News Column

Patent Application Titled "Device Identification Using Synthetic Device Keys" Published Online

March 4, 2014



By a News Reporter-Staff News Editor at Information Technology Newsweekly -- According to news reporting originating from Washington, D.C., by VerticalNews journalists, a patent application by the inventors HARTY, Talbot (Sutter Creek, CA); HARJANTO, Dono (Irvine, CA); KADDOURA, Karim (San Francisco, CA), filed on June 20, 2013, was made available online on February 20, 2014.

No assignee for this patent application has been made.

Reporters obtained the following quote from the background information supplied by the inventors: "The present invention relates generally to computer systems and, more particularly, to methods of and systems for uniquely identifying computing devices.

"Device identification through digital fingerprints has proven to be invaluable in recent years to such technologies as security and digital rights management. In security, authentication of a person can be restricted to a limited number of previously authorized devices that are recognized by their digital fingerprints. In digital rights management, use of copyrighted or otherwise proprietary subject matter can be similarly restricted to a limited number of previously authorized devices that are recognized by their digital fingerprints.

"Digital fingerprints are particularly useful in uniquely identifying computing devices that are historically know as 'IBM PC compatible'. Such devices have an open architecture in which various computer components are easily interchangeable with compatible but different components. There are two primary effects of such an open architecture that facilitate device identification through digital fingerprints.

"The first facilitating effect is diversity of device components. Since numerous components of IBM PC compatible devices are interchangeable with comparable but different components, generation of a digital fingerprint from data associated with the respective components of the device are more likely to result in a unique digital fingerprint. For example, various hard disk drive models from various manufacturers can be included in IBM PC compatible computers, providing a diversity of possible configurations.

"The second facilitating effect is discoverability of details of the various components of IBM PC compatible devices. Since the particular combination of components that make up a given device can vary widely and can come from different manufacturers, the components and the operating system of the device cooperate to provide access to detailed information about the components. Such information can include serial numbers, firmware version and revision numbers, model numbers, etc. This detailed information can be used to distinguish identical components from the same manufacturer and therefore improves uniqueness of digital fingerprints of such devices.

"Laptop computing devices evolved from desktop computing devices such as IBM PC compatible devices and share much of the architecture of desktop computing devices, albeit in shrunken form. Accordingly, while users are much less likely to replace graphics circuitry in a laptop device and components therefore vary less in laptop devices, laptop devices still provide enough detailed and unique information about the components of the laptop device to ensure uniqueness of digital fingerprints of laptop devices.

"However, the world of computing devices is rapidly changing. Smart phones that fit in one's pocket now include processing resources that were state of the art just a few years ago. In addition, smart phones are growing wildly in popularity. Unlike tablet computing devices of a decade ago, which were based on laptop device architectures, tablet devices available today are essentially larger versions of smart phones.

"Smart phones are much more homogeneous than older devices. To make smart phones so small, the components of smart phones are much more integrated, including more and more functions within each integrated circuit (IC) chip. For example, while a desktop computing device can include graphics cards and networking cards that are separate from the CPU, smart phones typically have integrated graphics and networking circuitry within the CPU. Furthermore, while desktop and laptop devices typically include hard drives, which are devices rich with unique and detailed information about themselves, smart phones often include non-volatile solid-state memory, such as flash memory, integrated within the CPU or on the same circuit board as the CPU. Flash memory rarely includes information about the flash memory, such as the manufacturer, model number, etc.

"Since these components of smart phones are generally tightly integrated and not replaceable, the amount and variety of unique data within a smart phone that can be used to generate a unique digital fingerprint is greatly reduced relative to older device architectures. In addition, since it is not expected that smart phone components will ever be replaced, there is less support for access to detailed information about the components of smart phones even if such information exists.

"The iOS.RTM. operating system from Apple Computer of Cupertino, Calif., which is the operating system of Apple Computer's iPhone.RTM. smart phone and iPad.RTM. tablet device, denies access to much of the hardware configuration of those devices. Accordingly, generation of unique device identifiers from configuration attributes of these devices from Apple Computer is particularly difficult.

"Accordingly, it is much more difficult to assure that digital fingerprints of smart phones and similar portable personal computing devices such as tablet devices are unique. What is needed is a way to uniquely identify individual devices in large populations of homogeneous devices."

