United States Patent
`US 7,260,724 Bl
`(10) Patent No.:
`(12)
`Dickinsonetal.
`(45) Date of Patent:
`Aug. 21, 2007
`
`
`US007260724B1
`
`(54) CONTEXT SENSITIVE DYNAMIC
`AUTHENTICATION IN A CRYPTOGRAPHIC
`SYSTEM
`
`(75)
`
`Inventors: Alexander G. Dickinson, Laguna
`Beach, CA (US); Brian Berger,
`Mission Viejo, CA (US); Robert T.
`Dobson, Jr., Dove Canyon, CA (US)
`
`(*) Notice:
`
`.
`
`(73) Assignee: Security First Corporation, Rancho
`Santa Margarita, CA (US)
`x
`.
`.
`.
`.
`patentisontendedoradjustedander35
`U.S.C. 154(b) by 735 days.
`.
`(21) Appl. No.: 09/666,377
`:
`Filed:
`
`(22)
`
`Sep. 20, 2000
`Related U.S. Application Data
`(60) Provisional application No. 60/154,734,filed on Sep.
`20, 1999, provisional application No. 60/200,396,
`filed on Apr. 27, 2000.
`
`(51)
`
`Int. Cl.
`(2006.01)
`HOAL 932
`(52) US. Chew.coecoreeretenrinseeenineeenete 713/182
`(58) Field of Classification Search ................ 713/182,
`.
`713/185; 726/5-7, 8-9
`See application file for complete search history.
`:
`References Cited
`U.S. PATENT DOCUMENTS
`
`(56)
`
`4,453,074 A
`4,924,513 A
`4,932,057 A
`5,010,572 A
`5,051,745 A
`5,375,244 A
`5,386,104 A
`5,524,073 A
`5,615,269 A
`5,642,508 A
`
`6/1984 Weinstein
`5/1990 Herbison etal.
`6/1990 Kolbert
`4/1991 Bathricket al.
`9/1991 Katz
`12/1994 McNair
`1/1995 Sime
`6/1996 Stambler
`3/1997 Micali
`6/1997 Miyazawa
`
`5,666,414 A
`
`9/1997 Micali
`.
`(Continued)
`FOREIGN PATENT DOCUMENTS
`
`EP
`
`12/1989
`0346180 Bl
`(Continued)
`OTHER PUBLICATIONS
`Schneck et al., “Dynamic Authentication for High-Performance
`Network Applications”, 1998, IEEE, 0-7803-4482-0/98, pp. 127-
`136.*
`Menezes,et al., “Handbook ofApplied Cryptography”, 1997, CRC
`Press, pp. 385-424.*
`RSA SureFile: Software Powered by PKZIP .
`.
`. BSSF DS 0103
`Authorized
`Reseller:
`Technical
`Specifications
`Platforms
`Microsoft® Windows® 98 Second Edition ME NT 4.0 Workstation
`SP6A 2000 Protessional SP2 ... WWW.RSASECURITY.COM/
`PRODUCTS/BSAFE/datasheets/BSSF_DS_0103.pdf.
`(Continued)
`Primary Examiner—Matthew Smithers
`(74) Attorney, Agent, or Firm—Sheppard Mullin Richter &
`Hampton LLP
`
`ABSTRACT
`(57)
`first
`thenticat;
`Asvstem
`fi
`form;
`fa
`t
`first user to a
`system for performing authentication of a
`second user includes the ability for the first user to submit
`multiple instances of authentication data which are evalu-
`ated and then used to generate an overall level of confidence
`in the claimed identity of the first user. The individual
`authentication instances are evaluated based upon:
`the
`P
`degree of match between the user provided by thefirst user
`during the authentication and the data provided bythefirst
`user during his enrollment; the inherent reliability of the
`authentication technique being used; the circumstances sur-
`rounding the generation of the authentication data by the
`first user; and the circumstances surrounding the generation
`of the enrollmentdata bythe first user. This confidence level
`is compared with a required trust level which is based at
`least in part upon the requirements of the second user, and
`the authentication result is based upon this comparison.
`
`40 Claims, 18 Drawing Sheets
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`‘SelectNextAvihenication
`Insiace
`
`Generalea Raliabily for
`ibisAuthendcationInstance]
`
`
`
`
`CombineRelabilty of
`IndividualAulhenticafon
`InstancestoProduce
`‘AuthenticationConfifence,
`‘caval
`
`
`
`Ex.1009
`Ex.1009
`APPLE INC. / Page 1 of 46
`APPLEINC./ Page 1 of 46
`
`

