APPENDIX 1: CLOUD SHARING
`
`Sign up / Account Creation
`
`$1) Install application on mobile device (MD)
`$2) User selects site or service or app to sign up and downloads its public key (S-PK)
`$3) Save S-PK to OS Keychain on MD
`$4) Generate strong public private key pair (PK, SK) [256-bit]
`S5) Save PK and SK to OS Keychain on MD
`$6) Generate a random usertoken (UT), security token (ST), read token (RT) and delete token (DT)
`$7) Save UT, ST, RT, DT to OS Storage on MD
`$8) Transmit ST to key server (KS)
`S9) KS receives ST
`$10) KS writes ST to a new random location (KL)
`$11) KS returns KL to MD
`$12) MD receives KL
`$13) Save KL to OS Storage on MD
`$14) Encrypt PK, UT, RT and KL with S-PK =» UAS?K
`
`$15-A) Transmit UA*?K to site [-A path is sign up in an app on MD]
`
`$15-B) Transmit UA*?* to KS [-B path is sign up on another computer]
`$16-B) KS writes UA to a new random temporary dead droplocation (DDL)
`$17-B) KS returns DDL to MD
`$18-B) MD receives DDL
`$19-B) DDL is displayed on screen to the User
`$20-B) DDL is entered on the separate computer by the User
`$21-B) Site sends DDL to KS
`$22-B) KS returns UA and deletes UA at DDL
`
`$23) Site receives UA>* and decrypts PK, UT, RT and KL
`$24) Site creates new accountusing PK, UT, RT and KL
`$25) Discard and delete PK, SK, UT, ST, RT, DT and KL on MD
`
`Authentication / Sign in
`
`A1) Uservisits site’s webpage or app and requests a token to login
`A2) Site creates an authentication token (AT)
`A3) Site encrypts AT with user’s PK =} encrypted authentication token AT™*
`A4) Site sends encrypted AT** to user’s app or webpage
`A5) User scans QRcode of encrypted AT** or uses the clipboard on MD
`A6) Read PK, SK and S-PK from OS Keychain on MD
`A7) Decrypt AT** using SK
`A8) Sign AT with SK > ATSK
`A9) Encrypt ATSK with S-PK = encrypted authentication token (ATSK*>?*)
`A10) Read ST, RT and KL from OSStorage on MD
`A11) Transmit ATSK*5?*, ST, RT and KL to key server (KS)
`A12) KS receives ATSK*?*, ST, RT and KL
`A13) KS verifies ST matches at KL, writes RT and ATSK5?* to KL
`
`
`
`Sign up / Account Creation
`
`$1) Install application on mobile device (MD)
`$2) User selects site or service or app to sign up and downloads its public key (S-PK)
`$3) Save S-PK to OS Keychain on MD
`$4) Generate strong public private key pair (PK, SK) [256-bit]
`S5) Save PK and SK to OS Keychain on MD
`$6) Generate a random usertoken (UT), security token (ST), read token (RT) and delete token (DT)
`$7) Save UT, ST, RT, DT to OS Storage on MD
`$8) Transmit ST to key server (KS)
`S9) KS receives ST
`$10) KS writes ST to a new random location (KL)
`$11) KS returns KL to MD
`$12) MD receives KL
`$13) Save KL to OS Storage on MD
`$14) Encrypt PK, UT, RT and KL with S-PK =» UAS?K
`
`$15-A) Transmit UA*?K to site [-A path is sign up in an app on MD]
`
`$15-B) Transmit UA*?* to KS [-B path is sign up on another computer]
`$16-B) KS writes UA to a new random temporary dead droplocation (DDL)
`$17-B) KS returns DDL to MD
`$18-B) MD receives DDL
`$19-B) DDL is displayed on screen to the User
`$20-B) DDL is entered on the separate computer by the User
`$21-B) Site sends DDL to KS
`$22-B) KS returns UA and deletes UA at DDL
`
`$23) Site receives UA>* and decrypts PK, UT, RT and KL
`$24) Site creates new accountusing PK, UT, RT and KL
`$25) Discard and delete PK, SK, UT, ST, RT, DT and KL on MD
`
`Authentication / Sign in
`
`A1) Uservisits site’s webpage or app and requests a token to login
`A2) Site creates an authentication token (AT)
`A3) Site encrypts AT with user’s PK =} encrypted authentication token AT™*
`A4) Site sends encrypted AT** to user’s app or webpage
