`Filing date: September 21, 2023
`Patent No. 11,514,138
`Issue date: November 29, 2022
`
`APPL-1005
`APPLE INC. / Page 1 of 343
`
`
`
` DANO
`
`5
`
`USOIL
`
`«2, United States Patent
`US 11,514,138 Bl
`(10) Patent No.:
`*Nov. 29, 2022
`Jakobsson
`(45) Date of Patent:
`
`AUTHENTICATION TRANSLATION
`
`Applicant: RightQuestion, LLC, Portola Valley.
`CA (US)
`
`Inventor: Bjorn Markus Jakobsson, Portola
`Valley, CA (US)
`
`(73)
`
`Assignee: RightQuestion, LLC, Portola Valley.
`CA (US)
`
`(58)
`
`(56)
`
`(*)
`
`Notice:
`
`Subject to any disclaimer, the term ofthis
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`
`This patent is subject to # terminal dis-
`vlaimer.
`
`GO6F 21/44 (2013.01); HOLL 63/083
`(2013.01): HOIL 63/0861 (2013.01); HAL
`63/10 (2013.01); HO4L 63/20 (2013.01)
`Field of Classification Search
`None
`
`See applicationfile for complete search history.
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`S.OLQ,571 A
`5,499,298 A
`
`4/199) Katznelson
`4/1996 Narasimhalu
`(Continued)
`
`FOREIGN PATENT DOCUMENTS
`
`Appl. No.; 17/027,481
`
`Filed:
`
`Sep. 21, 2020
`
`Related U.S. Application Data
`
`Continuation ofapplication No, 16/773,767. filed on
`Jan. 27. 2020, now Pat. No. 10,9279.512, which is a
`continuation of application No. 16/563.715, filed on
`Sep. 6. 2019, now Pat. No. 10,824,696, which is a
`continuation of application No. 16/273.797, filed on
`Feb. 12, 2019, now Pat. No. 10,521,568, which ts a
`continuation of application No, 15/042,.636, filed on
`(Continued)
`
`(2013.01)
`(2013.01)
`(2013.01)
`(2022.01)
`(2013.01)
`(2013.01)
`(2013.01)
`
`Int. Cl.
`G06F 21/00
`GO06F21/10
`G06F 2141]
`HOAL 9/40
`GU6F 21/12
`GO6F 21/44
`GU6P 21/32
`U.S. Cl.
`CPC we GOGF 21/70 (2013.01); GO6F 21/121
`(2013.01); G06F 21/728 (2013.01); G06F
`21/37 (2013.01): G06F 21/82 (2013.01):
`
`wo
`wo
`
`2004051585
`2005001751
`
`6/2004
`1/2005
`
`OTHER PUBLICATIONS
`
`Brands et al. Distance-Bounding Protocols. Jan, 28, 1994; https:
`citeseerx istpsu.edu/viewdoe download?doim10,1-1-51,64397 &rep=
`repL&typespdl.
`
`(Continued)
`
`Primary Exaniiner
`(74) Attorney, Agent, or Firm
`LLP
`
`Andrew J Steinle
`Van Pelt, Yi & James
`
`(37)
`
`ABSTRACT
`
`Authenticationtranslation is disclosed. A request to access a
`resource is received at an authentication translator, as is an
`authentication input. The authentication input corresponds
`to at least one stored record. The stored record is associated
`al least with the resource.
`ln response to the receiving, a
`previously stored credential associated with the resource is
`accessed. The credential is provided to the resource.
`
`25 Claims, 8 Drawing Sheets
`
`(S1)
`
`Ts
`Bane
`
`AutaanKectiens
`Traveialoebos Baers
`Wena
`
`
`
`
`
`APPL-1005
`APPLEINC./ Page 2 of 343
`
`APPL-1005
`APPLE INC. / Page 2 of 343
`
`
`
`S/20L1 Spitz
`7,950,051 BL
`3/2012 Boshra
`8,145,916 B2
`$549,300 BI* LO/2013 Kumar ...... 8. HO4T. 9/3263
`TLB/I75
`
`8,577,813 B2
`8.776.214 BI®
`
`8,856,539 B2
`8,984,596 B2
`9,100,826 B2
`10,872.152 BL
`2004/0107170 Al
`2004/0256632 Al
`2O0S/MI98348 Al
`20060085844 Al
`2007/0257104 AL
`2007/0266256 AL
`2008/0059804 AL
`2009/0 100269 AL
`
` LL/2013 Weiss
`7/2014 Johansson...... matt TOT, 63/08
`726/19
`
`10/2014 Weiss
`3/2005 Grillin
`8/2015 Weiss
` L2/2020 Martel
`6/2004 Labrou
`11/2004 Maritwen
`9/2005. Yeates
`4/2006 Buer
`[1/2007 Owen
`LL/2007 Shah
`3/2008 Shah
`4/2009 Naccache
`
`US 11,514,138 BI
`Page 2
`
`Related U.S. Application Data
`Feb. 12, 2016. now Pat. No. 10,360,351. which is a
`continuation of application No. 13/706,254, filed on
`Dec, 5, 2012, naw Pat. No, 9,294,452.