`

`US 7,260,724 B1
` Page 2
`
`U.S. PATENT DOCUMENTS
`
`5,666,416 A
`5,717,758 A
`5,748,735 A
`5,761,306 A
`5,768,382 A
`5,768,519 A
`5,790,677 A
`5,823,948 A
`5,903,652 A
`5,903,882 A
`5,940,507 A
`5,960,083 A
`6,009,177 A
`6,023,508 A
`6,026,163 A
`6,073,237 A
`6,092,201 A
`6,094,485 A
`6,134,550 A
`6,229,894 Bl
`6,240,183 Bl
`6,240,187 Bl
`6,268,788 BL*
`6,289,509 Bl
`6,301,659 BL
`6,324,650 Bl
`6,336,186 Bl
`6,345,101 Bl
`6,345,314 Bl
`6,356,941 Bl
`6,363,485 B1*
`6,386,451 Bl
`6,401,206 BL*
`6,424,718 Bl
`6,438,690 Bl
`6,483,921 Bl
`6,553,493 Bl
`6,615,347 Bl
`6,691,232 B1*
`2001/0001876 Al
`2001/0051902 Al
`2002/0032663 Al
`2002/0046359 Al
`2002/0071566 Al
`2002/0129235 Al
`2003/0051054 Al
`2003/0070077 Al
`
`9/1997 Micali
`2/1998 Micall
`5/1998 Ganesan
`6/1998 Lewis
`6/1998 Schneier et al.
`6/1998 Swift et al.
`8/1998 Fox et al.
`10/1998 Rossetal.
`5/1999 Mital
`5/1999 Asayet al.
`8/1999 Caneet al.
`9/1999 Micali
`12/1999 Sudia
`2/2000 Bombard etal.
`2/2000 Micali
`6/2000 Ellison
`7/2000 Turnbull et al.
`7/2000 Weinstein et al.
`10/2000 Van Oorschotetal.
`§/2001 Van Oorschotetal.
`§/2001 Marchant
`5/2001 Lewis
`7/2001 Gray wees eeeeeeee 340/5.2
`9/2001 Kryloff
`10/2001 Micali
`11/2001 Ogilvie
`1/2002 Dyksterhouseet al.
`2/2002 Shukla
`2/2002 Cole etal.
`3/2002 Cohen
`3/2002 Adamset al. 0... 713/186
`5/2002 Sehr
`6/2002 Khan etal. 0. 713/176
`7/2002 Holloway
`8/2002 Patel et al.
`11/2002 Harkins
`4/2003 Okumuraetal.
`9/2003 de Silva et al.
`2/2004 Wood etal. wu... 713/201
`5/2001 Morgan et al.
`12/2001 Messner
`3/2002 Messner
`4/2002 Boden
`6/2002 Kern
`9/2002 Okamoto etal.
`3/2003 Redlichetal.
`4/2003 Redlich et al.
`
`FOREIGN PATENT DOCUMENTS
`
`EP
`EP
`EP
`EP
`EP
`EP
`EP
`GB
`JP
`RU
`WO
`WO
`WO
`WO
`WO
`WO
`WoO
`WO
`
`0354774 Bl
`0485090
`0636259 Bl
`0793367 A2
`0821504 A2
`0862301 A2
`1011222 Al
`2237670
`04297157
`2124814 Cl
`WO098/47091
`WO99/ 19845
`W099/46720
`W099/65207
`WO 00/79367 Al
`WO 01/22201 Al
`WO 01/22319 Al
`WO 01/22322
`
`2/1990
`5/1992
`2/1995
`9/1997
`1/1998
`9/1998
`6/2000
`5/1991
`10/1992
`1/1999
`10/1998
`4/1999
`9/1999
`12/1999
`12/2000
`3/2001
`3/2001
`3/2001
`
`WoO
`Wo
`Wo
`Wo
`
`WO 01/22650 A2
`WO 01/22651
`WO 02/21283 Al
`WO 02/21761 A2
`
`3/2001
`3/2001
`3/2002
`3/2002
`
`OTHER PUBLICATIONS
`
`Nightingale: The New Secret-Splitting Technology From RSA .. .
`NGBK DS 0403 http://developer.rsasecurity.com/labs/nightingale/
`developer.rsasecurity.com/labs/nightingale/files/nightingale-bro-
`chure.pdf-.
`M. Loutrel,et al., “An EAP-BT Smartcard for Authentication in the
`Next Generation of Wireless Communications”, Conference on
`Network Control and Engineering for QoS, Security and Mobility
`(Kluwer Academic Publishers, Norwell, MA) Oct. 23-25, 2002, pp.
`103-114).
`B. Hunter, “Simplifying PKI Usage Through a Client-Server Archi-
`tecture and Dynamic Propagation of Certificate Paths and Reposi-
`tory Addresses”, Proceedings 13” International Workshop on Data-
`base and Expert Systems Applications (IEEE, Computer Soc., Los
`Alamitos, CA), Sep. 2-6, 2002, pp. 505-510.
`K. Chan, et al., “Distributed Servers Approach for Large-Scale
`Multicast”, IEEE Journal on Selected Areas in Communications
`(IEEE, Piscataway, NJ). Oct. 2002, 20(8):1500-1510.
`K. Chan,et al., “Distributed Server Networks for Secure Milticast’,
`GLOBCOM ’01:IEEE Global Telecommunications Conference
`(IEEE, Piscataway, NJ), 3:1974-1978 (2001).
`S.Y. Shin, et al., “Design a Working Model of Secure Data Transfer
`Using a Data Mart”, Proceedings of the ISCA 14" International
`Conference Computer Applications in Industry and Engineering
`CISCA, Cary, NC), Nov. 27-29, 2001, pp. 66-69.
`“Lancope Announces Stealthwatch 3.0 for Enhanced Enterprise-
`Wide Security and Improved Manageability”, Business Wire
`(Newswire), Apr. 14, 2003.
`“Decru Unveils Security Appliances for Storage Networks; Decru
`DataFort (TM) Security Alliances Protect SAN and NAS Environ-
`ments with Wire-Speed Encryption and Transparent Depoloyment”,
`PR Newswire (PR Newswire Association, Inc.), Oct. 14, 2002.
`A. Shamir, “How to Share a Secret”, Communications of the ACM,
`vol. 22, No. 11, Nov. 1979.
`L. Grant, et al., “Secret Sharing and Splitting”, (White Paper) Notre
`Dame, Indiana, Dec. 16, 2002.
`J. McNamara, “Strong Crypto Freeware”, (Secret Sharer Version
`1.0), Jul. 11, 1995.
`J. Brainard,et al., “A New Two-Server Approach for Authentication
`with Short Secrets” (To Appear in USENIX Security 703), RSA
`Laboratories, Apr. 9, 2003.
`to T.ock Down Personal Data”,
`TD. Fisher,
`“RSA T.ooks
`EWeek—Enterprise News & Reviews, Apr. 14, 2003.
`D. Barlas, “RSA’s Security Showcase”, Line56.com—the E-Busi-
`ness Executive Daily, Apr. 15, 2003.
`M. Savage, “RSA Unveils Nightingale Technology’, CRN.com,
`Apr. 14, 2003.
`J. Waters, “RSA Integrates ID Management; Discloses Nightin-
`gale”, adtmag.com, Apr. 21, 2003.
`J. Vijayan, “RSA Unveils Management, Encryption Products”,
`Computerworld, Apr. 15, 2003.
`E. Doyle, “RSA Splits Data to Stop Hackers”, vnunet.com, Apr. 16,
`2003.
`S. Gibson, “Opinion”, EWeek—Enterprise News & Reviews, Apr.
`14, 2003.
`“Trustengine(TM) White Paper—Enthentication Services, Secure
`Storage and Authentication Solutions”, Ethenica, Inc. By Security
`First Corporation, Jun. 2002.
`“Tactilesense(TM) White Paper—A Breakthrough in Fingerprint
`Authentication”, Ethentica, Inc. by Security First Corporation, Jan.
`2003.
`
`* cited by examiner
`
`Ex.1009
`Ex.1009
`APPLE INC. / Page 2 of 46
`APPLEINC./ Page 2 of 46
`
`

