`
`Utility Patent Application (Provisional)
`Specification
`
`INVENTION NAME
`
`System and Method for Cryptographic Security Functions Based on Anticipated Changes in Computer
`Minutia
`
`INVENTORS
`
`Paul T. Miller, Irvine California and George A. Tuvell, Thompson’s Station, Tennessee; jointly as
`founders of mSlGNlA, a California corporation
`
`ASSIGNEE
`
`mSlGNlA, a California corporation
`(5
`
`BACKGROUND of INVENTION and PRIOR ART
`The present invention is in the technical field of computers. More particularly, the present invention is
`in the technical field of:
`
`0 Computers connecting to the internet or other network
`
`0 Computers connecting to a network, where computers includes but is not limited to
`0 Traditional PC’s
`
`o Non-traditional PC’s (i.e. smartphones, smart tablets)
`o
`Purpose—built network computers (i.e. smart meters, network equipment, appliances)
`0 Computers without a user interface (i.e. machine-to-machine functionality)
`Identifying computers which connect to a network
`Identifying computers which connect to each other with or without concurrent connection to a
`wide-area network
`
`0
`0
`
`0 Authenticating computer connections to an online service
`0 Authenticating users to an online service
`
`0 Encrypting information stored on a computer
`
`Prior patents have identified a computer by calculating a hash of the minutia found on a computer to
`uniquely identify the computer, often referred to as a computer fingerprint. Computer fingerprints are
`used, among other things, to 'Iock’ software to a particular computer fingerprint and identify
`computers used in online actions to profile the history and potential risk of particular actions.
`
`In existing art, the computer identifier is computed and remains functionally static typically using
`computer minutia not expected to change (i.e. serial numbers) to ensure reliability. Minutia which
`changes or evolves naturally with use of the computer is typically not preferred nor are such changes
`to minutia modeled or predicted for increased functionality. Thus, current computer fingerprints use a
`relatively small set of reasonably static minutia which may be prone to spoofing.
`
`System and Method for Cryptographic Security Functions Based on Anticipated Changes in Computer Minutia
`Paul T. Miller and George A. Tuvell
`Specification
`Page 1 of 25
`
`Page 1 of 35
`
`M1009
`
`IA1009
`
`Page 1 of 35
`
`
`
`Prior art and implementations have sought to increase the number of minutia elements used in
`identifying the computer. However, as more minutia is included in the computation, the probability
`that changes occurred naturally to the minutia results in a new computer fingerprint. This falsely
`identifies a computer as 'different’ when it is actually the same computer (often referred to as ’false
`negatives’). These changes to the minutia on a unique computer occur naturally during normal use
`and should not invalidate the computer fingerprint process or inconvenience the user or service by
`forcing a re-initialization of the computer fingerprint.
`
`Other inventive work by Paul Miller utilizes predictive manufacturing characteristics to obsolete
`purpose-built identity tokens. The invention was submitted as a US application 2003/0084311 A1.
`However, the prior art does not use knowledge of predictive mass production minutia to anticipate
`changes to a calculated computer identifier.
