US009294448B2
`
`a2) United States Patent
`US 9,294,448 B2
`(0) Patent No.:
`Mar. 22, 2016
`(45) Date of Patent:
`Milleret al.
`
`(54)
`
`CRYPTOGRAPHIC SECURITY FUNCTIONS
`BASED ON ANTICIPATED CHANGESIN
`DYNAMIC MINUTIAE
`
`(71)
`
`Applicant: mSignia, Inc., Irvine, CA (US)
`
`(72)
`
`Inventors: Paul Timothy Miller, Irvine, CA (US);
`George Allen Tuvell, Thompson’s
`Station, TN (US)
`
`(73)
`
`Assignee: mSignia, Inc., Irvine, CA (US)
`
`(58) Field of Classification Search
`CPC .. H04L 63/0876; HO4L 9/0861; H04L 9/0866
`USPC wiecesssesctesseseseseecssseecsnecensensseseeansentes 380/255
`See application file for complete search history.
`
`(56)
`
`References Cited
`U.S. PATENT DOCUMENTS
`
`6,041,133 A *
`
`6,185,316 BL*
`
`3/2000 Califano wu... G06K 9/00067
`382/124
`2/2001 Buffam oe, GO6F 21/32
`382/100
`
`(*)
`
`Notice:
`
`Subject to any disclaimer, the term ofthis
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 32 days.
`
`(Continued)
`
`FOREIGN PATENT DOCUMENTS
`
`(21)
`
`Appl. No.: 14/458,123
`
`(22)
`
`Filed:
`
`Aug. 12, 2014
`
`(65)
`
`(63)
`
`(60)
`
`Prior Publication Data
`
`US 2015/0033027 Al
`
`Jan. 29, 2015
`
`Related U.S. Application Data
`
`Continuation of application No. 13/366,197, filed on
`Feb. 3, 2012, now Pat. No. 8,817,984.
`
`Provisional application No. 61/462,474, filed on Feb.
`3, 2011.
`
`(51)
`
`Int. Cl.
`
`HOAL 29/06
`HOAL 16
`
`(52)
`
`USS. Cl.
`
`(2006.01)
`(2006.01)
`(Continued)
`
`CPC we HO4L 63/0428 (2013.01); HO4L 9/0861
`(2013.01); HO4L 9/0866 (2013.01); HO4L
`9/0872 (2013.01); HO4L 9/16 (2013.01); HO4L
`9/3231 (2013.01); HO4L 9/3247 (2013.01);
`HOAL 9/3271 (2013.01); HO4L 63/0876
`(2013.01)
`
`WO
`WO
`WO
`
`WO 2010/035202
`WO 2013/138714
`WO 2013/154936
`
`4/2010
`9/2013
`10/2013
`
`Primary Examiner — Dao Ho
`(74) Attorney, Agent, or Firm — Haynes and Boone, LLP
`
`(57)
`
`ABSTRACT
`
`Dynamic key cryptography validates mobile device users to
`cloud services by uniquely identifying the user’s electronic
`device using a very wide range of hardware, firmware, and
`software minutiae, user secrets, and user biometric values
`foundin or collected by the device. Processes for uniquely
`identifying and validating the device include:selecting a sub-
`set of minutia from a plurality of minutia types; computing a
`challenge from which the user device can form a response
`based on the selected combination of minutia; computing a
`set ofpre-processed responsesthat covers a range ofall actual
`responsespossible to be received from the device if the com-
`bination of the particular device with the device’s collected
`actual values of minutiais valid; receiving an actual response
`to the challenge from the device; determining whether the
`actual response matches any of the pre-processed responses;
`and providing validation, enabling authentication, data pro-
`tection, and digital signatures.
`
`20 Claims, 11 Drawing Sheets
`
`
`
`Responses 0B
`HiFy,S2q = Resp2 | Pk iy
`
`
`
`
`
`2 200
`
`i
`eSpOnse
`Service Provider App
`4
`
`
`
`
`
`Process
` cb
`TT
`
`
`
`Dynamic Key
`4
`Crypto Library
`
`
`
`MYi
`Computer
`L+—4 Service User
`
`
`
`84
`
`
`Computer
`0
`
`Minutio
`
`
`
`[~~] 38
`
`Secrets and
`iometric Minutia
`
` 1
`
`
`Dynamic Key
`
` f~10
`Crypto Provider
`
`(390 Source Values of
`Computer Minutio
`|
`| 40 Hardware: Hi-H40
`|
`| 70 Firmware: FI-F70
`
`| 280 Softwore: SI-s2e0 [72001Nea
`
`
`
`
`(WeNaeST™ aol
`{
`(0S, Network,
`!
`!
`Actual Yolues of
`|
`| Pre-Colculation Using
`!
`|
`Firmware,
`it
`Tronsferred &
`|
`i
`Challenge & AL
`|
`Major Apps, et.)
`|
`|
`Inferred Minutia
`Possible Keys
`|
`i
`i
`i
`i
`1 Ht
`{| HT = 1234
`1 HeFygSzq = Respl
`1
`|... (no changes)
`Li a
`1 140
`ii
`
`Valid
`
`aA
`
`nticipated
`Minutia 0B
`
`|
`HFygStn = Resp
`|
`faye = Rep
`i=
`F70B
`{
`F7OA,
`HFyySeyg = ResplT2 |
`if
`i SAS.
`ibe
`i
`| St = *ucH
`be
`| HaFypSzyg = ResptBO |
`1
`|
`| $2804, $2608,
`
`anys}
`20 fF S280 = FEAF
`i
`
`203 |
`i
`| Milions of Possibilities,
`}\
`dK
`(Aen infinite combinations i Current Device Image
`i
`i
`
`2007
`180 Permutotions
`
`Page 1 of 32
`
`1A1010
`
`IA1010
`
`Page 1 of 32
`
`