`

`U.S. Patent
`
`Aug. 21, 2007
`
`Sheet 1 of 18
`
`US 7,260,724 B1
`
`NOILVOILLNAHLNV
`
`vivd@%,
`
`NOILVOINNWWOS
`
`NIM
`
`3LVOIsILYSO
`
`ALIMOHLNV
`
`WALSASGuYOONAA
`
`|Sls
`
`Ou
`
`ANISNALSNYLWALSAS
`
`
`
`
`
`oo!
`
`Gol
`
`Yasn
`
`40!
`
`OISLAWOIS
`
`ADIARO
`
`Ex.1009
`Ex.1009
`APPLE INC. / Page 3 of 46
`APPLEINC./ Page 3 of 46
`
`
`
`
`
`
`

`

`U.S. Patent
`
`Aug. 21, 2007
`
`Sheet 2 of 18
`
`US 7,260,724 B1
`
`SNIDNZSNIDN3
`
`JOVYOLSSSVW
`
`NOULVOLLNSHLNY[sx|
`
`ANIDNALSNYL
`
`oll ¢Old
`
`
`DIHWYDOLANONOLLVOILNSHLNYNOLLOWSNVULWSS®NOILVOINNWWOD
`ANOLISOd3aOL
`
`Got
`
`viva
`
`ANIDN3NIT
`
`Ex.1009
`Ex.1009
`APPLE INC. / Page 4 of 46
`APPLEINC./ Page 4 of 46
`
`

`

`U.S. Patent
`
`Aug. 21, 2007
`
`Sheet 3 of 18
`
`US 7,260,724 B1
`
`
`PeANIONADIHdDVHODOLdDAYDOL3SNIDN]NOILOVSNVYLWONd
`
`
`
`
`JANIDN3OIHdVHOOLdAYDOLSNIDN3DIHdDVYDOLdAYOWONS
`
`
`3NISNANOLLYOINAHLNYOLONILWYadO
`AYOLISOdAGOLNITNOLLVOINNWWODWOus
`
`
`
`JOVAOLSSSVNOL
`
`Ow
`
`AYOLISOdsSd
`
`
`
`ANINOLLVOINNWWODOL
`
`gou
`
`
`
`ANIDNANOILOVSNVaLL
`
`W3LSAS
`
`
`
`ZNIONZNOILVOILNSHLNYWOYS
`
`ANIDNANOLLVOLLNSHINGYOL=q—+—___ANIDN3NOILVOILNSHLNVYWONd
`
`
`
`v-Sld
`
`
`
`AOQVUOLSSSVWOL
`
`
`
`Vivd
`
`Sit
`
`NOILLVOLLNSHINY
`
`vivo
`
`1ss
`
`ONILVEAdO
`
`WALSAS
`
`
`
`ANIDNAOIHdVADOLdANDWOU
`
`Ex.1009
`Ex.1009
`APPLE INC. / Page 5 of 46
`APPLEINC./ Page 5 of 46
`
`
`
`

`

`U.S. Patent
`
`Aug. 21, 2007
`
`Sheet 4 of 18
`
`US 7,260,724 B1
`
`JINGOWONITaWAssy||JINGOWONILLINds19ouvivaviva
`
`
`
`SNIDNADIHDVYDOLdAYDOL
`
`
`
`SNIDNZNOLLOVSNVULOL
`
`G‘Ola
`
`
`
`Sz7g~
`
`sil2
`
`SLVAMd
`
`Az»
`
`AYOLISOd3OLONILYeadO
`
`AYOLISOdROOLWALSASAWOLISOdaGWOU
`
`
`
`STNGOWONNMONVHOINdVeDOLdAYD
`ANIDN3DIHdVeYODOLdAND
`
`
`
`Wa3LSAsAYNOLISOd30WOUS
`
`ONILWH3dOANIDNANOLLOWSNVLWOUd
`
`
`ANIONSNOILVOILNSHLNVY
`
`
`
`
`
`ANIDNANOLLOVSNVYLOL
`
`9“SIs
`
`
`
`FINGOWONIIEWasSsy
`
`Viva
`
`
`
`FINGOWONILLIMIdS
`
`vivd
`
`
`
`G15~]YOLVeVdWOS
`
`
`
`YaLiIWNLdWALLY
`
`SOLLSUNAH
`
`o8S
`
`O£S
`
`
`
`ANISN3NOILOVSNVULWOud
`
`
`
`ANIONSNOWLVOILNSHINYWOU
`
`Ex.1009
`Ex.1009
`APPLE INC. / Page 6 of 46
`APPLEINC./ Page 6 of 46
`
`
`
`
`
`
`
`
`