`
`Provisional application No. 61/587.387,filed on Jan,
`17, 2012, provisional application No. 61/569,112,
`filed on Dec. 9, 2011.
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`1/2000 Maes
`6016476 A
`6.091.232 BL 22004 Wood oo... LOL 63/0815
`7206/6
`
`7.512.965 Bl
`7,697,729 B2
`T7RO080 B2*
`
`3/2009 Amdur
`4/2010 Howell
`8/2010 Owen oe. G06 20/3674
`235/382
`
`20090191846 AL*
`
`7/2009
`
`2010/0242102 Al
`2010078771 Al
`201 0158450 Al
`2010205016 Al
`ZOLMV0231651 Al
`2OL2OLLO34L AI*
`
`20120167195 Al
`2014/0250079 Al
`20170230179 Al*
`
`9/2010
`3200
`2011
`8/2011
`9/2011
`5/2012
`
`6/2012
`o2014
`BQ017
`
`SHI cece HOT 63/0861
`455/411
`
`Cross
`Grillin
`Kesanupalli
`Al-Avem
`Bollay
`Beigi cece LOEW 12/069
`713/186
`
`Gargaro
`Gardner
`Mannan oiscceses we HO4L 9/3226
`
`OTHER PUBLICATIONS
`
`Jakobsson et al. Proving Without Knowing: On Oblivious. Agnostic
`and Blindfolded Provers. Jul. 24,
`(996: http:)/markus-jakobsson.
`com papers jakobsson-crypto96 pal.
`Monrose et al. Using Voice to Generite Cryptographic Keys. May
`13, 2001; https:wwwees.tuneedi~fabian/papersodyssey, pdf,
`Seshadri et al, Pioneer: Verifying Code Integrity and Enforcing
`Untampered Code Execution on Legacy Systems. Oct. 23, 2005:
`hips:/netsec.ethz.ch’publications’paperspioneer.pd.
`“Managing Authorization and Access Control”, Author: unknown,
`Published Nov, 3, 2005, pp, 1-12, URL: httpy technetmicrosolt.
`com/en-us/library/bb4 57 || 5.aspx.
`Iummer-Lahav, Ed. “The OAuth 1.0 Protocol”, from htips://tools.
`ietf.org’himlricS849, Apr. 2010,
`TPR2022-00244 Claim Mapping Table for the "696 Palent. Noy. 30,
`2021.
`TPR2022-00244 Petition for Inter Partes Review of US. Pat. No,
`10,824,696, Nov, 30, 2021,
`IPR2022-00251 Claim Mapping Table for the "512 Patent. Dec, L,
`2021,
`IPR2022-00251 Petition for Inter Partes Review of U.S. Pat, No,
`10,929,512. Dee. 1, 2021,
`
`* cited by examiner
`
`APPL-1005
`APPLEINC./ Page 3 of 343
`
`APPL-1005
`APPLE INC. / Page 3 of 343
`
`
`
`U.S. Patent
`
`Nov. 29, 2022
`
`Sheet 1 of 8
`
`US 11,514,138 Bl
`
`Bank
`Website
`
`124
`
`Online
`Camera
`Retailer
`
`Authentication
`Translator for Bank
`Website
`
`Networking
`
`Cloud
`Storage
`Service
`
`3" Party
`Authentication
`
`Translator Social
`Site |Authentication |
`
`Transiator
`|
`Module
`
`
`
`FIG. 1
`
`APPL-1005
`APPLEINC./ Page 4 of 343
`
`APPL-1005
`APPLE INC. / Page 4 of 343
`
`
`
`U.S. Patent
`
`Nov. 29, 2022
`
`Sheet 2 of 8
`
`US 11,514,138 B1
`
`I| ; Template 1 ‘en : domain, username,credential
`
`ot eee
`pee.
