`(12) Patent Application Publication (10) Pub. No.: US 2007/0113090 A1
`(43) Pub. Date:
`May 17, 2007
`Villela
`
`US 20070113090Al
`
`(54)
`
`(76)
`
`(21)
`
`(22)
`
`(63)
`
`ACCESS CONTROL SYSTEM BASED ON A
`HARDWARE AND SOFTWARE SIGNATURE
`OF A REQUESTING DEVICE
`
`Inventor: Agostinho De Arruda Villela, Rio de
`Janerio (BR)
`
`Correspondence Address:
`BAKER, DONELSON, BEARMAN,
`CALDWELL & BERKOWITZ
`SUITE 3100 SIX CONCOURSE PARKWAY
`ATLANTA, GA 30328 (US)
`
`Appl. No.:
`
`11/591,885
`
`Filed:
`
`Nov. 2, 2006
`
`Related US. Application Data
`
`Continuation-in-part of application No. 10/598,719,
`?led as 371 of international application No. PCT/
`BROS/00030, ?led on Mar. 10, 2005.
`
`(30)
`
`Foreign Application Priority Data
`
`Mar. 10, 2004 (BR) .................................... .. Pl0400265-2
`
`Publication Classi?cation
`
`(51) Int. Cl.
`(2006.01)
`H04L 9/00
`(52) US. Cl. ............................................................ ..713/170
`
`ABSTRACT
`(57)
`A system and method for the authorization of access to a
`service by a computational device or devices, Which may
`include a Wireless device such as a cell phone or a smart
`phone. A software agent generates a digital signature for the
`device each time it attempts to access the service and send
`it to an authentication server, Which compares the digital
`signature sent With one or more digital signatures on ?le to
`determine Whether access to the service is permitted. The
`digital signature is generated by using hashes based on
`software and hardWare con?guration data collected from the
`device. The system may be used in conjunction With other
`authorization methods and devices.
`
`User attempts
`to access
`the SERVICE
`
`Pre-ide nti?cation
`is correct.7(optional)
`
`Operation is re ,istered
`in the access istor
`
`User utilizes the
`usual entiflcatlon
`process
`
`Access to the
`Service IS denied
`
`A
`
`Want to use the
`invention?
`
`Operation is re istered
`in the access story
`
`The invention identi?es the
`computer's SIGNATURE
`
`I lready
`Registered?
`
`"
`elongs
`to denlal
`||st7
`No
`
`Is it an
`Incremental change
`of any devlce
`
`No
`
`G p
`is closed7
`
`Yes
`
`‘the ri orous
`ldenti lcation
`k?
`Yes
`Yes
`
`SERVICE is successfu|l¥
`accepted by means 0
`t e invention
`
`The
`_ SIGNATURE may
`be included In the registry?
`(Is It under maximum
`quantity?)
`
`User
`reall wants to include
`
`SIGNAT URE
`te.
`in the list?
`
`Service is successfullg accessed
`and a new SIGNATUR is required
`
`Service is successfull accessed
`withoutreglstering IGNATURE
`
`APPLE EXHIBIT 1008
`Page 1 of 12
`
`
`
`Patent Application Publication May 17, 2007 Sheet 1 0f 5
`
`US 2007/0113090 A1
`
`Fig.1
`
`User attempts
`to access
`the SERVICE
`
`_ Pre-identi?cation
`IS correct?(opt|ona|)
`
`Yes
`
`First time?
`
`Ye
`
`User is prompted
`to the Invention
`
`No
`Operation is re istered
`In the access lstory
`I
`The invention identi?es the
`computer's SIGNATURE
`
`User_ utilizes the
`usual Identification
`process
`
`Access to the
`Service is denied
`
`1k
`
`Want to use the
`Invention?
`
`Operation is re istered
`in the access istory
`
`I
`The invention identi?es the
`computer's SIGNATURE
`
`‘ I_ready
`Registered?