In addition to obtaining background information on this patent application, VerticalNews editors also obtained the inventors' summary information for this patent application: "In accordance with the present invention, a device authentication server assigns unique synthetic device attributes to a device such that the device can use actual hardware and system configuration attributes and the assigned synthetic device attributes to form a device identifier that is unique, even among homogeneous devices for which actual, accessible hardware and system configuration attributes are not distinct.

"During initial registration of a device with the device authentication server, the device provides attribute data representing numerous actual hardware and system configuration attributes of the device. The device authentication server generates a number of cryptographic keys using known pseudo-random number generation techniques and, for each of the keys, generates a cryptographic salt from various portions of the attribute data. By application of a cryptographic hash function to the cryptographic keys and the respective cryptographic salts, the device authentication server generates randomized attribute values based on actual attribute data of the device. Accordingly, the randomized attribute values have a high likelihood of being globally unique.

"The device authentication server sends the randomized attribute values as synthetic attributes of the device. The device authentication server can also send the data specifying the precise manner in which the synthetic attributes are generated such that the device can re-generate the synthetic attributes from actual hardware and system configuration attributes of the device. Either way, the device authentication server provides the device with the ability to return the synthetic device attributes upon request.

"For subsequent authentication of the device, the device sends data representing various parts of the device's actual hardware and system configuration attributes and synthetic attributes. The device authentication server sends a challenge that specifies the particular parts of the attributes to gather and the manner in which the parts are to be combined. The manner of combination can be a cryptographic hash function such that the device forms a cryptographic hash from the parts of the attributes. Since the attributes from which the parts are gathered include synthetic attributes assigned to the device by the device authentication server, the complete set of attributes of the device is unique among all devices, including very similar devices. In other words, when accessible hardware and system configuration attributes of homogeneous devices are inadequately to distinguish among such devices, the synthetic attributes provide distinguishing attributes.

"The device authentication server receives the data representing various parts of the device's attributes, both actual and synthetic. The device authentication server can compare the received data to expected data. If the received data is a cryptographic hash, the device authentication server generates an expected hash by applying the same cryptographic hash to corresponding parts of the attribute data received during device registration and of the synthetic attributes previously generated for the device.

"Accordingly, homogeneous devices can be distinguished and authenticated.

BRIEF DESCRIPTION OF THE DRAWINGS

"Other systems, methods, features and advantages of the invention will be or will become apparent to one with skill in the art upon examination of the following figures and detailed description. It is intended that all such additional systems, methods, features and advantages be included within this description, be within the scope of the invention, and be protected by the accompanying claims. Component parts shown in the drawings are not necessarily to scale, and may be exaggerated to better illustrate the important features of the invention. In the drawings, like reference numerals may designate like parts throughout the different views, wherein:

"FIG. 1 is a diagram showing a computing device and a server and a device authentication server that cooperate to identify the device in accordance with one embodiment of the present invention.

"FIG. 2 is a transaction flow diagram illustrating the manner in which the device and device authentication server of FIG. 1 cooperate to register the device for subsequent authentication.

"FIG. 3 is a transaction flow diagram illustrating the manner in which the device, server, and device authentication server of FIG. 1 cooperate to authenticate the device.

"FIG. 4 is a block diagram showing the server of FIG. 1 in greater detail.

"FIG. 5 is a block diagram showing the device authentication server of FIG. 1 in greater detail.

"FIG. 6 is a block diagram showing the device of FIG. 1 in greater detail.

"FIG. 7 is a block diagram of synthetic device attributes generated by the device authentication server.

"FIG. 8 is a block diagram of a known device record maintained by the device authentication server to facilitate device authentication in accordance with the present invention.

"FIG. 9 is a logic flow diagram illustrating the generation of synthetic device attributes by the device authentication server."

For more information, see this patent application: HARTY, Talbot; HARJANTO, Dono; KADDOURA, Karim. Device Identification Using Synthetic Device Keys. Filed June 20, 2013 and posted February 20, 2014. Patent URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=%2Fnetahtml%2FPTO%2Fsearch-adv.html&r=374&p=8&f=G&l=50&d=PG01&S1=20140213.PD.&OS=PD/20140213&RS=PD/20140213

Keywords for this news article include: Patents, Information Technology, Information and Cryptography.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Information Technology Newsweekly


Story Tools