`|
`foo
`eee eee eee ee
`| Template 2 | = | domain, username, credential
`
`abeetet
`
`|
`
`err ey ee tee ae a ee 1
`
`|
`= Sa = | domain, username,credential
`Template 2 |
`MS
`terseesaaeeeeeed
`
`|
`
`| Pe pe eee ee ee eh 1
`|
`domain, username,credential
`
`FIG. 2
`
`APPL-1005
`APPLEINC./ Page 5 of 343
`
`APPL-1005
`APPLE INC. / Page 5 of 343
`
`
`
`U.S. Patent
`
`Nov. 29, 2022
`
`Sheet 3 of 8
`
`US 11,514,138 B1
`
`processor
`
`Insecure storage (large)
`
`sensor
`
`processor
`
`Secure storage (small)
`
`FIG. 3
`
`APPL-1005
`APPLEINC./ Page 6 of 343
`
`APPL-1005
`APPLE INC. / Page 6 of 343
`
`
`
`U.S. Patent
`
`Nov. 29, 2022
`
`Sheet 4 of 8
`
`US 11,514,138 B1
`
`
`
`Primary Device i
`
`402
`
`410
`
`Peripheral
`
`FIG. 4
`
`APPL-1005
`APPLEINC./ Page 7 of 343
`
`APPL-1005
`APPLE INC. / Page 7 of 343
`
`
`
`U.S. Patent
`
`Nov. 29, 2022
`
`Sheet 5 of 8
`
`US 11,514,138 B1
`
`s00—~
`
`Receive request to access resource and receive
`authentication input.
`
`Provide credential to resource.
`
`Access stored credential associated with resource.
`
`FIG. 5
`
`APPL-1005
`APPLEINC./ Page 8 of 343
`
`APPL-1005
`APPLE INC. / Page 8 of 343
`
`
`
`U.S. Patent
`
`Nov.29, 2022
`
`Sheet 6 of 8
`
`US 11,514,138 B1
`
`Client
`
`Proxy
`
`Aerie
`
`data request
`(no identity information)
`
`record UA
`
`SY }
`data request
`(no cookie)
`
`data
`SET cookie
`
`data
`SET cookie
`SET cache cookie
`
`a
`record cookie,
`cache cookie
`
`FIG. 6
`
`APPL-1005
`APPLEINC./ Page 9 of 343
`
`APPL-1005
`APPLE INC. / Page 9 of 343
`
`
`
`U.S. Patent
`
`Nov.29, 2022
`
`Sheet 7 of 8
`
`US 11,514,138 B1
`
`Client
`
`Proxy
`
`Server
`
`data request
`(+identity information)
`
`| Evora
`| get cookie
`
`—_____
`data request
`(+cookie)
`
`data
`
`data
`
`FIG. 7
`
`APPL-1005
`APPLEINC./ Page 10 of 343
`
`APPL-1005
`APPLE INC. / Page 10 of 343
`
`
`
`Sheet 8 of 8
`
`US 11,514,138 B1
`
`U.S. Patent
`
`Nov.29, 2022
`
`uniquename.jpg FIG.8
`
`APPL-1005
`APPLEINC./ Page 11 of 343
`
`APPL-1005
`APPLE INC. / Page 11 of 343
`
`
`
`US 11,514,138 BI
`
`1
`AUTHENTICATION TRANSLATION
`
`CROSS REFERENCE TO OTHER
`APPLICATIONS
`
`2
`FIG. & shows the structure of an example of a cache
`cookie used in some embodiments.
`
`DETAILED DESCRIPTION
`
`This application is a continuation ofU.S. patent applica-
`tion Ser, No. 16/773.767, entitled AUTHENTICATION
`TRANSLATION filed Jan. 27, 2020 which is incorporated
`herein by reference forall purposes. whichis a continuation
`of U.S. patent application Ser. No. 16/563,715, entitled
`AUTHENTICATION TRANSLATION filed Sep. 6, 2019
`which is incorporated herein by reference for all purposes,
`which is a is a continuation of U.S, patent application Ser,
`No. 16/273,797, entitledAUTHENTICATION TRANSLA-
`TION filed Feb. 12, 2019, now U.S. Pat. No. 10,521,568,
`which is incorporated herein by reference for all purposes,
`which is a is a continuation of U.S. patent application Ser.