`
`Prior art cited references appear in the following table:
`
`Patent Number
`US 2008/0244744 A1
`
`Issue or Filing Date First-Named Inventor Company
`Jan 29, 2008
`Thomas et al
`ThreatMetrix
`
`US 2010/0296653 A1 Sep 14, 2006
`US 2003/0084311 A1 05/2003
`US 5490216
`Sep 21 1993
`US 7272728
`Jun 14, 2004
`
`US 2005/0278542 A1
`US 6148407
`
`Feb 15, 2005
`Sep 30 1997
`
`Richardson
`Merrien et aI
`Richardson _
`Peeso et al
`
`Pierson
`Aucsmith
`
`Uniloc
`Gemplus
`Uniloc
`ioVation
`
`n/a
`intel
`
`System and Method for Cryptographic Security Functions Based on Anticipated Changes in Computer Minutia
`Paul T. Miller and George A. Tuvell
`Specification
`Page 2 of 25
`Page 2 of 35
`LAIOO9
`
`IA1009
`
`Page 2 of 35
`
`
`
`SUMMARY OF THE INVENTION
`
`Several technologies exist for processing security and assurance claims using static values. These
`
`include passwords themselves and static ’seed keys' for functions like one—time-password and
`
`challenge-respond security mechanisms. Even public key cryptography is based off a static key pair
`(public & private). mSlGNIA uses a very large numeric representation of the computer minutia
`
`(100,000’5 of bits) to support a range of security functions in a verifiable manner (a cornerstone of
`
`security). mSIGNlA’s methods, based on the predicable dynamic nature of the computer minutia,
`
`allow for verification of the computer minutia (as if they were a single static value) but the entire
`
`computer identifier is not required to be static, elements of the minutia can (and are expected to)
`
`change and evolve over time. The resultant validation of a dynamic computer identifier based on
`
`minutia uses a complex 'confidence scoring’ which isolates elements of the computer minutia that
`
`have changed and uses confidence weightings against the predictability of such changes.
`
`Layering static minutia, slow—changing minutia and predictably changing minutia creates a very large
`
`computer identifier which can be processed as subsets of minutia. These subsets of minutia function
`
`as a static identifier over a particular interval and provide increased security while being fault-tolerant
`to normal and natural anomalies.
`
`To achieve fault tolerance over a possibly changing set of minutia, anticipated changes and multiple
`
`subsets that provide back-up to any single subset can be used. By using mass produced computers
`
`which both contain a vast array of minutia and predictable evolution paths of computer minutia, a
`
`dynamic encryption system of methods based on evolving computer minutia can be maintained for the
`
`benefit of nearly any security function.
`
`In addition, since the range of minutia is so large, certain
`
`cryptographic functions can be performed several times using different subsets of minutia.
`
`In this
`
`manner, should one subset of minutia change, cryptographic checks using other minutia subsets and
`the anticipated changes to the minutia can improve fault tolerance.
`
`Assertions regarding a computer’s uniqueness, confidence in the computer uniqueness and service-
`orientated directives (i.e. provision, lock/hold, erase, transfer, blacklist, etc.) are formulated, controlled
`
`and directed by the computer identity provider service; computer identifier libraries gather the
`
`computer info and act on the computer in response to computer identity provider service directives.
`
`The heuristics for the predictive and constantly changing elements of a computer identity are
`performed in the cloud using data forwarded by the computer identifier libraries AND data gleaned
`from industry sources. Industry data includes cataloguing publically available data (such as over-the—air
`upgrades (OS, firmware, applications, etc) and network updates) over the range of possible computers.
`
`While nearly infinitely larger than the changes that can occur to a single computer (lending security via
`
`a broader search space) it is still finite and, therefore, useful in predictive heuristics regarding
`
`computers in use.
`
`System and Method for Cryptographic Security Functions Based on Anticipated Changes in Computer Minutia
`Paul T. Miller and George A. Tuvell
`Specification
`,
`Page 3 of 25
`Page 3 of 35
`LAIOO9
`
`IA1009
`
`Page 3 of 35
`
`
`
`The present invention is a system and methods for secure computer identification including:
`
`0 Registering online service providers with the computer identity provider service to create
`
`custom computer identifier libraries that conduct security functions but are resistant to
`
`successful attacks to other services and prohibit profiling users collaborating online service
`
`providers
`
`0 Collecting and registering the minutia of computers with the computer identity provider
`
`system, tying the computer minutia to an online service provider account identifier
`
`o Gathering industry information regarding updates to computer hardware, firmware and
`
`software to create a catalogue of industry identifiers which may possible appear on registered
`
`computers when they are updated. The catalogued industry minutia data is indexed and the
`
`possible minutia and current computer minutia are combined and permutations intelligently
`
`stored to anticipate future computer minutia possibilities
`
`0
`
`Identifying a computer based on a hash from a subset of minutia taken from a very wide range
`
`of minutia found on the computer including hardware, firmware and software. The
`
`authentication of the computer can be performed as an intelligent challenge and response
`
`which indexes minutia and, when compared to possible responses from anticipated minutia,
`
`can ascertain minutia changes on the computer without having to actually exchange the
`
`minutia between the computer and computer identity provider service
`
`0
`
`Scoring the confidence of a valid response based on the computer minutia used, the
`
`anticipated and expected changes to the computer minutia used and non-computer factors
`
`such as user PlN entry. Different challenges can be intelligently chosen to achieve a response
`
`that yields a higher confidence score.
