(19) United States
`(12) Patent Application Publication (10) Pub. No.: US 2007/0113090 A1
`(43) Pub. Date: May 17, 2007
`
`Villela
`
`US 20070113090A1
`
`(54) ACCESS CONTROL SYSTEM BASED ON A
`HARDWARE AND SOFTWARE SIGNATURE
`
`(30)
`
`Foreign Application Priority Data
`
`OF A REQUESTING DEVICE
`
`Mar. 10, 2004
`
`(BR) ...................................... PlO400265-2
`
`(76)
`
`Inventor: Agostinho De Arruda Villela, Rio de
`Janerio (BR)
`
`Correspondence Address:
`BAKER, DONELSON, BEARMAN,
`CALDWELL & BERKOWITZ
`SUITE 3100 SIX CONCOURSE PARKWAY
`
`ATLANTA, GA 30328 (US)
`
`(21)
`
`Appl. No.:
`
`11/591,885
`
`(22)
`
`Filed:
`
`Nov. 2, 2006
`
`Related US. Application Data
`
`(63) Continuation-in-part of application No. 10/598,719,
`filed as 371 of international application No. PCT/
`BROS/00030, filed on Mar. 10, 2005.
`
`Publication Classification
`
`(51)
`
`Int. Cl.
`(2006.01)
`H04L 9/00
`(52) U.S.Cl.
`.............................................................. 713/170
`
`ABSTRACT
`(57)
`A system and method for the authorization of access to a
`service by a computational device or devices, which may
`include a wireless device such as a cell phone or a smart
`phone. A software agent generates a digital signature for the
`device each time it attempts to access the service and send
`it to an authentication server, which compares the digital
`signature sent with one or more digital signatures on file to
`determine whether access to the service is permitted. The
`digital signature is generated by using hashes based on
`software and hardware configuration data collected from the
`device. The system may be used in conjunction with other
`authorization methods and devices.
`
`
`
`User attempts
`to access
`the SERVICE
`No
`
`
`
`. Pre-ide nttiation
`.I
`I.
`Is correct7(optional)
`
`Yes
`
`Y
`
`User is prompted
`to the Invention
`
`
`
`
`
`
`
`
`Want to use the
`invention?
`
`
`
`User_ utilizes the
`usual Identification
`process
`
`T
`
`SerVIce is denied
`Access to the
`A
`
`
`Operation is re jstered
`in the access mm
`Operation is re istered
`
`
`in the access
`istory
`
`The invention identifies the
`com outer's SIGNATURE
`
`
`The invention identifies the
`
`computer's SIGNATURE
`
`. Iready
`Registered?
`Yes
`
`
`
`to denial
`list7
`No
`
`
`
`SERVICE is successful]
`accepted by means 0
`the invention
`
` Is it an
`
`Yes
`
`incremental change
`
`
`
`of any deVIce
`
`Is
`
`No
`No
`the ri orous
`
`
`
`identi ic7ation
`. Group
`Yes
`is closed7
`
`
`
`User is submitted to rigorous
`identifications
`
`
`Is the.
`.
`rigorous identification
`0k?
`
`
`The
`
` No
`. SIGNATURE may
`be Included in the registry?
`(is it under maximum
`
`quantity?)
`
`Yes
`
`User
`.
`reall wants to include
`
`t e_ SIGNATURE
`in the list?
`
`
`Service is successfull accessed
`Service is successfull accessed
`without registering IGNATURE
`
`and a new SIGNATUR is required
`
`
`
`
`APPLE EXHIBIT 1106
`
`Page 1 of 12
`
`APPLE EXHIBIT 1106
`Page 1 of 12
`
`