`No. 15/042.636, entitledAUTHENTICATION TRANSLA-
`TION filed Feb. 12, 2016, now U.S. Pat. No. 10,360,351,
`which is incorporated herein by reference for all purposes,
`which is a continuation of U.S. patent application Ser. No.
`13/706,254, entitled AUTHENTICATION TRANSLATION
`filed Dec. 5, 2012. now U.S. Pat. No. 9,294,452, which is
`incorporated herein by reference for all purposes, which
`claims priority to U.S. Provisional Application No. 61/587,
`387.
`entitled BIOMETRICS-SUPPORTED SECURE
`AUTHENTICATION SYSTEM filed Jan. 17,2012 whichis
`incorporated herein by reference for all purposes. U.S.
`patent application Ser, No. 13/706,254 also claims priority
`to U.S. Provisional Patent Application No. 61/569.112 +
`entitled BACKWARDS COMPATIBLE ROBUST COOK-
`IES filed Dee. 9, 2011, which is incorporated herein by
`reference for all purposes.
`
`30)
`
`3
`
`The invention can be implemented in numerous. ways,
`including as a process; an apparatus: a system: a comiposi-
`tion of matter: a conyputer program product embodied on a
`computer readable storage medium: and/or a processor. such
`as a processor configured to execute instructions stored on
`and/or provided by a memory coupled to the processor, In
`this specification, these implementations, or any other form
`that the invention may take. may be referred to as tech-
`niques.
`In general,
`the order of the steps of disclosed
`processes may be altered within the scope ofthe invention,
`Unless stated otherwise, a component such as a processor or
`4 memory described as being conligured to perform a task
`may be implemented as a general component that is tem-
`porarily contigured to perform the task ata given time or a
`specific componentthat is manufactured to performthe task.
`As used herein. the term ‘processor’ relers to one or more
`devices, circuits, and/or processing cores configured to
`process data, such as computer program instructions,
`A detailed description of one or more embodiments ofthe
`invention is provided below along with accompanying fig-
`ures that
`illustrate the principles of the invention. The
`invention 1s described in connection with such embodi-
`ments, but the invention is not limited to ary embodiment,
`The scope of the invention is limited only by the claims and
`the invention encompasses numerous alternatives, modifi-
`cations and equivalents. Numerous specific details are set
`forth in the following description in order to provide a
`thorough understanding of the invention. These details are
`provided for the purpose of example and the invention may
`be practiced according to the claims without some or all of
`these specific details. For the purpose ofclarity, technical
`material that is known in the technical fields related to the
`invention has not been described in detail so that
`the
`invention is nol unnecessarily obscured.
`FIG. 1
`illustrates an embodiment of an environment in
`which authenticationtranslation is provided. In the example
`shown, a variety of clien| devices 102-108 connect, via one
`or more networks (represented as a single network cloud
`110) to a variety of services 120-124 (also referred to herein
`sas sites 120-124),
`In particular, client device 102 1s a
`notebook computer owned by a user hereinafter referred to
`as Alice. Notebook 102 includes a camera, a microphone.
`and a lingerprint sensor. Chent device 104 is a smartphone,
`also owned by Alice. Client device 104 includes a camera,
`Client device 106 is a tablet owned by Bob, and sometimes
`used by Bob's son Charlie. Client device 106 includes a
`camera and a fingerprint sensor. Client device 108 is a kiosk
`located in the lobby of a hotel. Kiosk 108 includes a camera
`and a microphone, The techniques described herein can be
`used with or adapled to be used with other devices, as
`applicable. For example.
`the techniques can be used in
`conjunction with gaming systems, with peripheral devices
`such as mice, and with embedded devices, such as door
`locks.
`Service 120 is a social networking site. Service 122 is a
`website of a bank. Service 124 is the online store of a
`boutique camera retailer. Rach of services 120-124 requires
`a username and password (and/or a cookie) froma user prior
`lo giving that user access lo protected content and/or other
`features. As will be described in more detail below, using the
`techniques deseribed herein, users need not type such user-
`names and passwords into their devices Whenever required
`
`BACKGROUND OF THE INVENTION
`
`35
`
`Providing credentials to a service. whethervia a mobile or
`other device,
`is often a tedious experience for a user.
