storing information associated with one or more identities, wherein the information stored for an identity includes a plurality of identity validation objects comprising an attribute type, an attribute value associated with the attribute type, and information related to anticipated changes that modify the attribute value, wherein the plurality of identity validation objects includes objects representing at least two different non-static characteristics associated with the identity selected from the group of non-static characteristics comprising: user added data, calling application data, software component data, network connection data, and geo-location data; andone or more hardware processors in communication with the non-transitory memory and configured to execute instructions to cause the system to perform authentication operations comprising:receiving, from a first device associated with a first identity over a network, a message based on a first data value and a second data value from the first device corresponding to a first attribute type and a second attribute type, respectively, wherein the first and second data values serves purposes for the first device other than a security purpose;retrieving a first identity validation object that corresponds to the first identity and the first attribute type, the first identity validation object comprising a first attribute value and first information related to anticipated changes that modify the first attribute value;retrieving a second identity validation object that corresponds to the first identity and the second attribute type, the second identity validation object comprising a second attribute value and second information related to anticipated changes that modify the second attribute value;determining whether the first data value and the second data value used to create the message are acceptable for the first identity using the first attribute value and the first information stored in the first validation object, and the second attribute value and the second information stored in the second validation object;in response to a determination that the first data value and the second data value are acceptable for the first identity, updating, for the first identity, the first identity validation object and the second identity validation object by incorporating the first data value and the second data value into the first identity validation object and the second identity validation object, respectively; andperforming a subsequent authentication process for the first identity using at least one of the updated first identity validation object or the updated second identity validation object. 2. The system of claim 1, wherein incorporating the first data value into the first identity validation object comprises replacing the first attribute value in the first identity validation object with the first data value. 3. The system of claim 1, wherein updating the first identity validation object further comprises: generating information related to anticipated changes that modify the first data value; andincorporating the generated information into the first identity validation object. 4. The system of claim 3, wherein generating the information comprises: retrieving, from an external source over a network, information related to one or more potential changes to a non-static characteristic of the first identity corresponding to the first attribute type; andderiving the information related to the anticipated changes based on the retrieved information and the first data value. 5. The system of claim 4, wherein the external source comprises at least one of a second device that is associated with the first identity or a third device that is not associated with the first identity. 6. The system of claim 1, wherein determining whether the first data value from the first device is acceptable for the first identity comprises: generating, for the first identity, a set of possible attribute values corresponding to the first variable type by applying the first information to the first attribute value;determining at least one anticipated change from the first information that generates a possible attribute value corresponding to the first data value from the first device; andcomputing, for the first data value from the first device, a score indicating a likelihood that the first data value from the first device is associated with the first identity based on the one anticipated change; anddetermining whether the computed score passes a predetermined threshold. 7. The system of claim 1, wherein the group of non-static characteristics further comprise entertainment data, user contact data, email data, sensor data, and frequently called phone numbers, and wherein the plurality of identity validation objects includes objects representing at least three different non-static characteristics associated with the identity selected from the group of non-static characteristics. 8. The system of claim 1, wherein updating the first identity validation object further comprises: determining that at least one anticipated change from the anticipated changes stored in the first identity validation object is no longer applicable to the first identity based on the first data value of the first device; anddesignating information related to the at least one anticipated change in the first identity validation object as obsolete. 9. A system comprising: a non-transitory memory storing information associated with one or more identities, wherein the information stored for an identity includes a plurality of identity validation objects comprising an attribute type, an attribute value associated with the attribute type, and information related to anticipated changes that modify the attribute value, wherein the plurality of identity validation objects includes objects representing at least two different non-static characteristics associated with the identity selected from the group of non-static characteristics comprising: user added data, entertainment data, user contact data, calling application data, software component data, email data, network connection data, frequently called phone numbers, and geo-location data; andone or more hardware processors in communication with the non-transitory memory and configured to execute instructions to cause the system to perform operations comprising:receiving, from an external source over a network, information related to potential changes to the at least two different non-static characteristics associated with a first identity;retrieving a first identity validation object and a second identity validation object corresponding to the at least two different non-static characteristics, respectively, the first identity validation object comprising a first attribute type, a first attribute value, and first information related to anticipated changes that modify the first attribute value, the second identity validation object comprising a second attribute type, a second attribute value, and second information related to anticipated changes that modify the second attribute value;deriving, based on the received information from the external source and the first attribute value of the first identity validation object, new information related to an anticipated change that modifies the first attribute value;deriving, based on the received information from the external source and the second attribute value of the second identity validation object, new information related to an anticipated change that modifies the second attribute value;updating the first identity validation object and the second identity validation object by incorporating the derived new information related to anticipated change that modifies the first attribute value into the first identity validation object and incorporating the derived new information related to an anticipated change that modifies the second attribute value into the second identity validation object; andperforming a subsequent authentication process for the first identity using at least one of the updated first identity validation object or the updated second identity validation object. 