`
`0
`
`Protecting the application and data running on a computer by using the computer minutia in
`
`cryptographic functions such as encrypted memory, local identification of the computer and
`
`heartbeat to prohibit application self-destruction. Some cryptographic functions are computed
`
`using more than one subsets of computer minutia to allow back-up functionality should
`
`minutia used in the cryptographic function change. The high number of meaningful minutia
`
`enables a more complex interaction between the computer and software computing the
`
`identifier. The increased ’chatter’, a mix of meaningful and decoy reads of minutia, obscure
`
`which minutia is meaningful thereby increasing the difficulty to spoof minutia values and
`
`intercept calls intended to counterfeit the original computer
`
`0 Notifying a wide range of online service providers should a computer status change. This
`
`enables a single event to trigger responses from a wide range of registered online service
`
`providers so that security and service continuity are maintained
`
`0
`
`Forcing a user to enter a service or computer PIN on a registered computer to increase the
`
`confidence score and ensure that a valid user is controlling an identified computer
`
`System and Method for Cryptographic Security Functions Based on Anticipated Changes in Computer Minutia
`Paul T. Miller and George A. Tuvell
`Specification
`Page 4 of 25
`Page 4 of 35
`LAIOO9
`
`IA1009
`
`Page 4 of 35
`
`
`
`DRAWINGS — FIGURES
`
`Table of Figures
`a Figure Brief
`1 Overview
`
`
`
`
`
`
`
`
`
`
`
`
` App Delivery
`
`Figure Title
`
`Change Tolerant Computer Identification System Overview including systems for the
`Computer, Network, Computer ID Provider, Service Provider, Third Party Software
`
`Distributor and Service User
`Service Provider App Delivery System with Service Provider registration with the
`
`Computer ID Provider System, Library Build, Application Build and Application
`Distribution to the Computer System
`
`Register Computer Registration of Computer System Minutia and Service
`
`atalogue Industry Catalogue and Model Industry Minutia to Create and Update Antncrpated Minutia
`Databases
`
`Auth Computer
`
`Authentication exchanges Using Challenge and Response and Static and Dynamic
`Computer Minutia
`
`Score Auth
`
`App Security
`
`CIDP Lifecycle
`Management
`
`Authentication Scoring, Confidence rating and Step-up authentication processing
`
`Application processing for local and update security functions
`
`Computer Identity Provider Lifecycle functionality and services to Service Providers
`
`PIN Entry
`
`User PIN Entry System
`
`
`
`
`
`
`
`
`
`
`
`Table of References
`
`The Referenced items of the invention are shown in the table below. The figures containing the items
`
`within the drawing are shown, but the items may be referenced in the specification related to the
`
`drawing without necessarily appearing in the figure drawing. The Type and System columns are
`
`included for additional information but the items are not necessarily limited to the Type and System
`mentioned in the table.