`Unfortunately, to make authentication easier for themselves,
`users will ofien engage in practices such as password re-use,
`and/or the selection ofpoor quality passwords, which render
`their credentials less secure against attacks. Accordingly,
`improvements in authentication techniques would be desir-
`able, Further, it would be desirable for such improvements
`to be widely deployable, including on existing/legacy sys-
`lems.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`Various embodiments of the invention are disclosed in the 5
`following detailed description and the accompanying draw-
`ings.
`FIG, 1 illustrates an embodiment of an environment in
`which authentication translation is provided.
`FIG, 2 illustrates an embodiment ofcredential informa-
`tion stored on a device.
`FIG. 3 illustrates an embodiment of a device with secure
`storie.
`FIG, 4 illustrates an example of a renegotiation.
`FIG, 5 illustrates an embodiment of a process for per-
`forming authentication translation,
`FG, 6 ilhistrates an example of what occurs when a client
`device first visits the site of a legacy server via an authen-
`lication translator.
`PIG. 7 illustrates an example of what occurs when a
`device subsequently visits the site of a legacy server via an
`authentication translator.
`
`5
`
`5
`
`APPL-1005
`APPLEINC./ Page 12 of 343
`
`APPL-1005
`APPLE INC. / Page 12 of 343
`
`
`
`US 11,514,138 BI
`
`{
`
`3
`by a service. Instead, users can authenticate themselves to an
`“authentication translator” via an appropriate technique, and
`the authentication translator will provide the appropriate
`credentials to the implicated service on the user's behalf
`Also as will be described in more detail below, authentica-
`tion translators can be located in a variety of places within
`an environment. For example, notebook computer 102
`includes an authentication translator module 132 that pro-
`vides authentication translation services. The other devices
`104-108 can also include (but need not include) their own
`respective authentication translator modules. The owner of
`bank website 122 also operates an authentication translator
`134 associated with the bank. Finally, authentication trans-
`lator 136 provides authentication translation services to a
`variety of businesses, including online camera retailer 124,
`FIG, 2 illustrates an embodiment of credential informa-
`tion stored on a device. In particular, device 200 stores three
`user profiles 202-206, each of which contains a username
`i
`and one or more templates (e.g., template 210) associated 2
`with the user.
`In various embodiments, a template is a
`collection of biometric features. Using fingerprints as an
`example type of biometric, a corresponding template
`includes a collection of patterns, minutia, and/or other
`features that can be matched against
`to determine if a
`person’s fingerprint matches the fingerprint of the registered
`user(i.e., the owner ofa given userprofile). A representation
`ofa single fingerprint may be included in multiple templates
`(e.g..
`in different resolutions,
`in accordance with different
`protocols, as captured during warm vs. cold conditions,
`and/orby itself or in combination with multiple fingerprints)
`. When other biometrics are employed (e.z.. facial recogni-
`tion, Voiceprint, or retina scan technology). features appro-
`priate to those types of biometrics are included in the
`jemplate. Other types of features can also be included in
`lemplates. As one example, a user’s lyping speed and/or
`accuracy can be measured by a device, such as device 102,
`and used to distinguish berween multiple users of a device.
`For example, suppose Alice types at 100 words per minute
`and rarely makes mistakes. A representation of this infor-
`mation can be stored in template 212, Also suppose Alice's
`niece, who sometimes uses Alice’s laptop computer when
`visiting Alice types at 20 words per minute and makes many
`mistakes. In some embodiments, the fact that a user was
`recently (e.g. within the last 5 minutes) typing on laptop 102
`at 90 words per minute is evidence of a match against
`template 212. In this case, the typing speed of 90 words per
`minute is similar enough to Alice's typical behavior,
`it is
`4Ea}
`considered a match. Various policies can be included in a 5
`profile that govern how matches are to be performed. For
`example, policies can specify thresholds/tolerances for what
`constitutes a match, and can speetty that different levels of
`matches can result in different levels of access to different
`resources,
`
`Lat
`~
`
`A profile is associated with a vault (e.g.. vault 220). The
`vault, in turn, contains triples specifying a service provider/
`domain, a username, and a credential. The vault can also
`contain other sensitive user information, such as account
`numbers, address/phone number information, and health
`care data. The credential for a service provider/domain can
`be a password (e.g.. for legacy servers), and can also take
`alternate forms (e.g., a cryptographic key for service pro-
`viders supporting stronger authentication methods).