`
`Yes
`
`Is it an
`incremental change
`of any device
`
`. Grou
`
`ls
`the ri orous
`identi ication
`k?
`
`No
`
`User is submitted to rigorous
`ldenti?cations
`
`r
`
`SERVICE is successfull
`accepted by means 0
`the Invention
`
`Is the
`rlgorous identi?cation
`Yes
`
`No
`
`The -
`
`SIGNATURE may
`be included In the_registry?
`(IS it under maxlmum
`quantity?)
`Yes
`User
`reall wants to include
`t eSIGNATURE
`in the list?
`
`Service is successfullgl
`accessed
`and a new SIGNATUR is required
`
`7
`
`Service is successfull accessed
`without registerlng IGNATURE
`
`APPLE EXHIBIT 1008
`Page 2 of 12
`
`
`
`Patent Application Publication May 17, 2007 Sheet 2 0f 5
`
`US 2007/0113090 A1
`
`Fig. 2
`
`User already identified)
`as s to delete one
`SIGNATURE
`
`The
`SIGNATURE
`to be deleted IS older than
`the one of the computer
`used to access the
`SERVICE?
`
`SIGNATURE
`successfully deleted
`
`SIGNATURE
`deletion is denied
`
`Fig. 3
`
`User Elready identified)
`as sfor invention
`deactivatlon
`
`SIGNATURE
`used to_access the
`SERVICE IS the oldest
`one?
`
`SERVICE deactivation
`IS denied
`
`-|nvention successfull deactivated
`-A|i SIGNATURES dele ed
`-Access history is preserved and updated
`
`APPLE EXHIBIT 1008
`Page 3 of 12
`
`
`
`Patent Application Publication May 17, 2007 Sheet 3 0f 5
`
`US 2007/0113090 A1
`
`Fig.4
`
`End
`User
`
`End
`User
`
`Merchant
`
`userid + password Ill
`
`htt - ://merchant.com
`
`Additional uestions
`
`Answer additional questions
`
`D
`D
`D
`
`http'J/Open session request
`
`sessionid + token
`
`
`
`DNA
`Vault
`
`DNA
`Vault
`
`httpJ/opensessionrequest
`
`sessionid + token
`
`DNA + session - insert
`
`https://open session reques
`
`sessionid + token
`
`iillil iillll Merchant
`ill! 1"
`
`IN
`
`D
`
`httpsJ/merchantcom
`
`userid + password
`
`sessionid + token
`
`DNA + sessionid - is valid
`
`IN
`
`APPLE EXHIBIT 1008
`Page 4 of 12
`
`
`
`Patent Application Publication May 17, 2007 Sheet 4 0f 5
`
`US 2007/0113090 A1
`
`Fig.5
`
`— Open Merchant URL——)
`
`(-Requested Credentials—
`
`- User: Mary Passwordzi 234 -
`
`(— Access Denied
`
`(——— Access Granted
`
`(-——— Request DNA
`
`Le itimate
`Aut orizatlon
`
`No
`
`Credentials
`Valid?
`
`Yes
`
`NO Legitmat
`Customer?
`
`(
`
`—)
`DNA
`M g
`
`’
`Custome
`Computer
`
`<-— Acess Granted
`
`Voliebrcshant
`e erver
`
`(-— Access Denied -N_°
`
`( Request Extra Questions
`
`— SocSecNum: 555-55-1 234
`
`Answers
`.
`No
`(_ Access Denied — vand?
`
`(-——— Acess Granted
`
`APPLE EXHIBIT 1008
`Page 5 of 12
`
`
`
`Patent Application Publication May 17, 2007 Sheet 5 0f 5
`
`US 2007/0113090 A1
`
`Fig. 6
`
`(D
`
`r
`
`Internet Browser
`
`//////%
`https://www.leqitimit.com
`MEBank /-“-
`
`it
`
`Login / /
`a 5
`
`nted
`
`nt access has been
`rough User lD/Passwor
`and dlgital DNA validation from
`machine
`istered as
`7
`6
`"Pocket_
`.