`

`US 9,294,448 B2
`
`Page 2
`
`Int. Cl.
`HOAL 9/32
`HOAL 9/08
`
`(51)
`
`(56)
`
`(2006.01)
`(2006.01)
`.
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`2007/0240220 Al
`2007/0240221 Al
`2007/0240222 Al
`2008/0086773 Al
`2008/0086776 Al
`2008/0175449 AL*
`
`2008/0196104 Al
`2008/0235515 Al*
`
`10/2007 Tuvellet al.
`10/2007 Tuvell etal.
`10/2007 Tuvell etal.
`4/2008 Tuvellet al.
`4/2008 Tuvellet al.
`7/2008 Fang ween GO6F 21/32
`382/124
`
`8/2008 Tuvell et al.
`9/2008 Yedidia ............. G06K 9/00073
`713/186
`
`10/2008 Thomaset al.
`2008/0244744 Al
`5/2009 Richardon
`2009/0138975 Al
`2009/0310779 AL* 12/2009 Lam veces G06K 9/00577
`380/46
`2010/0027834 AL*
`2/2010 Spitzig wc... G06K 9/00577
`382/100
`2010/0229224 Al
`9/2010 Etchegoyen
`2011/0082768 Al
`4/2011 Eisen
`2011/0113388 Al
`5/2011 Eisen et al.
`2011/0293094 Al
`12/2011 Osetal.
`2011/0296170 Al
`12/2011 Chen
`2012/0201381 AL*®
`8/2012) Miller wecccccccccsssseees HOAL 9/16
`380/255
`
`2013/0340052 Al
`
`12/2013 Jakobsson
`
`* cited by examiner
`
`2/2008 Barber
`7,330,871 B2
`2/2008 Schwarm
`7,333,871 B2
`3008 Regn 4
`Toeeco BS
`5/2011 a son
`7037467 B2
`yon
`reyre
`east re S3eLa dakobsson etal.
`I
`OI 713/189
`2006/0031676 AL*
`2/2006 Vantalon ........0.. G06Q 10/02
`F13/176
`2006/0104484 Al*
`5/2006 Bolle veces G06K 9/00885
`382/115
`
`2007/0124801 Al
`2007/0174206 AL*
`
`5/2007 Thomaset al.
`7/2007 Colella wees. G06Q 20/382
`705/64
`
`2007/0214151 Al
`2007/0240218 Al
`2007/0240219 Al
`
`9/2007 Thomaset al.
`10/2007 Tuvellet al.
`10/2007 Tuvelletal.
`
`Page 2 of 32
`
`1A1010
`
`IA1010
`
`Page 2 of 32
`
`

`

`U.S. Patent
`
`Mar.22, 2016
`
`Sheet 1 of 11
`
`US 9,294,448 B2
`
`Dynamic Key
`Crypto Provider
`
`
`
`
`
`
`Service Provider
`
`
`
`36
`
`Service Provider App
`
`
`Dynamic Key
`Crypto Library
`
`
`
`FIG. 1
`
`Page 3 of 32
`
`IA1010
`
`IA1010
`
`Page 3 of 32
`
`

`

`U.S. Patent
`
`Mar.22, 2016
`
`Sheet 2 of 11
`
`US 9,294,448 B2
`
`00¢a
`
`
`
`
`
`JaS()d0lAiesJando)
`
`
`
`puos}a199¢
`
`
`
`DIPNUIIUowWolg
`
`
`
`faya1wiDukg
`
`
`
`Ayosary01K)
`
`Kayaiwoukg
`
`
`
`Japladid04dKsy
`
`
`
`JOSan|pAaounosYEE
`
`DIPNU
`
`
`
`
`
`DIMIJaynduog
`
`Joyndwo)
` SS900J4
`
`
`
`“o
`
`4
`
`
`
`OHIuOMpLO}Op
`
`{
`
`a
`
`
`sooz—_,_082S-1SIOMNOSO82
`
`|OLd-1]/ONUULYOL
`asuodsay
`|Zz1dsay|gidsay=20Kxy|gdsay=0268xy
`
`
`qg|dsey=Blzc8{4Xy
`
`Busy)uonojnayoq—au4
`SUOIOPNUL|OY]1000
`Zdsoy=O76Kyxy
`(ly@ebueioyg
`\dsay=0200XH
`gqsesuodsey
`
`shayalqissod
`bbzOKxy
`
`Shou]SareqSLI}
`
`F006yds=0828
`
`JoSanjo,jonyoy
`
`PLICA
`
`N
`
` paejsubs|
`
`
`
`DIVNUIWpeseLu|
`
`veel=1H
`
`ZAXt=OVH
`
`wor'9=4
`
`baly=O44
`
`H%=IS
`
`payodionuy
`
`OOF,
`
`
`
`‘pomay|‘S0)
`
`‘UDAWIL4
`
`
`
`(a8‘sddysolo,
`
`(sebupyoou)~
`
`IH
`
`“ald‘Wid
`
`“aedWed
`
`OvH
`
`addVOLS
`
`
`
`“Als‘VIS
`
`
`
`“q0ges‘yOses
`
`Page 4 of 32
`
`1A1010
`
`IA1010
`
`Page 4 of 32
`
`
`
`
`
`
`
`
`
`
`
`
`

