`y:
`
`
`
`TattadeeAUSTONYE
` EeeePeaets.
`
`
`
`
`
`r éiE:*zz4 :2:
`
`
`
`
`
`
`
`
`;
`
`
`PTC/ALAA5 (07-12)
`Approved for use through 01/31/2014. OMB 0651-0032
`U.S. Patent and Trademark Office. U.S. DEPARTMENT OF COMMERCE
`Under the Paperwork Reduction Act of 1995, no
`persons are required to respond to a collection of information unless il displays a valid OMB control number.
`
`
`
`UTILITY
`
`PATENT APPLICATION
`
`
`
`TRANSMITTAL
`
`
`
`
`
`
`
`
`1. iy] Fee Transmittal Form.
`ACCOMPANYING APPLICATION PARTS
`(PTOMSE/N17 or equivalent}
`
`
`9. C] Assignment Papers.
`
`2,
`Applicant claims small entity status.
`
`See 37 CFR 1.27.
`(cover sheet & document(s}
`60 J
`3.
`Specification.
`[Fotat Pages
`
`
`
`Name of Assignee
`Both the claims and abstract must start on a new page
`
`{For information on the preferred arrangament, see MPEP § 608,01/a))
`Drawing(s). (35 U.S.C. 113)
`[Total Sheets 11
`4,
`]
`
`
`
`
`45. Inventor's Oath or Declaration.
`[Tota/ Sheets 2
`J
`Cc] Powerof Attorney.
`10. | 37 CFR 3.73{c) Staternent.
`(inciuaing sybstiute statements under 37 GFR 1.64 and assignments serving as an
`(when there is an assignee)
`
`oath or declaration under 37 CFR 1.6i(e))
`
`11. C] English Translation Document.
`
`a.
`|__| Newly executed(original or copy)
`
`b.
`A copy from a prior application (37 CFR 1.63{d})
`(if apnticable)
`
`Application Data Sheet. “see Nats tolow.
`6.
`412, [] information Disclosure Statement.
`
`
`See 37 CFR 1.768 (PTOIAIANA or equivalent)
`{PTOISBIO8 or PTO-1449)
`Copies of citations attached
`
`
`cD-Rom or CD-R,
`in duplicate, large table or Computer Program {Appandix}
`
`
`
`Cc Landscape Table on CD
`8. Nucleotide and/or Amino Acid Sequence Submission.
`(if applicable, items a.-—¢. are required)
`
`a. [] Computer Readable Farm (CRF)
`
`
`
`46, CT] Nonpublication Request.
`b. Cl Specification SequenceListing on:
`
`Under 35 U.S.C. 122(b2KB)(). Applicant must attach form PTO/SB/A3 or
`equivalent.
`|. LJ]
`6p-ROM or CD-R (2 copies); or
`
`
`
`
`
`i, [J Paper
`17. L_Jotner:
`c. CI Statements verifying identity of above copies
`
`
`
`
`
`“Note: (1) Benefit claims under 37 CFR 1.76 and foreign priority claims under 1.55 must be included in an Application Data Sheet (ADS).
`(2) For applications filed under 35 U.S.C. 111, the application must contain an ADS specifying the applicant if the applicantis an
`
`assignee, person to whom the inventor is under an obligation to assign, or person who otherwise shows sufficient proprietary
`interest in the matter. See 37 CFR 1.46(b).
`
`{Only for new nonprovisional applications under 37 CFR 7.53{b)}
`
`‘ APPLICATION ELEMENTS
`See MPEP chapter 600 concerning utility patent application contents.
`
`7.L_]
`
`
`
`
`
`
`
`ADDRESS TO:
`
`Commissioner for Patents
`P.O. Box 1450
`Alexandria VA 22313-1450
`
`1a. CJ Pre!iminary Amendment,
`14. [7] Return Receipt Postcard.
`(MPEP § 503} (Should be specifically itemized}
`15. [_] Cettifled Copy of Priority Document(s).
`(if foreign prionty is claimed)
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`18. CORRESPONDENCE ADDRESS
`
`Pd The address associated with Customer Number: 27683
`
`
`
`OR CI Correspondenca address below
`
`
`
`orae
`_
`
`Capi«LO T8186
`
`.
`Name
`Registration No.