`In some embodiments, profiles,
`templates. and vaults
`(collectively
`“authentication
`information”)
`are
`stored
`entirely in an unprotected storage area, and are stored in the
`
`ou
`
`5
`
`4
`clear. In other embodiments, secure storage techniques are
`used to secure al
`least a portion of the authentication
`information.
`One example ofa device with secure storageis illustrated
`in FIG. 3.
`In the example shown, a mobile phone 300
`includes a large and insecure storage 302 attached to a [ast
`processor 304, and a smaller but secure storage 306 attached
`to adedicated processor 308 and a sensor 310(e.g., acamera
`or a fingerprint reader). Users (and applications) can read
`from and write to the insecure storage area, lowever, users
`cannot access the secure storage area, and the fast processor
`can only communicate with the dedicated processor/sensor
`via a restricled API. As another example, a unique decryp-
`tion key associated with a given vault can be stored in a
`profile. The vault is an enerypted and authenticated con-
`lainer that can be stored on insecure storage, e.g.. on the
`device. and also backed up (e.g.. to a cloud storage service
`140 or fo an alternate form of external storage). As needed,
`authentication information or portions thereofcan be loaded
`into secure storage and decrypted. for example. one can use
`AES to encrypt the files one by one, using a key stored on
`the secured storage. A message authentication technique,
`such as IMAC, can be used for authenticating the encrypted
`files to provide tamper prevention. Profiles and vaults can be
`updated while in secure storage: if this occurs. they are
`encrypted and MACed before being written back to the
`insecure storage. which may in turn propagate them to
`external backup storage. In yet other embodiments, profiles
`and vaults are stored entirely in secure storage, in plaintext,
`which allows them to be both read and written—and in
`particular, searched,
`
`Example Transaction Types
`
`A variety of transaction types can take place in the
`environment shown in FIG. 1, examples of which are
`discussed in this section.
`
`Initial Registration
`
`In order to begin using the techniques described herein.
`users perform some form of initial registration, As one
`example, suppose Alice launches an enrollment program
`installed on laptop 102, She uses the program to capture
`various biometric information (e.g.,
`fingerprints, photo-
`graphs ofher face. etc.), A user profile is created lor Alice,
`and the biometric information captured about her is encoded
`into a plurality of templates, such as templates 210 and 214,
`In some embodiments, Alice is also explicitly asked to
`supply credential informationfor services she would like to
`use, such as by providing the domain name of social
`networking site 120, along with her username and password
`for site 120. In other embodiments. domain/username/cre-
`dential information is at least passively captured on Alice’s
`behalf and included tn one or more vaults such as vault 220,
`Credential information can also be important trom a browser
`password manager already in use by Alice or other appro-
`priate source. In some embodiments. Alice also registers
`with cloud storage service 140, which will allowher to back
`up her authentication information and to synchronize it
`across her devices (¢.2., 102 and 104), as described in more
`detail below,
`Other registration approaches can also be used, Por
`example, registration can be integrated into the experience
`the first time a device ts used. Thus, when Bobfirst turns on
`tablet 106, he may be prompted to take a picture ofhis face
`(with a profile/lemplates being created in response), Simi-
`
`APPL-1005
`APPLEINC./ Page 13 of 343
`
`APPL-1005
`APPLE INC. / Page 13 of 343
`
`
`
`US 11,514,138 BI
`
`5
`
`larly, the first time Charlie uses tablet 106, the techniques
`described herein can be used to determine that Charlie does
`not yet have a profile (e.g., because none of the templates
`already present on tablet 106 match his biometrics) and
`Charlie can be prompted to enroll as a second user of the
`device
`
`Authentication
`
`{
`
`Mi
`
`6
`website, after which the newly negotiated key can be handed
`off from the peripheral device to the primary device. This
`avoids retroactive credential capture in a setting where the
`device is infected by malware.
`An example of renegotiation is depicted in FIG, 4. Spe-
`cifically, after a user has successfully authenticated to a
`fingerprint reader, a login is performed to a service provider,
`Using the primary device (404) as a proxy, the peripheral
`fingerprint reader 402 negotiates a first SSL connection
`(408) with a service provider 406, over which credentials are
`exchanged. The proxy then renegotiates SSL, (410). which
`replaces the old key with a new one. The new key is
`disclosed to the device, which then seamlessly takes over the
`connection with the service provider and performs the
`transaction protected by the authentication, The credentials
`exchanged during the first SSL connection cannot be
`accessed by device 404, since the key of the renegotiated
`session is independent of the key ofthe original session: this
`provides protection against malware residing on the device.