`

`Patent Application Publication May 17, 2007 Sheet 1 of 5
`
`US 2007/0113090 A1
`
`Fig.1
`
`User attempts
`to access
`the SERVICE
`
`N0
`
`
`
`
`
`
`. Pre-identification
`Is correct?(optional
`
`Yes
`
`Yes
`
`User is
`
`rompted
`
`4w
`
`No
`
`Operation is re istered
`In the access
`Istor
`The invention identifies the
`com nuter's SIGNATURE
`
`User utilizes the
`usual Identification
`‘
`process
`
`Access to the
`SerVIce Is denied
`A
`
`
`
`“vantages“
`
`
`O eration is re istered
`I31 the access
`istory
`
`,
`_
`,
`,
`The Invention Identifies the
`computer's SIGNATURE
`
`
`
`
`Is
`
`_the rj orous
`
`Identi ication
`
`ok?
`
`
`to genial
`'St'
`No
`
`
`Is it an
`
`incremental change
`
`\dewce
`
`N0
`
`. Group
`Is closed7
`
`
`
`User is submittedto rigorous
`Identifications
`
`. Iready
`Registered?
`
`Yes
`
`.
`
`-
`
`'
`
`
`Is the_
`.
`
`rigorous Identification
`ok?
`
`Yes
`
`The
`.
`
`
`SIGNATURE may'
`No
`
`be included In the registry?
`
`(Is It under maximum
`quantity?)
`
`
`Yes
`
`
`User
`
`
`reall wants to include
`
`t e SIGNATURE
`
`
`in the list?
`Yes
`
`SERVICEcijsguccessfull¥
`accepte
`means 0
`the invention
`
`Service is successfull accessed
`and a new SIGNATUR is required
`
`Service is successfull accessed
`Without registering IGNATURE
`
`APPLE EXHIBIT 1106
`
`Page 2 of 12
`
`APPLE EXHIBIT 1106
`Page 2 of 12
`
`

`

`Patent Application Publication May 17, 2007 Sheet 2 of 5
`
`US 2007/0113090 A1
`
`Fig. 2
`
`User already identified)
`as s to delete one
`SIGNATURE
`
`
`
`
`
`
`
`SIGNATURE
`deletion is denied
`
`
`
`The
`SIGNATURE
`to be deleted IS older than
`
`the one of the computer
`
`used to access the
`
`
`
`
`
`SERVICE?
`
`SIGNATURE
`successfully deleted
`
`Fig. 3
`
`User already identified)
`as sforqnvention
`
`deactivation
`
`
`
`
`SIGNATURE
`
`
`used to_access the
`
`
`SERVICE IS the oldest
`
`one?
`
`SERVICE deactivation
`is denied
`
`
`
`
`
`
`
`
`-Invention successfull deactivated
`-AII SIGNATURES deIe ed
`-Access histor
`is reserved and Uodated
`
`
`
`
`
`
`APPLE EXHIBIT 1106
`
`Page 3 of 12
`
`APPLE EXHIBIT 1106
`Page 3 of 12
`
`

`

`Patent Application Publication May 17, 2007 Sheet 3 of 5
`
`US 2007/0113090 A1
`
`Fig.4
`
`End
`User
`
`
`
`
`_Merchant
`
`ll
`Additionalouestionsg)
`
`
`
`<:_InstallPlugin
`
`
`
`
`
`DNA
`Vault
`
`htth/opensessionxequest D
`
`
`
`http_/opensessionrequest
`
`5
`
`End
`
`DNA + session ID
`
`
`
`Merchant
`
`DNA
`
`UserW Vault
`
`5
`
`2
`
`APPLE EXHIBIT 1106
`
`Page 4 of 12
`
`APPLE EXHIBIT 1106
`Page 4 of 12
`
`

`

`Patent Application Publication May 17, 2007 Sheet 4 of 5
`
`US 2007/0113090 A1
`
`Fig.5
`
`Open Merchant URL——)
`
`(—Requested Credentials—
`
`User: Mary Passwordzi 234
`
`
`
`
`
`
`
`
`
`(— Access Denied
`
`
`
`(——— Access Granted
`
`
`|||||l||||
`
`Le itirnate
`Aut onzatlon
`Server
`
`v
`
`Credentials
`Valid?
`
`-
`
`Legitmat
`Customer?
`
`Merchant
`WebServer
`
`!Legitmate
`'Customer?
`
`
`
`
`
`
`
`Customer
`
`
`Computer
`
`(—— Acess Granted
`
`(—— Access Denied
`
`
`
`
`( Request Extra Questions
`SocSecNum:555-55-1234
`
`-
`
`(— AccessDenied
`
`
`No I Answers
`
`
`I
`Valid?
`
`
`(——- Acess Granted
`
`APPLE EXHIBIT 1106
`
`Page 5 of 12
`
`APPLE EXHIBIT 1106
`Page 5 of 12
`
`