`David Bowls
`‘Attomey/Agent 39,91 5
`PrintType
`
`
`This collaction of information is required by 37 CFR 1.53(b}. The informationis required to obtain or retain a benefit by the public which is te file {and by the
`USPTO to process) an application. Confidentiality is govemed by 36 U.S.C. 122 and 37 CFR 1,11 and 1.14. This collection is estimated to take 12 minutes to
`complete, Including gathering, preparing, and submitiing the completed application form to the USPTO. Time will vary depending upan the individual case. Any
`comments on the amount ef time you require ta complete this form and/or suggestions for reducing this burden, should be sent te the Chief Information Officer,
`U.S. Patent and Trademark Office, U.S. Department of Commerce, P.O. Box 1450, Alexandria, VA 22313-1450. DO NOT SEND FEES OR COMPLETED
`FORMS TO THIS ADDRESS. SEND TO: Commissioner for Patents, P.O. Box 1450, Alexandria, VA 22313-1450.
`ifyou need assistance in completing the form, caif 1-800-PTO-0199 anc select option 2.
`
`Page 1 of 591
`
`|
`
`1A1002
`
`aap
`
`
`
`
`IA1002
`
`Page 1 of 591
`
`
`
`Po an da i ay
`Approved for use through 04/30/2017. OMB 0651-0032
`U.S. Patent and Trademark Office; U.S. DEPARTMENT OF COMMERCE
`Under the Paperwork Reduction Act of 1985, no persons are required 10 respond to a collection of information unless it contains a valid OMB control number.
`
`
`
`
`
`
`The application data sheetis part of the provisional or nonprovisional application for which it is being submitted, The following form contains the
`bibliographic data arranged in a format specified by the United States Patent and Trademark Office as outlined in 37 CFR 1.76,
`
`This document may be completed electronically and submitted to the Office in electronic format using the Electronic Filing System (EFS) or the
`
`document may be printed and included in a paperfiled application.
`
`
`
`
`
`PeeeDeoeeeSe
`SftyATee.
`seempeendagUeall“aeBMT
`
`og Attorney Docket Number|47583.5US92
`
`Application Data Sheet 37 CFR 1.76
`—
`
`Title of Invention|CRYPTOGRAPHIC SECURITY FUNCTIONS BASED CON ANTICIPATED CHANGESIN DYNAMIC MINUTIAE
`
`
`Secrecy Order 37 CFR 5.2:
`
`
`q Portions orall ofthe application associated with this Application Data Sheet mayfall under a Secrecy Order pursuantto
`37 CFR 5.2 (Paperfilers only. Applications thatfall under Secrecy Order may not befiled electronically.)
`
`Inventor Information:
`
`Inventor
`Legal Name
`
`1
`
`oe
`
`w &= bad
`
`aR
`
`©) NonUSResidency
`
`() Active US Military Service
`
`esidence Information (Select One) @ US Residency
`
`
` over
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`oeSsSEhee
`
`gheS,le§
`
` ; W
`
`eAEEcoere
`
`eeaTtyatte4ompaeeesmeaaa,
`
`Mailing Address of Inventor:
`
`Address 1
`
`10 Wandering Rill
`
`
`
`3¥
`ba:i
`
`
`Address 2 Co
`is
`
`city[wre—SS~*~S~SCSCS tater
`
`
`e608
`Postal Code
`
`Inventor
`2
`Legal Name
`
`ee Rertiove
`
`Residence Information (Select One) @ US Residency
`
`
`
`(©) Non US Residency C) Active US Military Service
`
`
`Mailing Address of Inventor:
`
`Address 1
`
`Address 2
`
`2617 Clayton Armold Road
`
`Postal Code
`
`
`Inventor Information blocks may be
`All Inventors Must Be Listed - Additional
`
`generated within this form by selecting the Add button.
`
`- Ad
`ie
`
`Correspondence Information:
`Enter either Customer Number or complete the Correspondence Information section below.
`ForFurpher,Inigpmgtion see 37 CFR 1.33{a).
`
`1A1002
`
`Feet hithkh 9449
`
`IA1002
`
`Page 2 of 591
`
`
`
`DaSSESECYESEOeeee
`
`pases
`
`sayhaaTOMS]a
`
`F 't‘::4:i a
`
`Eaee
`
`wre
`VikagtCIA
` :
`
`? té j e
`
`Seeaeea
`
`TOM bet gm ay
`Approved for use through 04/30/2017, OMB 0651-0032
`U.S. Patent and Trademark Office; U.5. DEPARTMENT OF COMMERCE
`Underthe Papenvork Reduction Act of 1895, no persons are required to respond to a collection of information unless it contains a valid OMB control number.