`

`U.S. Patent
`
`Aug. 21, 2007
`
`Sheet 5 of 18
`
`US 7,260,724 B1
`
`TOCRYPTOGRAPHIC
`
`ENGINE
`
`z °a-O
`
`w
`be
`iu 2
`rz
`pw2
`Oe
`
`<o
`
`FIG.7
`
`Zz
`2
`5
`ow
`3s
`oO
`az
`rw
`=
`oO
`:
`
`z
`9
`<x
`-
`Go
`Ew
`zZ2
`BS
`=z
`5 Ww
`<
`3
`ow
`aw
`
`oO
`x
`a
`2
`Ow
`Oo2
`Eg
`$2
`ow
`oO
`3
`x
`w
`
`Ex.1009
`Ex.1009
`APPLE INC. / Page 7 of 46
`APPLEINC. / Page7 of 46
`
`

`

`U.S. Patent
`
`Aug. 21, 2007
`
`Sheet 6 of 18
`
`US 7,260,724 B1
`
`003
`
`S03
`
`Q3AIZ034=S$
`
`viva
`
`928
`
`SLVYSNS9
`
`WOONVY
`
`3YasNNN
`
`SLVYANaS
`
`WOONVY
`
`YaanNNnN
`
`iy
`
`og
`
`aLVYaN39
`
`S$¥Oxo=2=0
`
`aLVYSN39
`
`S¥Y¥OxXV=8
`
`
`
`SLABLSIGC
`
`Ex.1009
`Ex.1009
`APPLE INC. / Page 8 of 46
`APPLEINC./ Page 8 of 46
`
`
`
`
`
`
`

`

`U.S. Patent
`
`Aug. 21, 2007
`
`Sheet 7 of 18
`
`US 7,260,724 B1
`
`40O
`
`ENROLLMENT DATA FLOW
`
`
`
`
`
`|SEND|RECEIVE SSL|ACTION
`
`
`
`
`TRANSMIT ENROLLMENT
`
`
`
`
`AUTHENTICATIONDATA(B) AND THE
`TRANSACTION
`
`ENGINE (TE)
`%
`USER ID (UID) ENCRYPTED WITH THE
`
`
`
`PUBLIC KEY OF THE AUTHENTICATION
`
`
`ENGINE (AE) AS (PUB_AE(UID,B))
`Usal_Te[AE FORWARD TRANSMISSION
`
`AE DECRYPTS AND SPLITS
`
`
`
`FORWARDED DATA
`
`
`
`
`
`
`
`
`4s
`aco]| SEN
`
`
`455
`460
`
`990 ~
`
`D Ww wn
`
`65
`
`THE X""
`DEPOSITORY(DX)
`
`STORE RESPECTIVE PORTION OF DATA
`
`WHENDIGITAL CERTIFICATE REQUESTED
`
`CRYPTOGRAPHIC
`ENGINE (CE)
`
`REQUEST KEY GENERATION
`CE GENERATES AND SPLITS KEY
`
`;
`
`
`
`
`
`
`
`
`FULL
`
`FIG. 9A
`
`Ex.1009
`Ex.1009
`APPLE INC. / Page 9 of 46
`APPLEINC./ Page 9 of 46
`
`

`

`U.S. Patent
`
`Aug. 21, 2007
`
`Sheet 8 of 18
`
`US 7,260,724 B1
`
`Como)
` DETERMINE CERTIFICATE
`
`
`
`TYPE
`
`130
`mt
`
`N DOES USER OWN
`
`DOES USER OWNTHIS
`TYPE OF CERTIFICATE?
`
`CROSS-CERTIFIED
`CERTIFICATE?
`
`
`
`SELECT CERTIFICATE AUTHORITY
`THAT ISSUES CERTIFICATE OR
`
`
`
`CROSS-CERTIFIED CERTIFICATE
`
`
`
`
`DOES USER MEET
`
`CURRENT CERTIFICATION
`
`
`AUTHORITY'S AUTHENTICATION
`REQUIREMENTS?
`
`
`
`ARE THERE OTHER
`
`
`CERTIFICATE AUTHORITIES
`
`HAVING DIFFERENT
`AUTHENTICATION
`
`
`REQUIREMENTS?
`
`
` UPDATE USER
`
`
`AUTHENTICATION
`
`
` ACQUIRE CERTIFICATE FROM agu
`CERTIFICATE AUTHORITY
` PERFORM ACTION
`
`
`
`
`
`
`Ex.1009
`Ex.1009
`APPLE INC. / Page 10 of 46
`APPLEINC./ Page 10 of 46
`
`

`

`U.S. Patent
`
`Aug. 21, 2007
`
`Sheet 9 of 18
`
`US 7,260,724 B1
`
`1000
`
`AUTHENTICATION DATA FLOW
`
`TRANSACTION OCCURS, SUCH
`AS SELECTING PURCHASE
`
`
`
`
`TRANSMIT TRANSACTION ID
`
`(TID) AND AUTHENTICATION
`REQUEST (AR)
`
`
`
`
`
`
` 1030
`
`
`
`1005
`
`1010
`
`USER
`
`VENDOR
`
`VENDOR
`
`USER
`
`1/2
`
`USER
`
`1015
`
`1020
`
`F029
`
`VENDOR
`TE
`
`TE
`
`1035
`
`1040
`
`DX
`
`1045
`
`1050
`
`Ho mM
`
`1055
`
`AE
`
`
`
`TRANSMIT TID AND B’ WRAPPED
`
`IN THE PUBLIC KEY OF THE
`
`
`AUTHENTICATION ENGINE (AE),
`AS (PUB_AE(TID, B’))
`FORWARD TRANSMISSION
`
`AUTHENTICATION DATA (B’)
`GATHERED FROM USER
`
`IS
`
`ENROLLMENT AUTHENTICATION
`DATA (B)
`IS REQUESTED AND
`GATHERED
`TRANSMITS TID, AR
`CREATE RECORD IN DATABASE
`
`TE
`
`1/2
`
`TRANSACTION
`Nee ie
`MASS STORAGE(MS)
`THE Xth
`
`FULL
`FULL
`
`AE
`
`FULL
`
`USER
`
`
`
`TRANSMIT THE TID AND THE
`
`
`PORTION OF THE
`
`
`
`
`AUTHENTICATION DATA STORED
`
`AT ENROLLMENT (BX) AS
`(PUB_AE(TID, BX))
`
`
`
`AE ASSEMBLES B AND
`
`COMPARES 10 8’
`
`TID, THE FILLED IN AR
`TID, YES/NO
`TID, CONFIRMATION MESSAGE
`
`
`
`
`Flo. 70
`
`Ex.1009
`Ex.1009
`APPLE INC. / Page 11 of 46
`APPLEINC./ Page 11 of 46
`
`