`

`Patent Application Publication May 17, 2007 Sheet 5 of 5
`
`US 2007/0113090 A1
`
`Fig. 6
`
`IE Internet Browser
`htt . s://www.|e- itimit.com /////A
`
`[at e nt access has been"
`/ rough User ID/Passwor
`and digital DNA validation from
`machine registered as
`"Pocket_PC .
`
`ranted
`
`
`
`APPLE EXHIBIT 1106
`
`Page 6 of 12
`
`APPLE EXHIBIT 1106
`Page 6 of 12
`
`

`

`US 2007/0113090 A1
`
`May 17, 2007
`
`ACCESS CONTROL SYSTEM BASED ON A
`HARDWARE AND SOFTWARE SIGNATURE OF A
`REQUESTING DEVICE
`
`[0001] This application is a continuation-in-part of and
`claims benefit of US. patent application Ser. No. 10/598,
`719, filed Sep. 8, 2006, which is a national stage application
`of PCT Application No. PCT/BR2005/000030, filed Mar.
`10, 2005, which claims benefit to BR P10400265-2, filed
`Mar. 10, 2004, and is entitled in whole or in part to those
`filing dates for priority. The specifications, drawings and
`attachments of each of the above applications are incorpo-
`rated herein by specific reference.
`
`FIELD OF THE INVENTION
`
`[0002] The present invention relates to the identification of
`a variety of devices and methods for authorizing access to
`services. In particular, the present invention relates to con-
`trolling and authorizing access to sensitive and confidential
`information and services on a network or the Internet,
`including bank account information, corporate information,
`and commercial
`transactions and other forms of e-com-
`merce.
`
`BACKGROUND OF THE INVENTION
`
`[0003] The need for security of various levels when con-
`ducting transactions of various types over the Internet or
`similar environments is well established. The prior art
`describes several security-related devices and systems that
`are applied to allow users and devices of various sorts to
`access and operate services provided through networks or
`the Internet. Security needs have to be continually revised in
`face of the increasing sophistication of the means and
`mechanisms used to bypass security systems for fraudulent
`purposes, such as improper access to Internet banking and
`other resources. In countries such as the United States of
`
`America, the high level of continued efforts and investments
`made to prevent and thwart fraudulent and criminal activi-
`ties illustrates the importance of guaranteeing user-friendly,
`secure, online transactions which involve private or confi-
`dential information.
`
`In particular, in recent years the mobile data indus-
`[0004]
`try has been growing on many fronts, propelled in part by the
`explosive growth of the Internet and the consequent demand
`for mobile data access to the Internet, high penetration rates
`for users of mobile telephones, intense price competition
`among mobile network operators, and the emergence of
`worldwide standards for mobile data communications. The
`
`increasing number of consumers and businesses that expect
`to be able to securely access confidential information and
`conduct transactions wirelessly has created a great interest
`and demand for mobile device security.
`
`[0005] Many online operations use sophisticated security
`procedures based at least in part on high levels of complexity
`in order to attempt to guarantee the security of these trans-
`actions. However, this increased complexity results in dif-
`ficulties for legitimate users in accessing these services or
`conducting these transactions. This, in turn results in a lower
`than optimum level of adherence by legitimate users to using
`these security procedures, and decreases the willingness of
`these users to engage in these transactions.
`
`[0006] One example of an apparently rigorous security