`
`Application Data Sheet 37 CFR 1.76
`
`
`Title of Invention|CRYPTOGRAPHIC SECURITY FUNCTIONS BASED ON ANTICIPATED CHANGESIN DYNAMIC MINUTIAE
`
`
`
`
`ae
`
`
`
`
`
`
`
`
`
`
`
`Application Information:
`
`
`Title of the Invention
`tNunAe SECURITY FUNCTIONS BASED ON ANTICIPATED CHANGES IN DYNAMIC
`Attorney Docket Number) 47583.5US02
`Small Entity Status Claimed
`[_]
`Application Type
`Nonprovisional
`
`[|] An Addressis being provided for the correspondence Information of this application.
`
`Email Address
`
`ipdocketing@haynesboone.com
`
`Ader
`
`Subject Matter
`
`Total Number of Drawing Sheets (if any)
`
`Filing By Reference:
`
`
`Only complete this section whenfiling an application by reference under 35 U.S.C. 111{c) and 37 CFR 1.57(a). Do not complete this sectionif
`
`application papers including a specification and any drawings are beingfiled. Any domestic benefit or foreign priority information must be
`provided in the appropriate section(s) below (i.e., (Domestic Benefit/National Stage Information” and “Foreign Priority Information’).
`
`Suggested Figure for Publication (if any)
`
`
`
`i
`
`
`
`
`
`
`
`
`
`For the purposes of a filing date under 37 CFR 1.53(b), the description and any drawings of the present application are replaced bythis
`reference to the previouslyfiled application, subject to conditions and requirements of 37 CFR 1.57(a).
`
`Intellectual Property Authority or Country
`Filing date (YYYY-MM-DD}
`
`Publication Information:
`
`Oo
`
`
`
`
`[] Request Early Publication (Fee required at time of Request 37 CFR 1.219)
`Request Not to Publish. | hereby requestthat the attached application not be published under
`35 U.S.C. 122(b) and certify that the invention disclosed in the attached application has not and will not be the
`subject of an application filed in another country, or under a multilateral international agreement, that requires
`publication at eighteen months afterfiling.
`
`
`
`
`
`Representative Information:
`
`Representative information should be provided for all practitioners having a power of attorney in the application. Providing
`this information in the Application Data Sheet does not constitute a powerof attorney in the application (see 37 CFR 1.32).
`Either enter Customer Number or complete the Representative Name section below.If both sections are completed the customer
`Numberwill be used for the Representative Information during processing.
`
`27683
`
`Customer Number
`
`Page 3 of 591
`Cee Ak oo A
`
`IA1002
`
`
`
`Please Select One: CQ) US Patent Practitioner|© Limited Recognition (37 CFR 11.9)
`
`IA1002
`
`Page 3 of 591
`
`
`
`Poee ny
`Approved for use through 04/20/2017, OMB 0651-0032
`U.S, Patent and Trademark Office, U.S. DEPARTMENT OF COMMERCE
`Under the Paperwork Reduction Act of 1995, no persons are required te respond to
`collection ofinformation unless it contains a valid OMB control number.
`
`
`
`
`Application Data Sheet 37 CFR 1.76
`
`eobetae
`
`
`
`
`Title of Invention|CRYPTOGRAPHIC SECURITY FUNCTIONS BASED ON ANTICIPATED CHANGESIN DYNAMIC MINUTIAE
`
`Application Number
`
`Domestic Benefit/National Stage Information:
`
`This section allows for the applicant to either claim benefit under 35 U.S.C. 119(e), 120, 121, 365(c), or 386(c) or indicate
`
`National Stage entry from a PCT application. Providing benefit claim information in the Application Data Sheet constitutes
`
`the specific reference required by 35 U.S.C. 119(e) or 120, and 37 GFR 1.78.
`
`Whenreferring to the current application, please leave the “Application Number”field blank.
`
`
`Prior Application Status
`"REMVe |
`Filing or 371{c) Date
`
`Application Number
`
`Continuity Type
`
`Prior Application Number
`
`
`
`
`
`
`
`
`
`a
`Continuity Type
`
`Prior Application
`
`Application
`Number
`141458123
`13/366197
`Prior Application Status PExpired
`Application Number
`Continuity Type
`
`Prior Application Number
`
`Issue Date
`(YYYY-MM-DD)
`2014-08-26
`Remove:
`Filing or 371(c) Date
`(YYYY-MM-DD)
`
`
`
`Filing Date
`Patent Number
`CYYYY-MM-DD)
`8817984
`2012-02-03
`
`
`
`
` (YYYY-MM-DD)
`
`
`
`
`SoeREELTAPiarlyaesot
`PeeeeeecCreeaeee
`205CYgSHe
`AeeregemplageUT.dna,nateWty
`
`OWEeee
`
`mere:aeote
`spreeye
`ayeeeeo
`
`
`
`
`13/366197
`
`Claims benefit of provisional
`
`61/462474
`
`2011-02-03
`
`Additional Domestic Benefit/National Stage Data may be generated within this form
`by selecting the Add button.