`
`/ I ,//////%
`
`APPLE EXHIBIT 1008
`Page 6 of 12
`
`
`
`US 2007/0113090 A1
`
`May 17, 2007
`
`ACCESS CONTROL SYSTEM BASED ON A
`HARDWARE AND SOFTWARE SIGNATURE OF A
`REQUESTING DEVICE
`[0001] This application is a continuation-in-part of and
`claims bene?t of US. patent application Ser. No. 10/598,
`719, ?led Sep. 8, 2006, Which is a national stage application
`of PCT Application No. PCT/BR2005/000030, ?led Mar.
`10, 2005, Which claims bene?t to BR P10400265-2, ?led
`Mar. 10, 2004, and is entitled in Whole or in part to those
`?ling dates for priority. The speci?cations, drawings and
`attachments of each of the above applications are incorpo
`rated herein by speci?c reference.
`
`FIELD OF THE INVENTION
`
`[0002] The present invention relates to the identi?cation of
`a variety of devices and methods for authorizing access to
`services. In particular, the present invention relates to con
`trolling and authorizing access to sensitive and con?dential
`information and services on a network or the Internet,
`including bank account information, corporate information,
`and commercial transactions and other forms of e-com
`merce.
`
`BACKGROUND OF THE INVENTION
`[0003] The need for security of various levels When con
`ducting transactions of various types over the Internet or
`similar environments is Well established. The prior art
`describes several security-related devices and systems that
`are applied to alloW users and devices of various sorts to
`access and operate services provided through netWorks or
`the Internet. Security needs have to be continually revised in
`face of the increasing sophistication of the means and
`mechanisms used to bypass security systems for fraudulent
`purposes, such as improper access to Internet banking and
`other resources. In countries such as the United States of
`America, the high level of continued efforts and investments
`made to prevent and thWart fraudulent and criminal activi
`ties illustrates the importance of guaranteeing user-friendly,
`secure, online transactions Which involve private or con?
`dential information.
`
`[0004] In particular, in recent years the mobile data indus
`try has been groWing on many fronts, propelled in part by the
`explosive groWth of the Internet and the consequent demand
`for mobile data access to the Internet, high penetration rates
`for users of mobile telephones, intense price competition
`among mobile netWork operators, and the emergence of
`WorldWide standards for mobile data communications. The
`increasing number of consumers and businesses that expect
`to be able to securely access con?dential information and
`conduct transactions Wirelessly has created a great interest
`and demand for mobile device security.
`[0005] Many online operations use sophisticated security
`procedures based at least in part on high levels of complexity
`in order to attempt to guarantee the security of these trans
`actions. HoWever, this increased complexity results in dif
`?culties for legitimate users in accessing these services or
`conducting these transactions. This, in turn results in a loWer
`than optimum level of adherence by legitimate users to using
`these security procedures, and decreases the Willingness of
`these users to engage in these transactions.
`[0006] One example of an apparently rigorous security
`scheme is that offered by online banking sites. These ser
`
`vices behave as if only the user could visualiZe or access the
`service, and depend primarily on entry of a user passWord to
`validate access. HoWever, authentication processes based
`solely on the user (i.e., user name and passWord) are
`susceptible to passWord tracking, passWord cloning, or the
`cloning of accessed Webpages The presumed correspon
`dence betWeen a user and passWord thus facilitates fraud.
`
`[0007] The mobile data market is not readily adaptable to
`the netWorks, applications, and devices used Within existing
`Wired solutions, due to fundamental differences betWeen
`Wired and Wireless netWorks. In Wired netWorks, there are
`standard device platforms, operating systems, and broWsers,
`Where data and content reside largely in databases, and data
`is extracted by the user on a simpli?ed query basis using
`search enginesithe user must either ?nd or knoW Where to
`get the information for Which he or she is looking. Mobile,
`Wireless netWorks currently have not such standards for
`client platforms, operating systems, or user interfaces.