`scheme is that offered by online banking sites. These ser-
`
`vices behave as if only the user could visualize or access the
`service, and depend primarily on entry of a user password to
`validate access. However, authentication processes based
`solely on the user (i.e., user name and password) are
`susceptible to password tracking, password cloning, or the
`cloning of accessed webpages The presumed correspon-
`dence between a user and password thus facilitates fraud.
`
`[0007] The mobile data market is not readily adaptable to
`the networks, applications, and devices used within existing
`wired solutions, due to fundamental differences between
`wired and wireless networks. In wired networks, there are
`standard device platforms, operating systems, and browsers,
`where data and content reside largely in databases, and data
`is extracted by the user on a simplified query basis using
`search enginesithe user must either find or know where to
`get the information for which he or she is looking. Mobile,
`wireless networks currently have not such standards for
`client platforms, operating systems, or user interfaces.
`Mobile devices may be a PDA, a two-way pager, intelligent
`mobile device, or a smart phone.
`
`is needed is a system and
`[0008] Accordingly, what
`method for enhanced security based upon the possession of
`a particular device that is able to complement or substitute
`traditional authentication procedures. In particular, the sys-
`tem and method should be fully functional for wireless
`networks as well as wired networks. In addition, the system
`should provide a strong two-factor authentication tool that is
`scalable and cost effect for mass use in online environments.
`
`SUMMARY OF THE INVENTION
`
`[0009] The present invention is a system and method to
`substantially improve the security involved in an authenti-
`cation process to access an Internet page, an Intranet page,
`or any other type of computer server or computer-based
`service or network that requires secure authentication. Any
`of these services will be cited hereinafter as a “SERVICE.”
`
`The authentication process includes a process related to the
`creation of a unique signature (a “SIGNATURE”) based on
`the hardware and software configuration profile of a device.
`
`[0010] Whenever a user tries to access a SERVICE that is
`using the invention for authentication, either alone or in
`conjunction with other security processes or methods, the
`SIGNATURE resulting from the hardware and software
`configuration of the device from or through which the user
`is attempting to use or access the SERVICE is received,
`verified and compared to a list of authorized device signa-
`tures. If the current device’s SIGNATURE matches one of
`
`the previously-registered signatures from this list, the user is
`allowed to access the SERVICE. If not, the user will either
`be directed to extended positivation or will be denied access
`to the SERVICE, depending on the previously chosen secu-
`rity options.
`In case the user is submitted to extended
`positivation, if his or her identification is successful, access
`to the SERVICE will be granted and the user will be given
`the option to include the present device in the list of
`authorized SIGNATURES for his or her account. If the
`identification is not successful, the user will not be allowed
`to access the SERVICE.
`
`[0011] The invention can be used as a complementary
`authentication process to a separate authentication process,
`such as, but not limited to, an authentication method based
`on user/password pairs, so as to improve or increase the
`
`APPLE EXHIBIT 1106
`
`Page 7 of 12
`
`APPLE EXHIBIT 1106
`Page 7 of 12
`
`