`
`Foreign Priority Information:
`
`This section allows for the applicant to claim priority to a foreign application. Providing this information in the application data sheet
`constitutes the claim for priority as required by 35 U.S.C. 119(b) and 37 CFR 1.55. When priority is claimedto a foreign application
`thatis eligible for retrieval under the priority document exchange program (PDX) the information will be used bythe Office to
`automatically attemptretrieval pursuant to 37 CFR 1.55¢i){1) and (2), Under the POX program, applicant bears the ultimate
`responsibility for ensuring that a copy of the foreign application is received by the Office from the participating foreign intellectual
`property office, or a certified copy of the foreign priority applicationis filed, within the time period specified in 37 CFR 1.55(g)(1).
`
`Application Number
`
`Additional Foreign Priority Data may be generated within this form by selecting the
`Add button.
`
`Statement under 37 CFR 1.55 or 1.78 for AIA (First Inventor to File) Transition
`Applications
`
`Page 4 of 591
`EES \hinkb 9 49
`
`1A1002
`
`IA1002
`
`Page 4 of 591
`
`
`
`Poi aeeabee ee rt
`Approved for use through 04/30/2017. OMB 0651-0032
`U.S. Patent and Trademark Office; U.S. DEPARTMENT OF COMMERCE
`Underthe Paperwork Reduction Act of 1995, no persons are required to respond io a collection of information unlessit contains a valid OMB control number,
`
`Att
`
`Docket Numb
`
`47583.5US02
`
`Title of Invention|CRYPTOGRAPHIC SECURITY FUNCTIONS BASED ON ANTICIPATED GHANGESIN DYNAMIC MINUTIAE
`SetBereast
`Application Data Sheet 37 CFR 1.76 “aero
`TALLAage
`re
`prnae,
`ATe
`ayesTA,ASSTOUeeI,
`PMEREELget
`
`Application Number
`
`
`
`This application (1) claimspriority to or the benefit of an application filed before March 16, 2013 and (2) also
`contains, or contained at any time, a claim to a claimed invention that has an effectivefiling date on or after March
`
`
`[_] 16, 2013.
`
`
`NOTE:By providing this statement under 37 CFR 1.55 or 1.78, this application, with a filing date on or after March
`
`
`16, 2013, will be examined underthe first inventorto file provisions of the AIA.
`
`
`ames
`
`weaFee
`feeae
`
`LMRakean
`2.STEWeeAOY
`OLAdhadAOEee
`
`oanseat
`
`
`
`Page 5 of 591
`Get hho 44
`
`IA1002
`
`Pereee
`
`IA1002
`
`Page 5 of 591
`
`
`
`e :4::&i
`
`
`
`
`
` teeDAW,THLcOAISTERGAGESESPeGasaty
`
`
`
`‘4
`
`i i
`
`innit)
`one 4 ql
`Approved for use through 04/90/2017. OMB 0661-0032
`U.S. Patent and Trademark Office; U.8. DEPARTMENT OF COMMERCE
`Under the Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information unlessit contains a valid OMB control number.
`47583.5US02
`
`Attorney Docket Number
`
`
`
`
`Application Data Sheet 37 CFR 1.76
`
` Title of Invention
`
`
`
`CRYPTOGRAPHIC SECURITY FUNCTIONS BASED ON ANTICIPATED CHANGES IN DYNAMIC MINUTIAE
`
`Application Number
`
`
`
`Authorization or Opt-Out of Authorization to Permit Access:
`
`
`When this Application Data Sheet is properly signed and filed with the application, applicant has provided written
`authority to permit a participating foreign intellectual property (IP) office access to the instant application-as-filed (see
`paragraph A in subsection 1 below) and the European Patent Office (EPO) access to any search results from the instant
`application (see paragraph Bin subsection 1 below).
`
`Should applicant choose not to provide an authorization identified in subsection 1 below, applicant must opt-out of the
`authorization by checking the corresponding box A or B or both in subsection 2 below.
`
`
`
`
`NOTE: This section of the Application Data Sheet is ONLY reviewed and processed with the INITIALfiling of an
`application. After the initial filing of an application, an Application Data Sheet cannot be used to provide or rescind
`authorization for access by a foreign IP office(s), Instead, Form PTO/SB/39 or PTO/SB/69 must be used as appropriate.