`
`
`
`“_n—
`
`
`— ID Prowder
`1 9
`Computer ID Provider System '
`- '
`12_-E- ID Provider
`1
`Service Provider System
`1 3. 6-8
`
`18
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`”—__—
`2
`-__—I!-
`ill—__—
`_-_I_
`-____
`
`.5]
`
`_ m—
`
`.EI Service Provider App
`_—M
`2
`
`
`System and Method for Cryptographic Security Functions Based on Anticipated Changes in Computer Minutia
`Paul T. Miller and George A. Tuvell
`Specification
`Page 5 of 25
`Page 5 of 35
`M1009
`
`
`
`
`
`
`
`
`
`
`IA1009
`
`Page 5 of 35
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Computer
`
`ID Provider
`
`ID Provider
`
`ID Provider
`
`ID Provider
`
`Computer
`ID Provider
`
`ID Provider
`
`ID Provider
`
`Process
`
`ID Provider
`
`Process
`
`ID Provider
`
`ID Provider
`
`ID Provider
`
`Process
`
`ID Provider
`
`Process
`
`Process
`
`Process
`
`ID Provider
`
`ID Provider
`
`Computer
`
`Computer
`
`Computer
`
`Computer
`ID Provider
`
`ID Provider
`
`Process
`
`ID Provider
`
`Process
`
`ID Provider
`
`ID Provider
`
`Process
`
`ID Provider
`
`Process
`
`ID Provider
`
`ID Provider
`
`Decision
`
`ID Provider
`
`ID Provider
`
`Distribute Application
`User Authentication
`
`52 Store Computer Info
`
`SP Computer Info DB
`
`Computer Identifier Library
`
`Fetch Computer Minutia
`Select Minutia for Servrce Keys
`62 Transmit Minutia to CIDP
`Computer Minutia from Hardware, Firmware & Software
`Elements
`
`Process
`
`U1U!"U'0
`
`OSP
`
`Process
`
`ID Provider
`
`Computer
`
`Computer
`
`Computer
`
`Info
`
`Computer
`
`2 3 5 7-9
`
`3,5 7
`_
`_
`
`3,5 7
`
`—E-
`
`__
`N
`74_E-
`76—E-
`__ Info
`Info
`
`Process
`
`[-
`
`Info
`
`\l0
`
`82
`
`88
`
`p
`
`06
`
`108
`
`110 Send Response to CIDP
`
`112 Response Process
`114 Select Mintuia Elements
`
`.U" \I
`
`116
`
`I—I
`
`18
`
`120
`
`2
`
`HH Nll
`
`128
`
`HHwasI!
`
`140
`
`144
`
`
`IIbN
`
`
`
`System and Method for Cryptographic Security Functions Based on Anticipated Changes in Computer Minutia
`Paul T. Miller and George A. TuveII
`Specification
`Page 6 of 25
`Page 6 of 35
`M1009
`
`
`
`
`
`Decision
`
`ID Provider, OSP
`
`ID Provider
`
`
`
`IA1009
`
`Page 6 of 35
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`51-—
`Iii-IE-
`
`_
`Computerm
`M—
`m—
`
`m—
`
`@—
`Process
`@—
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`@_
`
`EM—
`m—
`m—
`
`@@@
`
`
`
`uuuuuuyyuuu°°oo
`
`7.8
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`__-—
`ww—
`_—_m
`—_@—
`_—_m
`-—___
`-—__m
`__l-m
`__I-__
`__“M
`-_—_m
`_-__
`_-__
`-——_w
`__wm—
`@—
`
`192
`
`194
`
`2
`
`02
`04
`
`2
`
`..
`Fetch Random Minutia
`
` 1.
`
`06
`2.
`Retrles Exhausted
`
`08
`
`Update Library Storage
`2
`210 No Heartbeat
`
`220 New Computer Systems
`222 Hold Servrce
`
`Delete Servrce
`
`226
`
`Notify Other Servnce Provrders
`
`230 Other Comp ID Servrce Provrder Systems
`
`232 Hold, Delete, Transfer Service Request
`
`zss
`
`I5
`
`sz
`
`254
`
`
`
`260
`
`_
`
`System and Method for Cryptographic Security Functions Based on Anticipated Changes in Computer Minutia
`Paul T. Miller and George A. Tuvell
`Specification
`Page 7 of 25
`Page 7 of 35
`LAIOO9
`
`IA1009
`
`Page 7 of 35
`
`
`
`DETAILED DESCRIPTION OF THE INVENTION
`
`Referring to the invention in more detail, in Fig. 1 there is shown a Network 16, such as the Internet,
`
`connecting a Computer System 18 and three systems: A Computer ID Provider System 10, a Service
`Provider System 14 and a Third Party Software Distribution System 22. All items connected to the
`
`Network 16 are capable of communicating data securely via Network 16.