`

`U.S. Patent
`
`Mar.22, 2016
`
`Sheet 3 of 11
`
`US 9,294,448 B2
`
`
`
`Jandwoywou}
`
`ayopdn
`
`
`
`DI}NUIWJ9;NdW0)
`
`
`
`WoOld
`
`aOld
`
`o|fay
`
`¢Old
`
`GqDINUIY
`
`yuabiayu
`
`Uor}O9Ia5DNL
`
`9}D|NWUO4
`
`abualou)
`
`9}0|N9|04
`
`
`
`abuayouypues
`
`
`9SUOdsay9}DPIIDA
`
`
`090%~~.pisJoyoYOY}O||MUIW104SAM|pA
`‘sasuodsaajqissodjsuiobpasuodsey
`
`
`
` Wopasog21098aouapljuodA\ddo
`
`
`
`S2mDA.WOUUIAaq. \|\\{J
`
`
`¥2L~|sasuodsayajqissog
`saindwoyBuyoyowAq240IIOA
`
`
`
`asuodsayOKOPUD
`
`aiDMyjos&)SJDMUULYS00U)‘(X}{)@JOMPUD}
`
`
`(FWOpUON+q404Z+444x)Uy=2buayou)
`
`~sabuouoajqissodJoadoas2J0}90}>
`sabudy3ejdissogJosbuny880014
`
`
`
`safupyossodqgz‘siDMyJOS=ZS
`
`sobupyo‘ssodou‘aJOMpUD}|=XH
`
`
`
`Jo/pud(0g)JaJ0ag‘(2S)
`
`
`qi-tynw‘Kyyiqoyoipasd‘ssauanbiun
`
`
`SANIDADINUIYWoyAayyndwog)
`
`
`Jo}peauuopasog(qq)dUjowolg
`
`sabuoyo‘ssodg‘sIDMULI4=AY
`
`
`SAXSPUl}WO)abuayDygandi
`sahupyo‘ssodou‘javes=Dj,
`
`(abuajjoyfayjuy=asuodsoy
`(qgtog+25-+44+xH)UJ=Key
`
`
`(abuayoug+dayjuj=asuodsay
`
`abuaypugyooduy),»anjgoay
`asuodsaywinay
`
`DIMIYo}24
`
`0c0C—™
`
`(
`
`Page 5 of 32
`
`1A1010
`
`IA1010
`
`Page 5 of 32
`
`
`
`
`
`
`
`
`
`
`

`

`U.S. Patent
`
`Mar.22, 2016
`
`Sheet 4 of 11
`
`US 9,294,448 B2
`
`
`
`
`
`CC~!seanguysigauDmyos
`
`rhAysodpay
`
`adinas~N
`ddyJepiagug3bh
`0¢901AI9S
`
`
`J9S()801Asayndwo4dyJ9pInolgO0E
`
`
`
`gyYSSal
`
`oinquisigJOINad1Asasfayauoulg
`
`apo)sounosaoinles0}A014]uray)Auosduorujsibay
`
`
`
`
`
`
`
`
`vonooddypingue)puac.wnsmnropnouguojooyddy3500l|vl"“vonpolddy
`
`Japlaodg0ydKyy)
`
`
`
`bb
`
`Aayaiwoucg
`
`Aipiqr]oydK
`
`fOld
`
`ee
`
`
`
`ddys9palgdoles
`
`9G
`
`
`
`
`
`9SAlogi]00K.)SQ]Ofu]gS
`
`AayoWuoUc(]
`SS
`
`Page 6 of 32
`
`1A1010
`
`IA1010
`
`Page 6 of 32
`
`
`
`
`
`
`
`