`
`
`
`
`1. Authorization to Permit Access by a Foreign Intellectual Property Office(s)
`
`A, Priority Document Exchange (PDX) - Unless box A in subsection 2 (opt-out of authorization) is checked, the
`undersigned hereby grants the USPTO authority to provide the European Patent Office (EPO), the Japan Patent Office
`(JPO), the Korean Intellectual Property Office (KIPO)}, the State Intellectual Property Office of the People’s Republic of
`China (SIPO), the World Intellectual Property Organization (WIPO), and any otherforeign intellectual property office
`participating with the USPTO in a bilateral or multilateral priority document exchange agreement in which a foreign
`application claiming priority to the instant patent application is filed, access to: (1) the instant patent application-as-filed
`andits related bibliographic data, (2) any foreign or domestic application to whichpriority or benefit is claimed by the
`instant application andits related bibliographic data, and (3) the date offiling of this Authorization. See 37 CFR 1.14(h)
`(1).
`
`B. Search Results from U.S. Application to EPO - Unless box Bin subsection 2 (opt-out of authorization) is checked,
`the undersigned hereby grants the USPTO authority to provide the EPO accessto the bibliographic data and search
`results from the instant patent application when a European patent application claiming priority to the instant patent
`application is filed. See 37 CFR 1.14(h)(2).
`
`The applicant is reminded that the EPO’s Rule 141(1) EPC (European Patent Convention) requires applicants to submit a
`copy of search results from the instant application without delay in a European patent application that claims priority to
`the instant application,
`
` 2. Opt-Out of Authorizations to Permit Access by a Foreign [Intellectual Property Office(s)
`
`[_]
`
`A. Applicant DOES NOT authorize the USPTOte permit a participating foreign IP office access to the instant
`application-as-filed.
`If this box is checked, the USPTO will not be providing a participating foreign IP office with
`any documents and information identified in subsection 1A above.
`
`[_]
`
`B. Applicant DOES NOTauthorize the USPTOto transmit to the EPO any search results from the instant patent
`application.If this box is checked, the USPTO will not be providing the EPO with search results from the instant
`application.
`NOTE: Oncethe application has published or is otherwise publicly available, the USPTO may provide access to the
`application in accordance with 37 CFR 1.14.
`
`Page 6 of 591
`Cee thin > 1440
`
`IA1002
`
`
`
`IA1002
`
`Page 6 of 591
`
`
`
`BiggNaeterean
`wileMeee’.Meette
`eeaeoeAbeLOSGam
`
`Sens
`
`aD
`
`ceabl
`
`:+i
`
`tseo
`NTmeteATMEgsat
`SOGReteee
`COREEASEdiestkWIE:
`
`
`SheIMEMEERTeTat
`
`1
`Applicant
`if the applicantis the inventor (or the remaining joint inventor or inventors under 37 CFR 1,45), this section should not be completed.
`The information to be provided in this section is the name and address of the legal representative whois the applicant under 37 CFR
`1.43: or the name and address of the assignee, person to whom the inventor is under an obligation to assign the invention, or person
`
`
`who otherwise shows sufficient praprietary interest in the matter who is the applicant under 37 CFR 1.46. If the applicantis an
`
`
`applicant under 37 CFR 1.46 (assignee, person to whom the inventoris obligated to assign, or person who otherwise showssufficient
`
`
`proprietary interest) together with one or morejoint inventors, then the joint inventor or inventors who are also the applicant should be
`
`identified in this section.
`
`Joint inventor
`
`Person who shows sufficient proprietary interest
`
`
`(@) Assignee
`
`©) Legal Representative under 35 U.S.C. 117
`
`C) Person to whom the inventor is obligated to assiqn.
`
`
`
`oO
`
` ©)
`
` If applicant is the legai representative, indicate the authority to file the patent application, the inventoris:
`Name of the Deceased or Legaily Incapacitated Inventor:Po
`If the Applicant is an Organization check here.
`|
`
`Pore st hd 1 bit
`Approved for use through 04/30/2017. OMB 0651-0032
`U.S. Patent and Trademark Office; U.S, DEPARTMENT OF COMMERCE
`
`Under the Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information unless it contains a valid OMS contral number.