`

`US 2007/0113090 A1
`
`May 17, 2007
`
`security related to a SERVICE. The invention also may be
`used independently to access less sensitive applications,
`such as logging onto a web portal or ISP.
`
`the invention is
`In one exemplary embodiment,
`[0012]
`capable of performing authentication and identification
`without need for any other hardware or software compo-
`nents, such as smart cards, identification cards, or the like.
`The invention allows the recognition of a SIGNATURE for
`a device simply from the device’s hardware and software
`components.
`
`[0013] The specification herein offers a more in-depth
`description of possible applications of the invention; how-
`ever, any application of the invention described herein is
`offered as an example, and should not be construed as a
`limitation to the scope of the claims.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`[0014] FIG. 1 is a diagram that illustrates the basic opera-
`tion of one exemplary embodiment of the present invention.
`
`[0015] FIG. 2 is a diagram that shows the process of
`SIGNATURE deletion in accordance with one exemplary
`embodiment of the present invention.
`
`[0016] FIG. 3 is a diagram that represents the deactivation
`of the invention’s security system triggered by a user in
`accordance with another exemplary embodiment of the
`present invention.
`
`[0017] FIG. 4 is a diagram that shows the steps of initial-
`izing one embodiment of the present invention.
`
`[0018] FIG. 5 is a diagram that shows the steps of using
`one embodiment of the present invention.
`
`[0019] FIG. 6 shows examples of embodiments of the
`present invention in use on mobile devices.
`
`DETAILED DESCRIPTION OF EXEMPLARY
`EMBODIMENTS
`
`[0020] The present invention is a strong form of authen-
`tication that does not need external hardware devices. As
`described in detail below, the invention associates a user or
`user account with a trusted device (or devices). Each device
`has unique hardware and/or software characteristics, similar
`to the human genome. These unique characteristics, which
`may be thought of as the “digital DNA” of the device, are
`linked by the invention to a user or user account, creating a
`unique system of secure, reliable identification and authen-
`tication.
`
`[0021] As seen in FIG. 1, in one exemplary embodiment,
`the present invention operates or is used in a distributed
`computational environment to provide secure access to a
`SERVICE 2 in, located on, or accessed through that envi-
`ronment. Examples of such an environment include, but are
`not limited to,
`the Internet, a local area network, or an
`internal computational network. Examples of SERVICES 2
`include an Internet page, Intranet page, a banking or finan-
`cial system, a corporate database, or any other type of
`computer server or computer-based service or network that
`requires secure authentication.
`
`[0022] Typically, a user attempts to access a SERVICE 2
`by means of or through a device 4. Examples of devices 4
`include, but are not limited to, a personal computer, network
`
`terminal, cell phone, a personal digital assistant (PDA), a
`two-way pager, intelligent mobile device, or a smart phone.
`
`[0023] A software agent 10 is used to detect hardware
`and/or software configuration information about the device
`4. The hardware and/or software configuration information
`is used to create a SIGNATURE 20 for the device 4. The
`
`SIGNATURE 20 may then be compared to a list or set of
`authorized signatures for access to the SERVICE 2.
`
`[0024] The software agent 10 may be deployed in a variety
`of forms, including, but not limited to, an Internet Explorer
`plug-in, a Netscape/Mozilla-Firefox plug-in, or Apple Web-
`Kit plug-in used by Safari. As a further example,
`in a
`Windows environment, plug-ins can be downloaded and
`installed by the browser (as a signed cab file or signed xpi
`file), or they can be downloaded as executable files.
`
`[0025] The configuration information that may be col-
`lected and used to create a SIGNATURE 20 include, but are
`not limited to, hard drive serial number, CPU type and clock
`speed, memory type and physical location, physical MAC
`address, and other unique features of the device. The more
`separate data items collected, the greater the level of security
`and protection. The number of data items collected can be
`any number, including, but not limited to, ten items.
`
`In one exemplary embodiment, the invention gath-
`[0026]
`ers this information directly from its source, and thus the
`software agent 10 should have direct access to necessary
`portions of a device’s 4 internal systems. This may be only
`possible through an onboard agent.
`
`[0027] As plug-ins can be exploited for illegitimate pur-
`poses, in one exemplary embodiment the invention uses a
`“self-protected” software agent 10 or plug-ins. Accordingly,
`the agent is a key part of the system and implemented as an
`executable object, allowing for the device to protect sensi-
`tive information while giving access to “hardware level”
`configuration data.
`In contrast
`to most plug-ins, which
`actively “listen” for an application that causes them to
`perform, and thus require that a port be open to insure the
`plug-in does not miss the network traffic and signal to trigger
`the plug-in, the agent of the present invention remains inert
`until called by the application using the present invention.
`The agent is not loaded to memory, and does not consume
`any CPU power until an external program calls its entry
`point,
`thus making it extremely difficult
`to exploit any
`vulnerability as the agent simply is not running the majority
`of the time.
`
`To preserve user privacy, each element or compo-
`[0028]
`nent of this configuration information may be acquired and
`converted into a hash string. The hash strings may then be
`encrypted. In one exemplary embodiment, the hash string is
`wrapped in a one-time 128-bit encryption. The encrypted
`elements may be arranged in a unique pattern for each Web
`session or access attempt. A different encryption key may be
`used for each transmission.
`
`In another exemplary embodiment, the calling of
`[0029]
`the agent 10 is conducted during a session initiated by the
`user and using a Secure Socket Layer (SSL) connection. The
`resulting inbound call to a specific port results in the agent
`10 executing its program. The SSL session protects the
`invocation of the agent 10, as it is extremely difficult for an
`outside party to interject themselves into the transmission to
`try to exploit the agent 10. When the agent is asked to
`
`APPLE EXHIBIT 1106
`
`Page 8 of 12
`
`APPLE EXHIBIT 1106
`Page 8 of 12
`
`