`

`"dheqqoynuy=~OLdOonynuyKay
`
`dSO}affordvvAlosgry04dk49
`<99
`Sq]BOUdSaevQs oyenae
`
`
`
`dSyakioagDINU]RUSUDI|
`osv1®ddlAlac
`
`oulJayndwo4
`
`Kayatwoukg
`
`
`
`Japiaddg030K)
`
`69
`
`
`
`ddyJapiAodga01Asas
`
`Aayo1woUukg
`
`09
`
`DIENUIPe|9
`
`
`
`SkayadlAlaS0)
`
`Wye
`
`U.S. Patent
`
`Mar. 22, 2016
`
`Sheet 5 of 11
`
`US 9,294,448 B2
`
`JeyndwodS
`
`adO44
`
`él
`
`
`
`Jayndwoypuss
`
`
`
`
`
`3101SJaPIAOLY8OIAaS
`
`D}Dq9S/)
`
`JS
`
`uorponuayny
`
`00b
`
`Page 7 of 32
`
`
`
`SoS}d0lAlas
`
`puos}ai095
`
`
`
`DIINUIWSU}aWolg
`
`
`
`[[Su]BY}JO01g
`
`
`
`D|NuIWyJazndwo7
`
`v9
`
`1A1010
`
`IA1010
`
`Page 7 of 32
`
`
`
`
`
`
`
`
`
`
`

`

`U.S. Patent
`
`Mar. 22, 2016
`
`Sheet 6 of 11
`
`US 9,294,448 B2
`
`500 KN
`80
`a Dynamic Key
`Software
`Crypto Provider
`Manufacturers
`
`10
`
`oa 82
`Computer Hardware
`Manufacturers
`
`cS °S
`Firmware
`Manufacturers
`
`86
`Industry Minutia
`Cataloging
`
`
`
`Minutia
`
`
`
`Update
`Collection
`
`88
`
`Computer
`Industry
`Research
`90
`
`84
`
`a Dota
`Modeling,
`Industry Update
`4vurstig
`Catalogue DB
`and
`Permutations
`
`96
`
`94 — Bo
`
`SS
`Anticipated
`Minutia DB
`
`co
`Minutia DB
`
`98
`
`70
`
`z
`
`“ae
`Historical
`Minutia
`Trends &
`Data Mining
`
`Page 8 of 32
`
`1A1010
`
`IA1010
`
`Page 8 of 32
`
`

`

`U.S. Patent
`
`Mar.22, 2016
`
`Sheet 7 of 11
`
`US 9,294,448 B2
`
`
`
`SSa0049JNIIO4aJn|l04UOL}OPI|OASa,days
`
`081ON
`
`MO|lYSe,=<al095
`
`
`
`uonoyJas/
`
`Pjoysasy|
`
`
`
`vLlS$a001q¥SI)
`
`Jayndwo)4S
`
`Chl
`
`009
`
`CLI
`
`
`
`JPIAO1491As96
`
`
`
`HulJooSUONDPI|OA
`
`DI}NUIY
`
`JapiaoddKay
`
`odyomupukgy+H
`
`
`
`a40asayndwor)
`
`®)
`
`86
`
`Srl
`
`pues
`
`Buls0os
`
`dS9}
`
`=<91095
`
`Ploysaly)
`
`payodionuy
`
`adOlu
`
`Sql®Ou)dS
`
`oe
`
`adPINU
`
`OL
`
`
`
`iqsesuodayplo,
`
`Oe!
`
`Page 9 of 32
`
`1A1010
`
`IA1010
`
`Page 9 of 32
`
`
`
`
`
`
`
`
`
`
`
`
`
`

`

`U.S. Patent
`
`Mar.22, 2016
`
`Sheet 8 of 11
`
`US 9,294,448 B2
`
`
`
`dp—daysysanbay
`
`ANGWoyUNY
`
`138)
`
`
`
`
`
`yGL-~,soljsunay}yooduyy
`
`
`
`UOHOpIIDApues|ON=<PU+9J00§ON=<PUG+81095ON=<21095
`4S0}asnjio4plouseuuyPIouseULploysaly)
`-
`
`canbyu|1915,SMI
`3Ola9Dd
`09196hh
`
`
`
`$10104Ayluap|Uol}99|95DINUabualjpy9
`
`
`aad].9s/)uabiyayy|9}D|nIWLOJ
`KONyuan)Kuy
`
`
`
`
`
`0S1~|ysanbaydn—days
`
`dS$8900lq
`
`oyKey
`
`OLIvit
`
`StL
`
`PIAau0dwio7
`
`sasuodsey
`
`pjoyseuy)puo
`
`esl
`
`Page 10 of 32
`
`1A1010
`
`IA1010
`
`Page 10 of 32
`
`
`
`
`
`
`
`

`

`U.S. Patent
`
`Mar.22, 2016
`
`Sheet 9 of 11
`
`US 9,294,448 B2
`
`Intelligent
`Minutia Selection
`
`1{4—~
`
`poanennnnnnnneenene’
`' Continue Challenge
`
`infil2
`
`|
`
`|
`
`700
`
`xO
`
`Dynamic Key
`Crypto Provider
`
`10—~
`
`Display System
`PIN
`
`296
`
`Secrets and
`Biometric Minutia
`
`26
`
`20
`
`Service User
`
`
`
`
`oh
`
`
`Get Biometric
`
`
`Minutia
`
`
`Dynamic Key
`
`Crypto Library
`
`Process
`
`Biometric Request
`
`
`
`
`Unpack
`Process
`
`
`Response
`Challenge
`
`
`
`
`Substitute Message
`Hash for
`
`Random Number
`
`
`290
`
`Use
`
`Service
`
`Get Time Since
`last Successful
`PIN Event
`
`260
`
`106
`
`Calculate
`Actual Response
`
`FIG. 7
`
`Page 11 of 32
`
`1A1010
`
`IA1010
`
`Page 11 of 32
`
`