`

`U.S. Patent
`
`Aug. 21, 2007
`
`Sheet 10 of 18
`
`US 7,260,724 B1
`
`fo”
`
`SIGNING DATA FLOW
`
`ACTION
`
`TRANSACTION OCCURS; SUCH AS
`AGREEING ON A DEAL
`TRANSMIT TRANSACTION IDENTIFICATION
`NUMBER (TID), AUTHENTICATION
`REQUEST (AR), AND AGREEMENT OR
`MESSAGE_(M
`CURRENT AUTHENTICATION DATA (B’)
`AND A HASH OF THE MESSAGE
`RECEIVED BY THE USER (h(M’)) IS
`GATHERED FROM USER
`TRANSMIT TID, B’, AR, AND h(M’)
`WRAPPED IN THE PUBLIC KEY OF THE
`AUTHENTICATION ENGINE (AE) AS
`PUB_AE(TID, B’,
`h(M’
`FORWARD TRANSMISSION
`GATHER ENROLLMENT AUTHENTICATION
`
`DATAAT
`TRANSMITS UID, TID, AR, AND A HASH
`OF THE MESSAGE
`(h(M)).
`CREATE RECORD IN DATABASE
`
`.
`
`UID, TID
`TRANSMIT THE TID AND THE PORTION
`OF THE AUTHENTICATION DATA STORED
`AT ENROLLMENT (BX),AS (PUB_AE(TID,
`))
`THE ORIGINAL VENDOR MESSAGE IS
`TRANSMITTED TO THE AE
`TRANSMIT h(M)
`AE ASSEMBLES B, COMPARES 10 8
`AND COMPARES h(M) TO_h(M’
`REQUEST FOR DIGITAL SIGNATURE AND
`
`rE
`
`AE
`TE .\ ee
`
`VENDOR
`TE
`
`TE
`
`Dx
`
`TRANSACTION
`FULL
`ENGINE
`(TE
`MASS STORAGE (MS)[ FULL
`THE_Xth
`DEPOSITORY(DX)
`
`FULL
`
`AE
`
`“ENGINE(CE)
`
`VENDOR
`
`TE
`
`USER
`
`A MESSAGE TO BE SIGNED, FOR
`
`THE HASHED MESSAGE
`EXAMPLE,
`TID,
`SIGNING UID
`TRANSMIT THE PORTION OF THE
`CRYPTOGRAPHIC KEY CORRESPONDING
`TO THE SIGNING PARTY
`CE _ASSEMBLES KEY AND SIGNS
`TRANSMIT THE DIGITAL SIGNATURE (S)
`OF SIGNING PARTY
`TID, THE FILLED IN AR, h(M), AND S
`TID, A RECEIPT=(TID, YES/NO, AND
`S), AND THE DIGITAL SIGNATURE OF
`THE TRUST ENGINE, FOR EXAMPLE, A
`HASH OF THE RECEIPT ENCRYPTED
`WITH THE TRUST ENGINE’S PRIVATE
`KEY (Priv_TE(h(RECEIPT)))
`
`Ex.1009
`Ex.1009
`APPLE INC. / Page 12 of 46
`APPLEINC./ Page 12 of 46
`
`

`

`U.S. Patent
`
`Aug. 21, 2007
`
`Sheet 11 of 18
`
`US 7,260,724 B1
`
`1200
`
`
`
`
`
`
`
`ENCRYPTION/DECRYPTION DATA FLOW
`
`
`
`
`
`SEND|RECEIVE SSL - ACTION
`DECRYPTION
`
`
`
`PERFORM AUTHENTICATION DATA
`
`PROCESS 1000,
`INCLUDE THE
`SESSION KEY (SYNC)
`IN THE
`AR, WHERE THE SYNC HAS BEEN
`
`ENCRYPTED WITH THE PUBLIC
`
`
`KEY OF THE USER AS
`PUB_USER(SNYC)
`
`
`AUTHENTICATE THE USER ©
`Fut.|FORWARD PUB_USER(SYNC)
`
`Futt|uo, 1
`
`
`
`TRANSMIT THE TID AND THE
`
`|PORTION OF THE PRIVATE KEY
`
`AS (PUB_AE(TID, KEY_USER))
`
`
`CE ASSEMBLES THE
`CRYPTIOGRAPHIC KEY AND
`ae
`
`DECRYPTS THE SYNC
`
`
`
`t
`TID, THE FILLED IN AR
`
`
`AE FULL|INCLUDING DECRYPTED -SYNC
`
`
`
`FULL|FORWARD TO_TE
`
`APP/WENDOR 1/2|TID, YES/NO, SYNC
`
`Dx
`
`|
`
`CE
`
`FULL
`
` FULL|REQUEST DIGITAL CERTIFICATE
`
`REQUESTING 1/2|REQUEST FOR PUBLIC KEYTr |
`
`
`
`
`7240(PP/VENDOR /2|oF USER
`reee
`MS
`
`NMS]TE [FULL|TRANSMIT DIGITAL CERTIFICATE
`TE
`PRT APEVNENGa|1/2|TRANSMIT DIGITAL CERTIFICATE
`
`FIZ. 12
`
`Ex.1009
`Ex.1009
`APPLE INC. / Page 13 of 46
`APPLEINC./ Page 13 of 46
`
`