`

`US 2007/0113090 A1
`
`May 17, 2007
`
`execute, it is loaded into memory, determines the SIGNA-
`TURE 20, and then opens an outgoing HTTP or HTTPS
`connection. The connection may be directly with an authen-
`tication server 30 or with the site using the invention. Once
`the connection is established, the agent 10 sends the SIG-
`NATURE 20 and then closes the connection. Typically, this
`delivery takes less than one second. This behavior does not
`permit an outside party to exploit the agent 10.
`
`In addition, the actual agent 10 may be constructed
`[0030]
`in such a manner that makes any attempt to reverse-engineer
`the agent extremely difficult. In one exemplary embodiment,
`the agent 10 is approximately 150 KB in size. In another
`embodiment, the agent 10 may be developed in C/C++ with
`a portion written in assembler and proprietary languages.
`
`In an exemplary embodiment, an authentication
`[0031]
`server 30 receives the SIGNATURE 20 created by the
`software agent 10, and compares it to the authorized signa-
`ture list to determine whether or not access to the SERVICE
`
`2 may be authorized. The authentication server 30 should be
`in electronic communication, which may be wireless, with
`the device 4. The invention may thus be considered, in one
`embodiment, as an online authentication system.
`
`[0032] The authentication server 30 may serve both as the
`means for interacting with the software agent 10 and the
`SERVICE 2 for determining whether access should be
`permitted, and as storage means. With regard to the latter,
`the authentication server 30 may serve as a repository of the
`list or set of registered or authorized SIGNATURES, as well
`as storing the history of access attempts by various users or
`putative users. In another exemplary embodiment, the list of
`registered SIGNATURES and access attempt history may be
`stored, separately or together, on some other server or in
`some other location. The invention is compatible with any
`form of database,
`including but not
`limited to, Oracle,
`MySQL, DB2, SQL Server, and the like. The database may
`be encrypted, which preserves the security of the data from
`anyone gaining unauthorized access to the database server.
`In another exemplary embodiment, the data is kept in a
`database indexed by user identification and a realm.
`
`In one exemplary embodiment, the software agent
`[0033]
`10 is installed on the device 4. The software agent 10 may
`be downloaded by standard means onto the device 4, includ-
`ing by means of web distribution techniques capable of
`downloading and executing a program in a single step or as
`a single process, such as, but not limited to, ActiveX or
`browser plug ins. The software agent 10 may be loaded onto
`the device 4 prior to or during the first attempt to access the
`SERVICE 2, during the setting up of an account with the
`SERVICE 2, or at some subsequent time for SERVICES 2
`where a user already has access. The invention recognizes
`the browser or device type, and downloads the appropriate
`form of the agent 10. The deployment of the invention thus
`may vary from client to client, and may be voluntary or
`compulsory depending upon the environment.
`
`[0034] The SIGNATURE creation process can be initiated
`at any time. In one exemplary embodiment, the process is
`initiated when the software agent 10 is downloaded and
`installed.
`
`[0035] The invention may be used as the sole means of
`access to a SERVICE 2, although it may also be used to