`Mobile devices may be a PDA, a tWo-Way pager, intelligent
`mobile device, or a smart phone.
`
`[0008] Accordingly, What is needed is a system and
`method for enhanced security based upon the possession of
`a particular device that is able to complement or substitute
`traditional authentication procedures. In particular, the sys
`tem and method should be fully functional for Wireless
`netWorks as Well as Wired netWorks. In addition, the system
`should provide a strong tWo-factor authentication tool that is
`scalable and cost effect for mass use in online environments.
`
`SUMMARY OF THE INVENTION
`
`[0009] The present invention is a system and method to
`substantially improve the security involved in an authenti
`cation process to access an Internet page, an Intranet page,
`or any other type of computer server or computer-based
`service or netWork that requires secure authentication. Any
`of these services Will be cited hereinafter as a “SERVICE.”
`The authentication process includes a process related to the
`creation of a unique signature (a “SIGNATURE”) based on
`the hardWare and softWare con?guration pro?le of a device.
`
`[0010] Whenever a user tries to access a SERVICE that is
`using the invention for authentication, either alone or in
`conjunction With other security processes or methods, the
`SIGNATURE resulting from the hardWare and softWare
`con?guration of the device from or through Which the user
`is attempting to use or access the SERVICE is received,
`veri?ed and compared to a list of authoriZed device signa
`tures. If the current device’s SIGNATURE matches one of
`the previously-registered signatures from this list, the user is
`alloWed to access the SERVICE. If not, the user Will either
`be directed to extended positivation or Will be denied access
`to the SERVICE, depending on the previously chosen secu
`rity options. In case the user is submitted to extended
`positivation, if his or her identi?cation is successful, access
`to the SERVICE Will be granted and the user Will be given
`the option to include the present device in the list of
`authoriZed SIGNATURES for his or her account. If the
`identi?cation is not successful, the user Will not be alloWed
`to access the SERVICE.
`
`[0011] The invention can be used as a complementary
`authentication process to a separate authentication process,
`such as, but not limited to, an authentication method based
`on user/passWord pairs, so as to improve or increase the
`
`APPLE EXHIBIT 1008
`Page 7 of 12
`
`
`
`US 2007/0113090 A1
`
`May 17, 2007
`
`security related to a SERVICE. The invention also may be
`used independently to access less sensitive applications,
`such as logging onto a web portal or ISP.
`
`[0012] In one exemplary embodiment, the invention is
`capable of performing authentication and identi?cation
`without need for any other hardware or software compo
`nents, such as smart cards, identi?cation cards, or the like.
`The invention allows the recognition of a SIGNATURE for
`a device simply from the device’s hardware and software
`components.
`[0013] The speci?cation herein offers a more in-depth
`description of possible applications of the invention; how
`ever, any application of the invention described herein is
`offered as an example, and should not be construed as a
`limitation to the scope of the claims.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`[0014] FIG. 1 is a diagram that illustrates the basic opera
`tion of one exemplary embodiment of the present invention.
`
`[0015] FIG. 2 is a diagram that shows the process of
`SIGNATURE deletion in accordance with one exemplary
`embodiment of the present invention.
`
`[0016] FIG. 3 is a diagram that represents the deactivation
`of the invention’s security system triggered by a user in
`accordance with another exemplary embodiment of the
`present invention.
`
`[0017] FIG. 4 is a diagram that shows the steps of initial
`iZing one embodiment of the present invention.
`
`[0018] FIG. 5 is a diagram that shows the steps of using
`one embodiment of the present invention.
`
`[0019] FIG. 6 shows examples of embodiments of the
`present invention in use on mobile devices.