`A5) User scans QRcode of encrypted AT** or uses the clipboard on MD
`A6) Read PK, SK and S-PK from OS Keychain on MD
`A7) Decrypt AT** using SK
`A8) Sign AT with SK > ATSK
`A9) Encrypt ATSK with S-PK = encrypted authentication token (ATSK*>?*)
`A10) Read ST, RT and KL from OSStorage on MD
`A11) Transmit ATSK*5?*, ST, RT and KL to key server (KS)
`A12) KS receives ATSK*?*, ST, RT and KL
`A13) KS verifies ST matches at KL, writes RT and ATSK5?* to KL
`
`
`
`A14) User is notified authentication is done and clicks Sign In on webpageor app
`A15) Site requests ATSK*"* with RT and KL from KS
`A16) KS verifies RT matches at KL, returns ATSK*5?K
`A17) Site receives ATSK>?* from KS
`A18) Site decrypts ATSK*"* with S-SK
`A19) Site verifies signature of ATSK with PK
`A20) If decrypted AT equals original AT, the user’s session is authenticated
`A21) Discard and delete PK, SK, RT, ST, AT, ATSK, ATK, ATSK*?* and KL on MD
`
`Revoke / Sign out
`
`R1) User selects to sign out of webpage or app
`R2) Read ST and KL from OS Storage on MD
`R3) Transmit KL and ST to key server (KS)
`R4) KS receives KL and ST
`R5) KS verifies ST matches at KL, deletes RT and ATSK>PK at KL
`R6) KS returns success/fail
`R7) Discard and delete ST and KL on MD
`
`Account Recovery
`
`$1) Install application on mobile device (MD)
`V2) User selects site or service or app to sign up and downloads its public key (S-PK)
`V3) Save S-PK to OS Keychain on MD
`V4) Generate strong public private key pair (PK, SK) [256-bit]
`V5) Save PK and SK to OS Keychain on MD
`V6) Read UT from OS Storage on MD
`V7) Encrypt PK, UT, RT and KL with S-PK > UASP*
`
`V8+) Follow steps from $15-S25 from Account Creation
`
`
`
`Public Device Flows
`Sign up / Account Creation
`
`$1) Install application on mobile device (MD)
`$2) User selects site or app on MD and downloadsits public key (S-PK)
`$3) Save S-PK to OS Storage on MD
`$4) User navigates to the site or app sign up on public device (PD) connected to Site
`$5) Site generates a security token (S71), write token (WT1), read token (RT1) and delete token (DT1)
`S6) Temporarily save $T1, WT1, RT1, DT1 in storage on Site
`$7) Transmit $71, WT1, RT1, and DT1 to key server(KS)
`$8) KS receives ST1, WT1, RT1, and DT1
`S9) KS writes ST1, WT1, RT1, and DT1 to a new random location (KL1)
`$10) KS returns KL1 to Site
`$11) Site receives KL1 and saves temporarily in storage on Site
`$12) Site signs KL1 + WT1 with S-SK > signed KL1>5'¢
`$13) Site creates QR code containing KL1, WT1 and KL155'5 =} new account QR code (QRA)
`$14) Site returns QRA to PD to be displayed
`$15) User scans QRA on MD
`$16) Extract KL1, WT1 and KL1>5from QR on MD
`$17) Verify KL155' js valid for S-PK on MD
`$18) Generate strong public private key pair (PK, SK) [256-bit]
`$19) Save PK and SK to OS Storage on MD
`$20) Generate a random user token (UT2), security token (S72), read token (RT2) and delete token (DT2)
`$21) Save UT2, ST2, RT2, DT2 to OS Storage on MD
`$22) Transmit S72 to key server (KS)
`$23) KS receives ST2
`$24) KS writes ST2 to a new random location (KL2)
`$25) KS returns KL2 to MD
`$26) MD receives KL2
`$27) Save K2L to OS Storage on MD
`$28) Combine PK, UT2, RT2 and KL2 and sign with SK =} UA
`$29) Encrypt UA with S-PK => UAS?K
`$30) Transmit KL1, WT1, and UA*?* to KS
`$31) KS verifies WT1 matches at KL1, writes UA5?* to KL1
`$32) Site transmits KL1 and RT1 to KS
`$33) KS verifies RT1 matches at KL1, returns UA*?to Site
`$34) Site receives UA>?P* from KS and decrypts UA** using S-SK => UA
`$35) PK, UT2, RT2 and KL2 are extracted from UA
`$36) Site creates new accountusing PK, UT2, RT2 and KL2
`$37) Site transmits KL1 and DT1 to KS