`Renegotiation can be used when the primary device 404 is
`believed to be in a safe state when performing the negotia-
`tion of the SSL connection, but it is not known whetherit is
`in a sale state during the transaction protected by the
`authentication, Renegotiation can also be used when a
`secure component ofthe primary device 404 performs the
`negotiation of the SSL connection and another and poten-
`tially insecure component of the primary device 404 is
`involved in the transaction protected by the authentication.
`FIG. 5 illustrates an embodiment of a process for per-
`forming authentication translation. The process begins at
`502 when a request to access a resource is received, as is an
`authentication input. One example of the processing, per-
`formed at 502 is as follows. Suppose Alice wishes to sign
`into social networking website 120. She directs a web
`browser application installed on client 102 to the social
`networking website. Authentication translator module 132
`recognizes, from the context of Alice’s actions (e.g., that she
`is attempting to access site 120 with her browser) that she
`would like to access a particular resource. Authentication
`translator module 132 prompts Alice (e.g.. by a popup
`message or Via a sound) to provide biometric information
`(c.g, lo use the integrated fingerprint reader on her laptop),
`In some embodiments,
`the translator module does not
`prompt Alice, for example, because Alice has been trained to
`5 provide biometric information automatically when attempt-
`ing to access certain resources. In yet other embodiments,
`ihe translator module only prompts Alice if she fails to
`provide acceptable biometric information within 4 timeout
`period (e.a.. 30 seconds).
`Module 132 compares Alice’s supplied biometric data to
`the templates stored on her computer. Ifa suitable match is
`found, and if'anentry for site 120 is present in the applicable
`vault, at 504, a previously stored credential associated with
`the resource is accessed.
`In particular, the username and
`password lor (he website, as stored in a vaull, such as vault
`220). are retrieved from the vault.
`Finally. at 506, the credential is provided to the resource.
`For example, Alice’s username and password for site 120 are
`transmitted to site 120 at 506. The credential canbe trans-
`mitted directly (e.g.. by the module or by Alice's computer)
`and can also be supplied indirectly (e.g., through the use of
`one or more proxies, routers. or other intermediaries, as
`applicable),
`Other devices can also make use of process 500 or
`3 portions thereof, For example, when Alice launches a bank-
`ing application on phone 104, implicit in her opening that
`application is her desire to access the resources of website
`
`Suppose Alice wishes to authenticate to banking website
`122. Using a fingerprint reader incorporated into her laptop.
`she performs a fingerprint scan, which causes her biometric
`features to be extracted and compared to any stored tem-
`plates residing on ber computer. If a match is found, an
`associated decryption key is selected, and the associated
`vault is loaded and decrypted. The vault is scanned for an
`entry that matches the selected service provider(i.e., website
`122). Ifa matching entry is lound, the associated domain,
`username, and site credential are extracted from the vault. In
`some embodiments. the validity of the domain name map-
`ping is verified at this point to harden the system against
`domain name poisoning. Next, a secure connectionis estab-
`lished between Alice’s computer and the service provider,
`and Alice is authenticated, Por service providers supporting
`strong user authentication, mutual SSL can be used,
`for
`example. A variety ofpolicies can be involved when per-
`forming matching. Por example, to access certain domains,
`Alice's print may need only match template 210. To access
`other domains, Alice may need to match multiple templates
`=
`(e.g. both 210 and 214). As another example.
`in order to :
`access social networking site 120, Alice may merely need to
`be sitting in front of her computer, which has an integrated
`webcam, Even in relatively low light conditions, a match
`can be performedagainst Alice’s face and features stored in
`a template. However, in order to access bank website 122,
`Alice may need a high quality photograph(1.¢., requiring her
`to tum on a bright
`light) and may need to demonstrate
`liveness (e.g., by blinking or turning her head). As yet
`another example. other contextual
`information can be
`included in policies. Por example,
`if Alice’s IP address
`indicates she is in a country that she is not usually in, she
`may be required to match multiple templates (or match a
`template with more/better quality features) in order to access
`retailer 124, as distinguished from when her IP address
`indicates she is at home,
`In some embodiments, the biometric sensor used by a user
`may be a peripheral device (e.2., a mouse with an integrated
`lingerprint scanner that is connected to the user's primary
`device via USB).