`

`U.S. Patent
`
`Mar.22, 2016
`
`Sheet 10 of 11
`
`US 9,294,448 B2
`
`a
`
`NN
`
`10
`94
`CCService &
`
`User Data
`
`aPov
`Crypto Provider
`OQ)
`
`Co
`
`14
`
`—
`Cc Secrets and
`inuti
`Biometric Minutia
`in DB
`Computer18
`
`—
`
`26
`
`—
`
`
`
`Service Provider App
`
`
`Dynamic Key
`Crypto Library
`
`
`20
`
`Ad
`
`194
`
`192
`
`Heartbeat & Chatter
`
`Local
`Computer Check
`
`
`
`190 ae
`
`Encrypted
`
`
`
`
`
`aD
`
` Service Data
`ecryption
`
`206
`
`Retries
`
`Exhausted
`
` Synch Minutia
`
`with DKCP
`
`
`
`Fetch Random
`Minutia
`
`Register
`| Computer (Fig 4)
`
`|
`
`201
`
`FIG. 8
`
`204
`
`Page 12 of 32
`
`1A1010
`
`IA1010
`
`Page 12 of 32
`
`

`

`U.S. Patent
`
`Mar.22, 2016
`
`Sheet 11 of 11
`
`US 9,294,448 B2
`
`196
`co
`Encrypted
`Service Data
`
`Send Receipt &
`Encrypted Data
`
`Delete Service
`
`from Computer
`
`
`236
`
`cS
`;
`Service Key
`Minutia Selections
`
`°8
`
`FIG. g
`
`Transfer
`Service
`
`4
`App Delivery in
`Figure 3
`
`
`Yes
`039
`
`Service Provider App
`
`
`| | | :1 |
`
`| i1
`
`|
`1
`||
`
`Computer System
`Registration in
`Figure 4
`
`Service Provider App
`Processing in
`|
`Figure 8
`
`Secrets and
`Biometric Minutia
`
`26
`
`.
`
`56
`
`Dynamic Key
`Crypto Library
`
`44
`
`Dynamic Key
`44
`Crypto Library
`
`
`
`ii |
`
`Other .
`Service Providers
`“0
`
`\
`
`)
`
`NT
`
`10
`
`Dynamic Key
`Crypto Provider
`
`22?
`224
`
`}
`}
`Delete Service
`
`Hold Service
`
`232
`
`1= Notify Other
`Cc
`Minutia DB
`SP Info & [Ds
`? content
`70
`32
`d
`
`Hold, Delete, Transfer
`Service Request
`
`Service Providers
`
`228
`
`Page 13 of 32
`
`1A1010
`
`IA1010
`
`Page 13 of 32
`
`