`

`U.S. Patent
`
`Aug. 21, 2007
`
`Sheet 12 of 18
`
`US 7,260,724 B1
`
`ooel~~
`
`
`BEI~v'NOWOVSNVEL||NOLLVOLNSHINYAYOLISOdSO
`
`
`soul™3NION3BNIDNA'NOILVOLLNSHLNYNOILOVSNVYL:
`
`
`
`alai~:NOLLWOLNSHINYNOWOWSNVEL|
`
`sisI~ANIONS3NIONS
`
`
`C1!ANIONSNIDN3
`
`LeneGOELeeveel
`NOULWOLLNSHINYNOWOWSNVEL||
`
`
`3NION33NIONA
`
`
`
`NOLLVOINNWAOO
`
`Wouds/OL
`
`INIT
`
`Ex.1009
`Ex.1009
`APPLE INC. / Page 14 of 46
`APPLEINC./ Page 14 of 46
`
`
`

`

`U.S. Patent
`
`Aug. 21, 2007
`
`Sheet 13 of 18
`
`US 7,260,724 B1
`
`bvWOud
`
`
`
`
`
`> x
`
`Wows
`
`OILVOINNWAWOD
`
`NN
`
`GI
`Vlas
`
`AONVONNGSY
`
`JINGOW
`
`
`
`SNISNANOILOVSNVYL
`
`pyOL
`
`YOLVaWVdNOO
`
`evWOud
`
`evWOUus
`
`Ex.1009
`Ex.1009
`APPLE INC. / Page 15 of 46
`APPLEINC./ Page 15 of 46
`
`

`

`U.S. Patent
`
`Aug. 21, 2007
`
`Sheet 14 of 18
`
`US 7,260,724 B1
`
`FIGURE 16
`
`1600
`
`1605
`
`1610
`
`4615
`
`1620
`
`
`Receive Authentication
`
`
`
`
`Extract Data for Each
`
`
`Authentication Instance
`
`Used
`
`Data and Enrollment Data
`
`
`
`Generate Reliability Based
`on Authentication Instance
`
`
`
`Technique
`Select Next Authentication
`
`instace
`
`
`
`
`
`
`
`
`Generate Reliability Based
`on Authentication Instance
`Data and Circumstances
`
`Wasan additional
`
` Generate a Reliability for
`
`Authentication
`
`this Authentication Instance
`
`
`instance Used?
`
`CombineReliability of
`Individual Authentication
`Instances to Produce
`Authentication Confidence
`
`Level
`
`Ex.1009
`Ex.1009
`APPLE INC. / Page 16 of 46
`APPLEINC./ Page 16 of 46
`
`

`

`U.S. Patent
`
`Aug. 21, 2007
`
`Sheet 15 of 18
`
`US 7,260,724 B1
`
`FIGURE 17
`
`1050
`
`
`
`
`Transaction Engine Receives TID and
`Completed Authentication Request
`
`
`
`1710
`
`1720
`
`
`
`
`Generate Required Trust Level Based
`on Size / Risk of Transaction specified
`
`
`
`Compare Required Trust Level and
`Authentication Confidence Level
`
`
`
`in Authentication Request
`
`Level? Yes
`
`Is Authentication
`Confidence Level greater
`
`than Required Trust
`
`
` Perform TrustArbitrage
`
`Vendor
`
`Generate Positive
`Authentication
`
`Send Authentication Result to
`
`Ex.1009
`Ex.1009
`APPLE INC. / Page 17 of 46
`APPLEINC./ Page 17 of 46
`
`

`

`U.S. Patent
`
`Aug. 21, 2007
`
`Sheet 16 of 18
`
`US 7,260,724 B1
`
`FIGURE 18
`
` s Further Arbitrage
`
`
`Send Authentication
`Generate Negative
`Result to Vendor
`Authentication
`Permitted?
`
`
`
`
`Contact Vendor:
`Contact User: Request
`
`Confirm Required Trust
`
`
`
`Additional
`‘
`Level and Offer
`Authentication and
`
`
`Insurance
`
`Offer Insurance
`
`
`Has Vendor
`
`as User Provided
`
`
`
`Adjusted Required
`Additional Data?
`
`
`Trust Level?
`
`1800,
`
`
`
`Authentication Engine
`
`Period to Expire
`
` Send New
`
`Authentication Data to
`
`
`
`
`Wait for Response
`
`
`
`Compare
`Authentication
`Confidence Level and
`Required Trust Level
`
`1845 ~
`
`WasInsurance
`Purchased?
`
`Yes
`
`Adjust Authentication
`Confidence Level! and
`Required Trust Level
`Based on Insurance
`Purchased
`
`Ex.1009
`Ex.1009
`APPLE INC. / Page 18 of 46
`APPLEINC./ Page 18 of 46
`
`

`

`U.S. Patent
`
`Aug. 21, 2007
`
`Sheet 17 of 18
`
`US 7,260,724 B1
`
`FIGURE 19
`
`Trust Engine
`
`Vendor
`
`1900 ~
`
`Fill out order form online on
`
`1905
`
`
`
`1940"
`
`Review Contract
`
`|
`
`1945 —™~
`Generate authentication data
`
`
`
`
`
`1950
`
`1975
`
`1925
`
`request signature
`
`Verify authentication of Vendor
`
`
`Send hashof contract and
`
`
`;
`authentication request to Trust
`
`
`
`Engine
`:
`
`
`
`
`Vendor's web page
`
`
`
`
`Verify authentication and
`Submit form and request
`Receive signed form
`authentication
`appendsigned hashof form
`
`
`
`Generate contract
`
`Send contract to User and
`
`
`
`
`
`
`
`Receive receipt (signed by
`Trust Engine) and hash of
`contract (signed by User)
`
`
`
`re
`:
`Send authentication data and
`hashof contract to Trust
`Verify authentication of User
`Engine
`|
`
`
`
`Sign hashof contract with
`User's private key; Forward
`
`contract to Vendor signed by
`
`Trust Engine
`
`
`
`
`
`Receive receipt (signed by
`Trust Engine) and hash of
`
`
`contract (signed by Vendor)
`
`
`
`Sign hash of contract with
`Vendor's private key; Forward
`contract to User signed by
`Trust Engine
`
`
`
`Ex.1009
`Ex.1009
`APPLE INC. / Page 19 of 46
`APPLEINC./ Page 19 of 46
`
`