`
`CRYPTOGRAPHIC SECURITY FUNCTIONS BASED ON ANTICIPATED CHANGESIN DYNAMIC MINUTIAE
`
`Title of Invention
`
`Attorney Docket Number|47583.5US02
`Application Data Sheet 37 CFR 1.76
`Application Number
`
`Applicant Information:
`
`
`
`Providing assignment information in this section does not substitute for compliance with any requirement of part 3 of Title 37 of CFR
`to have an assignment recorded by the Office.
`
`
`
`
`
`
`
`Mailing Address Information For Applicant:
`
`Address 1
`
`Address 2
`
`10 Wandering Rill
`
`Email Address
`
`Additional Applicant Data may be generated within this form by selecting the Add button.
`
`AssigneeInformation including Non-Applicant Assignee Information:
`
`Providing assignment information in this section does not substitute for compliance with any requirementof part 3 ofTitle
`
`37 of CFR to have an assignment recorded by the Office.
`
`Page 7 of 591
`
`Ele Wiha dt
`
`|
`
`1A1002
`
`
`
`IA1002
`
`Page 7 of 591
`
`
`
`riwniry pb bay
`Approved for use through 04/30/2017. OMB 0651-0032
`U.S, Patent and Trademark Office; U.S. DEPARTMENT OF COMMERCE
`Under the Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information uniess it contains a valid OMB control number,
`47583.5US02
`
`Attorney Docket Number
`
`
`
`Application Data Sheet 37 CFR 1.76
`———
`
`
`
`Application Number
`
`
`Title of Invention|CRYPTOGRAPHIC SECURITY FUNCTIONS BASED ON ANTICIPATED CHANGESIN DYNAMIC MINUTIAE
`
`Assignee
`1
`Complete this section if assignee information, including non-applicant assignee information, is desired to be included on the patent
`application publication. An assignee-applicant identified in the "Applicant Information” section will appear on the patent application
`publication as an applicant, For an assignee-applicant, complete this section only if identification as an assigneeis also desired on the
`patent application publication.
`
`
`
`atTUeTA
`
`PTAaeMoteaoea,
`oePOETAeeee
`“etaeneAaaAS
`
`
`weedactneceededeanes
`eetmeeParbeeeRhe
`
`If the Assignee or Non-Applicant Assignee is an Organization check here.L|
`Prefix
`/GivenName Middle Name
`Family Name
`Suffix
`
`
`
`
`Mailing Address Information For Assignee including Non-Applicant Assignee:
`
`Address 1
`
`Address 2
`
`a E
`
`mail Address
`
`Additional Assignee or Non-Applicant Assignee Data may be generated within this form by
`
`selecting the Add button.
`
`Signature:
`
`
`NOTE: This Application Data Sheet must be signed in accordance with 37 CFR 1.33(b). However,if this Application
`Data Sheetis submitted with the INITIAL filing of the application and either box A or B is not checked in
`
`subsection 2 of the “Authorization or Opt-Out of Authorization to Permit Access”section, then this form must
`
`also be signed in accordance with 37 CFR 1.14(c}.
`This Application Data Sheet must be signed by a patentpractitionerif one or more of the applicants is a juristic
`entity (e.g., corporation or asscciation). If the applicantis two or more joint inventors, this form must be signed by a
`
`patentpractitioner,alll joint inventors who are the applicant, or one or more joint inventor-applicants who have been given
`powerof attomey (e.g., see USPTO Form PTO/AIA/81) on behalf of all joint inventor-applicants.
`
`
`See 37 CFR 1.4(d) for the manner of making signatures and certifications.
`
`
`
`2016-03-18
`Signature
`Date (YYYY-MM-DD}
`
`
`
`
`
`
`
`
`
`
`Additional Signature may be generated within this form by selecting the Add button.
`
`Page 8 of 591
`Cee Alen 9949
`
`
`
`1A1002
`
`
`
`
`
`
`IA1002
`
`Page 8 of 591
`
`
`
`Title of Invention|CRYPTOGRAPHIC SECURITY FUNCTIONS BASED ON ANTICIPATED CHANGES IN DYNAMIC MINUTIAE
`
`f
`
`
`
`
`
`
`
`
`Poteet |e ey
`Approved for use through 04/30/2017. OMB 0651-0032
`U.S. Patent and Trademark Office; U.S. DEPARTMENT OF COMMERCE
`Under the Paperwork Reduction Act of 1995, no persons are required to respond fo a collection of information unless it contains a valid OMB control number.