`ln such scenarios. the peripheral device
`a
`may be responsible for storing at least a portion of authen- §
`lication information and may perform at least some ofthe
`authentication tasks previously described as having been
`performed by Alice’s computer. For example. instead of
`processors 304 and 308, and storages 302 and 306 being
`collocated on a single device (e.g., laptop 102), processor
`304 and storage 302 may be present ona primary device, and
`processor 308 and storage 306 may be present on a periph-
`eral device (e.g.,
`thal also includes a sensor, such as a
`fingerprint reader).
`In such scenarios, once Alice's login to banking website
`122 is successfully completed, the secure session can be
`handed over from the peripheral device to the primary
`device,
`in a way that does not allow the primary device
`retroactive access lo the plaintext data of the transcripts
`exchanged between the peripheral device and the service
`provider. One way this can be accomplished is by renego-
`ialing SSI keys between the peripheral device and the
`
`-
`
`a
`
`45
`
`ou
`
`APPL-1005
`APPLEINC./ Page 14 of 343
`
`APPL-1005
`APPLE INC. / Page 14 of 343
`
`
`
`US 11,514,138 BI
`
`7
`134. The application can take Alice’s picture and compare it
`to stored templates/vault
`information.
`If an appropriate
`match is found, a credential can be retrieved from the vault
`on her phone(or, e¢.g., retrieved from cloud storage service
`140) and provided to website 134.
`As another example. suppose Charlie is using tablet 106
`and attempts to visil site 120, whether via a dedicated
`application or via a web browserapplication installedon the
`tablet. Charlie’s photograph is taken. and then compared
`against the profiles stored on tablet 106 (e.g.. both Bob and
`Charlie’s profiles). When a determination is made that
`Charlie's photograph matches a template stored in his stored
`profile (and not, e.g-, Bob’s), Charlie's credentials for site
`120 are retrieved from a vault and transmitted by an authen-
`lication translator module residing on client 106.
`As yet another example. kiosk 108 can be configured to
`provide certain local resources (e.p.. by displaying a com-
`pany directory or floor plan on demand) when users speak
`certain requests intoa microphone. Enrolled users (e.g... with
`stored voiceprint or facial recognition features) can be
`granted access to additional/otherwise restricted services In
`accordance with the techniques described herein and process
`500.
`
`New device
`
`8
`supplies a fingerprint and a second identifier, a cleartext
`version of her vault(s) could be made available.
`
`Access Policies
`
`In various embodiments, cloud storage service 140 js
`configured to accept backups from multiple devices associ-
`ated with a single account, and synchronize the updates so
`that all devices get automatically refreshed. For example.
`Alice’s laptop 102 and phone 104 could both communicate
`with cloud storage service 140 which would keep their
`authentication information synchronized. Refreshes can also
`be made in accordance withuser-configured restrictions. For
`example, Alice's
`employer
`could
`prevent privileged
`employer data from being stored on shared personal devices,
`or on any device that was not issued by the employer. As
`another example, arbitrary policies can be delined regarding
`the access to and synchronization ofsoftware and data, and
`to fie a license or access rights to a person (and her
`fingerprint) rather than to a device. As yet another example.
`in some embodiments (e.9.. where a device is made publicly
`available or otherwise shared by many users), no or 4
`reduced amount ofauthentication information resides on a
`device, and at least a portion ofauthentication information
`is always retrieved [rom cloud storage service 140.
`
`a
`
`In some embodiments, to register a new device, a user
`provides an identifier, such as a username or an account
`number to the device. The new device connects to an
`=
`external storage (such as cloud storage 140), provides the 3
`user identilier and credential, and downloads the user's
`templates/vaults from the service, In some embodiments, the
`lemplates/vaulls are encrypted. Once downloaded, the tem-
`plate is decrypted and stored in a secure storage area, while
`the suill enerypted vault can be stored in insecure storage.
`The decryption key can be generated from information the
`user has/knows, or from biometric data—such as features
`extracted from fingerprinting of all ten fingers.
`In some
`embodiments, more arduous fingerprinting is required for
`the setup of a new device than for regular authentication to
`avoidthat a new devicepets registered by a user thinking she
`is merely au
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ ChargeStill Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site