`
`The Computer System 18 is an industry typical hardware device running an operating system.
`Hardware examples include but are not limited to smart phones, laptops, tablets, sensors, payment
`terminals, meters, etc. Operating system examples include but are not limited to Windows, Android,
`iOS, Symbian, etc.
`
`The Third Party Software Distribution System 22 is an optional system or systems for distributing
`software from the Service Provider System 14 to the Computer System 18. Apple's AppStore is an
`example of such a system.
`
`The Computer ID Provider System 10 is typically a web service capable of securely manipulating and
`analyzing large amounts of data such as performing calculations, data modeling, permutation
`processing, interpolation, internet searches and complex database functions. The Computer ID
`Provider System 10 is cloud—based so it can have sufficient computational speed and power to off—load
`intensive computational efforts from a sometimes resource-constrained Computer System 18.
`Computer ID Provider System 10 provides a secured processing environment for the intelligence
`embodied in the invention including managing an enormous data-intensive query engine for complex
`data pattern matching, modeling and processing of complex and numerous permutations. The
`Computer ID Provider System 10 is a key part of mSIGNIA’s invention.
`
`Actions and exchanges performed by the Computer ID Provider System 10 are logged in the Event Log
`12 for auditing and heuristic analysis at later times.
`
`A Service User 20 interacts with the Computer System 18. A Service User 20 is a person that can have
`several different types of a Computer System 18 and be a user of any number of Service Provider
`Systems 14.
`
`Likewise, there can be any number of Service Provider Systems 14 connected to the Computer ID
`Provider System 10. The Service Provider System 14 is typically an industry standard website usually
`requiring a username and password. Examples of a Service Provider System 14 include but are not
`limited to Facebook, Corporate IT services, Online Banking, Healthcare, Travel, etc.
`
`System and Method for Cryptographic Security Functions Based on Anticipated Changes in Computer Minutia
`Paul T. Miller and George A. Tuvell
`Specification
`Page 8 of 25
`
`Page 8 of 35
`
`M1009
`
`IA1009
`
`Page 8 of 35
`
`
`
`Referring to the invention in more detail, in Fig 2 there is shown a system for delivering a Service
`
`Provider App 44 to a Computer System 18 such that the Service Provider App 44 has included within it
`
`a Computer Identifier Library 56 which is unique to that Service Provider System 14 and performs
`
`computer security functions on the Computer System 18.
`
`The Service Provider App 44 is a typical industry application except that it makes application
`
`programmer interface (API) calls to a Computer Identifier Library 56 that was compiled as a library
`
`within the application to form the final executable form of the Service Provider App 44.
`
`It may contain
`
`data that the Service Provider System 14 requires to secure and make private.
`
`Within the Computer ID Provider System 10 there is a Service Provider Registration 30 process for
`
`registering Service Provider Systems 14 to use the invention. The Service Provider Registration 30
`
`process records and generates data specific to the Service Provider System 14 and stores that data in
`
`the Partner Info & I05 32 database. Such data can include preferences like PIN utilization (i.e. force a
`
`system PIN, use a service PIN, etc.) and default connection threshold values. The database is
`
`analogous to the mSIGNIA list of customers and partners for whom a custom Computer Identifier
`
`Library 56 has been created. The Partner Info & I05 32 includes random numbers used as keys to
`
`identify and encrypt data of the Service Provider System 14 throughout the invention and a table for
`
`indexing minutia elements. Such Partner Info & IDs 32 uniquely identify the Service Provider System
`
`14 and ensure that parts of the invention used by the Service Provider System 14 are secure and
`
`separate from other Service Provider Systems 14 that might use the invention. This provides service
`
`separation of data and identifiers such that multiple, independent Service Provider Systems 14 cannot
`
`coIIude, compare data and infer what might be considered private data or tendencies of a Service User
`20.