`

`2
`number, and when the key is validated, the cryptographic
`system attributes the user in the certificate to the usage of the
`key; the key matteritself has no relation to the user.
`Onthe Internet, ensuring a real-world identity for the user
`is critical for protecting data and privacy. Mobile users espe-
`cially are at risk because they often do not use anti-virus
`applications and manyof the service providers use applica-
`tions (apps) optimized for simplicity, not security. This leaves
`muchofthe private data meaningful to both a user’s identity
`and a service’s value inadequately protected. Since online
`service providers (OSP) incur much ofthe risk, safety has
`becometheir responsibility.
`The standard method for identifying a user to an online
`service is by entering a username and password. The user-
`nameis a knownservice index and,as such, can be stored on
`the computer for convenience. The passwordis a user secret
`verifiable by the OSP; it should notbe stored at the computer,
`where it can be compromised. However, because a quality
`password has many characters which should be a mix of
`upper, lower, punctuation and special characters, the pass-
`word is often difficult and time-consuming to type. This is
`especially true on a mobile computer using touch keypads
`that have various ‘levels’ of keypads for characters beyond
`Use of computers for connecting to a network (such as the
`simple alpha-numeric. Thus, many mobile apps store the
`Internet) and communicating with a variety of services risks
`password on the computer. Because mobile operating sys-
`the privacy of many types of information belongingto a user
`tems require mobile apps to be signed in orderto run, the apps
`including, for example, the user’s relationships (e.g., social
`themselves cannotbealtered after installation. So, any data
`connections), business secrets, banking details, payment
`stored by the mobile app is separate from the mobile app and
`options, and health records. The use of cryptography is com-
`often can be vulnerable to attack. Furthermore, because the
`monto authenticate identities, protect data, anddigitally sign
`app cannot change, if encryption was used to protect the
`the summary (i.e. digest) of an action.
`cached password, there could only be one encryption key for
`Cryptography generally uses an algorithm (e.g., Advanced
`all instances of the application. This commonality made har-
`Encryption Standard (AES), Rivest Shamir Adelman (RSA))
`vesting and cracking stored passwords on a mobile computer
`to combine cryptographic keys (which may be symmetric,
`relatively simple, even ifthe passwords were encrypted, since
`public, or private, for example) with plain text to form cipher
`they all used the same key for decryption.
`text. Cryptography keys are typically random numbers with-
`Computer and computeridentification has been attempted
`out any special meaning. The process ofdistributing crypto-
`by calculating a hash of the minutia found on a computer to
`graphic keys and storing them on a client computer(referred
`uniquely identify the computer, often referred to as a com-
`to as “key management”’)is difficult to perform securely and
`puter fingerprint. Computer fingerprints typically are used,
`is often the point-of-attack for breaking the security of a
`among other things, to ‘lock’ software to a particular com-
`cryptographic system. The key represents a single sequence
`puter fingerprint and identify computers used in online
`ofdata andthusa single point-of-failure for the cryptographic
`actions to profile the history and potential risk of particular
`system. Since the key normally must be presentat the client
`actions. A typical computer identifier is computed and
`computer, finding the key and then copying it to another
`remainsstatic; to ensure reliability the computer fingerprint
`computer can allow an imposter entity to masquerade as a
`typically uses computer minutiae (e.g., serial numbers) that
`valid entity.
`normally do not change. Thus, current computerfingerprints
`Secure elements (e.g., smartcards) can securely store the
`typically usearelatively small set of static minutia which may
`cryptographic key and, in someinstances, generate the key in
`be prone to spoofing. Some approaches to improving com-
`a secure environment. Access to the key wastypically con-
`puter identification have sought to increase the number of
`trolled by requiring the userto enter a personalidentification
`minutiae used in identifying the computer throughthe analy-
`number (PIN); this ensured that the user had to provide a
`sis of time (both in clock and network latency) and bits of
`secret before the secure element would allow use ofthe key.
`information left on the computer(i.e. “cookies’). However, as
`Such access to a key is commonly known as two-factor
`more minutiae are included in the computation, the probabil-
`authentication, and the two factors are generally referred to
`ity that changes occurred naturally to the minutia can result in
`as: “Something You Know”and “Something You Have”. A
`anew computerfingerprint. This falsely identifies a computer
`third factor, “Something You Are”, can include, for example,
`as ‘different’ when it is actually the same computer (often
`biometric information. The factors themselvesare related in
`referred to as‘false negatives’). These changesto the minutia
`on a unique computer occur naturally during normal use and
`can invalidate the computer fingerprint process or inconve-
`nience the useror service by forcing a re-initialization of the
`computer fingerprint.
`
`This application is a continuation of U.S. patent applica-
`tion Ser. No. 13/366,197 filed Feb. 3, 2012, which claims the
`benefit of U.S. Provisional Patent Application No. 61/462,
`474 filed Feb. 3, 2011, both of which are incorporated by
`reference.
`
`BACKGROUND
`
`1. Technical Field
`
`The present disclosure generally relates to dynamic key
`cryptography used, for example, for authentication between a
`client electronic device and a service provider, encryption of
`data communications, and digital signatures and, more par-
`ticularly, to cryptography using dynamic keys derived from
`dynamically changing key material.
`2. Related Art
`
`use but entirely separate in material. Possession of the physi-
`cal secure element (“Something You Have”) maybevia vali-
`dation of cryptographic functions using the random number
`cryptographic key provisionedto a particular secure element
`whose use maybeprotected by a secret PIN (“Something You
`Know’). There is no implicit binding betweenthe key and the
`user.
`
`US 9,294,448 B2
`
`1
`CRYPTOGRAPHIC SECURITY FUNCTIONS
`BASED ON ANTICIPATED CHANGES IN
`DYNAMIC MINUTIAE
`
`CROSS REFERENCE TO RELATED
`APPLICATIONS
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`Theuse of certificates in cryptography enabled the binding
`of a distinguished name(e.g., a unique user) with a crypto-
`graphic key. Yet, still the cryptographic key is a random
`
`65
`
`According to one or more embodiments of the present
`invention, methods and systems for dynamic key cryptogra-
`phy use a wide range of minutiae as key material including
`
`Page 14 of 32
`
`1A1010
`
`SUMMARY
`
`IA1010
`
`Page 14 of 32
`
`