`
`
`——
`
`
`Application Data Sheet 37 CFR 1.76
`
`
`
`This collection of information is required by 37 CFR 1.76. The information is required to obtain or retain a benefit by the public which
`is to file (and by the USPTO to process) an application. Confidentiality is governed by 35 U.S.C. 122 and 37 CFR 1.14. This
`collection is estimated to take 23 minutes to complete, including gathering, preparing, and submitting the completed application data
`sheet form to the USPTO. Time will vary depending uponthe individual case. Any comments on the amountoftime you require to
`complete this form and/or suggestions for reducing this burden, should be sent to the Chief Information Officer, U.S. Patent and
`Trademark Office, U.S. Department of Commerce, P.O. Box 1450, Alexandria, VA 22313-1460. DO NOT SEND FEES OR
`COMPLETED FORMS TO THIS ADDRESS. SEND TO: Commissioner for Patents, P.O. Box 1450, Alexandria, VA 22313-1450,
`
`:
`:
`
`i
`‘
`
`
`
`(aMultBea.COMIOEWDRENEECota
`
`eewhgt
`
`:
`|
`
`Page 9 of 591
`Cet talk 3949
`
`1A1002
`
`IA1002
`
`Page 9 of 591
`
`
`
`CRYPTOGRAPHIC SECURITY FUNCTIONS BASED ON ANTICIPATED CHANGES
`
`Attorney Docket No, 47583.5US02
`
`IN DYNAMIC MINUTIAE
`
`Paul Timothy Miller, George Allen Tuvell
`
`CROSS REFERENCE TO RELATED APPLICATIONS
`
`This application is a continuation of co-pending U.S. Patent Application No.
`14/458,123 filed August 12, 2014, which is a continuation of and claims benefit of priority to
`U.S. Patent Application No. 13/366,197 filed February 3, 2012, now U.S. Patent No.
`8,817,984, issued August 26, 2014, which claims the benefit of U.S. Provisional Patent
`Application No. 61/462,474 filed February 3, 2011, all of which are incorporated by
`
`10
`
`reference.
`
`BACKGROUND
`
`20
`
`25
`
`30
`
`Related Art
`
`Use of computers for connecting to a network (such as the Internet) and
`communicating with a variety of services risks the privacy of many types of information
`belonging to a user including, for example, the user’s relationships (e.g., social connections),
`business secrets, banking details, payment options, and health records. The use of
`cryptography is commonto authenticate identities, protect data, and digitally sign the
`
`summary (i.e. digest) of an action.
`Cryptography generally uses an algorithm (e.g., Advanced Encryption Standard
`(AES), Rivest Shamir Adelman (RSA)) to combine cryptographic keys (which may be
`symmetric, public, or private, for example) with plain text to form cipher text. Cryptography
`keys are typically random numberswithout any special meaning. The process ofdistributing
`
`Page 10 of 591
`
`IA1002
`
`Technical Field
`.
`The present disclosure generally relates to dynamic key cryptography used, for
`example, for authentication betweenaclient electronic device and a service provider,
`encryption of data communications, and digital signatures and, moreparticularly, to
`cryptography using dynamic keys derived from dynamically changing key material.
`
`baer
`
`ARPTnehoeet
`|eTURETGee
`DTTRoe,ae
`SCTE¢ESReaeS
`SNRfateAukke
`OBOREISns
`
`
`
`veeMODWAL
`
`IA1002
`
`Page 10 of 591
`
`
`
`Attorney Docket No. 47583.5US02
`
`cryptographic keys and storing them on a client computer(referred to as “key management”)
`is difficult to perform securely andis often the point-of-attack for breaking the security ofa
`cryptographic system. The key represents a single sequence of data and thus a single point-
`of-failure for the cryptographic system. Since the key normally must be presentat the client
`computer, finding the key and then copying it to another computer can allow an imposter
`entity to masquerade asa validentity.
`Secure elements(e.g., smartcards) can securely store the cryptographic key and,in
`some instances, generate the key in a secure environment. Access to the key wastypically
`controlled by requiring the userto enter a personal identification number (PIN); this ensured
`that the user had to providea secret before the secure element would allow useofthe key.
`Such access to a key is commonly known as two-factor authentication, and the two factors
`are generally referred to as: “Something You Know”and “Something You Have”. A third
`factor, “Something You Are”, can include, for example, biometric information. The factors
`themselves are related in use but entirely separate in material. Possession of the physical
`
`secure element (“Something You Have”) may bevia validation of cryptographic functions
`using the random numbercryptographic key provisioned to a particular secure element
`whose use may be protected by a secret PIN (“Something You Know”). There is no implicit
`
`binding between the key andthe user.