`
`The Partner Info & IDs 32 data unique to a Service Provider System 14 is used in a Customer Library
`
`Creation 34 process to make a Computer Identifier Library 56 which contains data elements of the
`
`Partner Info & I05 32.
`
`In addition to data unique to the Service Provider System 14, the Custom Library
`
`Creation 34 process can create code custom to a particular Service Provider System 14. Such custom
`
`code can include different encryption algorithms, unique system encryption keys, unique look up table
`elements and orderings; all of which when compiled form a Computer Identifier Library 56 unique to
`
`the Service Provider System 14.
`
`Because of the different Partner Info & I05 32 used in the formation of the Computer Identifier Library
`56, two Service Provider Systems 14, for example, cannot compare information gleaned from the
`
`Computer System 18 and conclude their individual Service Provider Apps 44 are residing on the same
`
`Computer System 18. This prohibits the profiling of a Service User 20 based on the Service Provider
`
`Systems 14 connected to their Computer System 18.
`
`Likewise, because of the unique computational possibilities introduced in the Custom Library Creation
`
`34 that formed the Computer Identifier Library 56, a successful attack against the privacy and security
`
`included within a particular Computer Identifier Library 56, may not be successful against a Computer
`Identifier Library 56 related to another Service Provider System 14.
`
`System and Method for Cryptographic Security Functions Based on Anticipated Changes in Computer Minutia
`Paul T. Miller and George A. Tuvell
`Specification
`Page 9 of 25
`Page 9 of 35
`LAIOO9
`
`IA1009
`
`Page 9 of 35
`
`
`
`The Computer Identifier Library 56 created uniquely for the Service Provider System 14 is sent to the
`
`Service Provider System 14 securely over a Network 16. The Computer Identifier Library 56 is program
`logic designed to perform security functions both directed by and on behalf of the Service Provider App
`
`44 by interacting with the Computer System 18. The Computer Identifier Library 56 is a key
`
`component of the mSIGNIA invention.
`
`The Service Provider System 14 performs an industry typical Build Application 40 process by combining
`the Computer Identifier Library 56 with their Application Source Code 42 to create a Service Provider
`App 44. The Service Provider App 44 can be distributed any number of ways including directly over a
`Network 16 and through a Third Party Software Distributor 22 either over the Network 16 or directly to
`
`the Service User 20 for loading on the Computer System 18.
`
`Referring to the invention in more detail, in Fig. 3 there is shown a system for registering a Computer
`System 18 with a Computer ID Provider System 10 and a Service Provider System 14 over a Network
`16.
`
`The Computer System 18 has on it a Service Provider App 44. When the Service Provider App 44 is
`installed, the Computer Identifier Library 56 within the Service Provider App 44 runs tests to Proof the
`Install 76. Proof the Install 76 can be part of the Computer Identifier Library 56 and can use a shared
`secret supplied by Service Provider System 14 through a User Authentication 50 process.
`In this case
`the Service User 20 might answer previously defined questions, recognize historical service usage or
`
`other industry standard identity proofing methods.
`
`In addition to or replacement of the standard identity proofing methods involving the Service User 20,
`the User Authentication 50 process can share information which might identify the Computer System
`18 as belonging to the Service User 20.
`In this case, the Computer identifier Library 56 can Fetch
`Computer Minutia 58 to learn if a matching value or values is/are found in the Computer Minutia from
`Hardware, Firmware & Software Elements 64. Any items detailing personal identifiable information of
`a particular Service User 20 are deleted after use to reduce risk of centralizing personal identifiable
`information that presents a risk to the Computer ID Provider System 10.
`
`In a similar fashion, the Proof the Install 76 process can look for other instances of Service App 48 from
`other Service Provider Systems 14 and report any found instances back to the Computer ID Provider
`
`System 10 for additional assurances on the history of the Computer System 18.