`complement other authentication methods or security pro-
`
`cedures. For example, in one exemplary embodiment, the
`invention may be used to deny the user access to the
`SERVICE 2 from a device whose SIGNATURE 20 is not
`
`registered or recognized. This may be used even though
`pre-identification could be successfully accomplished by
`means of other co-existing authentication processes (i.e.,
`access may be denied even if a user/password pair are
`correct).
`
`In one embodiment, the invention may be the last
`[0036]
`test of authentication for a web application. The scripting for
`the deployment and authentication calls may be placed on
`the web login page, as well as other pages that may be
`deemed to be high risk. The invention is invoked only after
`all other authentication processes (e.g., user name and
`password) have been completed. The providers of the SER-
`VICE may elect
`to insure the identity of the user via
`additional methods, including challenge/response questions,
`or requiring the user to contact a call center or use a one-time
`password previously acquired. Once the existing authenti-
`cation standards are met, the invention is called via script-
`mg.
`
`[0037] Upon installation on the device, the agent 10 col-
`lects the first set of configuration data and returns it to the
`authentication server, where it is maintained as the original
`SIGNATURE of that device. In some embodiments, the
`installation and collection of configuration data averages
`approximately 7 to 9 seconds, depending upon the connec-
`tion and device processing speeds.
`
`[0038] Once the agent 10 is installed and the initial
`SIGNATURE stored by the authentication server, future
`login sessions may be seamless to the user. For example, a
`web login page would receive the user name and password,
`and upon confirmation of that information, and prior to
`opening the SERVICE application, the invention causes a
`request to be sent to open a session. The authentication
`server opens the session, and sends to the application server
`a session ID and token,
`the token containing the seed
`number for both the one-time encryption key and shuffling
`mechanism. The token is passed to the device 4 via the
`connection (such as a SSL connection) established at the
`beginning of the session. Upon receiving the information
`and token, the agent 10 collects the configuration informa-
`tion, and hashes each of the configuration components. In
`one exemplary embodiment,
`the items are hashed using
`SHA256 hashing digest. The token information is used to
`encrypt the string of hashed component items, which also
`may be shufiled in a random order. This happens each and
`every time a request for authentication occurs, and thus may
`prevent replay attacks. The resulting encrypted string is sent
`to the authentication server, where it
`is decrypted and
`checked against the original SIGNATURE for a “pass” or
`“no pass” decision, which is passed back to the web server
`where it is then applied to the current session. This process
`may take less than a second from login to authentication.
`
`[0039] The call for authentication may be invoked at any
`time during the session, thus making the present system
`particularly effect for preventing man-in-the-middle attacks.
`This can be controlled by embedding scripting on the
`application pages that contain high risk transactions, such as
`movement of money or adding bill payees.
`
`APPLE EXHIBIT 1106
`
`Page 9 of 12
`
`APPLE EXHIBIT 1106
`Page 9 of 12
`
`