`
`DETAILED DESCRIPTION OF EXEMPLARY
`EMBODIMENTS
`
`[0020] The present invention is a strong form of authen
`tication that does not need external hardware devices. As
`described in detail below, the invention associates a user or
`user account with a trusted device (or devices). Each device
`has unique hardware and/or software characteristics, similar
`to the human genome. These unique characteristics, which
`may be thought of as the “digital DNA” of the device, are
`linked by the invention to a user or user account, creating a
`unique system of secure, reliable identi?cation and authen
`tication.
`
`[0021] As seen in FIG. 1, in one exemplary embodiment,
`the present invention operates or is used in a distributed
`computational environment to provide secure access to a
`SERVICE 2 in, located on, or accessed through that envi
`ronment. Examples of such an environment include, but are
`not limited to, the Internet, a local area network, or an
`internal computational network. Examples of SERVICES 2
`include an Internet page, Intranet page, a banking or ?nan
`cial system, a corporate database, or any other type of
`computer server or computer-based service or network that
`requires secure authentication.
`
`[0022] Typically, a user attempts to access a SERVICE 2
`by means of or through a device 4. Examples of devices 4
`include, but are not limited to, a personal computer, network
`
`terminal, cell phone, a personal digital assistant (PDA), a
`two-way pager, intelligent mobile device, or a smart phone.
`
`[0023] A software agent 10 is used to detect hardware
`and/or software con?guration information about the device
`4. The hardware and/or software con?guration information
`is used to create a SIGNATURE 20 for the device 4. The
`SIGNATURE 20 may then be compared to a list or set of
`authorized signatures for access to the SERVICE 2.
`
`[0024] The software agent 10 may be deployed in a variety
`of forms, including, but not limited to, an Internet Explorer
`plug-in, a Netscape/MoZilla-Firefox plug-in, or Apple Web
`Kit plug-in used by Safari. As a further example, in a
`Windows environment, plug-ins can be downloaded and
`installed by the browser (as a signed cab ?le or signed xpi
`?le), or they can be downloaded as executable ?les.
`
`[0025] The con?guration information that may be col
`lected and used to create a SIGNATURE 20 include, but are
`not limited to, hard drive serial number, CPU type and clock
`speed, memory type and physical location, physical MAC
`address, and other unique features of the device. The more
`separate data items collected, the greater the level of security
`and protection. The number of data items collected can be
`any number, including, but not limited to, ten items.
`[0026] In one exemplary embodiment, the invention gath
`ers this information directly from its source, and thus the
`software agent 10 should have direct access to necessary
`portions of a device’s 4 internal systems. This may be only
`possible through an onboard agent.
`[0027] As plug-ins can be exploited for illegitimate pur
`poses, in one exemplary embodiment the invention uses a
`“self-protected” software agent 10 or plug-ins. Accordingly,
`the agent is a key part of the system and implemented as an
`executable object, allowing for the device to protect sensi
`tive information while giving access to “hardware level”
`con?guration data. In contrast to most plug-ins, which
`actively “listen” for an application that causes them to
`perform, and thus require that a port be open to insure the
`plug-in does not miss the network traf?c and signal to trigger
`the plug-in, the agent of the present invention remains inert
`until called by the application using the present invention.
`The agent is not loaded to memory, and does not consume
`any CPU power until an external program calls its entry
`point, thus making it extremely dif?cult to exploit any
`vulnerability as the agent simply is not running the majority
`of the time.
`
`[0028] To preserve user privacy, each element or compo
`nent of this con?guration information may be acquired and
`converted into a hash string. The hash strings may then be
`encrypted. In one exemplary embodiment, the hash string is
`wrapped in a one-time 128-bit encryption. The encrypted
`elements may be arranged in a unique pattern for each Web
`session or access attempt. A different encryption key may be
`used for each transmission.