`

`US 9,294,448 B2
`
`3
`computer hardware, firmware, software, user secrets, and
`user biometrics rather than store a random numberas a cryp-
`tographic key on the computer. Methods and systems for
`using dynamic key cryptography, according to one or more
`embodiments, can be used for authenticating users to ser-
`vices, ciphering data for protection, and digitally signing
`message digests. In one embodiment, dynamic key cryptog-
`raphy anticipates changes to computers caused by industry
`updates to hardware, firmware, and software of computers.
`In one embodiment, a method of dynamic key cryptogra-
`phy includes: selecting a subset from a set of minutia types;
`for a particular device, sending a challenge to the device, in
`which: the challenge includes information from which the
`device can collect actual values of minutia corresponding to
`the selected subset of minutia types in order to form a cryp-
`tographic key, the cryptographic key is never transmitted
`from the device across any communication channel, and the
`cryptographic key is used to encrypt an actual responseto the
`challenge; pre-processing a set of responsesto the challenge
`based on tracking updates of minutia from whichthe selected
`subset of minutia types is selected, in which: the set of pre-
`processed responses covers a range of all actual responses
`possible to be received from the particular device if the com-
`bination of the particular device with collected actual values
`of minutia is valid; comparing the actual response from the
`particular device to the set of pre-processed responses; and
`validating the combination of the particular device with the
`collected actual values ifthe actual responseis includedin the
`set of pre-processed responsesfor the particular device.
`In another embodiment, a method includes: selecting at
`least one type of minutia from a plurality of minutia types;
`forming a challenge that conveys the selection of minutia
`types; computing a plurality of pre-processed responses pos-
`sible to receive from a valid device, in which: each pre-
`processed response is computed using a key, each key is
`computed using values that are possible for the selection of
`minutia types; sending the challenge to the device; receiving
`an actual responseto the challenge from the device, in which:
`the actual response is computed using an actual key, the actual
`key is computed using: a deduction ofthe selection ofminutia
`types from the challenge and actual values ofthe selection of
`minutia types; comparing the actual response to the pre-
`processed responses for a match; and based on whetheror not
`a match was found, validating the combination of the device
`with the actual values of the selection of minutia types.
`In still another embodiment, a system includes a server
`configured to communicate with a device, in which the server
`selects at least one type ofminutia from a plurality ofminutia
`types; the server forms a challenge that conveysthe selection
`of minutia types; the server computes a plurality of pre-
`processed responses possible to receive from a valid device,
`in which: each pre-processed response is computed using a
`key, each key is computed using values that are possible for
`the selection of minutia types; the server sends the challenge
`to the device; the server receives an actual response to the
`challenge from the device, in which: the actual response is
`computed using an actual key; the actual key is computed
`using: a deduction of the selection of minutia types from the
`challenge and actual values of the selection of minutia types;
`the server compares the actual responseto the pre-processed
`responses for a match; and based on whetheror not a match
`was found,the server validates the combination of the device
`with the actual values of the selection of minutia types.
`In yet another embodiment, a computer program product
`includes a non-transitory computer readable medium having
`computer readable and executable code for instructing a pro-
`cessor to perform a method, the methodincluding: selecting
`
`4
`at least one type of minutia from a plurality of minutia types;
`forming a challenge that conveys the selection of minutia
`types; computing a plurality of pre-processed responses pos-
`sible to receive from a valid device, in which: each pre-
`processed response is computed using a key and each keyis
`computed using values that are possible for the selection of
`minutia types; sending the challengeto the device; receiving
`an actual responseto the challenge from the device, in which:
`the actual response is computed using an actual key, the actual
`key is computed using: a deduction ofthe selection ofminutia
`types from the challenge andactual values of the selection of
`minutia types; comparing the actual response to the pre-
`processed responses for a match; and based on whetheror not
`a match was found, validating the combination of the device
`with the actual values of the selection of minutia types.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`FIG. 1 is a system diagram illustrating communication and
`security between a client, a client device and a service pro-
`vider facilitated by a dynamic key cryptography provider in
`accordance with one or more embodiments;
`FIG. 2, comprising FIG. 2A and FIG. 2B, is a system
`diagram illustrating a challenge, response andvalidation pro-
`cess performedby the system of FIG. 1 in accordance with an
`embodiment;
`FIG.3 is a system diagram illustrating a service provider
`application (app) delivery system in accordance with an
`embodiment;
`FIG. 4 is a system process flow diagram illustrating a
`system for registration of computer system and user minutiae
`and services in accordance with an embodiment;
`FIG. 5 is a system diagram illustrating a system to cata-
`logue and model industry minutia and user heuristics to create
`and update anticipated minutia databases in accordance with
`an embodiment;
`FIG. 6, comprising FIG. 6A and FIG. 6B, is a system
`process flow diagram illustrating a system for validation scor-
`ing, confidence rating and step-up authentication processing
`in accordance with an embodiment;
`FIG.7 is a system process flow diagram for an authentica-
`tion and digital signature system capable of incorporating
`three identity factors in accordance with an embodiment;
`FIG. 8 is a system process flow diagram illustrating a
`system for application processing for local and update data
`security functions in accordance with an embodiment; and
`FIG. 9 is a system diagram illustrating computer identity
`providerlifecycle functionality and services to service pro-
`viders in accordance with an embodiment.
`
`DETAILED DESCRIPTION
`
`In accordance with embodiments of the present invention,
`methods and systems of dynamic key cryptography using
`dynamically changing keys composed of or derived from
`dynamically changing key material provide cryptographic
`services such as authentication, data protection, and digital
`signature by uniquely identifying a user’s computeror other
`electronic device based on (1) the electronic device itself,
`e.g., a mobile phoneor personal computing device, and using
`avery wide range ofhardware,firmware, and software minu-
`tia found on the computer; (2) secrets a user of the computer
`knows; and (3) biometric information the computer might
`collect from the user. Dynamic key cryptography in accor-
`dance with one or more embodiments enables secured actions
`for users of electronic computers and, more particularly, pro-
`vides authentication between a client electronic computer and
`
`Page 15 of 32
`
`1A1010
`
`IA1010
`
`Page 15 of 32
`
`