`

`US 2007/0113090 A1
`
`May 17, 2007
`
`[0040] The authentication server 30 may have a set of
`rules that allows some changes to the device, whether in
`software or hardware, without the device becoming unau-
`thorized.
`
`[0041] An example of the operation of the present inven-
`tion when used for access to a SERVICE is illustrated by the
`following steps:
`
`1. A user attempts to access a SERVICE through a
`[0042]
`device. If the present invention is used in conjunction with
`other authentication processes or security procedures (e.g.,
`pre-identification), such as, without limitation, username/
`password pairs, verification of authorized IP address ranges,
`answering of specific questions, optical character recogni-
`tion or similar services that protect against “software
`robots”, or the like, then the user may be required to pass or
`satisfy those other authentication processes or security pro-
`cedures first. Alternatively, those other authentication pro-
`cesses or security procedures may be implemented subse-
`quent to the authentication system of the present invention,
`or in cases where multiple procedures are used, some may
`occur before and some may occur after the authentication
`system of the present invention.
`
`2. If this is the first time the user has attempted to
`[0043]
`access the SERVICE after the present invention has been
`implemented for the SERVICE, or if the user has not already
`registered any device SIGNATURE for the SERVICE, then
`the user may be prompted to download the software agent in
`order to initiate the process of the present invention. The
`user may be directed to a web page or software window as
`a part of this process, where the user is given information
`about how the invention works and/or describing the regis-
`tration process required for access.
`
`In an exemplary embodiment, this step may be
`[0044]
`implemented so as to be optional, when the provider of the
`SERVICE desires to offer the user the option of accessing
`the SERVICE through means of the invention as one of
`several authentication processes or means. Similarly,
`the
`user may also have the option of deactivating or reactivating
`the use of the invention when desired. In such a case, a user
`desiring to reactivate the present invention may be required
`to identify themselves in some way (e. g., user/password pair,
`answering questions, and the like) prior to reactivation.
`Further, as described in greater detail below, deactivating the
`use of the present invention by a user may be permitted only
`from the device that has the oldest SIGNATURE registered
`for the user’s account, based on the presumption that the
`oldest SIGNATURE is likely to be the most trustworthy
`SIGNATURE.
`
`3. Once the user has agreed to the use of the
`[0045]
`invention, he or she must allow the software agent
`to
`download and execute on his or her device, unless this has
`already occurred. This step must be repeated for each device
`that will be submitted to the authentication process of the
`present invention.
`
`is installed on the
`4. Once the software agent
`[0046]
`device, it collects data sampled from the device’s hardware
`or software components, or both. The software agent then
`creates a SIGNATURE for the device from the sampled data,
`and submits it for registration with the SERVICE, or for
`authentication, as appropriate. The SIGNATURE identifies
`the device without the need of any supplementary identifi-
`
`cation device or means, such as a smart card. In some
`embodiments, the first registration may not require rigorous
`authentication.
`
`[0047] The device’s identification is done by detecting and
`identifying essential hardware and software components of
`the device. The invention allows incremental changes to
`some of these components without modifying the device’s
`SIGNATURE. However, if the device has undergone sub-
`stantial modifications in its hardware or software configu-
`rations, its SIGNATURE likely will be changed. This means
`that the device will be considered as a new device and will
`
`not be recognized by the SERVICES accessed before the
`modifications. In this case, the user has to register the new
`device SIGNATURE. Minor changes of components that
`generally are not considered to be essential may be done
`without affecting the SIGNATURE.
`
`In one exemplary embodiment, the SIGNATURE
`[0048]
`comprises one or more groups of information hashes gen-
`erated based on the hardware and software components.
`These hashes cannot be reversed to recompose the informa-
`tion used to make the SIGNATURE, thereby preserving user
`privacy and security. In one embodiment, the hashes be
`grouped in a different way for each transaction, and sub-
`mitted to several levels of cryptography. This procedure
`protects against anyone who attempts to intercept the com-
`munication between the user device and the authentication
`
`server or SERVICE, and may try, by simply reproducing the
`transmitted data, to pretend to be the original device.
`
`5. In one embodiment, if the user attempts to access
`[0049]
`the SERVICE from a device that was not previously regis-
`tered, then the invention will allow access only after appli-
`cation of extended positivation means (e.g., specific ques-
`tions in addition to username/password pairs). In another
`embodiment, this access may be allowed only if there was
`at least one device previously registered with the SERVICE.
`If the extended positivation means is successfully passed,
`then the user will be allowed to access the SERVICE, with
`the option to register the present device’s SIGNATURE. If
`the extended positivation means is not successfully passed,
`then access is denied.
`
`[0050] Optionally, the user may be limited to a determined
`quantity of SIGNATURES associated with his or her
`account (the quantity may be defined in accordance with the
`needs of the SERVICE). It thus is possible to create a closed
`group of devices and limit the SIGNATURE set that can
`access the SERVICE for a given account. The user may have
`the ability to choose the number of SIGNATURES able to
`access the SERVICE through his or her account, although
`this limitation may be set by the provider of the SERVICE.
`In the case where the user has reached this determined
`
`quantity of SIGNATURES, he or she may be able to choose
`whether or not the number of SIGNATURES should be
`
`limited to this quantity. These options may be implemented
`in a mandatory way; that is, the user will be able to register
`additional SIGNATURES coupled to his or her account until
`a maximum number is rea