`
`[0029] In another exemplary embodiment, the calling of
`the agent 10 is conducted during a session initiated by the
`user and using a Secure Socket Layer (SSL) connection. The
`resulting inbound call to a speci?c port results in the agent
`10 executing its program. The SSL session protects the
`invocation of the agent 10, as it is extremely dif?cult for an
`outside party to interject themselves into the transmission to
`try to exploit the agent 10. When the agent is asked to
`
`APPLE EXHIBIT 1008
`Page 8 of 12
`
`
`
`US 2007/0113090 A1
`
`May 17, 2007
`
`execute, it is loaded into memory, determines the SIGNA
`TURE 20, and then opens an outgoing HTTP or HTTPS
`connection. The connection may be directly With an authen
`tication server 30 or With the site using the invention. Once
`the connection is established, the agent 10 sends the SIG
`NATURE 20 and then closes the connection. Typically, this
`delivery takes less than one second. This behavior does not
`permit an outside party to exploit the agent 10.
`
`[0030] In addition, the actual agent 10 may be constructed
`in such a manner that makes any attempt to reverse-engineer
`the agent extremely dif?cult. In one exemplary embodiment,
`the agent 10 is approximately 150 KB in size. In another
`embodiment, the agent 10 may be developed in C/C++ With
`a portion Written in assembler and proprietary languages.
`
`[0031] In an exemplary embodiment, an authentication
`server 30 receives the SIGNATURE 20 created by the
`softWare agent 10, and compares it to the authorized signa
`ture list to determine Whether or not access to the SERVICE
`2 may be authorized. The authentication server 30 should be
`in electronic communication, Which may be Wireless, With
`the device 4. The invention may thus be considered, in one
`embodiment, as an online authentication system.
`
`[0032] The authentication server 30 may serve both as the
`means for interacting With the softWare agent 10 and the
`SERVICE 2 for determining Whether access should be
`permitted, and as storage means. With regard to the latter,
`the authentication server 30 may serve as a repository of the
`list or set of registered or authorized SIGNATURES, as Well
`as storing the history of access attempts by various users or
`putative users. In another exemplary embodiment, the list of
`registered SIGNATURES and access attempt history may be
`stored, separately or together, on some other server or in
`some other location. The invention is compatible With any
`form of database, including but not limited to, Oracle,
`MySQL, DB2, SQL Server, and the like. The database may
`be encrypted, Which preserves the security of the data from
`anyone gaining unauthorized access to the database server.
`In another exemplary embodiment, the data is kept in a
`database indexed by user identi?cation and a realm.
`
`[0033] In one exemplary embodiment, the software agent
`10 is installed on the device 4. The softWare agent 10 may
`be doWnloaded by standard means onto the device 4, includ
`ing by means of Web distribution techniques capable of
`doWnloading and executing a program in a single step or as
`a single process, such as, but not limited to, ActiveX or
`broWser plug ins. The software agent 10 may be loaded onto
`the device 4 prior to or during the ?rst attempt to access the
`SERVICE 2, during the setting up of an account With the
`SERVICE 2, or at some subsequent time for SERVICES 2
`Where a user already has access. The invention recognizes
`the broWser or device type, and doWnloads the appropriate
`form of the agent 10. The deployment of the invention thus
`may vary from client to client, and may be voluntary or
`compulsory depending upon the environment.
`
`[0034] The SIGNATURE creation process can be initiated
`at any time. In one exemplary embodiment, the process is
`initiated When the softWare agent 10 is doWnloaded and
`installed.
`
`[0035] The invention may be used as the sole means of
`access to a SERVICE 2, although it may also be used to
`complement other authentication methods or security pro
`
`cedures. For example, in one exemplary embodiment, the
`invention may be used to deny the user access to the
`SERVICE 2 from a device Whose SIGNATURE 20 is not
`registered or recognized. This may be used even though
`pre-identi?cation could be successfully accomplished by
`means of other co-existing authentication processes (i.e.,
`access may be denied even if a user/passWord pair are
`correct).