`
`In all manners of User Authentication 50, the Service Provider System 14 will send to the Computer ID
`Provider System 10 an account identifier that the Service Provider System 14 uses to identify the
`Service User 20. The Register Computer 68 process stores the account identifier with the Computer
`
`Minutia DB 70 to link the Service User 20 to a particular Computer System 18.
`
`The Computer Identifier Library 56 can sample a wide range of Computer Minutia from Hardware,
`Firmware and Software Elements 64. Hardware minutia elements typically cannot change without
`
`System and Method for Cryptographic Security Functions Based on Anticipated Changes in Computer Minutia
`Paul T. Miller and George A. Tuvell
`Specification
`Page 10 of 25
`Page 10 of35
`LAIOO9
`
`IA1009
`
`Page 10 of 35
`
`
`
`changing a physical component of the Computer System 18. Firmware minutia can be updated but
`
`usually their update is controlled by someone other than the Service User 20. Software minutia
`
`changes dynamically via various owners and includes elements that require predictable, constant
`change in normal situations (i.e. a clock). Minutia elements include, for example, communication and
`
`telephony services, location and GPS data, memory characteristics and operating system and software
`
`data. Not all possible minutia elements are required to be read at installation; some may be read at a
`later time.
`
`A process to Select Minutia for Service Keys 60 uses some or all of the Computer Minutia from
`
`Hardware, Firmware & Software Elements 64 to create encryption and identifier keys that can be used
`
`by the Device Identifier Library 56 and other parts of the invention for things like Encrypted Service
`
`Data 196 stored locally on the Computer System 18. These selections are stored in a Service Key
`
`Minutia Selections 66 database that is managed and secured by the Device Identifier Library 56. The
`
`minutia selected here will be used by the Device Identifier Library 56 to dynamically build the service
`
`keys required by the Device Identifier Library 56; the keys that result from reading the Computer
`
`Minutia from Hardware, Firmware & Software Elements 64 are not stored within the Computer
`
`Identifier Library 56 or invention, they are computed as they are needed by consulting the Service Key
`
`Minutia Selections 66 database and reading the resulting Computer Minutia from Hardware, Firmware
`
`& Software Elements 64. Thus if a Service Provider App 44 was copied from one Computer System 18
`
`to another Computer System 18, when the service keys were built from Computer Minutia from
`Hardware, Firmware & Software Elements 64, the resulting service key would not be able, to example,
`
`properly decrypt data stored locally on the Computer System 18.
`
`Some of the Computer Minutia from Hardware, Firmware & Software Elements 64 is sent to the
`
`Computer ID Provider System 10 via the Transmit Minutia to CIDP 62 process. This process can use
`
`several secure transmission methods that may vary by Service Provider System 14 through the
`
`customization of the Computer Identifier Library 56.
`
`By performing a Transmit Minutia to CIDP 62 process, various values of Computer Minutia from
`
`Hardware, Firmware & Software Elements 64 are sent along with their minutia descriptor to the
`
`Computer ID Provider System 10 which performs a Register Computer 68 process. The Register
`Computer 68 processrecords the Computer Minutia from Hardware, Firmware & Software Elements
`64 into a Computer Minutia DB 70 along with the Service Provider System 14 account identifier for the
`
`Service User 20. The Computer Minutia DB 70 stores the type of minutia, its value and the service
`identifier for later processing by the invention.
`
`The Computer ID Provider System 10 is able to store the Computer Minutia from Hardware, Firmware
`
`& Software Elements 64 which has been randomized by the unique Computer Identifier Library 56.
`The Computer ID Provider System 10 is also able to Decrypt SP Minutia 74 using Partner Info & IDs 32
`data to learn the actual Computer Minutia from Hardware, Firmware & Software Elements 64. Many of
`
`these actual minutia values are known only by the Computer ID Provider System 10 and used later in
`
`the invention for services to multiple Service Provider Systems 14.
