Cryptographic security functions based on anticipated changes in dynamic minutiae
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-029/06
H04L-009/32
H04L-009/08
H04L-009/16
출원번호
US-0960294
(2018-04-23)
등록번호
US-10178076
(2019-01-08)
발명자
/ 주소
Miller, Paul Timothy
Tuvell, George Allen
출원인 / 주소
MSIGNIA, INC.
대리인 / 주소
Haynes and Boone, LLP
인용정보
피인용 횟수 :
0인용 특허 :
46
초록▼
Dynamic key cryptography validates mobile device users to cloud services by uniquely identifying the user's electronic device using a very wide range of hardware, firmware, and software minutiae, user secrets, and user biometric values found in or collected by the device. Processes for uniquely iden
Dynamic key cryptography validates mobile device users to cloud services by uniquely identifying the user's electronic device using a very wide range of hardware, firmware, and software minutiae, user secrets, and user biometric values found in or collected by the device. Processes for uniquely identifying and validating the device include: selecting a subset of minutia from a plurality of minutia types; computing a challenge from which the user device can form a response based on the selected combination of minutia; computing a set of pre-processed responses that covers a range of all actual responses possible to be received from the device if the combination of the particular device with the device's collected actual values of minutia is valid; receiving an actual response to the challenge from the device; determining whether the actual response matches any of the pre-processed responses; and providing validation, enabling authentication, data protection, and digital signatures.
대표청구항▼
1. A system comprising: a non-transitory memory storing information associated with one or more identities, wherein the information stored for a first identity includes a plurality of identity validation objects comprising an attribute type, an attribute value associated with the attribute type, and
1. A system comprising: a non-transitory memory storing information associated with one or more identities, wherein the information stored for a first identity includes a plurality of identity validation objects comprising an attribute type, an attribute value associated with the attribute type, and information related to one or more anticipated changes for modifying the attribute value, wherein the attribute value is obtained based on user customization data generated from user activities on a first device associated with the first identity; andone or more hardware processors in communication with the non-transitory memory and configured to execute instructions to cause the system to perform operations comprising: receiving, from a second device not associated with the first identity, a request to use a service associated with the first identity, wherein the request comprises a message generated based on a data value from the second device corresponding to a first attribute type;retrieving a first identity validation object that corresponds to the first identity and the first attribute type, the first identity validation object comprising a first attribute value and first information related to one or more anticipated changes for modifying the first attribute value;generating a set of possible attribute values corresponding to the first identity and the first attribute type by applying the first information to the first attribute value;determining whether the data value used to create the message corresponds to at least one possible attribute value from the set of possible attribute values; andgranting the second device access to use the service based on the determining. 2. The system of claim 1, wherein the requested service comprises registering the second device to be associated with the first identity. 3. The system of claim 2, wherein the operations further comprise in response to granting the second device access to use the service: receiving biometric data of a user from the second device; andassociating the received biometric data of the user with the first identity. 4. The system of claim 1, wherein the requested service comprises accessing a user account associated with the first identity. 5. The system of claim 4, wherein the user account is an account with a website. 6. The system of claim 1, wherein the operations further comprise disassociating the first device from the first identity in response to the request. 7. The system of claim 1, wherein the determining comprises: computing a score indicating a likelihood that the data value from the second device corresponds to the first identity based at least in part on comparing the at least one possible attribute value against other possible attribute values in the set of possible attribute values; anddetermining whether the computed score passes a predetermined threshold. 8. The system of claim 1, wherein the plurality of identity validation objects includes objects representing at least three non-static characteristics associated with the first identity selected from the group of non-static characteristics comprising: user added data, calling application data, software component data, network connection data, and geo-location data. 9. The system of claim 1, wherein the data value from the second device serves a purpose for the second device other than a security purpose. 10. The system of claim 1, wherein the operations further comprise: generating the first information related to the one or more anticipated changes for modifying the first attribute value; andincorporating the generated first information into the first identity validation object. 11. The system of claim 10, wherein generating the first information comprises: retrieving, from an external source over a network, data related to one or more potential changes to a non-static characteristic of the first identity corresponding to the first attribute type; andderiving the first information related to the one or more anticipated changes based on the retrieved data and the first attribute value. 12. A method comprising: storing information associated with one or more identities, wherein the information stored for a first identity includes a plurality of identity validation objects comprising an attribute type, an attribute value associated with the attribute type and obtained based on user customization data generated from user activities on a first device associated with the first identity, and information related to one or more anticipated changes for modifying the attribute value;receiving, from a second device not associated with the first identity, a request to use a service associated with the first identity, wherein the request comprises a message generated based on a data value from the second device corresponding to a first attribute type;retrieving a first identity validation object that corresponds to the first identity and the first attribute type, the first identity validation object comprising a first attribute value and first information related to one or more anticipated changes for modifying the first attribute value;generating a set of anticipated attribute values corresponding to the first identity and the first attribute type by applying the first information to the first attribute value;determining whether the data value used to create the message corresponds to at least one anticipated attribute value from the set of anticipated attribute values; andgranting the second device access to use the service based on the determining. 13. The method of claim 12, wherein the requested service comprises registering the second device to be associated with the first identity. 14. The method of claim 13, further comprising in response to granting the second device access to use the service, receiving biometric data of a user from the second device; andassociating the received biometric data of the user with the first identity. 15. The method of claim 12, wherein the requested service comprises accessing a user account associated with the first identity. 16. The method of claim 15, wherein the user account is an account with a website. 17. The method of claim 12, further comprising disassociating the first device from the first identity in response to the request. 18. The method of claim 12, wherein the determining comprises: computing a score indicating a likelihood that the data value from the second device corresponds the first identity based at least in part on comparing the at least one anticipated attribute value against other anticipated attribute values in the set of anticipated attribute values; anddetermining whether the computed score passes a predetermined threshold. 19. The method of claim 12, wherein the plurality of identity validation objects includes objects representing at least three non-static characteristics associated with the first identity selected from the group of non-static characteristics comprising: user added data, calling application data, software component data, network connection data, and geo-location data. 20. The method of claim 12, wherein the data value from the second device serves a purpose for the second device other than a security purpose.
Murakami,Rick V.; Hinton,Clark; Pettit,Matthew W., Method and apparatus for calibration over time of histological and physiological biometric markers for authentication.
Califano Andrea ; Colville Scott Eric ; Germain Robert Steven, Method and apparatus for fingerprint matching using transformation parameter clustering based on local feature correspondences.
White Christopher M. ; Matheny John ; Bonnaure Patrick P. ; Perlman Stephen G., Method and apparatus for providing physical security for a user account and providing access to the user's environment a.
Rackley, III, Brady Lee; Porter, Warren Derek; Rickman, Gregory Michael; Cochran, Kyle Leighton, Methods and systems for distribution of a mobile wallet for a mobile device.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.