`
`[0036] In one embodiment, the invention may be the last
`test of authentication for a Web application. The scripting for
`the deployment and authentication calls may be placed on
`the Web login page, as Well as other pages that may be
`deemed to be high risk. The invention is invoked only after
`all other authentication processes (e.g., user name and
`passWord) have been completed. The providers of the SER
`VICE may elect to insure the identity of the user via
`additional methods, including challenge/response questions,
`or requiring the user to contact a call center or use a one-time
`passWord previously acquired. Once the existing authenti
`cation standards are met, the invention is called via script
`mg.
`
`[0037] Upon installation on the device, the agent 10 col
`lects the ?rst set of con?guration data and returns it to the
`authentication server, Where it is maintained as the original
`SIGNATURE of that device. In some embodiments, the
`installation and collection of con?guration data averages
`approximately 7 to 9 seconds, depending upon the connec
`tion and device processing speeds.
`
`[0038] Once the agent 10 is installed and the initial
`SIGNATURE stored by the authentication server, future
`login sessions may be seamless to the user. For example, a
`Web login page Would receive the user name and passWord,
`and upon con?rmation of that information, and prior to
`opening the SERVICE application, the invention causes a
`request to be sent to open a session. The authentication
`server opens the session, and sends to the application server
`a session ID and token, the token containing the seed
`number for both the one-time encryption key and shuf?ing
`mechanism. The token is passed to the device 4 via the
`connection (such as a SSL connection) established at the
`beginning of the session. Upon receiving the information
`and token, the agent 10 collects the con?guration informa
`tion, and hashes each of the con?guration components. In
`one exemplary embodiment, the items are hashed using
`SHA256 hashing digest. The token information is used to
`encrypt the string of hashed component items, Which also
`may be shu?led in a random order. This happens each and
`every time a request for authentication occurs, and thus may
`prevent replay attacks. The resulting encrypted string is sent
`to the authentication server, Where it is decrypted and
`checked against the original SIGNATURE for a “pass” or
`“no pass” decision, Which is passed back to the Web server
`Where it is then applied to the current session. This process
`may take less than a second from login to authentication.
`
`[0039] The call for authentication may be invoked at any
`time during the session, thus making the present system
`particularly e?fect for preventing man-in-the-middle attacks.
`This can be controlled by embedding scripting on the
`application pages that contain high risk transactions, such as
`movement of money or adding bill payees.
`
`APPLE EXHIBIT 1008
`Page 9 of 12
`
`
`
`US 2007/0113090 A1
`
`May 17, 2007
`
`[0040] The authentication server 30 may have a set of
`rules that allows some changes to the device, whether in
`software or hardware, without the device becoming unau
`thoriZed.
`
`[0041] An example of the operation of the present inven
`tion when used for access to a SERVICE is illustrated by the
`following steps:
`
`[0042] 1. A user attempts to access a SERVICE through a
`device. If the present invention is used in conjunction with
`other authentication processes or security procedures (e.g.,
`pre-identi?cation), such as, without limitation, username/
`password pairs, veri?cation of authorized IP address ranges,
`answering of speci?c questions, optical character recogni
`tion or similar services that protect against “software
`robots”, or the like, then the user may be required to pass or
`satisfy those other authentication processes or security pro
`cedures ?rst. Alternatively, those other authentication pro
`cesses or security procedures may be implemented subse
`quent to the authentication system of the present invention,
`or in cases where multiple procedures are used, some may
`occur before and some may occur after the authentication
`system of the present invention.
`
`[0043] 2. If this is the ?rst time the user has attempted to
`access the SERVICE after the present invention has been
`implemented for the SERVICE, or if the user has not already
`registered any device SIGNATURE for the SERVICE, then
`the user may be prompted to download the software agent in
`order to initiate the process of the present invention. The
`user may be directed to a web page or software window as
`a part of this process, where the user is given information
`about how the invention works and/or describing the regis
`tration process required for access.