`

`US 9,294,448 B2
`
`6
`would also need to ensure the fraudulent computer minutia
`values change in an expected manner. Should a user’s online
`activities require an even higher level of trust, the platform
`(e.g., dynamic key crypto service andrelated client software)
`can force the user to enter the user’s standard PIN into the
`
`5
`a service provider, encryption of data electronically stored or
`sent on a communication channel, and digital signature for
`electronic digests of actions performed by the user on an
`electronic computer.
`The dynamic key cryptography system according to one
`embodimentanticipates changes to the minutia caused by
`updates and natural usage of the computer andpractically
`eliminates false negatives that block valid users from a net-
`workservice. Dynamic key cryptography mayprovide a safe,
`reliable method to users of network services for authenticat-
`
`computer to ensure a valid user is the person using the com-
`puter.
`Several technologies exist for processing security and
`assurance claims using static values. These include pass-
`words themselves and static ‘seed keys’ for functions like
`one-time-password and challenge-respond security mecha-
`ing the user to networkservices that protects both the user and
`
`the network services, protects the integrity and privacy of nisms. Even public key cryptography is based offastatic key
`data, and providesfor digitally signing the digest of an action
`pair (public and private). One or more embodiments of the
`performed bythe user on the electronic computer.
`dynamic key crypto system may use a very large numeric
`One or more embodiments mayprovide features suchas: 1)
`representation (e.g., 100,000’s of bits) of computer and user
`simple user experience—nodifficult passwords to remember
`minutia (e.g., any piece ofinformation that can be definitively
`or type, the user device or computeris invisibly authenticated
`associated with the computer andits user, including informa-
`and the user can be asked to enter a secondidentity factor such
`tion from the general categories ofwhat the user or computing
`as a secret PIN or biometric (e.g., voiceprint) into the com-
`device has, what the user knows, and whatthe user is) to form
`puter only if required by the service and protected services
`cryptographic keys that support a range of security functions
`can be automatically reconnected to a new device or com-
`in a verifiable manner (a cornerstone of security). In one or
`puter when it is registered by the user; 2) unprecedented
`more embodiments methods based on the predictable
`security—ausing a wider range of hardware, firmware, soft-
`dynamic nature of the minutia may allow for verification of
`ware, secret and biometric minutia to deliver a very accurate
`the minutia(as ifthey were a single static value) butnot all of
`device or computer and useridentity that is more difficult to
`the minutia is required to bestatic; most values ofthe minutia
`spoof, especially as some computeridentifier values are not
`can (and are expected to) change and evolve over time and the
`static but are expected to change; 3) reliability—anticipating
`change of the minutia values themselves increases the per-
`changesto the user device or computerdelivers a tolerant, yet
`ceived randomness ofthe resultant dynamic crypto keys. The
`secure authentication with fewer false negatives that anger
`validation of dynamic key cryptography based on changing
`users and clog customer support services; and 4) service and
`minutia uses a complex confidence scoring which isolates
`data separation—delivered as an integrated part of a mobile
`and evaluates the minutiae that have changed and uses con-
`application (app), a “foundation”(e.g., dynamic key crypto-
`fidence weightings againstthe predictability of such changes.
`graphic service) helps protect the app, encrypt service data
`Changing minutia when used as dynamic key material for
`stored on the user device or computer, digitally sign actions
`dynamic key cryptography adds complexity to the crypto-
`and allows the service to react without affecting other ser-
`graphic system which can improve security as a one-time
`vices, e.g., should data need to be wiped, only the app’s data
`copyofthe minutia valuesorresultant key will likely fail later
`is affected, not the user’s other information such as the user’s
`in time as the minutia values are expected to change.
`pictures or messages.
`Layering static minutia (e.g., hardware minutia, user
`One or more embodiments may enable a more convenient
`secrets, some user biometrics), slow-changing minutia (e.g.,
`method for connecting the user and service. For example,
`firmware minutia, some user biometrics), and predictably
`instead of subscribers typing in cumbersome passwords (or
`changing minutia (e.g., software minutia) can create a very
`worse yet, storing them unencrypted on the computer), the
`large set ofkey material (or keyspace) which can be processed
`as subsets of minutia. These subsets of minutia function as
`dynamic key cryptographic (dynamic key crypto) service and
`related client software can compute and manage the unique
`properties of the user device or computer. The resultant iden-
`tified computer can be used in place of passwords to simplify
`the customer connection experience. Since the computer
`itself is uniquely identified, it represents a safer method of
`identifying customers(e.g., users or subscribers). By forming
`cryptographic keys which use minutia found on the computer,
`the computeritself (as defined by its minutia) is validated, not
`a static key stored or intended to be stored only on the com-
`puter. The discovery and copying of a single value (the secret
`key) is significantly easier than the discovery and copying of
`avery large range ofcomputer minutia values. In addition,the
`writing of a single key in a computer’s memory effectively
`counterfeits the uniqueness of a computer identified by a
`single, static stored value. To counterfeit a dynamic key
`crypto-identified computer, it would be necessary to intercept
`various methodsto learn