10. The system of claim 9, wherein the external source is associated with an entity different than the first identity. 11. The system of claim 10, wherein the received information comprises update information related to at least one software component running on a first device associated with the first identity, wherein the new information related to the anticipated change that modifies the first attribute value is derived by installing a new version of the at least one software component on a second device not associated with the first identity and retrieving a data value corresponding to the first attribute type from the second device after the installation. 12. The system of claim 9, wherein the external source comprises a device associated with the first identity, wherein the received information comprises usage information of the device, and wherein the operations further comprise: deriving a usage trend for the first identity based on the usage information of the device, wherein updating the second identity validation object comprises incorporating the derived usage trend into the second information of the second identity validation object. 13. The system of claim 9, wherein updating incorporating the derived new information related to anticipated change that modifies the first attribute value into the first identity validation object comprises adding the derived new information related to the anticipated change that modifies that first attribute value to the first information of the first identity validation object. 14. The system of claim 9, wherein the plurality of identity validation objects includes objects representing at least three different non-static characteristics associated with the identity selected from the group of non-static characteristics. 15. The system of claim 9, wherein updating the first identity validation object further comprises assigning a score to the derived new information related to the anticipated change that modifies the first attribute value, wherein the assigned score indicates a likelihood that a data value of the first attribute type found on a device associated with the first identity corresponds to an attribute value generated by applying the derived new information to the first attribute value. 16. A method, comprising: storing information associated with one or more identities, wherein the information stored for an identity includes a plurality of identity validation objects comprising an attribute type, an attribute value associated with the attribute type, and information related to one or more anticipated changes that modify the attribute value, wherein the plurality of identity validation objects includes objects representing at least two different non-static characteristics associated with the identity selected from the group of non-static characteristics comprising: user added data, entertainment data, user contact data, calling application data, software component data, email data, network connection data, frequently called phone numbers, and geo-location data;receiving, from a first device associated with a first identity over a network, a message based on a first data value and a second data value from the first device corresponding to a first attribute type and a second attribute type, respectively, wherein the first and second data values serve purposes for the first device other than a security purpose;retrieving a first identity validation object that corresponds to the first identity and the first attribute type, the first identity validation object comprising a first attribute value and first information related to anticipated changes that modify the first attribute value;retrieving a second identity validation object that corresponds to the first identity and the second attribute type, the second identity validation object comprising a second attribute value and second information related to anticipated changes that modify the second attribute value;determining whether the first data value and the second data value used to create the message are acceptable for the first identity using the first attribute value and the first information stored in the first validation object, and the second attribute value and the second information stored in the second validation object;in response to a determination that the first data value and the second data value are acceptable for the first identity, updating, for the first identity, the first identity validation object and the second identity validation object by incorporating the first data value and the second data value into the first identity validation object and the second identity validation object, respectively; andperforming a subsequent authentication process for the first identity using at least one of the updated first identity validation object or the updated second identity validation object. 17. The method of claim 16, wherein incorporating the first data value into the first identity validation object comprises updating the first attribute value in the first identity validation object with the first data value. 18. The method of claim 16, wherein updating the first identity validation object further comprises: generating information related to anticipated changes to the first data value; andincorporating the generated information into the first information of the first identity validation object. 19. The method of claim 16, wherein the plurality of identity validation objects includes objects representing at least three different non-static characteristics associated with the identity selected from the group of non-static characteristics. 20. The system of claim 16, wherein the first identity validation object and the second identity validation object represent the at least two different non-static characteristic.
Murakami,Rick V.; Hinton,Clark; Pettit,Matthew W., Method and apparatus for calibration over time of histological and physiological biometric markers for authentication.
Califano Andrea ; Colville Scott Eric ; Germain Robert Steven, Method and apparatus for fingerprint matching using transformation parameter clustering based on local feature correspondences.
White Christopher M. ; Matheny John ; Bonnaure Patrick P. ; Perlman Stephen G., Method and apparatus for providing physical security for a user account and providing access to the user's environment a.
Rackley, III, Brady Lee; Porter, Warren Derek; Rickman, Gregory Michael; Cochran, Kyle Leighton, Methods and systems for distribution of a mobile wallet for a mobile device.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.