`$38) KS verifies DT1 matchesat KL1, delete all data at KL1
`$39) Discard and delete from storage ST1, WT1, RT1, and DT1 onSite
`$40) Discard and delete from memory PK, SK, UT2, ST2, WT2, RT2, DT2 and KL2 on MD
`
`
`
`Public Device Flows
`Authentication / Sign in
`
`A1) User navigates to the site or app log in on public device (PD) connected to Site
`A2) Site generates a security token (ST1), write token (WT1), read token (RT1) and delete token (DT1)
`A3) Temporarily save $T1, WT1, RT1, DT1 in storage on Site
`A4) Transmit ST1, WT1, RT1, and DT1 to key server (KS)
`A5) KS receives ST1, WT1, RT1, and DT1
`A6) KS writes ST1, WT1, RT1, and DT1 to a new randomlocation (KL1)
`A7) KS returns KL1 to Site
`A8)Site receives KL1 and saves temporarily in storage on Site
`AQ) Site signs KL1 + WT1 with S-SK => signed KL155!¢
`A10) Site creates QR code containing KL1, WT1 and KL1*>5=} new login QR code (QRL)
`A11) Site returns QRL to PD to be displayed
`A12) User scans QRL on MD
`A13) Extract KL1, WT1 and KL155'5 from QR on MD
`A14) Verify KL1>5is valid for S-PK on MD
`A15) Read PK, SK and S-PK from OSStorage on MD
`A16) Read ST2, RT2 and KL2 from OS Storage on MD
`A17) Combine PK and WT1 and sign with SK => UL
`A18) Encrypt UL with S-PK = UL*?*
`A19) Transmit KL2, ST2, RT2, and ULS?* to KS
`A20) KS verifies ST2 matches at KL2, writes RT2 and UL5?* to KL2
`A21) Transmit KL1, WT1, and UL*?* to KS
`A22) KS verifies WT1 matchesat KL1, writes UL*?* to KL1
`A23) Site transmits KL1 and RT1 to KS
`A24) KS verifies RT1 matches at KL1, returns UL>?* to Site
`A25) Site receives ULS?* from KS and decrypts UL*?* using S-SK > UL
`A26) PK and WT1 are extracted from UL
`A27) Lookup PK user’s account based on PK
`A28) Site transmits KL2 and RT2 to KS
`A29) KS verifies RT2 matches at KL2, returns UL>?* to Site
`A30) Site receives ULS?* from KS and decrypts UL*?* using S-SK => UL2
`A31) If decrypted UL equals UL2, the user’s session is authenticated
`A32) Site transmits KL1 and DT1 to KS
`A33) KS verifies DT1 matches at KL1, delete all data at KL1
`A34) Discard and delete from storage ST1, WT1, RT1, and DT1 onSite
`A35) Discard and delete from memory PK, SK, UT2, ST2, WT2, RT2, DT2 and KL2 on MD
`
`
`
`GCPRAAA*¥bgyyge|4baLY
`
`yJVY
`
`Zoy
`
`
`
`
`7%AoAraeoA
`
`Yj
`
`44444GgDul
`
`te
`
`filetof
`
`ge
` ASSLE,
`
`Ka
`
`ySSSLEL,440|4444443
`
`nth
`
`Tainsi4;EC%
`
`gyenLU%PennantVoom2di)ZZteoeg
`
`
`
`
`
`
`
`
` 7,24doYYce|yasMSL|boreeesrecornrrecchiYdSa
`
`¢aunsia(EESLLLTLLLLLrevesntantentinlyZlll
`
`ynSEGopsfiayft£4&7gyZZogweZAg4GCsSPLITSTLPLLOLLD
`
`pommesessttyZZ2gg%gCC¢9
`
`3Z4#44649¢°77IM1a4A’g|
`
`UYBOA
`
`”
`
`Z4ee
`rstts
`
`
`
`
`
`
`
`
`
`
`
`
` aaaj2...
`
`
`
`dd1Aaqa]IgoN
`
`o i
`
`“Ly
`ef
`gwyak
`SEL
`SELLS
`SILA
`Zaaan4ae&&ZaSttEtLS
`
`
`
`
`
`
`4YMalelteYi
`
`oa Zagn4y05OxesnYewZ%,JFimEtsLyrWij
`
`
`
` dLee@*
`promGY,LeVyYj4enGYdDebCetete4|Yj4hte|‘YiYjZZqAGAa/Gopn,
`pune,yjjjjCeYGyeGYdfdllttett44bufFZnutFi,44U4%44Gos4eeZGpYeZ@itGyWfZivee
`
`
`
`VcerrecceessecceesstenereeceerreesteOe
`YAONAAEAaWy
`
`5igg%SELCECELELLEE
`
`te
`
`seccevees
`
`
`
`WH
`
`eeYT.Y
`
`Li
`
`IEEE
`
`BLbayGAs
`
`LRACTE
`
`
`
`Tainsi
`
`3
`
`4£49Ye4449
`
`hy
`“fb
`
`ZGtht:we
`
`
`
`
`
`
`
`
`
`C4
`
`t23|GEA
`zinNdYzitzy)jy,
`EEE,
`
`ARBD—*—KWK
`
`
`
`
`
`
`I
`
`
`
`POCLLLLLLLLLSLLNYpssssesESOLEDIEIBD4
`
`asME
`
`Wee
`
`eA
`
`yyYBed|vesoomtts|
`
`AVTi]
`
`y
`
`yo
`
`4oexy4bnGFYj4afan]Yy
`
`CLLWLI){LGAx4
`
`SSN
`
`7
`
`LYGGI9¢Go_%AA9°44Zainsi
`
`ZZ4
`
`ts
`sttth
`yon,
`
`thyyio
`ef
`‘4g
`
`
`
`
`
`
`
`
`
`
`
`
`
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
We are unable to display this document.
Connectivity issues with tsdrapi.uspto.gov. Try again now (HTTP Error 429: ).