`
`[0044] In an exemplary embodiment, this step may be
`implemented so as to be optional, when the provider of the
`SERVICE desires to offer the user the option of accessing
`the SERVICE through means of the invention as one of
`several authentication processes or means. Similarly, the
`user may also have the option of deactivating or reactivating
`the use of the invention when desired. In such a case, a user
`desiring to reactivate the present invention may be required
`to identify themselves in some way (e. g., user/password pair,
`answering questions, and the like) prior to reactivation.
`Further, as described in greater detail below, deactivating the
`use of the present invention by a user may be permitted only
`from the device that has the oldest SIGNATURE registered
`for the user’s account, based on the presumption that the
`oldest SIGNATURE is likely to be the most trustworthy
`SIGNATURE.
`
`[0045] 3. Once the user has agreed to the use of the
`invention, he or she must allow the software agent to
`download and execute on his or her device, unless this has
`already occurred. This step must be repeated for each device
`that will be submitted to the authentication process of the
`present invention.
`
`[0046] 4. Once the software agent is installed on the
`device, it collects data sampled from the device’s hardware
`or software components, or both. The software agent then
`creates a SIGNATURE for the device from the sampled data,
`and submits it for registration with the SERVICE, or for
`authentication, as appropriate. The SIGNATURE identi?es
`the device without the need of any supplementary identi?
`
`cation device or means, such as a smart card. In some
`embodiments, the ?rst registration may not require rigorous
`authentication.
`[0047] The device’s identi?cation is done by detecting and
`identifying essential hardware and software components of
`the device. The invention allows incremental changes to
`some of these components without modifying the device’s
`SIGNATURE. However, if the device has undergone sub
`stantial modi?cations in its hardware or software con?gu
`rations, its SIGNATURE likely will be changed. This means
`that the device will be considered as a new device and will
`not be recogniZed by the SERVICES accessed before the
`modi?cations. In this case, the user has to register the new
`device SIGNATURE. Minor changes of components that
`generally are not considered to be essential may be done
`without affecting the SIGNATURE.
`
`[0048] In one exemplary embodiment, the SIGNATURE
`comprises one or more groups of information hashes gen
`erated based on the hardware and software components.
`These hashes cannot be reversed to recompose the informa
`tion used to make the SIGNATURE, thereby preserving user
`privacy and security. In one embodiment, the hashes be
`grouped in a different way for each transaction, and sub
`mitted to several levels of cryptography. This procedure
`protects against anyone who attempts to intercept the com
`munication between the user device and the authentication
`server or SERVICE, and may try, by simply reproducing the
`transmitted data, to pretend to be the original device.
`
`[0049] 5. In one embodiment, if the user attempts to access
`the SERVICE from a device that was not previously regis
`tered, then the invention will allow access only after appli
`cation of extended positivation means (e.g., speci?c ques
`tions in addition to username/password pairs). In another
`embodiment, this access may be allowed only if there was
`at least one device previously registered with the SERVICE.
`If the extended positivation means is successfully passed,
`then the user will be allowed to access the SERVICE, with
`the option to register the present device’s SIGNATURE. If
`the extended positivation means is not successfully passed,
`then access is denied.
`
`[0050] Optionally, the user may be limited to a determined
`quantity of SIGNATURES associated with his or her
`account (the quantity may be de?ned in accordance with the
`needs of the SERVICE). It thus is possible to create a closed
`group of devices and limit the SIGNATURE set that can
`access the SERVICE for a given account. The user may have
`the ability to choose the number of SIGNATURES able to
`access the SERVICE through his or her account, although
`this limitation may be set by the provider of the SERVICE.
`In the case where the user has reached this determined
`quantity of SIGNATURES, he or she may be able to choose
`whether or not the number of SIGNATURES should be
`limited to this quantity. These options may be implemented
`in a mandatory way; that is, the user will be able t