`

`U.S. Patent
`
`Aug. 21, 2007
`
`Sheet 18 of 18
`
`US 7,260,724 B1
`
`FIGURE 20
`
`105
`
`Dy eroeny
`ee
`aman
`
`
`
`
`User System —
`
`
`
`
`
`2015
`
`tt
`
`SPM-- Software
`
` Communication Link
`
`
`
`Trust Engine
`
` SecSitay
`aera
`
`
`eeee
`
`Ex.1009
`Ex.1009
`APPLE INC. / Page 20 of 46
`APPLEINC./ Page 20 of 46
`
`

`

`US 7,260,724 Bl
`
`1
`CONTEXT SENSITIVE DYNAMIC
`AUTHENTICATION IN A CRYPTOGRAPHIC
`SYSTEM
`
`REFERENCE TO RELATED APPLICATION
`
`The present application claims priority benefit under 35
`US.C. §119(e)
`from U.S. Provisional Application No.
`60/154,734, filed Sep. 20, 1999, entitled “SECURE SITE
`FOR INTERNET TRANSACTIONS?”and from U.S. Pro-
`
`visional Application No. 60/200,396, filed Apr. 27, 2000,
`entitled “SECURE SITE FOR INTERNET TRANSAC-
`TIONS”.
`
`BACKGROUNDOF THE INVENTION
`
`1. Field of the Invention
`The present invention relates to cryptographic authenti-
`cation. Morespecifically, the present inventionrelates to the
`evaluation of an authentication event based uponthe context
`of that event.
`
`2. Description of the Related Art
`With the continued increase in commercial and other
`
`10
`
`15
`
`20
`
`transactions taking place across linked computer systems,it
`has become desirable to secure these transactions and the
`information related to these transactions. One form of secu-
`
`25
`
`rity is to prevent access to systems which perform certain
`functions, for instance by requiring a password or PIN
`numberin order to use an ATM.Another form of security is
`to protect data from being intercepted and used by those
`other than the intended recipients, for instance, when send-
`ing a credit card numberelectronically. Another form of
`security involves allowing someone to undeniably sign a
`documentor otherwise assentto a transaction electronically.
`All of these functions are related to the concept of
`authentication, or proof of identity. Authentication of elec-
`tronic systems, particularly digital systems,
`is generally
`carried out using cryptographic techniques and protocols.
`Cryptography is the scrambling of information in such a
`specific way that it can only be unscrambled by someone
`whoholds the appropriate unscrambling key. By exchanging
`messages which can only be decrypted by those with access
`to the proper key, cryptographic protocols can be used as a
`means to authenticate individuals.
`
`Techniques of authentication vary in their ease of use and
`their reliability. For instance, a classical authentication tech-
`nique in both electronic and non-electronic systems is the
`password. Anyone who knowsthe passwordfor the club is
`assumed to be a member and is admitted. Anyone who
`doesn’t know the password is prohibited. Similarly, some-
`one who knows a particular
`individual’s password is
`assumed to be that individual, while someone who doesn’t
`is assumed to be someoneelse.
`
`This technique is fairly simple to implement, andfairly
`simple to use. The individuals being authenticated need
`merely remember the password, and they can be authenti-
`cated by anyone else who knows the password. However,
`such a technique is also fairly unreliable; people may be
`forget
`their own password or overhear someone else’s
`password.
`Other techniques for authentication involve the use or
`control of a particular token, such as a particular key, either
`physical or electronic. Still other techniques are based upon
`some immutable physical characteristic of a user, such as a
`fingerprint or the sound of their voice. Some of these
`techniques are more reliable than others. For instance,
`fingerprints are more effective authenticators than pass-
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`words in most cases. However, analyzing a fingerprint to
`determine if someone is who they claim to be is much more
`complex than simply comparing passwords. Generally, the
`more reliable a technique of authentication is,
`the more
`cumbersomeit is to use.
`
`Therefore, there is a continued need for improved systems
`that provide appropriate levels ofreliable authentication and
`security with the improved case of use and reduced incon-
`venience to the users.
`
`SUMMARY OF THE INVENTION
`
`Based on the foregoing, a need exists to provide a method
`for authenticating a user here the useris authenticated based
`on those aspects of his current circumstances which are most
`reliable for use in determining that the user is who he says
`he is. Accordingly, one aspect of the invention is to provide
`a secure server, or trust engine, having server-centric keys,
`or in other words, storing cryptographic keys and user
`authentication data on a server. According to this embodi-
`ment, a user accesses the trust engine in order to perform
`authentication and cryptographic functions, such as,
`for
`example, authentication, authorization, digital signing and
`generation, storage, andretrieval of certificates, encryption,
`notary-like and power-of-attormmey-like actions, and the like.
`Anotheraspect of the inventionis to providea reliable, or
`trusted, authentication process. Moreover, subsequent to a
`trustworthy positive authentication, a wide numberof dif-
`fering actions may be taken, from providing cryptographic
`technology, to system or device authorization and access, to
`permitting use or control of a wide numberof electronic
`devices.
`
`Another aspect of the invention is to provide crypto-
`graphic keys and authentication data in an environment
`where they are not lost, stolen, or compromised, thereby
`advantageously avoiding a need to continually reissue and
`manage new keys and authentication data. According to
`another aspectof the invention,the trust engine allows a user
`to use one key pair for multiple activities, vendors, and/or
`authentication requests. According to yet another aspect of
`the invention,
`the trust engine performs the majority of
`cryptographic processing, such as encrypting, authenticat-
`ing, or signing, on the server side, thereby allowing clients
`to possess only minimal computing resources.
`According to yet another aspect of the invention, the trust
`engine includes multiple depositories for storing portions of
`each cryptographic key and authentication data. The por-
`tions are created through a data splitting process that pro-
`hibits reconstruction without a predetermined portion from
`more than one depository. According to another embodi-
`ment, the multiple depositories are geographically remote
`such that a rogue employee or otherwise compromised
`system at one depository will not provide access to a user’s
`key or authentication data.
`According to yet another aspect, the authentication pro-
`cess advantageously allows the trust engine to process
`vendorand user authentication activities in parallel. Accord-
`ing to yet another embodiment, the trust engine may advan-
`tageously track failed access attempts and thereby limit the
`numberof times malicious intruders may attempt to subvert
`the system.
`According to yet another aspect, the trust engine may
`include multiple instantiations where each trust engine may
`predict and share processing loads with the others. Accord-
`ing to yet another embodiment,the trust engine may include
`Ex.1009
`Ex.1009
`APPLE INC. / Page 21 of 46
`APPLEINC./ Page 21 of 46
`
`