`
`System and Method for Cryptographic Security Functions Based on Anticipated Changes in Computer Minutia
`Paul T. Miller and George A. Tuvell
`Specification
`Page 11 of 25
`Page 11 of35
`LAIOO9
`
`IA1009
`
`Page 11 of 35
`
`
`
`Some of the actual Computer Minutia from Hardware, Firmware & Software Elements 64 are sent to
`
`the Service Provider System 14 via a Send Computer Profile to SP 72 process. The Service Provider
`
`System 14 can Store Computer Info 52 into a SP Computer Info DB 54. The SP Computer Info DB 54
`
`information can be useful to the Service Provider System 14 for understanding the types and
`
`characteristics of Computer Systems 18 running their Service Provider App 44 software. Such
`
`information might include OS type and version, computer make and model, etc.
`
`Referring to the invention in more detail, in Fig. 4 there is shown a system for creating an Industry
`Update Catalogue DB 96 from a wide range of industry sources and using that information to form an
`
`Anticipated Minutia DB 98.
`
`The Computer ID Provider System 10 routinely performs an Industry Minutia Cataloguing 86 process
`for ultimately amassing an Industry Update Catalogue DB 96. This database is for managing a vast but
`
`finite collection of industry minutia. Large scale searches, interpolation, multi-upgrade permutation
`modeling and probability calculations are performed against the data found in the Industry Update
`
`Catalogue DB 96.
`
`The lndUstry Minutia Cataloguing 86 process uses Computer Industry Research 90 to heuristically and
`empirically perform a Minutia Update Collection 88 process. The Minutia Update Collection 88 process
`scours a Network 16 (for example, the Internet) seeking out information from Software Manufacturers
`
`80, Computer Hardware Manufactures 82 and Firmware Manufactures 84.
`
`Software Manufactures 80 includes, among other entities, software manufactures, online software
`
`storefronts, support services for software and some operating systems.
`
`Computer Hardware Manufactures 82 includes, among other entities, manufactures of PCs, laptops,
`tablets, smartphones, purpose-built computing devices and other hardware often capable of
`
`connecting to a Network 16.
`
`Firmware Manufactures 84 includes, among other entities, software related to hardware (commonly
`called drivers), some operating system software, software for configuring and controlling access to a
`
`Network 16 such as a mobile operator network, or public and private cloud networks.
`
`The Minutia Update Collection 88 process collects such information as the Computer Industry Research
`
`90 process may deem beneficial to the invention. The collected data is then given to a Data Modeling,
`Heuristics and Permutations 92 process for analysis with regard to the invention. The Data Modeling,
`Heuristics and Permutations 92 process considers Historical Minutia Trends & Data Mining 94 as well
`
`as the current Computer Minutia DB 70, the current Anticipated Minutia DB 98 and the Event Log 12
`
`which chronicles changes to the Computer ID Provider System 10.
`
`From data collected and modeled, the Data Modeling, Heuristics and Permutations 92 process records
`possible minutia elements in the Anticipated Minutia DB 98. The data stored in the Anticipated
`
`System and Method for Cryptographic Security Functions Based on Anticipated Changes in Computer Minutia
`Paul T. Miller and George A. Tuvell
`Specification
`Page 12 of 25
`Page 12 of35
`M1009
`
`IA1009
`
`Page 12 of 35
`
`
`
`Minutia DB 98 is pre-calculated combinations of Industry Update Catalogue DB 96 and Computer
`
`Minutia DB 70 which are managed and ordered according to probability within the database so that
`
`rapid derivative comparisons can be verified and scored against a confidence scale.
`
`For example, when Computer Industry Research 90 discovers a pending operating system release, the
`
`Minutia Update Collection 88 process can gather a copy of the newly released operating system from,
`
`again for example, the appropriate Firmware Manufactures 84. The new operating system is
`
`processed by the Data Modeling, Heuristics and Permutations 92 function and the resultant minutia
`
`stored in the Anticipated Minutia DB 98 for later use by the invention.
`
`As another example of anticipated minutia, for minutia that represents system counters, the counter
`
`information collected from the Computer Minutia DB 70 can be increased an allowable range as
`
`determined by the Data Modeling, Heuristics a