`
`The use of certificates in cryptography enabled the binding of a distinguished name
`(e.g., a unique user) with a cryptographic key. Yet,still the cryptographic key is a random
`number, and whenthe keyis validated, the cryptographic system attributes the user in the
`
`certificate to the usage of the key; the key matter itself has no relation to the user.
`
`Onthe Internet, ensuring a real-world identity for the useris critical for protecting
`data and privacy. Mobile users especially are at risk because they often do notuse anti-virus
`applications and manyofthe service providers use applications (apps) optimized for
`simplicity, not security. This leaves much of the private data meaningful to both a user's
`identity and a service's value inadequately protected. Since online service providers (OSP)
`incur muchofthe risk, safety has becometheir responsibility.
`
`The standard method for identifying a user to an online service is by entering a
`username and password. The usernameis a knownservice index and, as such, can be stored
`on the computer for convenience. The passwordis a user secret verifiable by the OSP; it
`
`10
`
`15
`
`20
`
`25
`
`30
`
`Page 11 of 591
`
`9
`
`1A1002
`
`
`
`
`
`
` :
`LRTTOR:GTGRLEggNhSenhpeSigsdnlBieFHKE™S
`
`éb
`4i:
`
`IA1002
`
`Page 11 of 591
`
`
`
`
`
` Af:
`
`f&# :g s
`
`etae?aigmeager
`B07ogaeig“Abee
`
`
`
`Attorney Docket No. 47583.5US02
`
`should not be stored at the computer, where it can be compromised. However, because a
`quality password has many characters which should be a mix of upper, lower, punctuation
`and special characters, the password is often difficult and time-consuming to type. Thisis
`especially true on a mobile computer using touch keypadsthat have various‘levels’ of
`keypads for characters beyond simple alpha-numeric. Thus, many mobile appsstore the
`password on the computer. Because mobile operating systems require mobile appsto be
`signed in orderto run, the apps themselves cannotbealteredafter installation. So, any data
`stored by the mobile app is separate from the mobile app and often can be vulnerable to
`attack. Furthermore, because the app cannot change, if encryption was usedto protect the
`cached password,there could only be one encryption key for all instances of the application.
`This commonality made harvesting and cracking stored passwords on a mobile computer
`relatively simple, even if the passwords were encrypted, since they all used the same keyfor
`
`decryption,
`Computer and computeridentification has been attempted by calculating a hash ofthe
`minutia found on a computerto uniquely identify the computer, often referred to as a
`computer fingerprint. Computerfingerprints typically are used, amongotherthings,to ‘lock’
`software to a particular computerfingerprint and identify computers used in online actionsto
`profile the history and potential risk of particular actions. A typical computeridentifier is
`computed and remainsstatic; to ensure reliability the computerfingerprint typically uses
`computer minutiae (e.g., serial numbers) that normally do not change. Thus, current
`computer fingerprints typically use a relatively small set of static minutia which may be
`prone to spoofing. Some approachesto improving computeridentification have sought to
`increase the number of minutiae used in identifying the computer through the analysis of
`
`time (both in clock and network latency) andbits of information left on the computer(i.e.
`‘cookies’). However, as more minutiae are included in the computation, the probability that
`changes occurred naturally to the minutia can result in a new computerfingerprint. This
`falsely identifies a computer as ‘different’ whenit is actually the same computer(often
`referred to as ‘false negatives’). These changes to the minutia on a unique computer occur
`naturally during normaluse and can invalidate the computerfingerprint process or
`inconvenience theuserorservice by forcing a re-initialization of the computer fingerprint.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`Page 12 of 591
`
`1A1002
`
`IA1002
`
`Page 12 of 591
`
`
`
`Attorney Docket No. 47583.5US02
`
`
`
`SUMMARY
`
`According to one or more embodiments of the present invention, methods and
`systems for dynamic key cryptography use a wide range of minutiae as key material
`including computer hardware, firmware, software, user secrets, and user biometrics rather
`than store a random numberas a cryptographic key on the computer. Methods and systems
`for using dynamic key cryptography, according to one or more embodiments, can be used for
`authenticating users to services, ciphering data for protection, and digitally signing message
`
`digests. In one embodiment, dynamic key cryptography anticipates changes to computers
`
`caused by industry updates to hardware, firmware, and software of computers.
`
`10
`
`In one embodiment, a method of dynamic key cryptography includes: selecting a
`
`subset from a set of minutia types; for a particular device, sending a challenge to the device,
`
`in which:the challenge includes information from which the device can collect actual values
`
`of minutia corresponding to the selected subset of minutia types in order to form a
`
`cryptographic key, the cryptographic key is