`

`US 7,260,724 Bl
`
`3
`a redundancy module for polling a plurality of authentica-
`tion results to cnsure that more than one system authenti-
`cates the user.
`
`4
`plurality of authentication instances generated using a subset
`of these authentication techniques is then received and a
`level of match is associated with each authentication
`
`Therefore, one embodiment of the invention provides a
`method where data is obtained from the user during an
`authentication attempt along with data describing one or
`more aspects of the current circumstances surrounding the
`authentication attempt. This data is compared to previously
`received data associated with the circumstances of the
`
`instance. The level of trust of the authentication attempt is
`then defined based uponthe level of match associated with
`each authentication instance and uponthe reliability of the
`technique used in each authentication instance.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`previous authentication attempts by this user. Based upon
`The present invention is described in more detail below in
`this comparison, a level of trust for the authentication
`connection with the attached drawings, which are meant to
`attempt of the user.
`illustrate and not to limit the invention, and in which:
`According to another aspect of the invention, a method for
`authenticating a user is provided in which authentication
`FIG. 1 illustrates a block diagram of a cryptographic
`data is obtained associated with an authentication operation,
`system, according to aspects of an embodiment of the
`and metadata is obtained related to the authentication opera-
`invention;
`tion. This metadata is compared with data which haspre-
`FIG.2 illustrates a block diagram of the trust engine of
`viously been received andalevel of trust associated with the
`FIG. 1, according to aspects of an embodiment of the
`authentication operation is determined.
`invention;
`the
`According to yet another aspect of the invention,
`FIG. 3 illustrates a block diagram of the transaction
`authentication data is comprised of data generated using
`engine of FIG. 2, according to aspects of an embodimentof
`more than one authentication technique. Data generated
`the invention;
`using different techniques is compared with different por-
`FIG.4 illustrates a block diagram of the depository of
`tions of the set of previously stored data in order to deter-
`FIG. 2, according to aspects of an embodiment of the
`mine a level of trust for the authentication.
`invention;
`An additional aspect of the invention provides a system
`FIG. 5 illustrates a block diagram ofthe authentication
`for graded authentication comprising user data and circum-
`engine of FIG. 2, according to aspects of an embodimentof
`stantial data used by a trust engine. The user data is obtained
`the invention;
`from a user during previously successful authentication
`FIG.6 illustrates a block diagram of the cryptographic
`attempts, and circumstantial data associated with these pre-
`engine of FIG. 2, according to aspects of an embodimentof
`viously successful authentication attempts is also received.
`the invention;
`The trust engine generates a level of trust associated with a
`FIG.7 illustrates a block diagram of a depository system,
`current authentication attempt by comparing circumstantial
`according to aspects of another embodiment of the inven-
`data associated with the current authentication attempt with
`tion;
`the circumstantial data associated with the previously suc-
`FIG.8 illustrates a flow chart of a data splitting process
`cessful authentication attempts.
`according to aspects of an embodiment of the invention;
`In another embodiment of the invention, a method for
`FIG. 9A illustrates a data flow of an enrollment process
`grading an authentication operation is relying on a variable
`according to aspects of an embodiment of the invention;
`set of authentication techniques used to obtain authentica-
`FIG. 9B illustrates a flow chart of an interoperability
`tion data is provided. The reliability of the set of authenti-
`process according to aspects of an embodiment of the
`cation techniques available is defined, and authentication
`invention;
`data is received during an authentication operation. The
`FIG.10 illustrates a data flow of an authentication process
`authentication data is generated using a subset of the avail-
`according to aspects of an embodiment of the invention;
`able authentication techniques. The acceptability of the
`FIG. 11 illustrates a data flow of a signing process
`authentication data is determined for the subset of data
`according to aspects of an embodimentof the invention.
`FIG. 12 illustrates a data flow and an encryption/decryp-
`tion process according to aspects and yet another embodi-
`mentof the invention;
`FIG. 13 illustrates a simplified block diagram of a trust
`engine system according to aspects of another embodiment
`of the invention;
`FIG. 14 illustrates a simplified block diagram of a trust
`engine system according to aspects of another embodiment
`of the invention;
`FIG. 15 illustrates a block diagram of the redundancy
`module of FIG. 14, according to aspects of an embodiment
`of the invention;
`FIG.16 illustrates a process for evaluating authentications
`according to one aspect of the invention;
`FIG. 17 illustrates a process for assigning a value to an
`authentication according to one aspect as shown in FIG. 16
`of the invention;
`FIG.18 illustrates a process for performingtrust arbitrage
`in an aspect of the invention as shown in FIG. 17; and
`FIG. 19 illustrates a sample transaction between a user
`and a vendoraccording to